From: dongsheng <dongsheng>
Date: Thu, 17 Apr 2008 05:42:13 +0000 (+0000)
Subject: MDL-11511, two new caps are introduced, see tracker, merged from MOODLE_19_STABLE
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=f752e2fd729b95be26a547e883d7560c672df333;p=moodle.git

MDL-11511, two new caps are introduced, see tracker, merged from MOODLE_19_STABLE
---

diff --git a/lang/en_utf8/data.php b/lang/en_utf8/data.php
index 82db936008..39eb0bc140 100644
--- a/lang/en_utf8/data.php
+++ b/lang/en_utf8/data.php
@@ -44,6 +44,8 @@ $string['csvfile'] = 'CSV file';
 $string['csvimport'] = 'CSV file import';
 $string['data:approve'] = 'Approve unapproved entries';
 $string['data:comment'] = 'Write comments';
+$string['data:deleteownentries'] = 'Delete own entries';
+$string['data:editownentries'] = 'Edit own entries';
 $string['data:managecomments'] = 'Manage comments';
 $string['data:manageentries'] = 'Manage entries';
 $string['data:managetemplates'] = 'Manage templates';
diff --git a/mod/data/db/access.php b/mod/data/db/access.php
index 71444b3e61..855ac13a61 100644
--- a/mod/data/db/access.php
+++ b/mod/data/db/access.php
@@ -165,8 +165,31 @@ $mod_data_capabilities = array(
         'legacy' => array(
             'admin' => CAP_ALLOW
         )
-    )
+    ),
+
+    'mod/data:editownentries' => array(
+        'riskbitmask' => RISK_SPAM,
+
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
 
+    'mod/data:deleteownentries' => array(
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
 );
 
 ?>
diff --git a/mod/data/edit.php b/mod/data/edit.php
index 40eb0e7a0c..9dc6117b5f 100755
--- a/mod/data/edit.php
+++ b/mod/data/edit.php
@@ -81,8 +81,14 @@
     }
 
     if ($rid) {    // So do you have access?
-        if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) {
-            print_error('noaccess','data');
+        if (!confirm_sesskey()) {
+            print_error('confirmsesskeybad', 'error');
+        }
+
+        if (data_isowner($rid)){
+            require_capability('mod/data:editownentries', $context);
+        }else{
+            require_capability('mod/data:manageentries', $context);
         }
     }
 
diff --git a/mod/data/lib.php b/mod/data/lib.php
index 804c05bef4..4692ecb08d 100755
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -954,15 +954,23 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
     /// Replacing special tags (##Edit##, ##Delete##, ##More##)
         $patterns[]='##edit##';
         $patterns[]='##delete##';
-        if (has_capability('mod/data:manageentries', $context) or data_isowner($record->id)) {
+        $isteacher = has_capability('mod/data:manageentries', $context);
+        $isowner = data_isowner($record->id);
+
+        if ($isteacher or ($isowner && has_capability('mod/data:editownentries', $context)) ) {
             $replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
                              .$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/edit.gif" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>';
+        }else{
+            $replacement[] = '';
+        }
+
+        if($isteacher or ($isowner && has_capability('mod/data:deleteownentries', $context)) ) {
             $replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
                              .$data->id.'&amp;delete='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/delete.gif" class="iconsmall" alt="'.get_string('delete').'" title="'.get_string('delete').'" /></a>';
-        } else {
-            $replacement[] = '';
+        }else{
             $replacement[] = '';
         }
+
         $patterns[]='##more##';
         $replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;rid='.$record->id.'"><img src="'.$CFG->pixpath.'/i/search.gif" class="iconsmall" alt="'.get_string('more', 'data').'" title="'.get_string('more', 'data').'" /></a>';
 
diff --git a/mod/data/version.php b/mod/data/version.php
index 5b5ec1d424..c4507d5ccf 100644
--- a/mod/data/version.php
+++ b/mod/data/version.php
@@ -5,7 +5,7 @@
 //  This fragment is called by /admin/index.php
 ////////////////////////////////////////////////////////////////////////////////
 
-$module->version  = 2007101509;
+$module->version  = 2007101510;
 $module->requires = 2007101509;  // Requires this Moodle version
 $module->cron     = 60;
 
diff --git a/mod/data/view.php b/mod/data/view.php
index 772a52058b..bd5670b488 100755
--- a/mod/data/view.php
+++ b/mod/data/view.php
@@ -305,7 +305,18 @@
 
 /// Delete any requested records
 
-    if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context) or data_isowner($delete))) {
+    if ($delete){
+
+        if (!confirm_sesskey()) {
+            print_error('confirmsesskeybad', 'error');
+        }
+
+        if(data_isowner($delete)){
+            require_capability('mod/data:deleteownentries', $context);
+        }else{
+            require_capability('mod/data:manageentries', $context);
+        }
+
         if ($confirm = optional_param('confirm',0,PARAM_INT)) {
             if ($deleterecord = get_record('data_records', 'id', $delete)) {   // Need to check this is valid
                 if ($deleterecord->dataid == $data->id) {                       // Must be from this database