mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 17:02:03 +02:00
Code Issues Projects Releases Wiki Activity

Added has_capability checks

Browse Source
This commit is contained in:
vyshane 2006-08-25 08:51:50 +00:00
parent 25c38f25a1
commit 1a3e93ffe6
3 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
course/report/log/graph.php
View File

@ -15,8 +15,10 @@
}
require_login($course->id);
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (! (isteacher($course->id) or ($course->showreports and $USER->id == $user))) {
if (! (has_capability('moodle/site:viewreports', $context)
or ($course->showreports and $USER->id == $user)) ) {
error("Sorry, you aren't allowed to see this.");
}

15
course/report/log/index.php
View File

@ -24,15 +24,10 @@
if (! $course = get_record('course', 'id', $id) ) {
error('That\'s an invalid course id');
}
if (! isteacher($course->id)) {
error('Only teachers can view logs');
}
if (! $course->category) {
if (!isadmin()) {
error('Only administrators can look at the site logs');
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (!has_capability('moodle/site:viewreports', $context)) {
error('You need do not have the required permission to view this report');
}
add_to_log($course->id, "course", "report log", "report/log/index.php?id=$course->id", $course->id);
@ -51,7 +46,7 @@
if (!$u = get_record('user', 'id', $user) ) {
error('That\'s an invalid user!');
}
$userinfo = fullname($u, isteacher($course->id));
$userinfo = fullname($u, has_capability('moodle/site:viewfullnames', $context));
}
if ($date) {
$dateinfo = userdate($date, get_string('strftimedaydate'));

5
course/report/log/live.php
View File

@ -13,8 +13,9 @@
error("That's an invalid course id");
}
if (! isteacher($course->id)) {
error("Only teachers can view logs");
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (!has_capability('moodle/site:viewreports', $context)) {
error('You need do not have the required permission to view this report');
}
add_to_log($course->id, "course", "report live", "report/log/live.php?id=$course->id", $course->id);