From 89491dbd2a6c4ebba61600232dceab092a87042f Mon Sep 17 00:00:00 2001
From: toyomoyo <toyomoyo>
Date: Wed, 11 Oct 2006 05:24:33 +0000
Subject: [PATCH] merged fix for MDL-6882

---
 calendar/event.php | 41 +++++++++++++++++++++++++----------------
 calendar/lib.php   | 41 +++++++++++++++++++++++------------------
 2 files changed, 48 insertions(+), 34 deletions(-)

diff --git a/calendar/event.php b/calendar/event.php
index 203f005a14..9461a7a4e3 100644
--- a/calendar/event.php
+++ b/calendar/event.php
@@ -581,28 +581,37 @@ function validate_form(&$form, &$err) {
 
 function calendar_add_event_allowed($courseid, $groupid, $userid) {
     global $USER;
+
+    // can not be using guest account
+    if ($USER->username == "guest") {
+        return false;  
+    }
     
-    $coursecontext = get_context_instance(CONTEXT_COURSE, $group->courseid);
-    
-    if ($courseid == 0 && $groupid == 0 && $userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
+    $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+    // if user has manageentries at site level, return true
+    if (has_capability('manageentries', $sitecontext)) {
         return true;
     }
-    else if($courseid == 0 && $groupid != 0) {
-        $group = get_record('groups', 'id', $groupid);
+
+    // editting userid account
+    if ($event->userid) {  
+        if ($event->userid == $USER->id) {
+            return (has_capability('moodle/calendar:manageownentries', $sitecontext));
+        }
+    } else if ($event->groupid) {
+        $group = get_record('groups', 'id', $event->groupid);
         if($group === false) {
             return false;
-        }
-        $course = get_record('course', 'id', $courseid);
-        if ($course->groupmode == SEPARATE_GROUPS) {
-            return has_capability('moodle/calendar:manageentries', $context) && ismember($groupid);
-        } else {
-            return has_capability('moodle/calendar:manageentries', $context);
-        }
+        } 
+        
+        // this is ok because if you have this capability at course level, you should be able 
+        // to edit group calendar too
+        // there is no need to check membership, because if you have this capability
+        // you will have a role in this group context
+        return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_GROUP, $group->id));
+    } else if ($event->courseid) {
+        return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $event->courseid)); 
     }
-    else if($courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
-        return true;
-    }
-
     return false;
 }
 
diff --git a/calendar/lib.php b/calendar/lib.php
index 018e2aca59..c4e859af21 100644
--- a/calendar/lib.php
+++ b/calendar/lib.php
@@ -1164,34 +1164,39 @@ function calendar_set_filters(&$courses, &$group, &$user, $courseeventsfrom = NU
 }
 
 function calendar_edit_event_allowed($event) {
+    
     global $USER;
 
-    $context = get_context_instance(CONTEXT_COURSE, $event->courseid);
+    // can not be using guest account
+    if ($USER->username == "guest") {
+        return false;  
+    }
     
-    if(!has_capability('moodle/calendar:manageownentries', $context)) {
-        return false;
+    $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+    // if user has manageentries at site level, return true
+    if (has_capability('manageentries', $sitecontext)) {
+        return true;
     }
 
-    if ($event->courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
-        return true;
-    } else if ($event->courseid == 0 && $event->groupid != 0) {
-        // Group event
+    // editting userid account
+    if ($event->userid) {  
+        if ($event->userid == $USER->id) {
+            return (has_capability('moodle/calendar:manageownentries', $sitecontext));
+        }
+    } else if ($event->groupid) {
         $group = get_record('groups', 'id', $event->groupid);
         if($group === false) {
             return false;
-        }
-        $course = get_record('course', 'id', $event->courseid);
+        } 
         
-        if ($course->groupmode == SEPARATE_GROUPS) {
-            return has_capability('moodle/calendar:manageownentries', $context) && ismember($event->groupid);
-        } else {
-            return has_capability('moodle/calendar:manageownentries', $context);
-        }
-    } else if ($event->courseid == 0 && $event->groupid == 0 && $event->userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
-        // User event, owned by this user
-        return true;
+        // this is ok because if you have this capability at course level, you should be able 
+        // to edit group calendar too
+        // there is no need to check membership, because if you have this capability
+        // you will have a role in this group context
+        return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_GROUP, $group->id));  
+    } else if ($event->courseid) {
+        return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $event->courseid)); 
     }
-
     return false;
 }
 
-- 
2.39.5