From 41d7209c7f5905b5b47e057fb8ac8b1a89f6a9e3 Mon Sep 17 00:00:00 2001
From: toyomoyo <toyomoyo>
Date: Fri, 25 Aug 2006 08:27:27 +0000
Subject: [PATCH] some (mainly admin realated) capabilities

---
 admin/admin.php                              |  6 ++---
 admin/backup.php                             |  4 +---
 admin/calendar.php                           |  4 +---
 admin/config.php                             |  5 +----
 admin/courses.php                            | 15 +++----------
 admin/creators.php                           |  8 +++----
 admin/cron.php                               |  2 +-
 admin/dbperformance.php                      |  4 +---
 admin/delete.php                             |  4 +---
 admin/editor.php                             |  5 ++---
 admin/health.php                             |  4 +---
 admin/innodb.php                             |  4 +---
 admin/misc.php                               | 23 ++++++++++++--------
 admin/oacleanup.php                          |  7 ++----
 admin/pagelib.php                            |  2 +-
 admin/phpinfo.php                            |  4 +---
 admin/register.php                           |  4 +---
 admin/replace.php                            |  4 +---
 admin/report.php                             |  4 +---
 admin/report/courseoverview/index.php        |  4 +---
 admin/report/courseoverview/reportsgraph.php |  6 ++---
 admin/report/simpletest/index.php            |  5 +----
 admin/roles/manage.php                       |  8 -------
 admin/site.php                               |  4 +---
 admin/stickyblocks.php                       |  4 +---
 admin/timezone.php                           |  4 +---
 admin/upgradeforumread.php                   |  8 +++----
 admin/upgradelogs.php                        |  4 +---
 admin/uploaduser.php                         |  4 +---
 admin/users.php                              | 14 +++---------
 admin/utfdbmigrate.php                       |  4 +---
 course/edit.php                              |  7 +++---
 course/scales.php                            | 10 ++++-----
 lib/accesslib.php                            |  1 -
 user/edit.html                               |  8 +++----
 user/edit.php                                | 18 +++++++--------
 user/index.php                               | 21 +++++++++++-------
 37 files changed, 92 insertions(+), 155 deletions(-)

diff --git a/admin/admin.php b/admin/admin.php
index eca279916f..2bcb86cb3d 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -1,6 +1,8 @@
 <?PHP // $Id$
       // Admin-only script to assign administrative rights to users
 
+    /// this file is depreciated, assigning of admin is done in admin/roles/assign.php
+
     require_once('../config.php');
     
     define("MAX_USERS_PER_PAGE", 50);
@@ -11,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an administrator to use this page.");
-    }
+    require_capability('moodle/user:assign', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!confirm_sesskey()) {
         error(get_string('confirmsesskeybad', 'error'));
diff --git a/admin/backup.php b/admin/backup.php
index 1e757d129f..defb1c194b 100644
--- a/admin/backup.php
+++ b/admin/backup.php
@@ -7,9 +7,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only an admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         error("Site isn't defined!");
diff --git a/admin/calendar.php b/admin/calendar.php
index 625e80f089..ce929f6f35 100644
--- a/admin/calendar.php
+++ b/admin/calendar.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error('Only administrators can use this page!');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         error('Site isn\'t defined!');
diff --git a/admin/config.php b/admin/config.php
index 6a8676f1ca..6b30e86361 100644
--- a/admin/config.php
+++ b/admin/config.php
@@ -7,10 +7,7 @@
 
     if ($site = get_site()) {   // If false then this is a new installation
         require_login();
-        $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
-        if (!has_capability('moodle/site:config', $context)) {
-            error('Only the admin can use this page');
-        }
+        require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
     }
 
 /// This is to overcome the "insecure forms paradox"
diff --git a/admin/courses.php b/admin/courses.php
index 4a6816f4d0..5c4ce1903b 100644
--- a/admin/courses.php
+++ b/admin/courses.php
@@ -4,16 +4,13 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
-
     if (!$site = get_site()) {
         redirect("index.php");
     }
 
