From: skodak <skodak>
Date: Tue, 5 Feb 2008 12:59:28 +0000 (+0000)
Subject: MDL-12938, MDL-12937 - unenrol fixes - can not unenrol if can not unassign all users... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=76b570d60232fa3cdd5d243b3fbaa42d453c94d1;p=moodle.git

MDL-12938, MDL-12937 - unenrol fixes - can not unenrol if can not unassign all users roles in course, do not show self unenrol if enrolment comes from parent context, fixed rturn value from get_user_roles; based on patch by Eric Merrill; merged from MOODLE_19_STABLE
---

diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php
index 92491a43cb..27f9e5372e 100644
--- a/blocks/admin/block_admin.php
+++ b/blocks/admin/block_admin.php
@@ -207,7 +207,7 @@ class block_admin extends block_list {
             if (has_capability('moodle/legacy:guest', $context, NULL, false)) {   // Are a guest now
                 $this->content->items[]='<a href="enrol.php?id='.$this->instance->pageid.'">'.get_string('enrolme', '', format_string($course->shortname)).'</a>';
                 $this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" class="icon" alt="" />';
-            } else if (has_capability('moodle/role:unassignself', $context, NULL, false)) {  // Have some role
+            } else if (has_capability('moodle/role:unassignself', $context, NULL, false) and get_user_roles($context, $USER->id, false)) {  // Have some role
                 $this->content->items[]='<a href="unenrol.php?id='.$this->instance->pageid.'">'.get_string('unenrolme', '', format_string($course->shortname)).'</a>';
                 $this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" class="icon" alt="" />';
             }
diff --git a/course/unenrol.php b/course/unenrol.php
index 640357e21e..03617c3e30 100644
--- a/course/unenrol.php
+++ b/course/unenrol.php
@@ -37,6 +37,16 @@
 
     if ($userid) {   // Unenrolling someone else
         require_capability('moodle/role:assign', $context, NULL, false);
+
+        $roles = get_user_roles($context, $userid, false);
+
+        // verify user may unassign all roles at course context
+        foreach($roles as $role) {
+            if (!user_can_assign($context, $role->roleid)) {
+                error('Can not unassign this user from role id:'.$role->roleid);
+            }
+        }
+
     } else {         // Unenrol yourself
         require_capability('moodle/role:unassignself', $context, NULL, false);
     }
diff --git a/lib/accesslib.php b/lib/accesslib.php
index 03bbbf0796..7a66344899 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -4083,15 +4083,19 @@ function get_user_roles($context, $userid=0, $checkparentcontexts=true, $order='
         $contexts = ' ra.contextid = \''.$context->id.'\'';
     }
 
-    return get_records_sql('SELECT ra.*, r.name, r.shortname
-                             FROM '.$CFG->prefix.'role_assignments ra,
-                                  '.$CFG->prefix.'role r,
-                                  '.$CFG->prefix.'context c
-                             WHERE ra.userid = '.$userid.
-                           '   AND ra.roleid = r.id
-                               AND ra.contextid = c.id
-                               AND '.$contexts . $hiddensql .
-                           ' ORDER BY '.$order);
+    if (!$return = get_records_sql('SELECT ra.*, r.name, r.shortname
+                                      FROM '.$CFG->prefix.'role_assignments ra,
+                                           '.$CFG->prefix.'role r,
+                                           '.$CFG->prefix.'context c
+                                     WHERE ra.userid = '.$userid.'
+                                           AND ra.roleid = r.id
+                                           AND ra.contextid = c.id
+                                           AND '.$contexts . $hiddensql .'
+                                  ORDER BY '.$order)) {
+        $return = array();
+    }
+
+    return $return;
 }
 
 /**
diff --git a/user/view.php b/user/view.php
index 9e98ea7590..457d1aebe7 100644
--- a/user/view.php
+++ b/user/view.php
@@ -444,19 +444,32 @@
 
     if ($course->id != SITEID && empty($course->metacourse)) {   // Mostly only useful at course level
 
-        if (($user->id == $USER->id &&                                               // Myself
-             has_capability('moodle/course:view', $coursecontext, NULL) &&           // Course participant
-             has_capability('moodle/role:unassignself', $coursecontext, NULL, false)) // Can unassign myself
-             ||
-            (has_capability('moodle/role:assign', $coursecontext, NULL) &&           // I can assign roles
-             get_user_roles($coursecontext, $user->id)) ) {                          // This user has roles
-
-            echo '<form action="../course/unenrol.php" method="get">';
-            echo "<div>";
+        $canunenrol = false;
+
+        if ($user->id == $USER->id) { // Myself
+            $canunenrol = has_capability('moodle/course:view', $coursecontext, NULL) &&              // Course participant
+                          has_capability('moodle/role:unassignself', $coursecontext, NULL, false) && // Can unassign myself
+                          get_user_roles($coursecontext, $user->id, false);                          // Must have role in course
+
+        } else if (has_capability('moodle/role:assign', $coursecontext, NULL)) { // I can assign roles
+            if ($roles = get_user_roles($coursecontext, $user->id, false)) {
+                $canunenrol = true;
+                foreach($roles as $role) {
+                    if (!user_can_assign($coursecontext, $role->roleid)) {
+                        $canunenrol = false; // I can not unassign all roles in this course :-(
+                        break;
+                    }
+                }
+            }
+        }
+
+        if ($canunenrol) {
+            echo '<form action="'.$CFG->wwwroot.'/course/unenrol.php" method="get">';
+            echo '<div>';
             echo '<input type="hidden" name="id" value="'.$course->id.'" />';
             echo '<input type="hidden" name="user" value="'.$user->id.'" />';
-            echo '<input type="submit" value="'.get_string('unenrolme', '', $course->shortname).'" />';
-            echo "</div>";
+            echo '<input type="submit" value="'.s(get_string('unenrolme', '', $course->shortname)).'" />';
+            echo '</div>';
             echo '</form>';
         }
     }
@@ -464,12 +477,12 @@
     if ($USER->id != $user->id  && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) &&
                                  ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
         echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
-        echo "<div>";
+        echo '<div>';
         echo '<input type="hidden" name="id" value="'.$course->id.'" />';
         echo '<input type="hidden" name="user" value="'.$user->id.'" />';
         echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
         echo '<input type="submit" value="'.get_string('loginas').'" />';
-        echo "</div>";
+        echo '</div>';
         echo '</form>';
     }