From: vyshane Date: Tue, 12 Sep 2006 06:57:05 +0000 (+0000) Subject: Modified to support Roles. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=23973f1856b3b7b2ad523f8da1db8e5da62d2f50;p=moodle.git Modified to support Roles. --- diff --git a/blocks/rss_client/block_rss_client.php b/blocks/rss_client/block_rss_client.php index b04eaca15f..369ea779e1 100644 --- a/blocks/rss_client/block_rss_client.php +++ b/blocks/rss_client/block_rss_client.php @@ -19,7 +19,7 @@ function init() { $this->title = get_string('feedstitle', 'block_rss_client'); - $this->version = 2005111400; + $this->version = 2006091100; } function preferred_width() { @@ -42,7 +42,11 @@ } function get_content() { - global $CFG, $editing, $COURSE; + global $CFG, $editing, $COURSE, $USER; + + if (!empty($COURSE)) { + $this->courseid = $COURSE->id; + } require_once($CFG->libdir .'/rsslib.php'); @@ -65,14 +69,14 @@ if (isset($CFG->block_rss_client_num_entries) && is_numeric($CFG->block_rss_client_num_entries) ) { $shownumentries = intval($CFG->block_rss_client_num_entries); } else { - $shownumentries = 5; //default to 5 entries is not specified by admin or instance + $shownumentries = 5; //default to 5 entries is not specified in admin section or instance } if (!empty($this->config)) { if (!empty($this->config->rssid)) { if (is_array($this->config->rssid)) { $rssidarray = $this->config->rssid; - } else { // Make an array of the single value + } else { // Make an array of the single value $rssidarray = array($this->config->rssid); } } @@ -83,38 +87,37 @@ $shownumentries = intval($this->config->shownumentries); } } - - $submitters = $CFG->block_rss_client_submitters; - - $isteacher = false; - $this->courseid = SITEID; - if ($this->instance->pagetype == PAGE_COURSE_VIEW) { - $this->courseid = $COURSE->id; - $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_BLOCK, $this->instance->id)); - } - - //if the user is an admin, course teacher, or all users are allowed - // then allow the user to add rss feeds - global $USER; - $userisloggedin = false; - if (isset($USER) && !empty($USER->id) && $USER->id && !isguest()) { - $userisloggedin = true; - } - if ( $userisloggedin && ($submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher)) ) { + $context = get_context_instance(CONTEXT_BLOCK, $this->instance->id); + + if (has_capability('block/rss_client:createsharedfeeds', $context)) { $page = page_create_object($this->instance->pagetype, $this->instance->pageid); - if ($page->user_allowed_editing()) { // for SUBMITTERS_ALL_ACCOUNT_HOLDERS we're going to run into trouble later if we show it and then they don't have write access to the page. - if (isset($this->config)) { - // this instance is configured - show Add/Edit feeds link - $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'managefeeds', 'id' => $this->courseid)); - $output .= '
'. get_string('feedsaddedit', 'block_rss_client') .'
'; - } else { - // this instance has not been configured yet - show configure link - $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $this->courseid)); + //if ($page->user_allowed_editing()) { // for SUBMITTERS_ALL_ACCOUNT_HOLDERS we're going to run into trouble later if we show it and then they don't have write access to the page. + if (isset($this->config)) { + // This instance is configured - show Add/Edit feeds link. + $script = $page->url_get_full( + array('instanceid' => $this->instance->id, + 'sesskey' => $USER->sesskey, + 'blockaction' => 'config', + 'currentaction' => 'managefeeds', + 'id' => $this->courseid + )); + $output .= '
'. get_string('feedsaddedit', 'block_rss_client') .'
'; + } else { + // This instance has not been configured yet - show configure link? + if (has_capability('block/rss_client:manageanyfeeds', $context)) { + $script = $page->url_get_full( + array('instanceid' => $this->instance->id, + 'sesskey' => $USER->sesskey, + 'blockaction' => 'config', + 'currentaction' => 'configblock', + 'id' => $this->courseid + )); $output .= '
'. get_string('feedsconfigurenewinstance', 'block_rss_client') .'
