From: toyomoyo <toyomoyo>
Date: Mon, 4 Sep 2006 08:45:08 +0000 (+0000)
Subject: adding caapabilities
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cc398c726294996462f2ce816c29d055eb39d8f3;p=moodle.git

adding caapabilities
---

diff --git a/admin/report/stats/index.php b/admin/report/stats/index.php
index bec2210cf2..a75fb85722 100644
--- a/admin/report/stats/index.php
+++ b/admin/report/stats/index.php
@@ -43,10 +43,8 @@
         redirect("$CFG->wwwroot/$CFG->admin/settings.php?section=stats", get_string('mustenablestats', 'admin'));
     }
 
-    if (!isteacher($course->id)) {
-        error("You need to be a teacher to use this page");
-    }
-
+    require_capability('moodle/site:viewreport', get_context_instance(CONTEXT_COURSE, $course->id));
+    
     add_to_log($course->id, "course", "report stats", "report/stats/index.php?course=$course->id", $course->id); 
 
     stats_check_uptodate($course->id);
diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php
index 34c884a0b3..7a06f3c51d 100644
--- a/blocks/admin/block_admin.php
+++ b/blocks/admin/block_admin.php
@@ -207,7 +207,7 @@ class block_admin extends block_list {
             $this->content->items[]='<a href="http://docs.moodle.org/'.$lang.'/Teacher_documentation">'.get_string('help').'</a>';
             $this->content->icons[]='<img src="'.$CFG->modpixpath.'/resource/icon.gif" alt="" />';
 
-        } else if (!isguest()) {  // Students menu
+        } else if (has_capability('moodle/course:view', $context)) {  // Students menu
 
             if ($course->showgrades) {
                 $this->content->items[]='<a href="'.$CFG->wwwroot.'/grade/index.php?id='.$this->instance->pageid.'">'.get_string('grades').'</a>';
diff --git a/blocks/course_list/block_course_list.php b/blocks/course_list/block_course_list.php
index fe8bf720b2..01ded849fd 100644
--- a/blocks/course_list/block_course_list.php
+++ b/blocks/course_list/block_course_list.php
@@ -34,7 +34,7 @@ class block_course_list extends block_list {
            }
         }
 
-        if (empty($CFG->disablemycourses) and !empty($USER->id) and !(isadmin() and $adminseesall)) {    // Just print My Courses
+        if (empty($CFG->disablemycourses) and !empty($USER->id) and !(has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) and $adminseesall)) {    // Just print My Courses
             if ($courses = get_my_courses($USER->id)) {
                 foreach ($courses as $course) {
                     if ($course->id == SITEID) {
diff --git a/blocks/online_users/block_online_users.php b/blocks/online_users/block_online_users.php
index 8807fe9463..ac53e5a2ff 100644
--- a/blocks/online_users/block_online_users.php
+++ b/blocks/online_users/block_online_users.php
@@ -56,7 +56,7 @@ class block_online_users extends block_base {
 
         if ($COURSE->id == SITEID) {  // Site-level
             $courseselect = '';
-            $timeselect = "AND (s.timeaccess > $timefrom OR u.lastaccess > $timefrom)";
+            $timeselect = "AND timeaccess > $timefrom OR u.lastaccess > $timefrom)";
         } else {
             $courseselect = "AND s.course = '".$COURSE->id."'";
             $timeselect = "AND s.timeaccess > $timefrom";
@@ -64,54 +64,26 @@ class block_online_users extends block_base {
 
         $users = array();
 
