From: toyomoyo Date: Wed, 6 Sep 2006 08:55:23 +0000 (+0000) Subject: adding capabilities X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d02eededf72b32a0762c5122069822dba470531b;p=moodle.git adding capabilities --- diff --git a/course/grades.php b/course/grades.php index 9b84b06c18..4509bcccee 100644 --- a/course/grades.php +++ b/course/grades.php @@ -14,9 +14,7 @@ error("Course ID was incorrect"); } - if (!isteacher($course->id)) { - error("Only teachers can use this page!"); - } + require_capability('moodle/course:viewcoursegrades', get_context_instance(CONTEXT_COURSE, $id)); $strgrades = get_string("grades"); $strgrade = get_string("grade"); diff --git a/course/report/log/lib.php b/course/report/log/lib.php index 90952c679f..3a984c0eb3 100644 --- a/course/report/log/lib.php +++ b/course/report/log/lib.php @@ -11,10 +11,10 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today' $showcourses = 1; } + $context = get_context_instance(CONTEXT_COURSE, $course->id); + /// Setup for group handling. - $isteacher = isteacher($course->id); - $isteacheredit = isteacheredit($course->id); - if ($course->groupmode == SEPARATEGROUPS and !$isteacheredit) { + if ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { $selectedgroup = get_current_group($course->id); $showgroups = false; } @@ -47,7 +47,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today' if ($showusers) { if ($courseusers) { foreach ($courseusers as $courseuser) { - $users[$courseuser->id] = fullname($courseuser, $isteacher); + $users[$courseuser->id] = fullname($courseuser, has_capability('moodle/site:viewfullnames', $context)); } } if ($guest = get_guest()) { diff --git a/grade/lib.php b/grade/lib.php index 5ff0fa809c..c8a2200848 100644 --- a/grade/lib.php +++ b/grade/lib.php @@ -1003,7 +1003,7 @@ function grade_get_preferences($courseid) { // Construct some other ones about which fields are shown - $isteacher = isteacher($courseid); + $isteacher = has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $courseid)); $preferences->show_weighted = (($preferences->display_weighted > 0 && $isteacher) || ($preferences->display_weighted > 1 && !$isteacher)); @@ -1063,7 +1063,7 @@ function grade_set_preferences($course, $newprefs) { function grade_preferences_menu($action, $course, $group=0) { - if (!isteacher($course->id)) { + has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $courseid)) { return; } @@ -1133,7 +1133,7 @@ function grade_nav($course, $action='grades') { $strgrades = get_string('grades', 'grades'); $gradenav = "wwwroot/course/view.php?id=$course->id\">$course->shortname"; - if (isteacher($course->id)) { + if (has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $course->id))) { switch ($action) { case 'prefs': case 'set_grade_preferences': diff --git a/lib/moodlelib.php b/lib/moodlelib.php index a6b3b85065..6d6c32f067 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -1535,7 +1535,7 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) { // Next, check if the user can be in a particular course if ($courseid) { if ($courseid == SITEID) { // Anyone can be in the site course - if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page + if (isset($cm) and !$cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Not allowed to see module, send to course page redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); } return; @@ -1552,12 +1552,12 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) { if (has_capability('moodle/course:view', $context)) { if (isset($USER->realuser)) { // Make sure the REAL person can also access this course - if (!isteacher($courseid, $USER->realuser)) { + if (!has_capability('moodle/course:view', $context, $USER->realuser)) { print_header(); notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); } } - if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page + if (isset($cm) and !$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $context)) { // Not allowed to see module, send to course page redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); } return; // user is a member of this course. @@ -1950,7 +1950,7 @@ function isediting($courseid, $user=NULL) { if (empty($user->editing)) { return false; } - return ($user->editing and isteacher($courseid, $user->id)); + return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))); } /** @@ -2972,7 +2972,7 @@ function get_current_group($courseid, $full=false) { global $SESSION, $USER; if (!isset($SESSION->currentgroup[$courseid])) { - if (empty($USER->groupmember[$courseid]) or isteacheredit($courseid)) { + if (empty($USER->groupmember[$courseid]) or has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $courseid))) { return 0; } else { @@ -3016,7 +3016,7 @@ function get_and_set_current_group($course, $groupmode, $groupid=-1) { if ($groupid) { // Try to change the current group to this groupid if ($group = get_record('groups', 'id', $groupid, 'courseid', $course->id)) { // Exists - if (isteacheredit($course->id)) { // Sets current default group + if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Sets current default group $currentgroupid = set_current_group($course->id, $group->id); } else if ($groupmode == VISIBLEGROUPS) { @@ -3037,7 +3037,7 @@ function get_and_set_current_group($course, $groupmode, $groupid=-1) { } } else { // When groupid = 0 it means show ALL groups //this is changed, non editting teacher needs access to group 0 as well, for viewing work in visible groups (need to set current group for multiple pages) - if (isteacheredit($course->id) OR (isteacher($course->id) AND ($groupmode == VISIBLEGROUPS))) { // Sets current default group + if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)) AND ($groupmode == VISIBLEGROUPS)) { // Sets current default group $currentgroupid = set_current_group($course->id, 0); } else if ($groupmode == VISIBLEGROUPS) { // All groups are visible @@ -3075,7 +3075,7 @@ function setup_and_print_groups($course, $groupmode, $urlroot) { return false; } - if ($groupmode == SEPARATEGROUPS and !isteacheredit($course->id) and !