From 217a8ee95062b13df9ee70bffaddd246ee469bcb Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Fri, 16 Feb 2007 07:57:19 +0000 Subject: [PATCH] made some changes so that if a user has any roles assigned in context_module or context_block with moodle/site:manageblocks or moodle/course:manageactivities, he will see the "turn editting on" button without needing to have a role assigned at context_course with moodle/course:manageactivies capability. Of course this user would not be able to edit any blocks or modules he/she is not supposed to edit. Ajax for these users with partial editing privilages are locked. Please report bugs asap as we are looking at backporting this change to 1.8. Cheers. --- blocks/moodleblock.class.php | 2 +- course/format/lams/format.php | 6 +-- course/format/topics/format.php | 6 +-- course/format/weeks/format.php | 6 +-- course/format/weekscss/format.php | 6 +-- course/lib.php | 89 ++++++++++++++++++------------- course/mod.php | 4 +- course/modedit.php | 17 ++++-- course/view.php | 4 +- lib/blocklib.php | 3 +- lib/moodlelib.php | 24 ++++++++- lib/pagelib.php | 22 +++++++- lib/weblib.php | 22 +++++++- 13 files changed, 149 insertions(+), 62 deletions(-) diff --git a/blocks/moodleblock.class.php b/blocks/moodleblock.class.php index f0550b6622..9cfa7ae006 100644 --- a/blocks/moodleblock.class.php +++ b/blocks/moodleblock.class.php @@ -305,7 +305,7 @@ class block_base { // context for site or course, i.e. participant list etc // check to see if user can edit site or course blocks. // blocks can appear on other pages such as mod and blog pages... - + switch ($this->instance->pagetype) { case 'course-view': if (!has_capability('moodle/site:manageblocks', $blockcontext)) { diff --git a/course/format/lams/format.php b/course/format/lams/format.php index 2741bbea3e..3fb6f646e9 100644 --- a/course/format/lams/format.php +++ b/course/format/lams/format.php @@ -108,7 +108,7 @@ if ($thissection->summary or $thissection->sequence or isediting($course->id)) { $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ''.$streditsummary.'

'; @@ -263,7 +263,7 @@ while ($section <= $course->numsections) { $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ' '. ''.$streditsummary.'

'; } @@ -287,7 +287,7 @@ while ($section <= $course->numsections) { ''.$strshowonlytopic.'
'; } - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { if ($course->marker == $section) { // Show the "light globe" on/off echo ''. ''.$strmarkedthistopic.'
'; diff --git a/course/format/topics/format.php b/course/format/topics/format.php index 91e1681ff8..0dd18f0cb6 100644 --- a/course/format/topics/format.php +++ b/course/format/topics/format.php @@ -131,7 +131,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ''.$streditsummary.'

'; @@ -213,7 +213,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ' '. ''.$streditsummary.'

'; } @@ -237,7 +237,7 @@ ''.$strshowonlytopic.'
'; } - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { if ($course->marker == $section) { // Show the "light globe" on/off echo ''. ''.$strmarkedthistopic.'
'; diff --git a/course/format/weeks/format.php b/course/format/weeks/format.php index 42dc88b393..76598b64b5 100644 --- a/course/format/weeks/format.php +++ b/course/format/weeks/format.php @@ -123,7 +123,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ''.$streditsummary.'

'; @@ -226,7 +226,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ' '. ''.$streditsummary.'

'; } @@ -251,7 +251,7 @@ ''.$strshowonlyweek.'
'; } - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { if ($thissection->visible) { // Show the hide/show eye echo ''. ''.$strweekhide.'
'; diff --git a/course/format/weekscss/format.php b/course/format/weekscss/format.php index d4fe8548a9..70e8efd7ff 100644 --- a/course/format/weekscss/format.php +++ b/course/format/weekscss/format.php @@ -124,7 +124,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo '

'.$streditsummary.'

'; @@ -212,7 +212,7 @@ ''.$strshowonlyweek.'
'; } - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { if ($thissection->visible) { // Show the hide/show eye echo ''. ''.$strweekhide.'
'; @@ -243,7 +243,7 @@ $summaryformatoptions->noclean = true; echo format_text($thissection->summary, FORMAT_HTML, $summaryformatoptions); - if (isediting($course->id)) { + if (isediting($course->id) && has_capability('moodle/course:update', $course->id)) { echo ' '. ''.$streditsummary.'

