From: toyomoyo Date: Tue, 12 Sep 2006 08:56:10 +0000 (+0000) Subject: replacing iscreator() calls with capabilty X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=ae9e4c064ea8c146a473a270dd444cd873f9612c;p=moodle.git replacing iscreator() calls with capabilty --- diff --git a/backup/restore_form.html b/backup/restore_form.html index 9197809aee..7c5b0ae913 100644 --- a/backup/restore_form.html +++ b/backup/restore_form.html @@ -161,7 +161,7 @@ function selectItemInCheckboxByName(formId, checkName, checked ) { $restore_restoreto_options[0] = get_string("currentcoursedeleting"); $restore_restoreto_options[1] = get_string("currentcourseadding"); } - if (iscreator()) { + if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $restore_restoreto_options[0] = get_string("existingcoursedeleting"); $restore_restoreto_options[1] = get_string("existingcourseadding"); $restore_restoreto_options[2] = get_string("newcourse"); diff --git a/course/category.php b/course/category.php index ca3d215bc9..dee217456d 100644 --- a/course/category.php +++ b/course/category.php @@ -30,7 +30,7 @@ error("Category not known!"); } - if (iscreator()) { + if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { if ($categoryedit !== -1) { $USER->categoryediting = $categoryedit; } @@ -205,7 +205,7 @@ if ($subcategories = get_records("course_categories", "parent", $category->id, "sortorder ASC")) { $firstentry = true; foreach ($subcategories as $subcategory) { - if ($subcategory->visible or iscreator()) { + if ($subcategory->visible or has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $subcategorieswereshown = true; if ($firstentry) { echo ''; diff --git a/course/index.php b/course/index.php index 70b4283b2a..6fbd3808bc 100644 --- a/course/index.php +++ b/course/index.php @@ -63,7 +63,7 @@ if (isloggedin() and !isguest() and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Print link to request a new course print_single_button("request.php", NULL, get_string("courserequest"), "get"); } - if (iscreator()) { // Print link to create a new course + if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Print link to create a new course print_single_button("edit.php", NULL, get_string("addnewcourse"), "get"); } if (has_capability('moodle/site:approvecourse', get_context_instance(CONTEXT_SYSTEM, SITEID)) and !empty($CFG->enablecourserequests)) { diff --git a/course/loginas.php b/course/loginas.php index 623df4527a..e0ade43c1a 100644 --- a/course/loginas.php +++ b/course/loginas.php @@ -83,11 +83,11 @@ } } - if ($course->category and !isstudent($course->id, $user) and !isadmin()) { + if ($course->category and !has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id), $user) and !isadmin()) { error("This student is not in this course!"); } - if (iscreator($user)) { + if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user))) { error("You can not login as this person!"); } diff --git a/course/search.php b/course/search.php index c8be73d923..8b9132ee81 100644 --- a/course/search.php +++ b/course/search.php @@ -31,7 +31,7 @@ require_login(); } - if (iscreator()) { + if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { if ($edit !== -1) { $USER->categoryediting = $edit; // If the edit mode we are leaving has higher per page than the one we are entering, @@ -123,7 +123,7 @@ $searchform = print_course_search($search, true, "navbar"); - if (!empty($courses) && iscreator()) { + if (!empty($courses) && has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $searchform .= update_categories_search_button($search,$page,$perpage); } diff --git a/course/teacher.php b/course/teacher.php index 142ca2e759..fb228a911f 100644 --- a/course/teacher.php +++ b/course/teacher.php @@ -18,7 +18,7 @@ error("Course ID was incorrect (can't find it)"); } - if (!(isteacheredit($course->id) and iscreator()) and + if (!(isteacheredit($course->id) and has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) and !(isteacheredit($course->id) and !empty($CFG->teacherassignteachers) ) ) { error("You must be an administrator or course creator to use this page."); } diff --git a/lang/en_utf8/docs/coding.html b/lang/en_utf8/docs/coding.html index 06dbae3086..6bea20efe1 100644 --- a/lang/en_utf8/docs/coding.html +++ b/lang/en_utf8/docs/coding.html @@ -27,7 +27,7 @@ add your own if necessary.
  • Each file should include the main config.php file.
  • Each file should check that the user is authenticated correctly, - using require_login() and isadmin(), isteacher(), iscreator() or isstudent().
    • + using the correct has_capability() or required_capability() checks.
