mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 04:22:07 +02:00
Code Issues Projects Releases Wiki Activity

adding capabilities

Browse Source
This commit is contained in:
toyomoyo 2006-09-05 08:50:23 +00:00
parent e778a40617
commit 3924b9884b
15 changed files with 116 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
calendar/set.php
View File

@ -64,7 +64,6 @@
calendar_set_referring_course(0);
}
else {
// We don't check for membership anymore: if(isstudent($id, $USER->id) || isteacher($id, $USER->id)) {
if(get_record('course', 'id', $id) === false) {
// There is no such course
$SESSION->cal_courses_shown = array();

5
course/editsection.php
View File

@ -16,10 +16,7 @@
error("Could not find the course!");
}
if (!isteacher($course->id)) {
error("Only teachers can edit this!");
}
require_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $id));
/// If data submitted, then process and store.

8
course/format/lams/format.php
View File

@ -30,7 +30,9 @@ if ($topic != -1) {
}
}
if (($marker >=0) and isteacher($course->id) and confirm_sesskey()) {
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (($marker >=0) and has_capability('moodle/course:setcurrentsection', $context) and confirm_sesskey()) {
$course->marker = $marker;
if (! set_field("course", "marker", $marker, "id", $course->id)) {
error("Could not mark that topic for this course");
@ -216,7 +218,7 @@ while ($section <= $course->numsections) {
}
}
$showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
$showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
if (!empty($displaysection) and $displaysection != $section) {
if ($showsection) {
@ -249,7 +251,7 @@ while ($section <= $course->numsections) {
echo '<td class="left side">&nbsp;</td>';
echo '<td class="content">';
if (!isteacher($course->id) and !$thissection->visible) { // Hidden for students
if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) { // Hidden for students
echo get_string('notavailable');
} else {
echo '<div class="summary">';

8
course/format/topics/format.php
View File

@ -35,7 +35,9 @@
}
}
if (($marker >=0) && isteacher($course->id) && confirm_sesskey()) {
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (($marker >=0) && has_capability('moodle/course:setcurrentsection', $context) && confirm_sesskey()) {
$course->marker = $marker;
if (! set_field("course", "marker", $marker, "id", $course->id)) {
error("Could not mark that topic for this course");
@ -165,7 +167,7 @@
}
}
$showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
$showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
if (!empty($displaysection) and $displaysection != $section) {
if ($showsection) {
@ -197,7 +199,7 @@
echo '<td class="left side">'.$section.'</td>';
echo '<td class="content">';
if (!isteacher($course->id) and !$thissection->visible) { // Hidden for students
if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) { // Hidden for students
echo get_string('notavailable');
} else {
echo '<div class="summary">';

6
course/format/weeks/format.php
View File

@ -48,7 +48,7 @@
$strmovedown = get_string('movedown');
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
/// Layout the whole page as three big columns.
echo '<table id="layout-table" cellspacing="0"><tr>';
@ -146,7 +146,7 @@
}
}
$showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
$showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
if (!empty($displaysection) and $displaysection != $section) { // Check this week is visible
if ($showsection) {
@ -173,7 +173,7 @@
echo '<td class="left side">&nbsp;</td>';
echo '<td class="content">';
if (!isteacher($course->id) and !$thissection->visible) { // Hidden for students
if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) { // Hidden for students
echo '<div class="weekdates">'.$weekday.' - '.$endweekday.' ('.get_string('notavailable').')</div>';
} else {

6
course/format/weekscss/format.php
View File

@ -60,7 +60,7 @@
$strmovedown = get_string('movedown');
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
/* Internet Explorer min-width fix. (See theme/standard/styles_layout.css: min-width for Firefox.)
Window width: 800px, Firefox 763px, IE 752px. (Window width: 640px, Firefox 602px, IE 588px.)
*/
@ -175,7 +175,7 @@
}
}
$showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
$showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
if (!empty($displaysection) and $displaysection != $section) { // Check this week is visible
if ($showsection) {
@ -233,7 +233,7 @@
echo '</div>';
echo '<div class="content">';
if (!isteacher($course->id) and !$thissection->visible) { // Hidden for students
if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) { // Hidden for students
echo '<div class="weekdates">'.$weekday.' - '.$endweekday.' ('.get_string('notavailable').')</div>';
} else {

4
course/import.php
View File

@ -9,9 +9,7 @@
error("That's an invalid course id");
}
if (!isteacher($course->id)) {
error("You are not allowed to look at this page");
}
require_capability('moodle/site:import', get_context_instance(CONTEXT_COURSE, $id));
/// Always we begin an import, we delete all backup/restore/import session structures
if (isset($SESSION->course_header)) {

