From 86ac8b24c1d22f28d79f7118e8b3e918743051df Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Thu, 28 Jun 2007 04:03:30 +0000 Subject: [PATCH] merged fix for MDL-10273, users with no capability should not be able to view New Event button --- calendar/event.php | 20 -------------------- calendar/lib.php | 28 ++++++++++++++++++++++++++++ calendar/view.php | 6 +++--- 3 files changed, 31 insertions(+), 23 deletions(-) diff --git a/calendar/event.php b/calendar/event.php index 660d97e9db..a00e7ceb9f 100644 --- a/calendar/event.php +++ b/calendar/event.php @@ -640,24 +640,4 @@ function calendar_add_event_allowed($event) { return false; } } - -function calendar_get_allowed_types(&$allowed) { - global $USER, $CFG, $SESSION; - - $allowed->user = true; // User events always allowed - $allowed->groups = false; // This may change just below - $allowed->courses = false; // This may change just below - $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID)); - - if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) { - $course = get_record('course', 'id', $SESSION->cal_course_referer); - - $allowed->courses = array($course->id => 1); - - if($course->groupmode != NOGROUPS || !$course->groupmodeforce) { - $allowed->groups = get_groups($SESSION->cal_course_referer); - } - } -} - ?> diff --git a/calendar/lib.php b/calendar/lib.php index 84aa030a94..d2fa5dd6b7 100644 --- a/calendar/lib.php +++ b/calendar/lib.php @@ -1543,4 +1543,32 @@ function calendar_set_filters_status($packed_bitfield) { return true; } +function calendar_get_allowed_types(&$allowed) { + global $USER, $CFG, $SESSION; + $sitecontext = get_context_instance(CONTEXT_SYSTEM); + $allowed->user = has_capability('moodle/calendar:manageownentries', $sitecontext); + $allowed->groups = false; // This may change just below + $allowed->courses = false; // This may change just below + $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID)); + + if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) { + $course = get_record('course', 'id', $SESSION->cal_course_referer); + + $allowed->courses = array($course->id => 1); + + if($course->groupmode != NOGROUPS || !$course->groupmodeforce) { + $allowed->groups = get_groups($SESSION->cal_course_referer); + } + } +} + +/** + * see if user can add calendar entries at all + * used to print the "New Event" button + * @return bool + */ +function calendar_user_can_add_event() { + calendar_get_allowed_types($allowed); + return (bool)($allowed->user || $allowed->groups || $allowed->courses || $allowed->site); +} ?> diff --git a/calendar/view.php b/calendar/view.php index 62d094f914..1341b07b3b 100644 --- a/calendar/view.php +++ b/calendar/view.php @@ -232,7 +232,7 @@ function calendar_show_day($d, $m, $y, $courses, $groups, $users, $courseid) { $events = calendar_get_upcoming($courses, $groups, $users, 1, 100, $starttime); $text = ''; - if (!isguest() && !empty($USER->id)) { + if (!isguest() && !empty($USER->id) && calendar_user_can_add_event()) { $text.= '
'; $text.= '
'; $text.= '
'; @@ -373,7 +373,7 @@ function calendar_show_month_detailed($m, $y, $courses, $groups, $users, $course calendar_events_by_day($events, $m, $y, $eventsbyday, $durationbyday, $typesbyday, $courses); $text = ''; - if(!isguest() && !empty($USER->id)) { + if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) { $text.= '
'; $text.= '
'; $text.= ''; @@ -517,7 +517,7 @@ function calendar_show_upcoming_events($courses, $groups, $users, $futuredays, $ $text = ''; - if(!isguest() && !empty($USER->id)) { + if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) { $text.= '
'; $text.= ''; $text.= '
'; -- 2.39.5