'; } diff --git a/course/lib.php b/course/lib.php index d4144d76dd..2f0b637317 100644 --- a/course/lib.php +++ b/course/lib.php @@ -1452,6 +1452,11 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false, function print_section_add_menus($course, $section, $modnames, $vertical=false, $return=false) { global $CFG; + // check to see if user can add menus + if (!has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $course->id))) { + return false; + } + static $resources = false; static $activities = false; @@ -2200,6 +2205,12 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=- static $str; static $sesskey; + $modcontext = get_context_instance(CONTEXT_MODULE, $mod->id); + // no permission to edit + if (!has_capability('moodle/course:manageactivities', $modcontext)) { + return false; + } + if (!isset($str)) { $str->delete = get_string("delete"); $str->move = get_string("move"); @@ -2231,16 +2242,18 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=- $path = '.'; } - if ($mod->visible) { - $hideshow = ''."\n"; - } else { - $hideshow = ''."\n"; + if (has_capability('moodle/course:activityvisibility', $modcontext)) { + if ($mod->visible) { + $hideshow = ''."\n"; + } else { + $hideshow = ''."\n"; + } } if ($mod->groupmode !== false) { if ($mod->groupmode == SEPARATEGROUPS) { @@ -2271,35 +2284,39 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=- } else { $groupmode = ""; } - - if ($moveselect) { - $move = ''."\n"; - } else { - $move = ''."\n". - ''."\n"; + + if (has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $mod->course))) { + if ($moveselect) { + $move = ''."\n"; + } else { + $move = ''."\n". + ''."\n"; + } } $leftright = ""; - if ($indent > 0) { - $leftright .= ''."\n"; - } - if ($indent >= 0) { - $leftright .= ''."\n"; + if (has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $mod->course))) { + if ($indent > 0) { + $leftright .= ''."\n"; + } + if ($indent >= 0) { + $leftright .= ''."\n"; + } } return ''."\n".$leftright.$move. diff --git a/course/mod.php b/course/mod.php index 07363f8e90..be25298f18 100644 --- a/course/mod.php +++ b/course/mod.php @@ -326,7 +326,7 @@ } require_login($cm->course); // needed to setup proper $COURSE - $context = get_context_instance(CONTEXT_COURSE, $cm->course); + $context = get_context_instance(CONTEXT_MODULE, $cm->id); require_capability('moodle/course:activityvisibility', $context); set_coursemodule_visible($cm->id, 0); @@ -379,7 +379,7 @@ } require_login($cm->course); // needed to setup proper $COURSE - $context = get_context_instance(CONTEXT_COURSE, $cm->course); + $context = get_context_instance(CONTEXT_MODULE, $cm->id); require_capability('moodle/course:manageactivities', $context); set_coursemodule_groupmode($cm->id, $groupmode); diff --git a/course/modedit.php b/course/modedit.php index 493c438031..7c7c07bc15 100644 --- a/course/modedit.php +++ b/course/modedit.php @@ -75,7 +75,7 @@ } require_login($course->id); // needed to setup proper $COURSE - $context = get_context_instance(CONTEXT_COURSE, $course->id); + $context = get_context_instance(CONTEXT_MODULE, $cm->id); require_capability('moodle/course:manageactivities', $context); if (! $module = get_record("modules", "id", $cm->module)) { @@ -167,7 +167,12 @@ } require_login($course->id); // needed to setup proper $COURSE - $context = get_context_instance(CONTEXT_COURSE, $course->id); + + if (!empty($fromform->coursemodule)) { + $context = get_context_instance(CONTEXT_MODULE, $fromform->coursemodule); + } else { + $context = get_context_instance(CONTEXT_COURSE, $course->id); + } require_capability('moodle/course:manageactivities', $context); $fromform->course = $course->id; @@ -274,9 +279,13 @@ exit; } else { - $context = get_context_instance(CONTEXT_COURSE, $course->id); + if (!empty($cm->id)) { + $context = get_context_instance(CONTEXT_MODULE, $cm->id); + } else { + $context = get_context_instance(CONTEXT_COURSE, $course->id); + } require_capability('moodle/course:manageactivities', $context); - + $streditinga = get_string("editinga", "moodle", $fullmodulename); $strmodulenameplural = get_string("modulenameplural", $module->name); diff --git a/course/view.php b/course/view.php index f342fb3345..a59e264348 100644 --- a/course/view.php +++ b/course/view.php @@ -130,7 +130,7 @@ if ($USER->editing && !empty($USER->ajax) && !empty($CFG->enableajax) && $CFG->ajaxcapable) { - if (ajaxenabled()) { + if (ajaxenabled() && has_capability('moodle/course:manageactivities', $context)) { require_js(array('yui_yahoo', 'yui_dom', @@ -203,7 +203,7 @@ // Use AJAX? - if ($CFG->useajax) { + if ($CFG->useajax && has_capability('moodle/course:manageactivities', $context)) { // At the bottom because we want to process sections and activities // after the relevant html has been generated. We're forced to do this // because of the way in which lib/ajax/ajaxcourse.js is written. diff --git a/lib/blocklib.php b/lib/blocklib.php index 729a86fb9d..0cca837c3e 100644 --- a/lib/blocklib.php +++ b/lib/blocklib.php @@ -269,7 +269,6 @@ function blocks_print_group(&$page, &$pageblocks, $position) { } $isediting = $page->user_is_editing(); - foreach($pageblocks[$position] as $instance) { // $instance may have ->rec and ->obj @@ -337,7 +336,7 @@ function blocks_print_group(&$page, &$pageblocks, $position) { } // End foreach - if ($page->blocks_default_position() == $position && $page->user_is_editing()) { + if ($page->blocks_default_position() == $position && $page->user_is_editing() && has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_COURSE, $COURSE->id))) { blocks_print_adminblock($page, $pageblocks); } } diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 345b476a90..8d977e20c2 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2202,7 +2202,29 @@ function isediting($courseid, $user=NULL) { if (empty($user->editing)) { return false; } - return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))); + + $capcheck = false; + $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); + + if (has_capability('moodle/course:manageactivities', $coursecontext) || + has_capability('moodle/site:manageblocks', $coursecontext)) { + $capcheck = true; + } else { + // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks + if ($children = get_child_contexts($coursecontext)) { + foreach ($children as $child) { + $childcontext = get_record('context', 'id', $child); + if (has_capability('moodle/course:manageactivities', $childcontext) || + has_capability('moodle/site:manageblocks', $childcontext)) { + $capcheck = true; + break; + } + } + } + } + + return ($user->editing && $capcheck); + //return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))); } /** diff --git a/lib/pagelib.php b/lib/pagelib.php index 69cdccfe2e..671c7579ac 100644 --- a/lib/pagelib.php +++ b/lib/pagelib.php @@ -350,7 +350,27 @@ class page_course extends page_base { if (has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM)) && defined('ADMIN_STICKYBLOCKS')) { return true; } - return has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $this->id)); + + $coursecontext = get_context_instance(CONTEXT_COURSE, $this->id); + $capcheck = false; + if (has_capability('moodle/course:manageactivities', $coursecontext) || + has_capability('moodle/site:manageblocks', $coursecontext)) { + $capcheck = true; + } else { + // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks + if ($children = get_child_contexts($coursecontext)) { + foreach ($children as $child) { + $childcontext = get_record('context', 'id', $child); + if (has_capability('moodle/course:manageactivities', $childcontext) || + has_capability('moodle/site:manageblocks', $childcontext)) { + $capcheck = true; + break; + } + } + } + } + + return $capcheck; } // Is the user actually editing this course page or "sticky page" right now? diff --git a/lib/weblib.php b/lib/weblib.php index 9f288fb539..d5d330084c 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -3767,7 +3767,27 @@ function update_course_icon($courseid) { global $CFG, $USER; - if (has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); + + if (has_capability('moodle/course:manageactivities', $coursecontext) || + has_capability('moodle/site:manageblocks', $coursecontext)) { + $capcheck = true; + } else { + // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks + if ($children = get_child_contexts($coursecontext)) { + foreach ($children as $child) { + $childcontext = get_record('context', 'id', $child); + if (has_capability('moodle/course:manageactivities', $childcontext) || + has_capability('moodle/site:manageblocks', $childcontext)) { + $capcheck = true; + break; + } + } + } + } + + + if ($capcheck) { if (!empty($USER->editing)) { $string = get_string('turneditingoff'); $edit = '0'; -- 2.39.5