From afb5b0ae30a076d23b030e3d9542b7d0189174c2 Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Wed, 14 Mar 2007 07:51:53 +0000 Subject: [PATCH] merged fix for MDL-8280, getting rid or moodle/user:editprofile --- user/editadvanced.php | 16 ++++++++++++---- user/tabs.php | 4 ++-- version.php | 2 +- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/user/editadvanced.php b/user/editadvanced.php index 91482f72d5..42b079614c 100644 --- a/user/editadvanced.php +++ b/user/editadvanced.php @@ -26,7 +26,13 @@ $user->confirmed = 1; } else { // editing existing user - require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)); + + if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) + && !has_capability('moodle/user:update', get_context_instance(CONTEXT_USER, $id))) { + error('nopermission'); + } + + if (!$user = get_record('user', 'id', $id)) { error('User ID was incorrect'); } @@ -138,15 +144,17 @@ } else { redirect("$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id"); } - } else { + } elseif (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { redirect("$CFG->wwwroot/$CFG->admin/user.php"); + } else { + redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}"); } //never reached } /// Display page header - if ($user->id == -1 or ($user->id != $USER->id)) { + if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { $adminroot = admin_get_root(); if ($user->id == -1) { admin_externalpage_setup('addnewuser', $adminroot); @@ -188,7 +196,7 @@ $userform->display(); /// and proper footer - if ($user->id == -1 or ($user->id != $USER->id)) { + if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { admin_externalpage_print_footer($adminroot); } else if (!empty($USER->newadminuser)) { print_footer('none'); diff --git a/user/tabs.php b/user/tabs.php index 7aba3f3d1f..420546e4ca 100644 --- a/user/tabs.php +++ b/user/tabs.php @@ -99,14 +99,14 @@ // cannot edit remote users } else if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or - (has_capability('moodle/user:update', $sitecontext) and ($user->id != $mainadmin->id)) ) { + ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext)) and ($user->id != $mainadmin->id)) ) { if(empty($CFG->loginhttps)) { $wwwroot = $CFG->wwwroot; } else { $wwwroot = str_replace('http:','https:',$CFG->wwwroot); } - if (has_capability('moodle/user:update', $sitecontext) and ($user->id==$USER->id or $user->id != $mainadmin->id)) { + if ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext))and ($user->id==$USER->id or $user->id != $mainadmin->id)) { $toprow[] = new tabobject('editprofile', $wwwroot.'/user/editadvanced.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile')); } else { $toprow[] = new tabobject('editprofile', $wwwroot.'/user/edit.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile')); diff --git a/version.php b/version.php index 1bcad71992..f0f834a9b1 100644 --- a/version.php +++ b/version.php @@ -6,7 +6,7 @@ // This is compared against the values stored in the database to determine // whether upgrades should be performed (see lib/db/*.php) - $version = 2007021401; // YYYYMMDD = date + $version = 2007021402; // YYYYMMDD = date // XY = increments within a single day $release = '1.9 dev'; // Human-friendly version name -- 2.39.5