From 5e992f564b7d0a4b9dde3e4aec66b3e9725d546f Mon Sep 17 00:00:00 2001 From: skodak Date: Wed, 14 Mar 2007 21:42:38 +0000 Subject: [PATCH] MDL-8867 Add setting to define role that is assigned to creators in new courses MDL-8868 Set only minimal permissions for creator role + improved accesslib to handle changes of context levels in capability definitions merged from MOODLE_18_STABLE --- admin/settings/users.php | 10 ++++++++++ course/edit.php | 19 +++++++++---------- lang/en_utf8/admin.php | 2 ++ lib/accesslib.php | 16 ++++++++++++++-- lib/db/access.php | 19 +------------------ 5 files changed, 36 insertions(+), 30 deletions(-) diff --git a/admin/settings/users.php b/admin/settings/users.php index 5d3fcfbbba..89019cbd0b 100644 --- a/admin/settings/users.php +++ b/admin/settings/users.php @@ -43,6 +43,14 @@ if ($userroles = get_roles_with_capability('moodle/legacy:user', CAP_ALLOW)) { } else { $userrole->id = 0; } +if (empty($CFG->creatornewroleid)) { + if ($teacherroles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW, $context)) { + $teachereditrole = array_shift($teacherroles); + set_config('creatornewroleid', $teachereditrole->id); + } else { + set_config('creatornewroleid', 0); + } +} // we must not use assignable roles here: // 1/ unsetting roles as assignable for admin might bork the settings! // 2/ default user role should not be assignable anyway @@ -61,6 +69,8 @@ $temp->add(new admin_setting_configselect('defaultuserroleid', get_string('defau get_string('configdefaultuserroleid', 'admin'), $userrole->id, $allroles)); $temp->add(new admin_setting_configselect('defaultcourseroleid', get_string('defaultcourseroleid', 'admin'), get_string('configdefaultcourseroleid', 'admin'), $studentrole->id, $allroles)); +$temp->add(new admin_setting_configselect('creatornewroleid', get_string('creatornewroleid', 'admin'), + get_string('configcreatornewroleid', 'admin'), $CFG->creatornewroleid, $allroles)); $temp->add(new admin_setting_configcheckbox('autologinguests', get_string('autologinguests', 'admin'), get_string('configautologinguests', 'admin'), 0)); diff --git a/course/edit.php b/course/edit.php index 771003d75b..98b31adea1 100644 --- a/course/edit.php +++ b/course/edit.php @@ -165,20 +165,19 @@ function create_course($data) { add_to_log(SITEID, "course", "new", "view.php?id=$course->id", "$data->fullname (ID $course->id)") ; $context = get_context_instance(CONTEXT_COURSE, $course->id); - if ($data->metacourse and has_capability('moodle/course:managemetacourse', $context)) { // Redirect users with metacourse capability to student import + // assign default role to creator if not already having permission to manage course assignments + if (!has_capability('moodle/course:view', $context) or !has_capability('moodle/role:assign', $context)) { + role_assign($CFG->creatornewroleid, $USER->id, 0, $context->id); + } + + if ($data->metacourse and has_capability('moodle/course:managemetacourse', $context)) { + // Redirect users with metacourse capability to student import redirect($CFG->wwwroot."/course/importstudents.php?id=$course->id"); - } else if (has_capability('moodle/role:assign', $context)) { // Redirect users with assign capability to assign users to different roles + } else { + // Redirect to roles assignment redirect($CFG->wwwroot."/$CFG->admin/roles/assign.php?contextid=$context->id"); - } else { // Add current teacher and send to course - // find a role with legacy:edittingteacher - if ($teacherroles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW, $context)) { - // assign the role to this user - $teachereditrole = array_shift($teacherroles); - role_assign($teachereditrole->id, $USER->id, 0, $context->id); - } - redirect($CFG->wwwroot."/course/view.php?id=$course->id"); } } else { diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index 45c4774d12..af1c7ec2f0 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -66,6 +66,7 @@ $string['configclamfailureonupload'] = 'If you have configured clam to scan uplo $string['configcountry'] = 'If you set a country here, then this country will be selected by default on new user accounts. To force users to choose a country, just leave this unset.'; $string['configcoursemanager'] = 'This setting allows you to control who appears on the course description. Users need to have at least one of these roles in a course to be shown on the course description for that course.'; $string['configcoursesperpage'] = 'Enter the number of courses to be display per page in a course listing.'; +$string['configcreatornewroleid'] = 'This role is automatically assigned to creators in new courses they created. This role is not assigned