     $stradministration = get_string("administration");
     $strcourses        = get_string("courses");
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
 
     print_header("$site->shortname: $stradministration: $strcourses", "$site->fullname", 
                  "<a href=\"index.php\">$stradministration</a> -> $strcourses");
@@ -26,14 +23,8 @@
                            get_string("adminhelpcourses"));
     $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolmentplugins")."</a></b>",
                            get_string("adminhelpenrolments"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=off&amp;sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
-                           get_string("adminhelpassignstudents"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=on&amp;sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
-                           get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=\"11\" width=\"11\" alt=\"\" />");
-    $table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
-                           get_string("adminhelpassigncreators"));
-    $table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
-                           get_string("adminhelpassignadmins"));
+    $table->data[] = array('<b><a href="roles/assign.php?contextid='.$context->id.'">'.
+            get_string('assignsiteroles').'</a></b>', get_string('adminhelpassignsiteroles'));
 
     print_table($table);
 
diff --git a/admin/creators.php b/admin/creators.php
index 13f4ab3379..23388005a1 100755
--- a/admin/creators.php
+++ b/admin/creators.php
@@ -1,6 +1,8 @@
 <?PHP // $Id$
       // Admin only script to assign course creator rights to users
-
+    
+    /// this file is depreciated, assigning of course creators is done in admin/roles/assign.php
+    
     require_once('../config.php');
 
     define("MAX_USERS_PER_PAGE", 50);
@@ -11,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an administrator to use this page.");
-    }
+    require_capability('moodle/user:assign', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!confirm_sesskey()) {
         error(get_string('confirmsesskeybad', 'error'));
diff --git a/admin/cron.php b/admin/cron.php
index 92342bc1b0..59fdca826e 100644
--- a/admin/cron.php
+++ b/admin/cron.php
@@ -29,7 +29,7 @@
     require_once(dirname(__FILE__) . '/../config.php');
     require_once($CFG->dirroot.'/lib/adminlib.php');
 
-    if (!$alreadyadmin = isadmin()) {
+    if (!$alreadyadmin = has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         unset($_SESSION['USER']);
         unset($USER);
         unset($_SESSION['SESSION']);
diff --git a/admin/dbperformance.php b/admin/dbperformance.php
index abe311bbed..fee2c390dc 100644
--- a/admin/dbperformance.php
+++ b/admin/dbperformance.php
@@ -9,9 +9,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $strdatabaseperformance = get_string("databaseperformance");
     $stradministration = get_string("administration");
diff --git a/admin/delete.php b/admin/delete.php
index 0f068d52a3..ea524fd085 100644
--- a/admin/delete.php
+++ b/admin/delete.php
@@ -10,9 +10,7 @@
     $sure       = optional_param('sure', 0, PARAM_BOOL);
     $reallysure = optional_param('reallysure', 0, PARAM_BOOL);
 
-    if (!isadmin()) {
-        error('You must be admin to use this script!');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $deletedir = $CFG->dataroot;   // The directory to delete!
 
diff --git a/admin/editor.php b/admin/editor.php
index 37178058e5..0057219b70 100644
--- a/admin/editor.php
+++ b/admin/editor.php
@@ -7,9 +7,8 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+    require_capability('moodle/site:config', $context);
 
     if (($data = data_submitted()) && confirm_sesskey()) {
 
diff --git a/admin/health.php b/admin/health.php
index d5886c8f55..12843f9cfe 100644
--- a/admin/health.php
+++ b/admin/health.php
@@ -20,9 +20,7 @@
     $solution = optional_param('solution', 0, PARAM_SAFEDIR); //in fact it is class name alhanumeric and _
 
     require_login();
-    if (!isadmin()) {
-        error('Only the admin can use this page');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $site = get_site();
     $stradmin         = get_string('administration');
diff --git a/admin/innodb.php b/admin/innodb.php
index e5cd323387..ef1285fd88 100644
--- a/admin/innodb.php
+++ b/admin/innodb.php
@@ -6,9 +6,7 @@
 
    require_login();
 