'; } } + //} } // Daryl Hawes note: if count of rssidarray is greater than 1 @@ -181,7 +184,7 @@ return 'Error loading a feed.
'; //Daryl Hawes note: localize this line } } - + if ($shownumentries > 0 && $shownumentries < count($rss->items) ) { $rss->items = array_slice($rss->items, 0, $shownumentries); } @@ -270,4 +273,4 @@ } } } -?> +?> \ No newline at end of file diff --git a/blocks/rss_client/block_rss_client_action.php b/blocks/rss_client/block_rss_client_action.php index 7f5430e49e..0e61afa833 100644 --- a/blocks/rss_client/block_rss_client_action.php +++ b/blocks/rss_client/block_rss_client_action.php @@ -17,16 +17,20 @@ require_once(MAGPIE_DIR .'rss_fetch.inc'); require_login(); global $USER; -//ensure that the logged in user is not using the guest account + if (isset($_SERVER['HTTP_REFERER'])) { $referrer = $_SERVER['HTTP_REFERER']; } else { $referrer = $CFG->wwwroot; } + + +// Ensure that the logged in user is not using the guest account if (isguest()) { error(get_string('noguestpost', 'forum'), $referrer); } + $url = optional_param('url','',PARAM_URL); if (!empty($url)) { @@ -44,6 +48,8 @@ $rssid = optional_param('rssid', NULL, PARAM_INT); $id = optional_param('id', SITEID, PARAM_INT); //$url = clean_param($url, PARAM_URL); $preferredtitle = optional_param('preferredtitle', '', PARAM_ALPHA); +$shared = optional_param('shared', 0, PARAM_INT); + if (!defined('MAGPIE_OUTPUT_ENCODING')) { define('MAGPIE_OUTPUT_ENCODING', current_charset()); // see bug 3107 @@ -56,10 +62,8 @@ if (!empty($id)) { } $straddedit = get_string('feedsaddedit', 'block_rss_client'); -if ( isadmin() ) { - $navigation = ''.get_string('administration').' -> '. - ''.get_string('configuration').' -> '.$straddedit; -} else if (!empty($course)) { + +if (!empty($course)) { $navigation = ''.$course->shortname.' -> '.$straddedit; } else { $navigation = $straddedit; @@ -67,21 +71,10 @@ if ( isadmin() ) { print_header($straddedit, $straddedit, $navigation); -//check to make sure that the user is allowed to post new feeds -$submitters = $CFG->block_rss_client_submitters; -if (empty($course)) { - $isteacher = false; -} else { - if ($id == SITEID) { - $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SITE, SITEID)); - } else { - $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_COURSE, $id)); - } -} if ( !isset($act) ) { - rss_display_feeds($id); - rss_print_form($act, $url, $rssid, $preferredtitle, $id); + rss_display_feeds($id, $USER->id, '', $context); + rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context); print_footer(); die(); } @@ -90,17 +83,29 @@ if ( isset($rssid) ) { $rss_record = get_record('block_rss_client', 'id', $rssid); } -//if the user is an admin or course teacher then allow the user to -//assign categories to other uses than personal -if (isset($rss_record) && !( has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || - ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher) || - ( ($act == 'rssedit' || $act == 'delfeed' || $act == 'updfeed') && $USER->id == $rss_record->userid) ) ) { - error(get_string('noguestpost', 'forum').' You are not allowed to make modifications to this RSS feed at this time.', $referrer); + +$block = get_record('block', 'name', 'rss_client'); +$blockinstance = get_record('block_instance', 'blockid', $block->id, 'pagetype', 'course-view', 'pageid', id); +$context = get_context_instance(CONTEXT_BLOCK, $blockinstance->id); + + +if (isset($rss_record)) { + $managefeeds = ($rss_record->userid == $USER->id && has_capability('block/rss_client:manageownfeeds', $context)) + || ($rss_record->userid != $USER->id && has_capability('block/rss_client:manageanyfeeds', $context)); } + if ($act == 'updfeed') { + + if (!