require_login();
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $id))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
if (!empty($to)) {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
//Print header
- if (isadmin()) {
+ if (has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
print_header("$site->shortname: $strcoursebackup", $site->fullname,
"<a href=\"$CFG->wwwroot/$CFG->admin/index.php\">$stradministration</a> ->
<a href=\"backup.php\">$strcoursebackup</a> -> $course->fullname ($course->shortname)");
require_login();
if (!empty($course->id)) {
- if (!isteacheredit($course->id)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
require_login();
if (!empty($course->id)) {
- if (!isteacheredit($course->id)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
require_login();
if (!empty($course->id)) {
- if (!isteacheredit($course->id)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
require_login();
- if (!isadmin()) {
- error("Only an admin can use this page");
- }
+ require_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM, SITEID));
if (!$site = get_site()) {
error("Site isn't defined!");
}
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
//Print header
- if (isadmin()) {
+ if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
print_header("$site->shortname: $strcourserestore", $site->fullname,
"<a href=\"$CFG->wwwroot/$CFG->admin/index.php\">$stradministration</a> ->
$strcourserestore -> ".basename($file));
//Check admin
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $id))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
// 2-New course: Create the restore object and launch the execute.
//If the user is a teacher and not a creator
- if (isteacheredit($id) and !iscreator()) {
+ if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$restore->course_id = $id;
if ($restore->restoreto == 0) {
$restore->deleting = true;
}
//If the user is a creator (or admin)
- if (iscreator()) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
//Set restore->deleting as needed
if ($restore->restoreto == 0) {
$restore->deleting = true;
}
//Now, select the course if needed
- if (($restore->restoreto == 0 or $restore->restoreto == 1) and ($restore->course_id == 0) and (iscreator())) {
+ if (($restore->restoreto == 0 or $restore->restoreto == 1) and ($restore->course_id == 0) and has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if ($courses = get_courses("all","c.fullname","c.id,c.fullname,c.shortname,c.visible")) {
print_heading(get_string("choosecourse"));
print_simple_box_start("center");
//Checks everything and execute restore
} else if ((($restore->restoreto == 0 or $restore->restoreto == 1) and ($restore->course_id != 0)) or ($restore->restoreto == 2)) {
//Final access control check
- if ($restore->course_id == 0 and !iscreator()) {
+ if ($restore->course_id == 0 and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be a creator or admin to restore into new course!");
} else if ($restore->course_id != 0 and !isteacheredit($restore->course_id)) {
error("You need to be an edit teacher or admin to restore into selected course!");
//Check admin
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COUESE, $id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COUESE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
//Check admin
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COUESE, $id))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
if (!isset($restore_restoreto)) {
- if (isteacheredit($id) and !isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$restore_restoreto = 1;
}
- if (isadmin()) {
+ if (has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$restore_restoreto = 2;
}
}
echo "<td align=\"right\"><b>";
echo get_string("restoreto").":</b>";
echo "</td><td colspan=\"3\">";
- if (isteacheredit($id) and !iscreator()) {
+ if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_COUESE, $id))) {
$restore_restoreto_options[0] = get_string("currentcoursedeleting");
$restore_restoreto_options[1] = get_string("currentcourseadding");
}
//Check admin
if (!empty($id)) {
- if (!isteacheredit($id)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $id))) {
if (empty($to)) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
} else {
- if (!isteacheredit($to)) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $to))) {
error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
}
} else {
- if (!isadmin()) {
+ if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
}
//Second shot. Try to obtain any concordant category and check its publish status and editing rights
} else if ($fcats = get_records('question_categories', $searchfield, $searchvalue, 'id', 'id, publish, course')) {
foreach ($fcats as $fcat) {
- if ($fcat->publish == 1 && isteacheredit($fcat->course)) {
+ if ($fcat->publish == 1 && has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $fcat->course))) {
$found = $fcat->id;
break;
}
require_login();
- if (!isadmin()) {
- error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
- }
+ require_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID));
//Check site
if (!$site = get_site()) {
$this->content->items = array();
$this->content->icons = array();
$this->content->footer = get_string('nocoursesyet').'<br /><br />';
- if (iscreator()) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_COURSECAT, $category->id))) {
$this->content->footer .= '<a href="'.$CFG->wwwroot.'/course/edit.php?category='.$category->id.'">'.get_string("addnewcourse").'</a>...';
}
}
require_login();
- if (!isadmin()) {
- error("You must be an administrator to use this page.");
- }
+ require_capability('moodle/course:delete', get_context_instance(CONTEXT_SYSTEM, SITEID));
if (!$site = get_site()) {
error("Site not found!");
?>
<form method="post" action="edit.php" name="form">
<table cellpadding="9" cellspacing="0" >
-<?php if (iscreator()) { ?>
+<?php if (has_capability('moodle/course:create', get_context_instance(CONTEXT_COURSECAT, $form->category))) { ?>
<tr valign="top">
<td align="right"><?php print_string("category") ?>:</td>
<td><?php
<td><input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
</table>
-<?php if(!iscreator()) { ?>
+<?php if(!has_capability('moodle/course:create', get_context_instance(CONTEXT_COURSECAT, $form->category))) { ?>
<input type="hidden" name="category" value="<?php echo $form->category ?>" />
<?php } ?>
<input type="hidden" name="id" value="<?php echo $form->id ?>" />
}
if ($category) {
- if ($category->visible or iscreator()) {
+ if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
print_category_info($category, $depth, $files);
} else {
return; // Don't bother printing children of invisible categories
<?php // $Id$
// Admin-only script to assign teachers to courses
+ /// This page is deprecated
+
require_once("../config.php");
define("MAX_USERS_PER_PAGE", 50);
$role->name = $name;
$role->description = $description;
-
+
+ $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
if ($id = insert_record('role', $role)) {
- if ($legacy) {
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ if ($legacy) {
assign_capability($legacy, CAP_ALLOW, $id, $context->id);
}
+
+ /// By default, users with role:manage at site level
+ /// should be able to assign users to this new role, and override this new role's capabilities
+
+ // find all admin roles
+ $adminroles = get_roles_with_capability('moodle/role:manage', CAP_ALLOW, $context);
+ // foreach admin role
+ foreach ($adminroles as $arole) {
+ // write allow_assign and allow_overrid
+ allow_assign($arole->id, $id);
+ allow_override($arole->id, $id);
+ }
+
return $id;
} else {
return false;
}
-
/**
* Function to write context specific overrides, or default capabilities.