-   if (!isadmin()) {
-       error('Admin only');
-   }
+   require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
    print_header("Convert all tables from MYISAM to InnoDB", "Convert all tables from MYISAM to InnoDB", 
                 "Convert all tables from MYISAM to InnoDB");
diff --git a/admin/misc.php b/admin/misc.php
index 16afcc8487..7f714d0f28 100644
--- a/admin/misc.php
+++ b/admin/misc.php
@@ -4,13 +4,11 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
-
     if (!$site = get_site()) {
         redirect("index.php");
     }
+    
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
 
     $stradministration = get_string("administration");
     $strmisc           = get_string("miscellaneous");
@@ -26,14 +24,21 @@
                            get_string("adminhelpsitefiles"));
     $table->data[] = array('<b><a href="stickyblocks.php">'.get_string('stickyblocks','admin')."</a></b>",
                            get_string('adminhelpstickyblocks'));
-    $table->data[] = array('<b><a href="report.php">'.get_string('reports')."</a></b>",
-                           get_string('adminhelpreports'));
+    
+    if (has_capability('moodle/site:viewreports', $context)) {
+        $table->data[] = array('<b><a href="report.php">'.get_string('reports')."</a></b>",
+                            get_string('adminhelpreports'));
+    }
 // to be enabled later
 /*    $table->data[] = array('<b><a href="health.php">'.get_string('healthcenter')."</a></b>",
                            get_string('adminhelphealthcenter'));*/
-    $table->data[] = array('<b><a href="environment.php">'.get_string('environment', 'admin')."</a></b>",
-                           get_string('adminhelpenvironment'));
-    if (file_exists("$CFG->dirroot/$CFG->admin/$CFG->dbtype")) {
+    
+    if (has_capability('moodle/site:config', $context)) {
+        $table->data[] = array('<b><a href="environment.php">'.get_string('environment', 'admin')."</a></b>",
+                            get_string('adminhelpenvironment'));
+    }
+    
+    if (file_exists("$CFG->dirroot/$CFG->admin/$CFG->dbtype") && has_capability('moodle/site:accessdb', $context)) {
         $table->data[] = array('<b><a href="'.$CFG->dbtype.'/frame.php">'.get_string('managedatabase')."</a></b>",
                            get_string('adminhelpmanagedatabase'));
     }
diff --git a/admin/oacleanup.php b/admin/oacleanup.php
index 6ba9634188..8938b1d6bc 100644
--- a/admin/oacleanup.php
+++ b/admin/oacleanup.php
@@ -6,11 +6,8 @@ if (!isset($CFG)) {
 
     require_login();
 
-    if (!isadmin()) {
-        error('You must be an admin to use this script');
-        exit;
-    }
-    
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
+
     print_header_simple('Online Assignment Cleanup','Online Assignment Cleanup', 'Admin');
 
     online_assignment_cleanup(true);
diff --git a/admin/pagelib.php b/admin/pagelib.php
index 2eef6fc227..3065f74107 100644
--- a/admin/pagelib.php
+++ b/admin/pagelib.php
@@ -45,7 +45,7 @@ class page_admin extends page_base {
     // seems reasonable that the only people that can edit blocks on the admin pages
     // are the admins... but maybe we want a role for this?
     function user_allowed_editing() { 
-        return isadmin();
+        return has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID));
     }
 