-        if ($students = get_records_sql("SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess, s.timeaccess
-                                     FROM {$CFG->prefix}user u,
-                                          {$CFG->prefix}user_students s
-                                          $groupmembers
-                                     WHERE u.id = s.userid $courseselect $groupselect $timeselect 
-                                  ORDER BY s.timeaccess DESC ".sql_paging_limit(0,20))) {
-
-            foreach ($students as $student) {
-                $student->fullname = fullname($student);
-                $users[$student->id] = $student;
+        $SQL1 = "SELECT DISTINCT userid, userid FROM {$CFG->prefix}log WHERE course=$COURSE->id AND time>$timefrom";
+        if ($records = get_records_sql($SQL1)) {
+            $possibleusers = '(';
+            foreach ($records as $record) {
+                $possibleusers .= $record->userid.',';
             }
-        }
-
-        if ($COURSE->id == SITEID && $CFG->allusersaresitestudents) {
-            if ($siteusers = get_records_sql("SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess
-                                     FROM {$CFG->prefix}user u
-                                     WHERE u.lastaccess > $timefrom AND u.username <> 'guest'
-                                  ORDER BY u.lastaccess DESC ".sql_paging_limit(0,20))) {
-                foreach ($siteusers as $siteuser) {
-                    $siteuser->fullname = fullname($siteuser);
-                    $siteuser->timeaccess = $siteuser->lastaccess;
-                    $users[$siteuser->id] = $siteuser;
+            $possibleusers = rtrim($possibleusers, ',').')';
+            $SQL2 = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess
+                    FROM {$CFG->prefix}user u
+                    $groupmembers
+                    WHERE u.id IN $possibleusers $groupselect ".sql_paging_limit(0,20);
+        
+            if ($pusers = get_records_sql($SQL2)) {
+                foreach ($pusers as $puser) {
+                    $puser->fullname = fullname($puser);
+                    $users[$puser->id] = $puser;  
                 }
-            }
-        }
-
-        $findteacherssql = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess, s.timeaccess
-                                     FROM {$CFG->prefix}user u,
-                                          {$CFG->prefix}user_teachers s
-                                          $groupmembers
-                                     WHERE u.id = s.userid $courseselect $groupselect $timeselect ";
+            }  
+        }   
         
-        // Now that we have the Roles System, how will we handle what
-        // used to be hidden teachers?
-        if (!isteacher($COURSE->id)) {
-            // Hide hidden teachers from students.
-            $findteacherssql .= 'AND s.authority > 0 ';
-        }
-        $findteacherssql .= 'ORDER BY s.timeaccess DESC';
-
-        if ($teachers = get_records_sql($findteacherssql)) {
-            foreach ($teachers as $teacher) {
-                $teacher->fullname = '<strong>'.fullname($teacher).'</strong>';
-                $users[$teacher->id] = $teacher;
-            }
-        }
-
-
         //Calculate minutes
         $minutes  = floor($timetoshowusers/60);
 
diff --git a/blocks/rss_client/block_rss_client.php b/blocks/rss_client/block_rss_client.php
index aa4603474f..b04eaca15f 100644
--- a/blocks/rss_client/block_rss_client.php
+++ b/blocks/rss_client/block_rss_client.php
@@ -90,7 +90,7 @@
         $this->courseid = SITEID;
         if ($this->instance->pagetype == PAGE_COURSE_VIEW) {
             $this->courseid = $COURSE->id;
-            $isteacher = isteacher($this->courseid);
+            $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_BLOCK, $this->instance->id));
         }
 
         //if the user is an admin, course teacher, or all users are allowed
@@ -100,6 +100,7 @@
         if (isset($USER) && !empty($USER->id) && $USER->id && !isguest()) {
             $userisloggedin = true;
         }
+        
         if ( $userisloggedin && ($submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher)) ) {
 
             $page = page_create_object($this->instance->pagetype, $this->instance->pageid);
diff --git a/blocks/rss_client/block_rss_client_action.php b/blocks/rss_client/block_rss_client_action.php
index cee89a6504..7f5430e49e 100644
--- a/blocks/rss_client/block_rss_client_action.php
+++ b/blocks/rss_client/block_rss_client_action.php
@@ -69,7 +69,15 @@ print_header($straddedit, $straddedit, $navigation);
 
 //check to make sure that the user is allowed to post new feeds
 $submitters = $CFG->block_rss_client_submitters;
-$isteacher  = empty($course) ? false : isteacher($id);
+if (empty($course)) {
+    $isteacher = false;
+} else {
+    if ($id == SITEID) {
+        $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SITE, SITEID));
+    } else {
+        $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_COURSE, $id));
+    }
+}
 
 if ( !isset($act) ) {
     rss_display_feeds($id);
@@ -84,7 +92,7 @@ if ( isset($rssid) ) {
 