$managefeeds) { + error(get_string('noguestpost', 'forum'). + ' You are not allowed to make modifications to this RSS feed at this time.', + $referrer); + } + + if (empty($url)) { - error( 'url not defined for rss feed' ); + error( 'URL not defined for rss feed' ); } // By capturing the output from fetch_rss this way @@ -114,15 +119,23 @@ if ($act == 'updfeed') { } ob_end_clean(); + $canaddsharedfeeds = has_capability('block/rss_client:createsharedfeeds', $context); + $dataobject->id = $rssid; if ($rss === false) { $dataobject->description = ''; $dataobject->title = ''; $dataobject->preferredtitle = ''; + $dataobject->shared = 0; } else { $dataobject->description = addslashes($rss->channel['description']); $dataobject->title = addslashes($rss->channel['title']); $dataobject->preferredtitle = addslashes($preferredtitle); + if ($shared == 1 && $canaddsharedfeeds) { + $dataobject->shared = 1; + } else { + $dataobject->shared = 0; + } } $dataobject->url = addslashes($url); @@ -134,16 +147,29 @@ if ($act == 'updfeed') { redirect($referrer, $message); } else if ($act == 'addfeed' ) { + + $canaddprivfeeds = has_capability('block/rss_client:createprivatefeeds', $context); + $canaddsharedfeeds = has_capability('block/rss_client:createsharedfeeds', $context); + + if (!$canaddprivfeeds && !$canaddsharedfeeds) { + error('You do not have the permission to add RSS feeds'); + } if (empty($url)) { - error('url not defined for rss feed'); + error('URL not defined for rss feed'); } $dataobject->userid = $USER->id; $dataobject->description = ''; $dataobject->title = ''; $dataobject->url = addslashes($url); $dataobject->preferredtitle = addslashes($preferredtitle); - + + if ($shared == 1 && $canaddsharedfeeds) { + $dataobject->shared = 1; + } else { + $dataobject->shared = 0; + } + $rssid = insert_record('block_rss_client', $dataobject); if (!$rssid) { error('There was an error trying to add a new rss feed:'. $url); @@ -178,8 +204,8 @@ if ($act == 'updfeed') { } redirect($referrer, $message); /* - rss_display_feeds($id); - rss_print_form($act, $dataobject->url, $dataobject->id, $dataobject->preferredtitle, $id); + rss_display_feeds($id, $USER->id, '', $context); + rss_print_form($act, $dataobject->url, $dataobject->id, $dataobject->preferredtitle, $shared, $id, $context); */ } else if ( isset($rss_record) && $act == 'rssedit' ) { @@ -188,10 +214,17 @@ if ($act == 'updfeed') { $preferredtitle = stripslashes_safe($rss_record->title); } $url = stripslashes_safe($rss_record->url); - rss_display_feeds($id, '', $rssid); - rss_print_form($act, $url, $rssid, $preferredtitle, $id); + $shared = stripslashes_safe($rss_record->shared); + rss_display_feeds($id, '', $rssid, $context); + rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context); } else if ($act == 'delfeed') { + + if (!$managefeeds) { + error(get_string('noguestpost', 'forum'). + ' You are not allowed to make modifications to this RSS feed at this time.', + $referrer); + } $file = $CFG->dataroot .'/cache/rsscache/'. $rssid .'.xml'; if (file_exists($file)) { @@ -251,8 +284,8 @@ if ($act == 'updfeed') { print ''."\n"; } } else { - rss_display_feeds($id); - rss_print_form($act, $url, $rssid, $preferredtitle, $id); + rss_display_feeds($id, $USER->id, '', $context); + rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context); } print_footer(); -?> +?> \ No newline at end of file diff --git a/blocks/rss_client/config_instance.html b/blocks/rss_client/config_instance.html index 9b4382de9b..0a8c0110db 100644 --- a/blocks/rss_client/config_instance.html +++ b/blocks/rss_client/config_instance.html @@ -1,11 +1,12 @@ libdir .'/rsslib.php'); -$id = optional_param('id', SITEID, PARAM_INT); +$id = optional_param('id', SITEID, PARAM_INT); //create a page object for url_get_full() $page = page_create_object($this->instance->pagetype, $this->instance->pageid); + /// Print tabs at top $currentaction = optional_param('currentaction', '', PARAM_ALPHA); if (empty($currentaction) || $currentaction == 'configblock') { @@ -75,14 +76,8 @@ if ($currentaction == 'configblock') { } } global $USER; - $admins = get_admins(); - $adminsql = ''; - if (!empty($admins)) { - foreach ($admins as $admin) { - $adminsql = ' OR userid = '.$admin->id; - } - } - if ($rssfeeds = get_records_select('block_rss_client','userid = '.