     // has to be fixed. i know there's a "proper" way to do this
diff --git a/admin/phpinfo.php b/admin/phpinfo.php
index a71cdee7a9..8db0fcc805 100644
--- a/admin/phpinfo.php
+++ b/admin/phpinfo.php
@@ -8,9 +8,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$topframe && !$bottomframe) {
         ?>
diff --git a/admin/register.php b/admin/register.php
index be8938c5b2..bf9ffc834d 100644
--- a/admin/register.php
+++ b/admin/register.php
@@ -5,9 +5,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect("index.php");
diff --git a/admin/replace.php b/admin/replace.php
index 7d56f4227e..35e2507140 100644
--- a/admin/replace.php
+++ b/admin/replace.php
@@ -8,9 +8,7 @@ $replace = optional_param('replace', '', PARAM_RAW);
 
 require_login();
 
-if (!isadmin()) {
-    error("Admins only");
-}
+require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
 ###################################################################
 print_header('Search and replace throughout the whole database', 'Replace text within the whole database');
diff --git a/admin/report.php b/admin/report.php
index 3ba172466d..c60f0004c9 100644
--- a/admin/report.php
+++ b/admin/report.php
@@ -3,9 +3,7 @@
 
     require_once('../config.php');
 
-    if (!isadmin()) {
-        error("You are not allowed to look at this page");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $stradmin = get_string('administration');
     $strreports = get_string('reports');
diff --git a/admin/report/courseoverview/index.php b/admin/report/courseoverview/index.php
index 66c8d249cd..3a9d17da27 100644
--- a/admin/report/courseoverview/index.php
+++ b/admin/report/courseoverview/index.php
@@ -13,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("This page is for admins only");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $course = get_site();
     stats_check_uptodate($course->id);
diff --git a/admin/report/courseoverview/reportsgraph.php b/admin/report/courseoverview/reportsgraph.php
index 1b11bfc81c..ab3c77c115 100644
--- a/admin/report/courseoverview/reportsgraph.php
+++ b/admin/report/courseoverview/reportsgraph.php
@@ -10,10 +10,8 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin to use this page");
-    }
-
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
+    
     stats_check_uptodate($course->id);
 
     $param = stats_get_parameters($time,$report,SITEID,STATS_MODE_RANKED);
diff --git a/admin/report/simpletest/index.php b/admin/report/simpletest/index.php
index a2b289210f..1895aea695 100644
--- a/admin/report/simpletest/index.php
+++ b/admin/report/simpletest/index.php
@@ -21,10 +21,7 @@ define('UNITTEST', true);
 $langfile = 'simpletest';
 
 require_login();
-if (!isadmin()) {
-    print_error('Only admins can access this page');
-}
-
+require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 // CGI arguments
 $path = optional_param('path', '', PARAM_PATH);
 $showpasses = optional_param('showpasses', false, PARAM_BOOL);
diff --git a/admin/roles/manage.php b/admin/roles/manage.php
index 88a89318f9..62c13102da 100755
--- a/admin/roles/manage.php
+++ b/admin/roles/manage.php
@@ -15,14 +15,6 @@
 
     $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
     
-//    if (!isadmin()) {
-//        error('Only admins can access this page');
-//    }
-
-//    if (!$site = get_site()) {
-//        redirect('index.php');
-//    }
-    
     $stradministration = get_string('administration');
     $strmanageroles = get_string('manageroles');
 
diff --git a/admin/site.php b/admin/site.php
index ce06de6b96..98bc9daa83 100644
--- a/admin/site.php
+++ b/admin/site.php
@@ -5,9 +5,7 @@
 
     if ($site = get_site()) {
         require_login();
-        if (!isadmin()) {
-            error("You need to be admin to edit this page");
-        }
+        require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
         $site->format = "social";   // override
     }
 
diff --git a/admin/stickyblocks.php b/admin/stickyblocks.php
index 72a1988626..b9a5b8ade7 100644
--- a/admin/stickyblocks.php
+++ b/admin/stickyblocks.php
@@ -24,9 +24,7 @@
 
     require_login();
   