$currentgroup) { + if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)) and !$currentgroup) { //we are in separate groups and the current group is group 0, as last set. //this can mean that either, this guy has no group //or, this guy just came from a visible all forum, and he left when he set his current group to 0 (show all) @@ -3092,7 +3092,7 @@ function setup_and_print_groups($course, $groupmode, $urlroot) { } } - if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) { + if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) { if ($groups = get_records_menu('groups', 'courseid', $course->id, 'name ASC', 'id,name')) { echo '
'; print_group_menu($groups, $groupmode, $currentgroup, $urlroot); @@ -3100,7 +3100,7 @@ function setup_and_print_groups($course, $groupmode, $urlroot) { } }//added code here to allow non-editting teacher to swap in-between his own groups //added code for students in separategrous to swtich groups - else if ($groupmode == SEPARATEGROUPS and (isteacher($course->id) or isstudent($course->id))) { + else if ($groupmode == SEPARATEGROUPS and has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id))) { $validgroups = array(); //get all the groups this guy is in in this course if ($p = user_group($course->id,$USER->id)){ diff --git a/mod/glossary/view.php b/mod/glossary/view.php index 165a3ec526..5d9e2c5dc7 100644 --- a/mod/glossary/view.php +++ b/mod/glossary/view.php @@ -361,7 +361,7 @@ $user = get_record("user","id",$entry->uid); print_user_picture($user->id, $course->id, $user->picture); - $pivottoshow = fullname($user, isteacher($course->id));; + $pivottoshow = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id))); } else { echo ''; } diff --git a/mod/resource/lib.php b/mod/resource/lib.php index 071209f414..3a5d81abcc 100644 --- a/mod/resource/lib.php +++ b/mod/resource/lib.php @@ -112,7 +112,7 @@ function resource_base($cmid=0) { $this->navigation = "framename}\" href=\"index.php?id={$this->course->id}\">$this->strresources ->"; } - if (!$this->cm->visible and !isteacher($this->course->id)) { + if (!$this->cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $this->cm->id))) { $pagetitle = strip_tags($this->course->shortname.': '.$this->strresource); print_header($pagetitle, $this->course->fullname, "$this->navigation $this->strresource", "", "", true, '', navmenu($this->course, $this->cm)); notice(get_string("activityiscurrentlyhidden"), "$CFG->wwwroot/course/view.php?id={$this->course->id}"); diff --git a/question/export.php b/question/export.php index a6893390cb..7ff74b57a8 100644 --- a/question/export.php +++ b/question/export.php @@ -40,10 +40,9 @@ } require_login($course->id, false); - - if (!isteacher($course->id)) { - error( get_string('onlyteachersexport','quiz') ); - } + + $context = get_context_instance(CONTEXT_COURSE, $course->id); + require_capability('moodle/question:export', $context); // ensure the files area exists for this course make_upload_directory( "$course->id" ); @@ -59,7 +58,7 @@ /// Header: if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) { - $strupdatemodule = isteacheredit($course->id) + $strupdatemodule = has_capability('moodle/course:manageactivities', $context) ? update_module_button($SESSION->modform->cmid, $course->id, get_string('modulename', 'quiz')) : ""; print_header_simple($strexportquestions, '', diff --git a/question/preview.php b/question/preview.php index 2dd1ec534e..f8e628acba 100644 --- a/question/preview.php +++ b/question/preview.php @@ -41,6 +41,7 @@ require_login(); + // this might break things in the future if (!isteacherinanycourse()) { error('This page is for teachers only'); } @@ -81,7 +82,7 @@ error("This question doesn't belong to a valid category!"); } - if (!isteacher($category->course) and !$category->publish) { + if (!has_capability('moodle/question:manage', get_context_instance(CONTEXT_COURSE, $category->course)) and !$category->publish) { error("You can't preview these questions!"); } $quiz->course = $category->course; diff --git a/rss/file.php b/rss/file.php index ae0a81b405..c1a01ee65b 100644 --- a/rss/file.php +++ b/rss/file.php @@ -70,18 +70,18 @@ rss_not_found(); } - $isstudent = isstudent($courseid,$userid); - $isteacher = isteacher($courseid,$userid); - + $context = get_context_instance(CONTEXT_MODULE, $cm->id); + $isuser = has_capability('moodle/course:view', $context, $userid); + //Check for "security" if !course->guest or course->password if ($course->id != SITEID) { - if ((!$course->guest || $course->password) && (!($isstudent || $isteacher))) { + if ((!$course->guest || $course->password) && (!$isuser)) { rss_not_found(); } } //Check for "security" if the course is hidden or the activity is hidden - if (!$isblog and (!$course->visible || !$cm->visible) && (!