$USER->id . $adminsql)) { + + if ($rssfeeds = get_records_select('block_rss_client', 'userid = '.$USER->id.' OR shared = 1')) { foreach($rssfeeds as $rssfeed) { if (!empty($rssfeed->preferredtitle)) { $feedtitle = stripslashes_safe($rssfeed->preferredtitle); @@ -100,8 +95,10 @@ if ($currentaction == 'configblock') { print_string('nofeeds', 'block_rss_client'); if ( isadmin() ) { $addrsspage = $page->url_get_full(array('instanceid' => $this->instance->id, - 'sesskey' => $USER->sesskey, 'blockaction' => 'config', - 'currentaction' => 'managefeeds', 'id' => $id)); + 'sesskey' => $USER->sesskey, + 'blockaction' => 'config', + 'currentaction' => 'managefeeds', + 'id' => $id)); print ' '. get_string('editnewsfeeds', 'block_rss_client') .'
'; } } @@ -163,11 +160,12 @@ if ($currentaction == 'configblock') { '; print ''; - rss_display_feeds($id,$USER->id); + $context = get_context_instance(CONTEXT_BLOCK, $this->instance->id); + rss_display_feeds($id, $USER->id, '', $context); print ''; //not sure that this is needed - rss_print_form($act, $url, $rssid, $preferredtitle, $id); + rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context); print ''; } ?> diff --git a/blocks/rss_client/config_instance_tabs.php b/blocks/rss_client/config_instance_tabs.php index 56ab387eee..df21bea9b9 100644 --- a/blocks/rss_client/config_instance_tabs.php +++ b/blocks/rss_client/config_instance_tabs.php @@ -5,9 +5,14 @@ global $USER; $tabs = $row = array(); -$script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $id)); -$row[] = new tabobject('configblock', $script, - get_string('configblock', 'block_rss_client')); + +$context = get_context_instance(CONTEXT_BLOCK, $this->instance->id); + +if (has_capability('moodle/site:manageblocks', $context)) { + $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $id)); + $row[] = new tabobject('configblock', $script, + get_string('configblock', 'block_rss_client')); +} $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'managefeeds', 'id' => $id)); $row[] = new tabobject('managefeeds', $script, diff --git a/blocks/rss_client/db/access.php b/blocks/rss_client/db/access.php new file mode 100644 index 0000000000..e5efb9ddae --- /dev/null +++ b/blocks/rss_client/db/access.php @@ -0,0 +1,94 @@ +: +// +// component_name should be the same as the directory name of the mod or block. +// +// Core moodle capabilities are defined thus: +// moodle/: +// +// Examples: mod/forum:viewpost +// block/recent_activity:view +// moodle/site:deleteuser +// +// The variable name for the capability definitions array follows the format +// $__capabilities +// +// For the core capabilities, the variable is $moodle_capabilities. + + +$block_rss_client_capabilities = array( + + 'block/rss_client:createprivatefeeds' => array( + + 'captype' => 'write', + 'contextlevel' => CONTEXT_SYSTEM, + 'legacy' => array( + 'guest' => CAP_PREVENT, + 'student' => CAP_PREVENT, + 'teacher' => CAP_ALLOW, + 'editingteacher' => CAP_ALLOW, + 'coursecreator' => CAP_ALLOW, + 'admin' => CAP_ALLOW + ) + ), + + 'block/rss_client:createsharedfeeds' => array( + + 'captype' => 'write', + 'contextlevel' => CONTEXT_SYSTEM, + 'legacy' => array( + 'guest' => CAP_PREVENT, + 'student' => CAP_PREVENT, + 'teacher' => CAP_PREVENT, + 'editingteacher' => CAP_PREVENT, + 'coursecreator' => CAP_PREVENT, + 'admin' => CAP_ALLOW + ) + ), + + 'block/rss_client:manageownfeeds' => array( + + 'captype' => 'write', + 'contextlevel' => CONTEXT_SYSTEM, + 'legacy' => array( + 'guest' => CAP_PREVENT, + 'student' => CAP_PREVENT, + 'teacher' => CAP_ALLOW, + 'editingteacher' => CAP_ALLOW, + 'coursecreator' => CAP_ALLOW, + 'admin' => CAP_ALLOW + ) + ), + + 'block/rss_client:managesharedfeeds' => array( + + 'captype' => 'write', + 'contextlevel' => CONTEXT_SYSTEM, + 'legacy' => array( + 'guest' => CAP_PREVENT, + 'student' => CAP_PREVENT, + 'teacher' => CAP_PREVENT, + 'editingteacher' => CAP_PREVENT, + 'coursecreator' => CAP_PREVENT, + 'admin' => CAP_ALLOW + ) + ) + +); + +?