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     // first thing to do is print the dropdown menu
 
diff --git a/admin/timezone.php b/admin/timezone.php
index 66084b9322..5fe530b6f7 100644
--- a/admin/timezone.php
+++ b/admin/timezone.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $strtimezone = get_string("timezone");
     $strsavechanges = get_string("savechanges");
diff --git a/admin/upgradeforumread.php b/admin/upgradeforumread.php
index 5cb199c808..67711d148e 100644
--- a/admin/upgradeforumread.php
+++ b/admin/upgradeforumread.php
@@ -7,11 +7,9 @@
     $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
     require_login();
-
-    if (!isadmin()) {
-        error("You must be an admin to use this script");
-    }
-
+    
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
+    
     if ($CFG->version < 2005042300) {
         error("This script does not work with this old version of Moodle");
     }
diff --git a/admin/upgradelogs.php b/admin/upgradelogs.php
index 5ca3d8ca91..b7d0323cfc 100644
--- a/admin/upgradelogs.php
+++ b/admin/upgradelogs.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin to use this script");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if ($CFG->version < 2004013101) {
         error("This script does not work with this old version of Moodle");
diff --git a/admin/uploaduser.php b/admin/uploaduser.php
index ffc456cc99..9e86474be6 100755
--- a/admin/uploaduser.php
+++ b/admin/uploaduser.php
@@ -12,9 +12,7 @@ $allowrenames   = optional_param('allowrenames', 0, PARAM_BOOL);
 
 require_login();
 
-if (!isadmin()) {
-    error("You must be an administrator to edit users this way.");
-}
+require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
 if (! $site = get_site()) {
     error("Could not find site-level course");
diff --git a/admin/users.php b/admin/users.php
index 60c85193a6..81b84e05f9 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -4,9 +4,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
+    require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect("index.php");
@@ -43,14 +41,8 @@
     $table->data[] = array('', '<hr />');
     $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolmentplugins")."</a></b>",
                            get_string("adminhelpenrolments"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=off&amp;sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
-                           get_string("adminhelpassignstudents"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=on&amp;sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
-                           get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=\"11\" width=\"11\" alt=\"\" />");
-    $table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
-                           get_string("adminhelpassigncreators"));
-    $table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
-                           get_string("adminhelpassignadmins"));
+    $table->data[]= array('<b><a href="roles/assign.php?contextid='.$context->id.'">'.
+            get_string('assignsiteroles').'</a></b>', get_string('adminhelpassignsiteroles'));
 
     print_table($table);
 
diff --git a/admin/utfdbmigrate.php b/admin/utfdbmigrate.php
index fa68b9efda..b58fbad97c 100755
--- a/admin/utfdbmigrate.php
+++ b/admin/utfdbmigrate.php
@@ -49,9 +49,7 @@
      * End custom lang pack handling      *
      **************************************/
 
-    if (!isadmin()) {
-        error('Only admins can access this page');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect('index.php');
diff --git a/course/edit.php b/course/edit.php
index 3b1321df4d..91b6f29001 100644
--- a/course/edit.php
+++ b/course/edit.php
@@ -130,10 +130,11 @@
                     $section->id = insert_record("course_sections", $section);
 
                     fix_course_sortorder();
-                    add_to_log(SITEID, "course", "new", "view.php?id=$newcourseid", "$form->fullname (ID $newcourseid)");
+                    add_to_log(SITEID, "course", "new", "view.php?id=$newcourseid", "$form->fullname (ID $newcourseid)")        ;
+                    $context = get_context_instance(CONTEXT_COURSE, $newcourseid);
 
-                    if (isadmin()) { // Redirect admin to add teachers
-                        redirect("teacher.php?id=$newcourseid", get_string("changessaved"));
+                    if (has_capability('moodle/role:assign', $context)) { // Redirect users with assign capability to assign users to different roles
+                        redirect($CFG->wwwroot."/admin/roles/assign.php?contextid=$context->id", get_string("changessaved"));
 