$isteacher)) { + if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) { rss_not_found(); } diff --git a/user/edit.php b/user/edit.php index 89fd7cd6f8..da6499eb5e 100644 --- a/user/edit.php +++ b/user/edit.php @@ -304,7 +304,7 @@ if ($newaccount) { $userfullname = $strnewuser; } else { - $userfullname = fullname($user, isteacher($course->id)); + $userfullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id))); } if ($course->category) { print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile", diff --git a/user/index.php b/user/index.php index 8c9334f21f..16f15484fa 100644 --- a/user/index.php +++ b/user/index.php @@ -58,7 +58,7 @@ require_capability('moodle/course:viewparticipants', $context); if (!$course->category) { - if (!$CFG->showsiteparticipantslist and !isteacher(SITEID)) { + if (!$CFG->showsiteparticipantslist and !has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_SYSTEM, SITEID))) { print_header("$course->shortname: ".get_string('participants'), $course->fullname, get_string('participants'), "", "", true, " ", navmenu($course)); notice(get_string('sitepartlist0')); @@ -110,7 +110,7 @@ } $isseparategroups = ($course->groupmode == SEPARATEGROUPS and $course->groupmodeforce and - !isteacheredit($course->id)); + !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))); if ($isseparategroups and (!$currentgroup) ) { //XXX print_heading(get_string("notingroup", "forum")); @@ -195,7 +195,7 @@ popup_form($CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&roleid='.$roleid.'&id=',$my_course,'courseform',$course->id); echo ''; - if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) { + if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) { if ($groups = get_records_menu("groups", "courseid", $course->id, "name ASC", "id,name")) { echo ''; print_group_menu($groups, $groupmode, $currentgroup, $baseurl); @@ -257,14 +257,14 @@ echo popup_form($baseurl.'&mode=', $formatmenu, 'formatmenu', $fullmode, '', '', '', true); echo ''; - if ($currentgroup and (!$isseparategroups or isteacheredit($course->id))) { /// Display info about the group + if ($currentgroup and (!$isseparategroups or has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) { /// Display info about the group if ($group = get_record('groups', 'id', $currentgroup)) { if (!empty($group->description) or (!empty($group->picture) and empty($group->hidepicture))) { echo '
'; print_group_picture($group, $course->id, true, false, false); echo ''; echo '

'.$group->name; - if (isteacheredit($course->id)) { + if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) { echo ' '; echo ''; echo ''; @@ -431,7 +431,7 @@ function checkchecked(form) { $a->count = $totalcount; $a->items = $currentrole->name; echo '

'.get_string('counteditems', '', $a); - if (isteacheredit($course->id)) { + if (user_can_assign($context, $roleid)) { echo ' '; echo ''; } diff --git a/user/tabs.php b/user/tabs.php index 24a496bc0d..0299c007e8 100644 --- a/user/tabs.php +++ b/user/tabs.php @@ -85,7 +85,7 @@ if (isset($userid)) { $user = get_record('user','id', $userid); } - print_heading(fullname($user, isteacher($course->id))); + print_heading(fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)))); $toprow[] = new tabobject('profile', $CFG->wwwroot.'/user/view.php?id='.$user->id.'&course='.$course->id, get_string('profile')); diff --git a/user/view.php b/user/view.php index d25ce02dfa..6c916939b2 100644 --- a/user/view.php +++ b/user/view.php @@ -45,7 +45,7 @@ } } - $fullname = fullname($user, isteacher($course->id)); + $fullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id))); $personalprofile = get_string("personalprofile"); $participants = get_string("participants"); @@ -55,7 +55,7 @@ $currentuser = ($user->id == $USER->id); } - if (groupmode($course) == SEPARATEGROUPS and !isteacheredit($course->id)) { // Groups must be kept separate + if (groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Groups must be kept separate require_login(); ///this is changed because of mygroupid @@ -106,7 +106,7 @@ if ($course->category and ! isguest() ) { // Need to have access to a course to see that info - if (!isstudent($course->id, $user->id) && !isteacher($course->id, $user->id)) { + if (!has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id))) { print_heading(get_string("notenrolled", "", $fullname)); print_footer($course); die; @@ -117,8 +117,8 @@ print_heading(get_string("userdeleted")); } -/// Get the hidden field list - if (isteacher($course->id) || isadmin()) { +/// Get the hidden field list (user must have update capability to see hidden files?) + if (has_capability('moodle/user:update', get_context_instance(CONTEXT_COURSE, $course->id))) { $hiddenfields = array(); // teachers and admins are allowed to see everything } else { $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields)); @@ -165,7 +165,7 @@ print_row(get_string("location").":", $location); } - if (isteacher($course->id)) { + if (has_capability('moodle/user:update', get_context_instance(CONTEXT_COURSE, $course->id))) { if ($user->address) { print_row(get_string("address").":", "$user->address"); } @@ -279,7 +279,7 @@ /// Printing groups $isseparategroups = ($course->groupmode == SEPARATEGROUPS and $course->groupmodeforce and - !isteacheredit($course->id)); + !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))); if (!$isseparategroups){ if ($usergroups = user_group($course->id, $user->id)){ $groupstr = '';