if creator already has needed capabilitites in parent context.'; $string['configdbsessions'] = 'If enabled, this setting will use the database to store information about current sessions. This is especially useful for large/busy sites or sites built on cluster of servers. For most sites this should probably be left disabled so that the server disk is used instead. Note that changing this setting now will log out all current users (including you). If you are using MySQL please make sure that \'max_allowed_packet\' in my.cnf (or my.ini) is at least 4M.'; $string['configdebug'] = 'If you turn this on, then PHP\'s error_reporting will be increased so that more warnings are printed. This is only useful for developers.'; $string['configdebugdisplay'] = 'Set to on, the error reporting will go to the HTML page. This is practical, but breaks XHTML, JS, cookies and HTTP headers in general. Set to off, it will send the output to your server logs, allowing better debugging. The PHP setting error_log controls which log this goes to.'; @@ -204,6 +205,7 @@ $string['courseoverview'] = 'Course overview'; $string['courserequests'] = 'Course Requests'; $string['courses'] = 'Courses'; $string['coursesperpage'] = 'Courses per page'; +$string['creatornewroleid'] = 'Creators\' role in new courses'; $string['cronclionly'] = 'Cron execution via command line only'; $string['cronerrorclionly'] = 'Sorry, internet access to this page has been disabled by the administrator.'; $string['cronerrorpassword'] = 'Sorry, you have not provided a valid password to access this page'; diff --git a/lib/accesslib.php b/lib/accesslib.php index eace4d84e7..ab98714516 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -2475,19 +2475,31 @@ function update_capabilities($component='moodle') { if ($cachedcaps) { foreach ($cachedcaps as $cachedcap) { array_push($storedcaps, $cachedcap->name); - // update risk bitmasks in existing capabilities if needed + // update risk bitmasks and context levels in existing capabilities if needed if (array_key_exists($cachedcap->name, $filecaps)) { if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) { $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified } if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) { - $updatecap = new object; + $updatecap = new object(); $updatecap->id = $cachedcap->id; $updatecap->riskbitmask = $filecaps[$cachedcap->name]['riskbitmask']; if (!update_record('capabilities', $updatecap)) { return false; } } + + if (!array_key_exists('contextlevel', $filecaps[$cachedcap->name])) { + $filecaps[$cachedcap->name]['contextlevel'] = 0; // no context level defined + } + if ($cachedcap->contextlevel != $filecaps[$cachedcap->name]['contextlevel']) { + $updatecap = new object(); + $updatecap->id = $cachedcap->id; + $updatecap->contextlevel = $filecaps[$cachedcap->name]['contextlevel']; + if (!update_record('capabilities', $updatecap)) { + return false; + } + } } } } diff --git a/lib/db/access.php b/lib/db/access.php index 706d471192..fb70f5fd0d 100644 --- a/lib/db/access.php +++ b/lib/db/access.php @@ -140,7 +140,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -153,7 +152,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -166,7 +164,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -201,7 +198,6 @@ $moodle_capabilities = array( 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -227,7 +223,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -286,7 +281,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -300,7 +294,6 @@ $moodle_capabilities = array( 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -313,7 +306,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -381,7 +373,6 @@ $moodle_capabilities = array( 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -439,7 +430,7 @@ $moodle_capabilities = array( 'riskbitmask' => RISK_XSS, 'captype' => 'write', - 'contextlevel' => CONTEXT_COURSE, + 'contextlevel' => CONTEXT_COURSECAT, 'legacy' => array( 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW @@ -643,7 +634,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -681,7 +671,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -734,7 +723,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -747,7 +735,6 @@ $moodle_capabilities = array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -782,7 +769,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -793,7 +779,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -816,7 +801,6 @@ $moodle_capabilities = array( 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), @@ -828,7 +812,6 @@ $moodle_capabilities = array( 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ), -- 2.39.5