                     } else {         // Add current teacher and send to course
 
diff --git a/course/scales.php b/course/scales.php
index d3f95513d0..b23729e787 100644
--- a/course/scales.php
+++ b/course/scales.php
@@ -159,7 +159,7 @@
         }
 
         //Check for standard scales
-        if ($scale->courseid == 0 and !isadmin()) {
+        if ($scale->courseid == 0 and !has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             error("Only administrators can edit this scale",$CFG->wwwroot.'/course/scales.php?id='.$course->id);
         }
 
@@ -254,7 +254,7 @@
         }
 
         //Check for standard scales
-        if ($scale->courseid == 0 and !isadmin()) {
+        if ($scale->courseid == 0 and !has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             error("Only administrators can delete this scale",$CFG->wwwroot.'/course/scales.php?id='.$course->id);
         }
 
@@ -436,14 +436,14 @@
                 $line[] = $strstandardscale;
             }
             $buttons = "";
-            if (empty($scales_uses) && ($incustom || isadmin())) {
+            if (empty($scales_uses) && ($incustom || has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
                 $buttons .= "<a title=\"$stredit\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=edit\"><img".
                             " src=\"$CFG->pixpath/t/edit.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
-                if ($incustom && isadmin()) {
+                if ($incustom && has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                     $buttons .= "<a title=\"$strdown\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=down&amp;sesskey=$USER->sesskey\"><img".
                                 " src=\"$CFG->pixpath/t/down.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
                 }
-                if (!$incustom && isadmin()) {
+                if (!$incustom && has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                     $buttons .= "<a title=\"$strup\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=up&amp;sesskey=$USER->sesskey\"><img".
                                 " src=\"$CFG->pixpath/t/up.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
                 }
diff --git a/lib/accesslib.php b/lib/accesslib.php
index b16abb841d..270b96fab7 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -780,7 +780,6 @@ function moodle_install_roles() {
     // Should we delete the tables after we are done? Not yet.
 }
 
-
 /**
  * Assign the defaults found in this capabality definition to roles that have
  * the corresponding legacy capabilities assigned to them.
diff --git a/user/edit.html b/user/edit.html
index f83296a5e7..ce83571074 100644
--- a/user/edit.html
+++ b/user/edit.html
@@ -20,7 +20,7 @@
 <form method="post" name="form" enctype="multipart/form-data" action="edit.php">
 <table class="formtable">
 <?php
-if (isadmin()) {
+if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
     $theadmin = get_admin(); // returns false during install
     $adminself = (!empty($theadmin) and ($theadmin->id == $USER->id) and ($USER->id == $user->id));
     echo '<tr>';
@@ -275,7 +275,7 @@ if (isadmin()) {
 
 <?php
     $maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes);
-    if (!empty($CFG->gdversion) and $maxbytes and (empty($CFG->disableuserimages) or isadmin())) {
+    if (!empty($CFG->gdversion) and $maxbytes and (empty($CFG->disableuserimages) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
 ?>
 <tr>
     <th><?php print_string("currentpicture") ?>:</th>
@@ -300,7 +300,7 @@ if (isadmin()) {
     ?>
     </td>
 </tr>
-<?php } else if (empty($CFG->gdversion) and isadmin()) {  ?>
+<?php } else if (empty($CFG->gdversion) and has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {  ?>
 <tr>
     <th><?php print_string("newpicture") ?>:</th>
     <td>
@@ -356,7 +356,7 @@ if (isadmin()) {
     <?php if (isset($err["idnumber"])) formerr($err["idnumber"]); ?>
     </td>
 </tr>
-<?php if (isadmin()) {  ?>
+<?php if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {  ?>
 <tr>
     <th><?php print_string("institution") ?>:</th>
     <td><input type="text" name="institution" size="25" alt="<?php print_string("institution") ?>" maxlength="40" value="<?php p($user->institution) ?>" /> <?php p($teacheronly) ?>
diff --git a/user/edit.php b/user/edit.php
index cb92a27e61..16c38fab7a 100644
--- a/user/edit.php
+++ b/user/edit.php
@@ -36,7 +36,7 @@
     }
 
     if ($USER->id <> $user->id) {    // Current user editing someone else's profile
-        if (isadmin()) {             // Current user is an admin
+        if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Current user can update user profiles
             if ($mainadmin = get_admin()) {        
                 if ($user->id == $mainadmin->id) {  // Can't edit primary admin
                     print_error('adminprimarynoedit');
@@ -143,7 +143,7 @@
             $usernew->username = moodle_strtolower($usernew->username);
         }
 