 //if the user is an admin or course teacher then allow the user to
 //assign categories to other uses than personal
-if (isset($rss_record) && !( isadmin() || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || 
+if (isset($rss_record) && !( has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || 
         ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher) || 
             ( ($act == 'rssedit' || $act == 'delfeed' || $act == 'updfeed') && $USER->id == $rss_record->userid)  ) ) {
         error(get_string('noguestpost', 'forum').' You are not allowed to make modifications to this RSS feed at this time.', $referrer);
diff --git a/calendar/event.php b/calendar/event.php
index 7093c95290..9d81e95c1a 100644
--- a/calendar/event.php
+++ b/calendar/event.php
@@ -581,11 +581,10 @@ function validate_form(&$form, &$err) {
 
 function calendar_add_event_allowed($courseid, $groupid, $userid) {
     global $USER;
-
-    if(isadmin()) {
-        return true;
-    }
-    else if($courseid == 0 && $groupid == 0 && $userid == $USER->id) {
+    
+    $coursecontext = get_context_instance(CONTEXT_COURSE, $group->courseid);
+    
+    if ($courseid == 0 && $groupid == 0 && $userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
         return true;
     }
     else if($courseid == 0 && $groupid != 0) {
@@ -593,9 +592,14 @@ function calendar_add_event_allowed($courseid, $groupid, $userid) {
         if($group === false) {
             return false;
         }
-        return isteacheredit($group->courseid) || isteacher($group->courseid) && ismember($groupid);
+        $course = get_record('course', 'id', $courseid);
+        if ($course->groupmode == SEPARATE_GROUPS) {
+            return has_capability('moodle/calendar:manageentries', $context) && ismember($groupid);
+        } else {
+            return has_capability('moodle/calendar:manageentries', $context);
+        }
     }
-    else if($courseid != 0 && isteacher($courseid)) {
+    else if($courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
         return true;
     }
 
diff --git a/calendar/lib.php b/calendar/lib.php
index ecd8c6aab8..ba0c6bf31c 100644
--- a/calendar/lib.php
+++ b/calendar/lib.php
@@ -1125,7 +1125,7 @@ function calendar_set_filters(&$courses, &$group, &$user, $courseeventsfrom = NU
             foreach($groupcourses as $courseid) {
 
                 // If the user is an editing teacher in there,
-                if(!empty($USER->id) && isteacheredit($courseid, $USER->id)) {
+                if(!empty($USER->id) && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $courseid))) {
 
                     // The first time we get in here, retrieve all groupmodes at once
                     if($groupmodes === NULL) {
@@ -1163,22 +1163,28 @@ function calendar_set_filters(&$courses, &$group, &$user, $courseeventsfrom = NU
 function calendar_edit_event_allowed($event) {
     global $USER;
 
-    if(empty($USER->id) || isguest($USER->id)) {
+    $context = get_context_instance(CONTEXT_COURSE, $event->courseid);
+    
+    if(!has_capability('moodle/calendar:manageownentries', $context)) {
         return false;
     }
 
-    if (isadmin($USER->id)) return true; // Admins are allowed anything
-
-    if ($event->courseid != 0 && isteacher($event->courseid)) {
+    if ($event->courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
         return true;
-    } else if($event->courseid == 0 && $event->groupid != 0) {
+    } else if ($event->courseid == 0 && $event->groupid != 0) {
         // Group event
         $group = get_record('groups', 'id', $event->groupid);
         if($group === false) {
             return false;
         }
-        return isteacheredit($group->courseid) || isteacher($group->courseid) && ismember($event->groupid);
-    } else if($event->courseid == 0 && $event->groupid == 0 && $event->userid == $USER->id) {
+        $course = get_record('course', 'id', $event->courseid);
+        
+        if ($course->groupmode == SEPARATE_GROUPS) {
+            return has_capability('moodle/calendar:manageownentries', $context) && ismember($event->groupid);
+        } else {
+            return has_capability('moodle/calendar:manageownentries', $context);
+        }
+    } else if ($event->courseid == 0 && $event->groupid == 0 && $event->userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
         // User event, owned by this user
         return true;
     }