> \ No newline at end of file diff --git a/blocks/rss_client/db/mysql.php b/blocks/rss_client/db/mysql.php index 25b02545d7..8f28d43eae 100644 --- a/blocks/rss_client/db/mysql.php +++ b/blocks/rss_client/db/mysql.php @@ -16,7 +16,117 @@ function rss_client_upgrade($oldversion) { table_column('block_rss_client','description','description','text',10,'unsigned',''); } + + if ($oldversion < 2006091100) { + + // We need a new field to store whether an RSS feed is shared or private. + table_column('block_rss_client', '', 'shared', 'integer'); + + // Admin feeds used to be displayed to everybody (shared feeds). + $admins = get_admins(); + if (!empty($admins)) { + $count = 0; + foreach($admins as $admin) { + if (!$count) { + $adminsql = 'userid = '.$admin->id; + } else { + $adminsql .= ' OR userid = '.$admin->id; + } + $count++; + } + if ($rssfeeds = get_records_select('block_rss_client', $adminsql)) { + foreach ($rssfeeds as $rssfeed) { + $rssfeed->shared = 1; + if (!update_record('block_rss_client', $rssfeed)) { + notice('Could not set '.$rssfeed->title.' as a shared RSS feed.'); + } + } + } + } + + // Upgrade block to use the Roles System. + $block = get_record('block', 'name', 'rss_client'); + + if ($blockinstances = get_records('block_instance', 'blockid', $block->id)) { + + if (!$adminroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW)) { + notice('Default student role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { + notice('Default teacher role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + notice('Default student role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + + foreach ($blockinstances as $bi) { + $context = get_context_instance(CONTEXT_MODULE, $bi->id); + + if ($bi->pagetype == 'course-view' && $bi->pageid == SITEID) { + + // Only the admin was allowed to manage the RSS feed block + // on the site home page. + + // Since this is already the default behavior set in + // blocks/rss_client/db/access.php, we don't need to + // specifically assign the capabilities here. + + } else { + + // Who can add shared feeds? This was defined in lib/rsslib.php + // for config var block_rss_client_submitters. + switch ($CFG->block_rss_client_submitters) { + + case 0: + // SUBMITTERS_ALL_ACCOUNT_HOLDERS + + foreach ($adminroles as $adminrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id); + } + foreach ($teacherroles as $teacherrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id); + } + foreach ($studentroles as $studentrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $studentrole->id, $context->id); + } + break; + + case 1: + // SUBMITTERS_ADMIN_ONLY + + // Since this is already the default behavior set in + // blocks/rss_client/db/access.php, we don't need to + // specifically assign the capabilities here. + break; + + case 2: + // SUBMITTERS_ADMIN_AND_TEACHER + + foreach ($adminroles as $adminrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id); + } + foreach ($teacherroles as $teacherrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id); + } + foreach ($studentroles as $studentrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_PREVENT, $studentrole->id, $context->id); + } + break; + + } // End switch. + + } + } + } + } + return true; } -?> +?> \ No newline at end of file diff --git a/blocks/rss_client/db/mysql.sql b/blocks/rss_client/db/mysql.sql index f973aa45e3..fd41951d1e 100644 --- a/blocks/rss_client/db/mysql.sql +++ b/blocks/rss_client/db/mysql.sql @@ -17,6 +17,7 @@ CREATE TABLE prefix_block_rss_client ( `title` text NOT NULL default '', `preferredtitle` varchar(64) NOT NULL default '', `description` text NOT NULL default '', + `shared` int(2) NOT NULL default '0', `url` varchar(255) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM COMMENT='Remote news feed information. Contains the news feed id, the userid of the user who added the feed, the title of the feed itself and a description of the feed contents along with the url used to access the remote feed. Preferredtitle is a