httpsrequired();
+ $userid = optional_param('id', $USER->id, PARAM_INT); // user id
$course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
if (!$course = get_record('course', 'id', $course)) {
redirect($CFG->httpswwwroot.'/login/index.php');
}
- if (isguest()) { //TODO: add proper capability to edit own profile and change password too
+ if (isguest()) { //TODO: add proper capability to edit own profile
print_error('guestnoeditprofile');
}
- if (!$user = get_record('user', 'id', $USER->id)) {
+
+ if (!$user = get_record('user', 'id', $userid)) {
error('User ID was incorrect');
}
redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
}
+ // check access control
+ if ($user->id != $USER->id) {
+ // teachers, parents, etc.
+ $personalcontext = get_context_instance(CONTEXT_USER, $user->id);
+ require_capability('moodle/user:editprofile', $personalcontext);
+ // no editing of guest user account
+ if (isguestuser($user->id)) {
+ print_error('guestnoeditprofileother');
+ }
+ // no editing of primary admin!
+ $mainadmin = get_admin();
+ if ($user->id == $mainadmin->id) {
+ print_error('adminprimarynoedit');
+ }
+ }
+
//load user preferences
useredit_load_preferences($user);
// save custom profile fields data
profile_save_data($usernew);
- // Override old $USER session variable
- $usernew = (array)get_record('user', 'id', $usernew->id); // reload from db
- foreach ($usernew as $variable => $value) {
- $USER->$variable = $value;
+ if ($USER->id == $user->id) {
+ // Override old $USER session variable if needed
+ $usernew = (array)get_record('user', 'id', $user->id); // reload from db
+ foreach ($usernew as $variable => $value) {
+ $USER->$variable = $value;
+ }
}
- redirect("$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id");
+ redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
}
// Define the form
function definition () {
- global $USER, $CFG, $COURSE;
+ global $CFG, $COURSE;
$mform =& $this->_form;
$this->set_upload_manager(new upload_manager('imagefile', false, false, null, false, 0, true, true, false));
}
function definition_after_data() {
- global $USER, $CFG;
+ global $CFG;
$mform =& $this->_form;
$userid = $mform->getElementValue('id');
if ($id == -1) {
// creating new user
- require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
+ require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM));
$user = new object();
$user->id = -1;
$user->auth = 'manual';
$user->confirmed = 1;
} else {
// editing existing user
-
- if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
- && !has_capability('moodle/user:update', get_context_instance(CONTEXT_USER, $id))) {
- error('nopermission');
- }
-
-
+ require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM));
if (!$user = get_record('user', 'id', $id)) {
error('User ID was incorrect');
}
} else {
redirect("$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id");
}
- } elseif (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
- redirect("$CFG->wwwroot/$CFG->admin/user.php");
} else {
- redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}");
+ redirect("$CFG->wwwroot/$CFG->admin/user.php");
}
//never reached
}
/// Display page header
- if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
+ if ($user->id == -1 or ($user->id != $USER->id)) {
$adminroot = admin_get_root();
if ($user->id == -1) {
admin_externalpage_setup('addnewuser', $adminroot);
$userform->display();
/// and proper footer
- if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
+ if ($user->id == -1 or ($user->id != $USER->id)) {
admin_externalpage_print_footer($adminroot);
} else if (!empty($USER->newadminuser)) {
print_footer('none');
$toprow[] = new tabobject('profile', $CFG->wwwroot.'/user/view.php?id='.$user->id.'&course='.$course->id, get_string('profile'));
- $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
$mainadmin = get_admin();
+ if(empty($CFG->loginhttps)) {
+ $wwwroot = $CFG->wwwroot;
+ } else {
+ $wwwroot = str_replace('http:','https:',$CFG->wwwroot);
+ }
+
+ $edittype = 'none';
if (is_mnet_remote_user($user)) {
// cannot edit remote users
- }
- else if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or
- ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext)) and ($user->id != $mainadmin->id)) ) {
- if(empty($CFG->loginhttps)) {
- $wwwroot = $CFG->wwwroot;
+ } else if (isguest() or !isloggedin()) {
+ // can not edit guest like accounts - TODO: add capability to edit own profile
+
+ } else if ($USER->id == $user->id) {
+ if (has_capability('moodle/user:update', $systemcontext)) {
+ $edittype = 'advanced';
} else {
- $wwwroot = str_replace('http:','https:',$CFG->wwwroot);
+ $edittype = 'normal';
}
- if ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext))and ($user->id==$USER->id or $user->id != $mainadmin->id)) {
- $toprow[] = new tabobject('editprofile', $wwwroot.'/user/editadvanced.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));
- } else {
- $toprow[] = new tabobject('editprofile', $wwwroot.'/user/edit.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));
+
+ } else if ($user->id != $mainadmin->id) {
+ //no editing of primary admin!
+ if (has_capability('moodle/user:update', $systemcontext)) {
+ $edittype = 'advanced';
+ } else if (has_capability('moodle/user:editprofile', $personalcontext)) {
+ //teachers, parents, etc.
+ $edittype = 'normal';
}
}
+ if ($edittype == 'advanced') {
+ $toprow[] = new tabobject('editprofile', $wwwroot.'/user/editadvanced.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));
+ } else if ($edittype == 'normal') {
+ $toprow[] = new tabobject('editprofile', $wwwroot.'/user/edit.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));
+ }
+
/// Everyone can see posts for this user
/// add logic to see course read posts permission
require_once($CFG->dirroot.'/blog/lib.php');
if ($CFG->bloglevel >= BLOG_USER_LEVEL and // blogs must be enabled
(has_capability('moodle/user:readuserblogs', $personalcontext) // can review posts (parents etc)
- or has_capability('moodle/blog:manageentries', $sitecontext) // entry manager can see all posts
- or ($user->id == $USER->id and has_capability('moodle/blog:create', $sitecontext)) // viewing self
- or (has_capability('moodle/blog:view', $sitecontext) or has_capability('moodle/blog:view', $coursecontext))
+ or has_capability('moodle/blog:manageentries', $systemcontext) // entry manager can see all posts
+ or ($user->id == $USER->id and has_capability('moodle/blog:create', $systemcontext)) // viewing self
+ or (has_capability('moodle/blog:view', $systemcontext) or has_capability('moodle/blog:view', $coursecontext))
) // able to read blogs in site or course context
) { //end if
projects / moodle.git / commitdiff