* @param module - string name
* either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT
* @return array or role objects
*/
-function get_roles_with_capability($capability, $permission=NULL) {
-
+function get_roles_with_capability($capability, $permission=NULL, $context='') {
+
global $CFG;
+ if ($context) {
+ if ($contexts = get_parent_contexts($context)) {
+ $listofcontexts = '('.implode(',', $contexts).')';
+ } else {
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ $listofcontexts = '('.$sitecontext->id.')'; // must be site
+ }
+ $contextstr = "AND (rc.contextid = '.$context->id.' OR rc.contextid IN $listofcontexts)";
+ } else {
+ $contextstr = '';
+ }
+
$selectroles = "SELECT r.*
FROM {$CFG->prefix}role AS r,
{$CFG->prefix}role_capabilities AS rc
WHERE rc.capability = '$capability'
- AND rc.roleid = r.id";
+ AND rc.roleid = r.id $contextstr";
if (isset($permission)) {
$selectroles .= " AND rc.permission = '$permission'";
global $CFG;
// first get all roles with this capability in this context, or above
- $possibleroles = get_roles_with_capability($capability, CAP_ALLOW);
+ $possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context);
$validroleids = array();
foreach ($possibleroles as $prole) {
$caps = role_context_capabilities($prole->id, $context, $capability); // resolved list
}
}
+ /// the following few lines may not be needed
if ($usercontexts = get_parent_contexts($context)) {
$listofcontexts = '('.implode(',', $usercontexts).')';
} else {
$select = ' SELECT '.$fields;
$from = ' FROM '.$CFG->prefix.'user u LEFT JOIN '.$CFG->prefix.'role_assignments ra ON ra.userid = u.id ';
- $where = ' WHERE (ra.contextid = '.$context->id.' OR ra.contextid in '.$listofcontexts.') AND u.deleted = 0 AND ra.roleid in '.$roleids.' ';
+ $where = ' WHERE (ra.contextid = '.$context->id.' OR ra.contextid in '.$listofcontexts.') AND u.deleted = 0 AND ra.roleid in '.$roleids.' ';
return get_records_sql($select.$from.$where.$sort, $limitfrom, $limitnum);
)
),
+ 'moodle/user:editprofile' => array(
+ 'captype' => 'read',
+ 'contextlevel' => CONTEXT_USERID,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_PREVENT,
+ 'editingteacher' => CAP_PREVENT,
+ 'coursecreator' => CAP_PREVENT,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
'moodle/question:import' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
static $isteacher;
static $isadmin;
+ $context = get_context_instance(CONTEXT_COURSE, $course->id);
if (empty($string)) { // Cache all the strings for the rest of the page
$string->email = get_string('email');
$output .= print_user_picture($user->id, $course->id, $user->picture, true, true);
$output .= '</td>';
$output .= '<td class="content">';
- $output .= '<div class="username">'.fullname($user, $isteacher).'</div>';
+ $output .= '<div class="username">'.fullname($user, has_capability('moodle/site:viewfullnames', $context)).'</div>';
$output .= '<div class="info">';
if (!empty($user->role) and ($user->role <> $course->teacher)) {
$output .= $string->role .': '. $user->role .'<br />';
}
static $isteacheredit;
-
+ $context = get_context_instance(CONTEXT_COURSE, $courseid);
if (!isset($isteacheredit)) {
$isteacheredit = isteacheredit($courseid);
}
- if ($group->hidepicture and !$isteacheredit) {
+ if ($group->hidepicture and !has_capability('moodle/course:managegroups', $context)) {
return '';
}
- if ($link or $isteacheredit) {
+ if ($link or has_capability('moodle/site:accessallgroups', $context)) {
$output = '<a href="'. $CFG->wwwroot .'/user/index.php?id='. $courseid .'&group='. $group->id .'">';
} else {
$output = '';
' border="0" width="'.$size.'" height="'.$size.'" alt="" title="'.s($group->name).'"/>';
}
}
- if ($link or $isteacheredit) {
+ if ($link or has_capability('moodle/site:accessallgroups', $context)) {
$output .= '</a>';
}
global $CFG, $USER;
- if (isteacheredit($courseid)) {
+ if (has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))) {
if (!empty($USER->editing)) {
$string = get_string('turneditingoff');
$edit = '0';
global $CFG, $USER;
- if (isteacheredit($courseid)) {
+ if (has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_MODULE, $moduleid))) {
$string = get_string('updatethis', '', $string);
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/course/mod.php\">".
