weblib:update_course_icon() - remove access control from here

Access control for the course icon display should happen at the page level, as we'll need to ask "can edit?" quite a few times in the page. The fact that this is weblib should be a good hint that functions that print html should not be doing access control...
2025-01-18 22:08:20 +01:00 · 2007-09-19 06:52:52 +00:00 · 2007-09-19 06:52:52 +00:00 · 0532aec946
commit 0532aec946
parent 19bb8a0517
1 changed files with 16 additions and 16 deletions
--- a/lib/weblib.php
+++ b/lib/weblib.php
@ -4441,6 +4441,8 @@ function print_editor_config($editorhidebuttons='', $return=false) {
 * Returns a turn edit on/off button for course in a self contained form.
 * Used to be an icon, but it's now a simple form button
 *
+ * Note that the caller is responsible for capchecks.
+ *
 * @uses $CFG
 * @uses $USER
 * @param int $courseid The course  to update by id as found in 'course' table
@ -4449,23 +4451,21 @@ function print_editor_config($editorhidebuttons='', $return=false) {
 function update_course_icon($courseid) {
    global $CFG, $USER;

-    if (editcourseallowed($courseid)) {
-        if (!empty($USER->editing)) {
-            $string = get_string('turneditingoff');
-            $edit = '0';
-        } else {
-            $string = get_string('turneditingon');
-            $edit = '1';
-        }
-
-        return '<form '.$CFG->frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'.
-               '<div>'.
-               '<input type="hidden" name="id" value="'.$courseid.'" />'.
-               '<input type="hidden" name="edit" value="'.$edit.'" />'.
-               '<input type="hidden" name="sesskey" value="'.sesskey().'" />'.
-               '<input type="submit" value="'.$string.'" />'.
-               '</div></form>';
+    if (!empty($USER->editing)) {
+        $string = get_string('turneditingoff');
+        $edit = '0';
+    } else {
+        $string = get_string('turneditingon');
+        $edit = '1';
    }
+
+    return '<form '.$CFG->frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'.
+           '<div>'.
+           '<input type="hidden" name="id" value="'.$courseid.'" />'.
+           '<input type="hidden" name="edit" value="'.$edit.'" />'.
+           '<input type="hidden" name="sesskey" value="'.sesskey().'" />'.
+           '<input type="submit" value="'.$string.'" />'.
+           '</div></form>';
 }

 /**