-        if (!empty($_FILES) and !(empty($CFG->disableuserimages) or isadmin())) {
+        if (!empty($_FILES) and !(empty($CFG->disableuserimages) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
             error('Users can not update profile images!');
         }
 
@@ -151,7 +151,7 @@
         $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
 
         // override locked values
-        if (!isadmin()) {      
+        if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {      
             $fields = get_user_fieldnames();
             $authconfig = get_config( 'auth/' . $user->auth );
             foreach ($fields as $field) {
@@ -197,7 +197,7 @@
 
             $usernew->timemodified = time();
 
-            if (isadmin()) {
+            if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 if (!empty($usernew->newpassword)) {
                     $usernew->password = hash_internal_user_password($usernew->newpassword);
                     // update external passwords
@@ -354,7 +354,7 @@
     }
 
     $teacher = strtolower($course->teacher);
-    if (!isadmin()) {
+    if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         $teacheronly = '('.get_string('teacheronly', '', $teacher).')';
     } else {
         $teacheronly = '';
@@ -362,7 +362,7 @@
 
     include("edit.html");
 
-    if (!isadmin()) {      /// Lock all the locked fields using Javascript
+    if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {      /// Lock all the locked fields using Javascript
         $fields = get_user_fieldnames();
 
         echo '<script type="text/javascript">'."\n";
@@ -403,7 +403,7 @@
 function find_form_errors(&$user, &$usernew, &$err, &$um) {
     global $CFG;
 
-    if (isadmin()) {
+    if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if (empty($usernew->username)) {
             $err["username"] = get_string("missingusername");
 
@@ -433,7 +433,7 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) {
     if (over_bounce_threshold($user) && $user->email == $usernew->email) 
         $err['email'] = get_string('toomanybounces');
 
-    if (empty($usernew->description) and !isadmin())
+    if (empty($usernew->description) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))
         $err["description"] = get_string("missingdescription");
 
     if (empty($usernew->city))
@@ -457,7 +457,7 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) {
         }
     }
 
-    if (empty($err["email"]) and !isadmin()) {
+    if (empty($err["email"]) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if ($error = email_is_not_allowed($usernew->email)) {
             $err["email"] = $error;
         }
diff --git a/user/index.php b/user/index.php
index 2c082c4558..9aeb8811dd 100644
--- a/user/index.php
+++ b/user/index.php
@@ -42,6 +42,19 @@
 
     require_login($course->id);
 
+
+    if ($roles = get_roles_used_in_context($context)) {
+        foreach ($roles as $role) {
+            $options[$role->id] = $role->name;
+        }
+    } else { // no roles yet
+        if (has_capability('moodle/user:assign', $context)) {
+            redirect($CFG->wwwroot.'/admin/roles/assign.php?contextid='.$context->id);  
+        } else {
+            error ('no participants found for this course');  
+        }
+    }
+
     require_capability('moodle/course:viewparticipants', $context);
 
     if (!$course->category) {
@@ -147,14 +160,6 @@
     /*****************************************
      * drop down for swapping between roles  *
      *****************************************/
-     
-    // this needs to check capability too
-
-    if ($roles = get_roles_used_in_context($context)) {
-        foreach ($roles as $role) {
-            $options[$role->id] = $role->name;
-        }
-    }
 
     if (!$roleid) {
         if ($options) {
-- 
2.39.5