From: martinlanghoff <martinlanghoff>
Date: Wed, 19 Sep 2007 07:19:20 +0000 (+0000)
Subject: moodlelib: require_login() - rework course/category visibility checks
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=1cf2e21b6e0816ddba2b59fa96d7ba178cf63117;p=moodle.git

moodlelib: require_login() - rework course/category visibility checks

Reworked the logic of the visibility checks so that we evaluate in a
chain:

   - can view course   (visible or user can see hidden)
   - can view category (visible or user can see hidden)

Without this patch, users that could see hidden categories could not get
into courses inside of them.

While at it, fix reference to the old $USER->switchrole
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 07fa67e787..22e0c28db3 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1772,13 +1772,28 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null) {
             print_error('nocontext');
         }
 
-        if (empty($USER->switchrole[$context->id]) &&
-            !($COURSE->visible && course_parent_visible($COURSE)) &&
-               !has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $COURSE->id)) ){
-            print_header_simple();
-            notice(get_string('coursehidden'), $CFG->wwwroot .'/');
-        }
-
+        if (empty($USER->access['rsw'][$context->path])) {
+            //
+            // Spaghetti logic construct
+            // 
+            // - able to view course?
+            // - able to view category?
+            // => if either is missing, course is hidden from this user
+            //
+            // It's carefully ordered so we run the cheap checks first, and the
+            // more costly checks last...
+            //
+            if (! (($COURSE->visible || has_capability('moodle/course:viewhiddencourses', 
+                                                       get_context_instance(CONTEXT_COURSE, 
+                                                                            $COURSE->id)))
+                   && (course_parent_visible($COURSE)) || has_capability('moodle/course:viewhiddencourses', 
+                                                                        get_context_instance(CONTEXT_COURSECAT,
+                                                                                             $COURSE->category)))) {
+                print_header_simple();
+                notice(get_string('coursehidden'), $CFG->wwwroot .'/');
+            }
+        }    
+        
     /// Non-guests who don't currently have access, check if they can be allowed in as a guest
 
         if ($USER->username != 'guest' and !has_capability('moodle/course:view', $context)) {