From e6260a456b14cf3355b174fda152c8162658c9ff Mon Sep 17 00:00:00 2001 From: skodak Date: Sat, 25 Aug 2007 11:28:37 +0000 Subject: [PATCH] MDL-10635 improved performance of update_course_icon() and friends; fixed parameter of iseditting() - removed $userid which was not used and did not make much sense there anyway --- lib/accesslib.php | 33 ++++++++++++++++++++++++++++++ lib/moodlelib.php | 51 +++++++++++++++++++++++------------------------ lib/pagelib.php | 26 ++++-------------------- lib/weblib.php | 25 +---------------------- 4 files changed, 63 insertions(+), 72 deletions(-) diff --git a/lib/accesslib.php b/lib/accesslib.php index c32b5aa144..de52ba2209 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -377,6 +377,37 @@ function require_capability($capability, $context=NULL, $userid=NULL, $doanythin } } +/** + * Cheks if current user has allowed permission for any of submitted capabilities + * in given or child contexts. + * @param object $context - a context object (record from context table) + * @param array $capabilitynames array of strings, capability names + * @return boolean + */ +function has_capability_including_child_contexts($context, $capabilitynames) { + global $USER; + + foreach ($capabilitynames as $capname) { + if (has_capability($capname, $context)) { + return true; + } + } + + if ($children = get_child_contexts($context)) { + foreach ($capabilitynames as $capname) { + foreach ($children as $child) { + if (isset($USER->capabilities[$child][$capname]) and $USER->capabilities[$child][$capname] == CAP_ALLOW) { + // extra check for inherited prevent and prohibit + if (has_capability($capname, get_context_instance_by_id($child), $USER->id, false)) { + return true; + } + } + } + } + } + + return false; +} /** * This function returns whether the current user has the capability of performing a function @@ -3976,6 +4007,7 @@ function role_switch($roleid, $context) { || !empty($USER->switchrole[$context->id]) || !confirm_sesskey()) { unset($USER->switchrole[$context->id]); // Delete old capabilities + unset($USER->courseeditallowed); // drop cache for course edit button load_all_capabilities(); //reload user caps return true; } @@ -3995,6 +4027,7 @@ function role_switch($roleid, $context) { /// We have a valid roleid that this user can switch to, so let's set up the session $USER->switchrole[$context->id] = $roleid; // So we know later what state we are in + unset($USER->courseeditallowed); // drop cache for course edit button load_all_capabilities(); //reload switched role caps diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 03eb239596..10dfc0c691 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2204,44 +2204,43 @@ function isguestuser($user=NULL) { } /** - * Determines if the currently logged in user is in editing mode + * Determines if the currently logged in user is in editing mode. + * Note: originally this function had $userid parameter - it was not usable anyway * * @uses $USER * @param int $courseid The id of the course being tested - * @param user $user A {@link $USER} object. If null then the currently logged in user is used. * @return bool */ -function isediting($courseid, $user=NULL) { +function isediting($courseid) { global $USER; - if (!$user) { - $user = $USER; - } - if (empty($user->editing)) { + + if (empty($USER->editing)) { return false; + + } else { + return editcourseallowed($courseid); } +} + +/** + * Verifies if user allowed to edit something in the course page. + * @param int $courseid The id of the course being tested + * @return bool + */ +function editcourseallowed($courseid) { + global $USER; - $capcheck = false; - $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); + // cache the result per course, it is automatically reset when using switchrole or loginas + if (!array_key_exists('courseeditallowed', $USER)) { + $USER->courseeditallowed = array(); + } - if (has_capability('moodle/course:manageactivities', $coursecontext) || - has_capability('moodle/site:manageblocks', $coursecontext)) { - $capcheck = true; - } else { - // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks - if ($children = get_child_contexts($coursecontext)) { - foreach ($children as $child) { - $childcontext = get_record('context', 'id', $child); - if (has_capability('moodle/course:manageactivities', $childcontext) || - has_capability('moodle/site:manageblocks', $childcontext)) { - $capcheck = true; - break; - } - } - } + if (!array_key_exists($courseid, $USER->courseeditallowed)) { + $USER->courseeditallowed[$courseid] = has_capability_including_child_contexts(get_context_instance(CONTEXT_COURSE, $courseid), + array('moodle/site:manageblocks', 'moodle/course:manageactivities')); } - return ($user->editing && $capcheck); - //return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid))); + return $USER->courseeditallowed[$courseid]; } /** diff --git a/lib/pagelib.php b/lib/pagelib.php index f5498cdca2..f30a3ded36 100644 --- a/lib/pagelib.php +++ b/lib/pagelib.php @@ -345,32 +345,14 @@ class page_course extends page_base { // Can user edit the course page or "sticky page"? // This is also about editting of blocks BUT mainly activities in course page layout, see - // update_course_icon() - it must use the same capability + // update_course_icon() has very similar checks - it must use the same capabilities function user_allowed_editing() { + global $USER; + if (has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM)) && defined('ADMIN_STICKYBLOCKS')) { return true; } - - $coursecontext = get_context_instance(CONTEXT_COURSE, $this->id); - $capcheck = false; - if (has_capability('moodle/course:manageactivities', $coursecontext) || - has_capability('moodle/site:manageblocks', $coursecontext)) { - $capcheck = true; - } else { - // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks - if ($children = get_child_contexts($coursecontext)) { - foreach ($children as $child) { - $childcontext = get_record('context', 'id', $child); - if (has_capability('moodle/course:manageactivities', $childcontext) || - has_capability('moodle/site:manageblocks', $childcontext)) { - $capcheck = true; - break; - } - } - } - } - - return $capcheck; + return editcourseallowed($this->id); } // Is the user actually editing this course page or "sticky page" right now? diff --git a/lib/weblib.php b/lib/weblib.php index 6f70b23a8f..4bf121e06c 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -4440,32 +4440,9 @@ function print_editor_config($editorhidebuttons='', $return=false) { * @return string */ function update_course_icon($courseid) { - global $CFG, $USER; - $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); - - $capcheck = false; - - if (has_capability('moodle/course:manageactivities', $coursecontext) || - has_capability('moodle/site:manageblocks', $coursecontext)) { - $capcheck = true; - } else { - // loop through all child context, see if user has moodle/course:manageactivities or moodle/site:manageblocks - if ($children = get_child_contexts($coursecontext)) { - foreach ($children as $child) { - $childcontext = get_record('context', 'id', $child); - if (has_capability('moodle/course:manageactivities', $childcontext) || - has_capability('moodle/site:manageblocks', $childcontext)) { - $capcheck = true; - break; - } - } - } - } - - - if ($capcheck) { + if (editcourseallowed($courseid)) { if (!empty($USER->editing)) { $string = get_string('turneditingoff'); $edit = '0'; -- 2.39.5