From: toyomoyo <toyomoyo>
Date: Thu, 7 Dec 2006 05:06:15 +0000 (+0000)
Subject: merged fix for MDL-7770, preventing users with no capability to view user profiles
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5e8e6eb399ac665f305eee8233f309ec2beaaea0;p=moodle.git

merged fix for MDL-7770, preventing users with no capability to view user profiles
---

diff --git a/user/view.php b/user/view.php
index 5ec14fd030..7db80e884c 100644
--- a/user/view.php
+++ b/user/view.php
@@ -39,7 +39,11 @@
         $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);   // Course context
     }
     $usercontext   = get_context_instance(CONTEXT_USER, $user->id);       // User context
-
+    
+    // make sure user can view this student's profile
+    if ($USER->id != $user->id && !has_capability('moodle/user:viewdetails', $coursecontext) && !has_capability('moodle/user:viewdetails', $usercontext)) {
+        error('You can not view the profile of this user');
+    }
 
     if (!empty($CFG->forceloginforprofiles)) {
         require_login();