field for future use - intended to allow for custom titles rather than those found in the feed.'; \ No newline at end of file diff --git a/blocks/rss_client/db/postgres7.php b/blocks/rss_client/db/postgres7.php index 49afcf20f4..021f78e53b 100644 --- a/blocks/rss_client/db/postgres7.php +++ b/blocks/rss_client/db/postgres7.php @@ -18,6 +18,116 @@ function rss_client_upgrade($oldversion) { ALTER COLUMN description SET DEFAULT \'\''); } + + if ($oldversion < 2006091100) { + + // We need a new field to store whether an RSS feed is shared or private. + table_column('block_rss_client', '', 'shared', 'integer'); + + // Admin feeds used to be displayed to everybody (shared feeds). + $admins = get_admins(); + if (!empty($admins)) { + $count = 0; + foreach($admins as $admin) { + if (!$count) { + $adminsql = 'userid = '.$admin->id; + } else { + $adminsql .= ' OR userid = '.$admin->id; + } + $count++; + } + if ($rssfeeds = get_records_select('block_rss_client', $adminsql)) { + foreach ($rssfeeds as $rssfeed) { + $rssfeed->shared = 1; + if (!update_record('block_rss_client', $rssfeed)) { + notice('Could not set '.$rssfeed->title.' as a shared RSS feed.'); + } + } + } + } + + // Upgrade block to use the Roles System. + $block = get_record('block', 'name', 'rss_client'); + + if ($blockinstances = get_records('block_instance', 'blockid', $block->id)) { + + if (!$adminroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW)) { + notice('Default student role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { + notice('Default teacher role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + notice('Default student role was not found. Roles and permissions '. + 'for all your Remote RSS Feed blocks will have to be '. + 'manually set after this upgrade.'); + } + + foreach ($blockinstances as $bi) { + $context = get_context_instance(CONTEXT_MODULE, $bi->id); + + if ($bi->pagetype == 'course-view' && $bi->pageid == SITEID) { + + // Only the admin was allowed to manage the RSS feed block + // on the site home page. + + // Since this is already the default behavior set in + // blocks/rss_client/db/access.php, we don't need to + // specifically assign the capabilities here. + + } else { + + // Who can add shared feeds? This was defined in lib/rsslib.php + // for config var block_rss_client_submitters. + switch ($CFG->block_rss_client_submitters) { + + case 0: + // SUBMITTERS_ALL_ACCOUNT_HOLDERS + + foreach ($adminroles as $adminrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id); + } + foreach ($teacherroles as $teacherrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id); + } + foreach ($studentroles as $studentrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $studentrole->id, $context->id); + } + break; + + case 1: + // SUBMITTERS_ADMIN_ONLY + + // Since this is already the default behavior set in + // blocks/rss_client/db/access.php, we don't need to + // specifically assign the capabilities here. + break; + + case 2: + // SUBMITTERS_ADMIN_AND_TEACHER + + foreach ($adminroles as $adminrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id); + } + foreach ($teacherroles as $teacherrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id); + } + foreach ($studentroles as $studentrole) { + assign_capability('block/rss_client:createsharedfeeds', CAP_PREVENT, $studentrole->id, $context->id); + } + break; + + } // End switch. + + } + } + } + } + return true; } diff --git a/blocks/rss_client/db/postgres7.sql b/blocks/rss_client/db/postgres7.sql index 02347223b7..7cd0a8793e 100644 --- a/blocks/rss_client/db/postgres7.sql +++ b/blocks/rss_client/db/postgres7.sql @@ -15,5 +15,6 @@ CREATE TABLE prefix_block_rss_client ( title text NOT NULL default '', preferredtitle varchar(64) NOT NULL default '', description text NOT NULL default '', + shared INTEGER NOT NULL default '0', url varchar(255) NOT NULL default '' ); diff --git a/lib/rsslib.php b/lib/rsslib.php index 070e6a16aa..85736d7dfd 100644 --- a/lib/rsslib.php +++ b/lib/rsslib.php @@ -367,26 +367,28 @@ define('SUBMITTERS_ADMIN_AND_TEACHER', 2); /** * @param int $courseid The id of the course the user is currently viewing - * @param int $userid If present only entries added by this userid will be displayed + * @param int $userid We need this to know which feeds the user is allowed to manage * @param int $rssid If present the rss entry matching this id alone will be displayed + * as long as the user is allowed to manage this feed + * @param object $context we need the context object to check what the user is allowed to do. */ -function rss_display_feeds($courseid='', $userid='', $rssid='') { +function rss_display_feeds($courseid, $userid, $rssid='', $context) { global $db, $USER, $CFG; global $blogid; //hackish, but if there is a blogid it would be good to preserve it require_once($CFG->libdir.'/tablelib.php'); $select = ''; - - if (!isadmin()) { - $userid = $USER->id; + $managesharedfeeds = has_capability('block/rss_client:managesharedfeeds', $context); + $manageownfeeds = has_capability('block/rss_client:manageownfeeds', $context); + + if ($rssid != '') { + $select = 'id = '.$rssid.' AND '; } - - if ($userid != '' && is_numeric($userid)) { - // if a user is specified and not an admin then only show their own feeds - $select = 'userid='. $userid; - } else if ($rssid != ''){ - $select = 'id='. $rssid; + if ($managesharedfeeds) { + $select .= '(userid = '.$userid.' OR shared = 1)'; + } else if ($manageownfeeds) { + $select .= 'userid = '.$userid; } $table = new flexible_table('rss-display-feeds'); @@ -413,12 +415,13 @@ function rss_display_feeds($courseid='', $userid='', $rssid='') { $feedtitle = stripslashes_safe($feed->title); } - if ($feed->userid == $USER->id || isadmin()) { + if ( ($feed->userid == $USER->id && $manageownfeeds) + || ($feed->shared && $managesharedfeeds) ) { - $feedicons = ''. + $feedicons = ''. ''. get_string('edit').' '. - ''. ''. get_string('delete').''; } @@ -433,15 +436,14 @@ function rss_display_feeds($courseid='', $userid='', $rssid='') { } $table->print_html(); - } /** * Wrapper function for rss_get_form */ -function rss_print_form($act='none', $url='', $rssid='', $preferredtitle='', $courseid='') { - print rss_get_form($act, $url, $rssid, $preferredtitle, $courseid); +function rss_print_form($act='none', $url='', $rssid='', $preferredtitle='', $shared=0, $courseid='', $context) { + print rss_get_form($act, $url, $rssid, $preferredtitle, $shared, $courseid, $context); } @@ -450,10 +452,13 @@ function rss_print_form($act='none', $url='', $rssid='', $preferredtitle='', $co * @param string $act The current action. If "rssedit" then and "update" button is used, otherwise "add" is used. * @param string $url The url of the feed that is being updated or NULL * @param int $rssid The dataabse id of the feed that is being updated or NULL - * @param int $id The id of the course that is currently being viewed if applicable + * @param string $preferredtitle The preferred title to display for this feed + * @param int $shared Whether this feed is to be shared or not + * @param int $courseid The id of the course that is currently being viewed if applicable + * @param object $context The context that we will use to check for permissions * @return string Either the form is printed directly and nothing is returned or the form is returned as a string */ -function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $courseid='') { +function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $shared=0, $courseid='', $context) { global $USER, $CFG, $_SERVER, $blockid, $blockaction; global $blogid; //hackish, but if there is a blogid it would be good to preserve it $stredit = get_string('edit'); @@ -477,7 +482,6 @@ function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $cour $returnstring .= '" />'."\n"; $returnstring .= '
'. get_string('customtitlelabel', 'block_rss_client'); -// $returnstring .= '
'."\n"; + + if (has_capability('block/rss_client:createsharedfeeds', $context)) { + $returnstring .= '