MDL-12599 , MDL-12598 - fixed capability tests in user and overview reports; merged...

diff --git a/grade/report/overview/index.php b/grade/report/overview/index.php
index 3870ab6ee70053e121a7fc7b88be56c17518488d..123efcc7241e48468ff6f8da4fd22b389124ef15 100644 (file)
--- a/grade/report/overview/index.php
+++ b/grade/report/overview/index.php
@@ -41,7 +41,7 @@ if (!$user = get_complete_user_data('id', $userid)) {
 }
 
 $context     = get_context_instance(CONTEXT_COURSE, $course->id);
-$usercontext = get_context_instance(CONTEXT_PERSONAL, $user->id);
+$usercontext = get_context_instance(CONTEXT_USER, $user->id);
 require_capability('gradereport/overview:view', $context);
 
 $access = true;
@@ -51,7 +51,7 @@ if (has_capability('moodle/grade:viewall', $context)) {
 } else if ($user->id == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
     //ok - can view own grades
 
-} else if (has_capability('moodle/grade:view', $usercontext) and $course->showgrades) {
+} else if (has_capability('moodle/grade:viewall', $usercontext) and $course->showgrades) {
     // ok - can view grades of this user- parent most probably
 
 } else {

diff --git a/grade/report/user/index.php b/grade/report/user/index.php
index 800540645c75939ac0247f5a451bab766cbf0c8a..ad943c7ced76ece1517ab3e89c1078a7d77d198d 100644 (file)
--- a/grade/report/user/index.php
+++ b/grade/report/user/index.php
@@ -41,7 +41,7 @@ if (!$user = get_complete_user_data('id', $userid)) {
 }
 
 $context     = get_context_instance(CONTEXT_COURSE, $course->id);
-$usercontext = get_context_instance(CONTEXT_PERSONAL, $user->id);
+$usercontext = get_context_instance(CONTEXT_USER, $user->id);
 require_capability('gradereport/user:view', $context);
 
 $access = true;
@@ -51,7 +51,7 @@ if (has_capability('moodle/grade:viewall', $context)) {
 } else if ($user->id == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
     //ok - can view own grades
 
-} else if (has_capability('moodle/grade:view', $usercontext) and $course->showgrades) {
+} else if (has_capability('moodle/grade:viewall', $usercontext) and $course->showgrades) {
     // ok - can view grades of this user- parent most probably
 
 } else {

diff --git a/lib/db/access.php b/lib/db/access.php
index 29fc73547a4314424374413b96bd8fff1da3fa73..3a7a3013050820cd22dc165c38c0225807009e02 100644 (file)
--- a/lib/db/access.php
+++ b/lib/db/access.php
@@ -1007,7 +1007,7 @@ $moodle_capabilities = array(
     'moodle/grade:viewall' => array(
         'riskbitmask' => RISK_PERSONAL,
         'captype' => 'read',
-        'contextlevel' => CONTEXT_COURSE,
+        'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
         'legacy' => array(
             'teacher' => CAP_ALLOW,
             'editingteacher' => CAP_ALLOW,
@@ -1018,7 +1018,7 @@ $moodle_capabilities = array(
 
     'moodle/grade:view' => array(
         'captype' => 'read',
-        'contextlevel' => CONTEXT_COURSE, // and CONTEXT_PERSONAL too
+        'contextlevel' => CONTEXT_COURSE,
         'legacy' => array(
             'student' => CAP_ALLOW
         )
@@ -1027,7 +1027,7 @@ $moodle_capabilities = array(
     'moodle/grade:viewhidden' => array(
         'riskbitmask' => RISK_PERSONAL,
         'captype' => 'read',
-        'contextlevel' => CONTEXT_COURSE, // and CONTEXT_PERSONAL too
+        'contextlevel' => CONTEXT_COURSE,
         'legacy' => array(
             'teacher' => CAP_ALLOW,
             'editingteacher' => CAP_ALLOW,