12
course/lib.php
View File

@ -82,7 +82,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
if ($mod->mod == "label") {
continue;
}
if (!$mod->visible and !$isteacher) {
if (!$mod->visible and !has_capability('moodle/course:viewhiddenactivities',get_context_instance(CONTEXT_MODULE, $mod->cm))) {
continue;
}
@ -174,7 +174,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
$groupmode = groupmode($course);
if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id)))) {
if ($groups = get_records_menu("groups", "courseid", $course->id, "name ASC", "id,name")) {
echo '<td><b>';
if ($groupmode == VISIBLEGROUPS) {
@ -272,7 +272,7 @@ function build_logs_array($course, $user=0, $date=0, $order="l.time ASC", $limit
/// If the group mode is separate, and this user does not have editing privileges,
/// then only the user's group can be viewed.
if ($course->groupmode == SEPARATEGROUPS and !$isteacheredit) {
if ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) {
$groupid = get_current_group($course->id);
}
/// If this course doesn't have groups, no groupid can be specified.
@ -985,7 +985,7 @@ function get_all_mods($courseid, &$mods, &$modnames, &$modnamesplural, &$modname
}
$mods[$mod->id] = $mod;
$mods[$mod->id]->modfullname = $modnames[$mod->modname];
if ($mod->visible or isteacher($courseid)) {
if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $courseid))) {
$modnamesused[$mod->modname] = $modnames[$mod->modname];
}
}
@ -1099,7 +1099,7 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false,
}
$mod = $mods[$modnumber];
if ($mod->visible or $isteacher) {
if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $course->id))) {
echo '<li class="activity '.$mod->modname.'" id="module-'.$modnumber.'">'; // Unique ID
if ($ismoving) {
if ($mod->id == $USER->activitycopy) {
@ -1149,7 +1149,7 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false,
}
if ($usetracking && $mod->modname == 'forum') {
$groupmode = groupmode($course, $mod);
$groupid = ($groupmode == SEPARATEGROUPS && !isteacheredit($course->id)) ?
$groupid = ($groupmode == SEPARATEGROUPS && !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) ?
get_current_group($course->id) : false;
if (forum_tp_can_track_forums() && !isset($untracked[$mod->instance])) {

6
course/recent.php
View File

@ -109,7 +109,7 @@
} else { // you chose a group of activities
if (isteacher($course->id)) {
if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
$hiddenfilter = "";
} else {
$hiddenfilter = " AND cs.visible = '1' ";
@ -134,7 +134,7 @@
$activityfilter = "";
}
if (isteacher($course->id)) {
if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
$hiddenfilter = "";
} else {
$hiddenfilter = " AND cm.visible = '1' ";
@ -224,7 +224,7 @@
$section = 0;
if (isteacher($course->id)) {
if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
$teacher = true;
} else {
$teacher = false;

4
course/report.php
View File

@ -9,9 +9,7 @@
error("That's an invalid course id");
}
if (!isteacher($course->id)) {
error("You are not allowed to look at this page");
}
require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_COURSE, $id));
$strreports = get_string('reports');

4
course/report/outline/index.php
View File

@ -17,9 +17,7 @@
error("Course id is incorrect.");
}
if (!isteacher($course->id)) {
error("You are not allowed to look at this page");
}
require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_COURSE, $courseid));
add_to_log($course->id, "course", "report outline", "report/outline/index.php?id=$course->id", $course->id);

8
course/user.php
View File

@ -23,7 +23,11 @@
error("User ID is incorrect");
}
if (! (isteacher($course->id) or ($course->showreports and $USER->id == $user->id))) {
$coursecontext = get_context_instance(CONTEXT_COURSE, $id);
$personalcontext = get_context_instance(CONTEXT_USERID, $user->id);
// if in either context, we can read report, then we can proceed
if (!(has_capability('moodle/site:viewreports', $coursecontext) or ($course->showreports and $USER->id == $user->id) or has_capability('moodle/user:viewuseractivitiesreport', $personalcontext))) {
error("You are not allowed to look at this page");
}
@ -160,7 +164,7 @@
if (isset($sections[$i])) { // should always be true
$section = $sections[$i];
$showsection = (isteacher($course->id) or $section->visible or !$course->hiddensections);
$showsection = (has_capability('moodle/course:viewhiddensections', $context) or $section->visible or !$course->hiddensections);
if ($showsection) { // prevent hidden sections in user activity. Thanks to Geoff Wilbert!

4
file.php
View File

@ -54,7 +54,7 @@
}
// security: only editing teachers can access backups
if ((!isteacheredit($course->id))
if ((!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id)))
and (count($args) >= 2)
and (strtolower($args[1]) == 'backupdata')) {
@ -83,7 +83,7 @@
and (strtolower($args[2]) == 'assignment')) {
$lifetime = 0; // do not cache assignments, students may reupload them
if ((!isteacher($course->id)) && (count($args) != 6 || $args[4] != $USER->id)) {
if ((!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id))) && (count($args) != 6 || $args[4] != $USER->id)) {
error('Access not allowed');
}
}

4
grade/exceptions.php
View File

@ -12,9 +12,7 @@
require_login($course->id);
if (!isteacher($course->id)) {
error(get_string('notteachererror', 'grades'));
}
require_capability('moodle/course:managegrades', get_context_instance(CONTEXT_MODULE, $id));
$group = get_current_group($course->id);

78
lib/db/access.php
View File

@ -766,6 +766,84 @@ $moodle_capabilities = array(
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/course:sectionvisibility' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_PREVENT,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/course:viewhiddensections' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_PREVENT,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/course:setcurrentsection' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_PREVENT,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/course:viewcoursegrades' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/course:managegrades' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_PREVENT,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/user:viewusergrades' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);