"<input type=\"hidden\" name=\"update\" value=\"$moduleid\" />".
function update_category_button($categoryid) {
global $CFG, $USER;
- if (iscreator()) {
+ if (has_capability('moodle/category:update', get_context_instance(CONTEXT_COURSECAT, $categoryid))) {
if (!empty($USER->categoryediting)) {
$string = get_string('turneditingoff');
$edit = 'off';
function update_categories_button() {
global $CFG, $USER;
- if (isadmin()) {
+ if (has_capability('moodle/category:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if (!empty($USER->categoryediting)) {
$string = get_string('turneditingoff');
$categoryedit = 'off';
function update_categories_search_button($search,$page,$perpage) {
global $CFG, $USER;
- if (isadmin()) {
+ // not sure if this capability is the best here
+ if (has_capability('moodle/category:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if (!empty($USER->categoryediting)) {
$string = get_string("turneditingoff");
$edit = "off";
function update_group_button($courseid, $groupid) {
global $CFG, $USER;
- if (isteacheredit($courseid)) {
+ if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_GROUP, $groupid))) {
$string = get_string('editgroupprofile');
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/course/group.php\">".
'<input type="hidden" name="id" value="'. $courseid .'" />'.
function update_groups_button($courseid) {
global $CFG, $USER;
- if (isteacheredit($courseid)) {
+ if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $courseid))) {
if (!empty($USER->groupsediting)) {
$string = get_string('turneditingoff');
$edit = 'off';
if ($mod->section > 0 and $section <> $mod->section) {
$thissection = $sections[$mod->section];
- if ($thissection->visible or !$course->hiddensections or $isteacher) {
+ if ($thissection->visible or !$course->hiddensections or has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
$thissection->summary = strip_tags(format_string($thissection->summary,true));
if ($course->format == 'weeks' or empty($thissection->summary)) {
$menu[] = '-------------- '. $strsection ." ". $mod->section .' --------------';
$section = $mod->section;
//Only add visible or teacher mods to jumpmenu
- if ($mod->visible or $isteacher) {
+ if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $mod->id))) {
$url = $mod->mod .'/view.php?id='. $mod->cm;
if ($flag) { // the current mod is the "next" mod
$nextmod = $mod;
$previousmod = $mod;
}
}
- if ($selectmod and $isteacher) {
+ if ($selectmod and has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_COURSE, $course->id))) {
$logslink = "<td><a target=\"$CFG->framename\" href=".
"\"$CFG->wwwroot/course/report/log/index.php?chooselog=1&user=0&date=0&id=$course->id&modid=$selectmod->cm\">".
"<img border=\"0\" height=\"16\" width=\"16\" src=\"$CFG->pixpath/i/log.gif\" alt=\"\" /></a></td>";
$section = $mod->section;
//Only add visible or teacher mods to jumpmenu
- if ($mod->visible or $isteacher) {
+ if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $mod->id))) {
$url = $mod->mod .'/view.php?id='. $mod->cm;
if ($flag) { // the current mod is the "next" mod
$nextmod = $mod;
require_login();
- if (!isadmin()) {
- error("You must be an administrator to change themes.");
- }
+ require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
$CFG->theme = $preview;
$mainadmin->id = 0; /// Weird - no primary admin!
}
if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or
- (isadmin() and ($user->id != $mainadmin->id)) ) {
+ (has_capability('moodle/user:editprofile', get_context_instance(CONTEXT_USERID, $user->id)) and ($user->id != $mainadmin->id)) ) {
if(empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
require_login();
/// Remove the following three lines if you want everyone to access it
- if (!isadmin()) {
- error("Currently only the administrator can access this page!");
- }
+ require_capability('moodle/site:config', get_context_instance(CONTEXT_SITE, SITEID));
-
if (!$users = get_records("user", "picture", "1", "lastaccess DESC", "id,firstname,lastname")) {
error("no users!");
}
require_login();
- if (!isadmin()) {
- error("Currently only the administrator can access this page!");
- }
-
+ require_capability('moodle/site:config', get_context_instance(CONTEXT_SITE, SITEID));
if (!$users = get_records("user", "picture", "1", "lastaccess DESC", "id,firstname,lastname")) {
error("no users!");