  • All access to databases should use the functions in lib/datalib.php whenever possible - this allows compatibility across a wide range of databases. You should find that almost anything is possible using these functions. If you must write SQL code then make sure it is: cross-platform; restricted to specific functions diff --git a/lib/accesslib.php b/lib/accesslib.php index e390dc47c1..516f6afb3f 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -1805,7 +1805,7 @@ function get_role_context_capability($contextid, $capability, $capabilities) { * @param $capabilityname - e.g. mod/choice:readresponses */ function get_capability_string($capabilityname) { - + // Typical capabilityname is mod/choice:readresponses $names = split('/', $capabilityname); diff --git a/lib/datalib.php b/lib/datalib.php index dcb263228e..6e7c8d23a0 100644 --- a/lib/datalib.php +++ b/lib/datalib.php @@ -502,7 +502,7 @@ function get_courses($categoryid="all", $sort="c.sortorder ASC", $fields="c.*") $sqland = "AND "; } if (!empty($USER->id)) { // May need to check they are a teacher - if (!iscreator()) { + if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')"; $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course = c.id"; } @@ -555,7 +555,7 @@ function get_courses_page($categoryid="all", $sort="c.sortorder ASC", $fields="c $sqland = "AND "; } if (!empty($USER) and !empty($USER->id)) { // May need to check they are a teacher - if (!iscreator()) { + if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')"; $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course=c.id"; } @@ -726,7 +726,7 @@ function get_categories($parent='none', $sort='sortorder ASC') { $categories = get_records('course_categories', 'parent', $parent, $sort); } if ($categories) { /// Remove unavailable categories from the list - $creator = iscreator(); + $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)); foreach ($categories as $key => $category) { if (!$category->visible) { if (!$creator) { @@ -1248,12 +1248,15 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user if (defined('MDL_PERFDB')) { global $PERF ; $PERF->dbqueries++;}; /// since we are quering the log table for lastaccess time now, can stop doing this? tables are gone - if (isstudent($courseid)) { - $db->Execute('UPDATE '. $CFG->prefix .'user_students SET timeaccess = \''. $timenow .'\' '. - 'WHERE course = \''. $courseid .'\' AND userid = \''. $userid .'\''); - } else if (isteacher($courseid, false, false)) { - $db->Execute('UPDATE '. $CFG->prefix .'user_teachers SET timeaccess = \''. $timenow .'\' '. - 'WHERE course = \''. $courseid .'\' AND userid = \''. $userid .'\''); + if (!$record = get_record('user_lastaccess', 'userid', $userid, 'courseid', $courseid)) { + $record = new object; + $record->userid = $userid; + $record->courseid = $courseid; + $record->timeaccess = $timenow; + return insert_record('user_lastaccess', $record); + } else { + $record->timeaccess = $timenow; + return update_record('user_lastaccess', $record); } } } diff --git a/lib/weblib.php b/lib/weblib.php index 0e66df55cf..27229b2ac7 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -3085,7 +3085,7 @@ function print_user($user, $course, $messageselect=false, $return=false) { if ($isteacher) { $timemidnight = usergetmidnight(time()); $output .= ''. $string->activity .'
    '; - if (!iscreator($user->id) or ($isadmin and !isadmin($user->id))) { // Includes admins + if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user->id)) or ($isadmin and !isadmin($user->id))) { // Includes admins if ($course->category and isteacheredit($course->id) and isstudent($course->id, $user->id)) { // Includes admins $output .= ''. $string->unenrol .'
    '; } diff --git a/question/editlib.php b/question/editlib.php index 962d24c371..1b2b26162e 100644 --- a/question/editlib.php +++ b/question/editlib.php @@ -106,7 +106,7 @@ function question_category_menu($courseid, $published=false) { $publish = "OR publish = '1'"; } - if (!isadmin()) { + if (!has_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $categories = get_records_select("question_categories", "course = '$courseid' $publish", 'parent, sortorder, name ASC'); } else { $categories = get_records_select("question_categories", '', 'parent, sortorder, name ASC'); diff --git a/question/import.php b/question/import.php index af8c87614f..32b18bcc1f 100644 --- a/question/import.php +++ b/question/import.php @@ -185,7 +185,7 @@ print_heading_with_help($txt->importquestions, "import", "quiz"); /// Get all the existing categories now - if (isadmin()) { // the admin can import into all categories + if (has_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // the admin can import into all categories if (!$categories = get_records_select("question_categories", "course = '{$course->id}' OR publish = '1'", "parent, sortorder, name ASC")) { error("Could not find any question categories!"); // Something is really wrong } diff --git a/question/type/rqp/types.php b/question/type/rqp/types.php index 47be8a0629..4b26ed2dd2 100644 --- a/question/type/rqp/types.php +++ b/question/type/rqp/types.php @@ -13,9 +13,7 @@ // Check user admin require_login(); - if (!isadmin()) { - error('You need to be an admin user to use this page.', $CFG->wwwroot . '/login/index.php'); - } + require_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID)); if (!$site = get_site()) { error('Site isn\'t defined!'); diff --git a/theme/chameleon/ui/chameleon.php b/theme/chameleon/ui/chameleon.php index 779c0ddc0b..5a8103416a 100644 --- a/theme/chameleon/ui/chameleon.php +++ b/theme/chameleon/ui/chameleon.php @@ -2,7 +2,7 @@ if (isset($THEME->chameleonenabled) && $THEME->chameleonenabled) { - $chameleon_isadmin = isadmin(); + $chameleon_isadmin = has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)); $chameleon_isteacher = false; if (isset($course->id)) { $chameleon_courseparam = '?id=' . $course->id; diff --git a/theme/chameleon/ui/css.php b/theme/chameleon/ui/css.php index ee73c892b0..a05c565ebb 100644 --- a/theme/chameleon/ui/css.php +++ b/theme/chameleon/ui/css.php @@ -14,7 +14,7 @@ if ($chameleon_id != 0 && !empty($CFG->allowcoursethemes) && !empty($THEME->cham if (!isteacheredit($chameleon_id)) { die('CHAMELEON_ERROR Either you are not logged in or you are not allowed to edit this theme'); } -} else if (!isadmin()) { +} else if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) { die('CHAMELEON_ERROR Either you are not logged in or you are not allowed to edit this theme'); } diff --git a/user/view.php b/user/view.php index 6c916939b2..3e9de03c35 100644 --- a/user/view.php +++ b/user/view.php @@ -336,7 +336,13 @@ echo ""; } */ - if ((isadmin() and !isadmin($user->id)) or (isteacher($course->id) and isstudent($course->id, $user->id) and ($USER->id != $user->id) and !iscreator($user->id))) { + if ((isadmin() + and !isadmin($user->id)) or + (isteacher($course->id) + and isstudent($course->id, $user->id) + and ($USER->id != $user->id) + and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID,$user->id)))) { + echo "
    • "; echo "id\" />"; echo "id\" />";