From 3a36b0b6f39c6516545579af1ad4dc7ea19a7217 Mon Sep 17 00:00:00 2001 From: ethem Date: Mon, 13 Mar 2006 11:15:09 +0000 Subject: [PATCH] Users can view their orders... --- enrol/authorize/index.php | 75 +++++++++++++++++++++++++++++++-------- 1 file changed, 61 insertions(+), 14 deletions(-) diff --git a/enrol/authorize/index.php b/enrol/authorize/index.php index cc7fe7dd2f8..394248bdbc0 100644 --- a/enrol/authorize/index.php +++ b/enrol/authorize/index.php @@ -15,8 +15,8 @@ if (!($site = get_site())) { require_login(); -if (!isadmin()) { - error("You must be an administrator to use this page."); +if (isguest()) { + error("Guests cannot use this page."); } $orderid = optional_param('order', 0, PARAM_INT); @@ -55,6 +55,10 @@ function authorize_orders() $courseid = 0; // no filter } + if (!isstudent($courseid, $userid) && !isteacher($courseid, $userid)) { + error("You must be a teacher/student to use this page."); + } + $baseurl = $CFG->wwwroot."/enrol/authorize/index.php?user=$userid"; $statusmenu = array(AN_STATUS_NONE => get_string('all'), AN_STATUS_AUTH => $authstrs->authorizedpendingcapture, @@ -142,10 +146,17 @@ function authorize_orders() if ($records = get_records_sql($select . $from . $where . $sort . $limit)) { foreach ($records as $record) { $actionstatus = get_order_status_desc($record); - $actions = ' '; - foreach ($actionstatus->actions as $value) { - $actions .= "  {$authstrs->$value} "; + $actions = ''; + + if (empty($actionstatus->actions)) { + $actions .= $strs->none; } + else { + foreach ($actionstatus->actions as $value) { + $actions .= "  {$authstrs->$value} "; + } + } + $table->add_data(array( "$record->id", userdate($record->timecreated), @@ -161,7 +172,7 @@ function authorize_orders() function authorize_order_details($orderno) { - global $CFG; + global $CFG, $USER; global $strs, $authstrs; $unenrol = optional_param('unenrol', ''); @@ -187,6 +198,12 @@ function authorize_order_details($orderno) { return; } + if ($USER->id != $order->userid) { + if (! (isadmin() || isteacher($order->courseid, $order->userid))) { + error("Students can view their order."); + } + } + echo "
\n"; echo "\n"; @@ -207,6 +224,10 @@ function authorize_order_details($orderno) { $table->data[] = array(" ", "
\n"); if (!empty($cmdcapture)) { // CAPTURE + if (!in_array(ORDER_CAPTURE, $status->actions)) { + error("You can't do this action:" + ORDER_CAPTURE); + } + if (empty($cmdconfirm)) { $table->data[] = array("$strs->confirm:", "$authstrs->captureyes
$strs->yes @@ -251,6 +272,10 @@ function authorize_order_details($orderno) { print_table($table); } elseif (!empty($cmdrefund)) { // REFUND + if (!in_array(ORDER_REFUND, $status->actions)) { + error("You can't do this action:" + ORDER_REFUND); + } + $extra = new stdClass(); $extra->sum = 0.0; $extra->orderid = $orderno; @@ -305,6 +330,10 @@ function authorize_order_details($orderno) { print_table($table); } elseif (!empty($cmdvoid)) { // VOID + if (!in_array(ORDER_VOID, $status->actions)) { + error("You can't do this action:" + ORDER_VOID); + } + $suborderno = optional_param('suborder', 0, PARAM_INT); if (empty($suborderno)) { // cancel original transaction. if (empty($cmdconfirm)) { @@ -382,8 +411,11 @@ function authorize_order_details($orderno) { } elseif (!empty($cmddelete)) { // DELETE if (!in_array(ORDER_DELETE, $status->actions)) { - error("Order $orderno cannot be deleted. Status must be expired."); + error("You can't do this action:" + ORDER_DELETE); } + //if (!in_array(ORDER_DELETE, $status->actions)) { + // error("Order $orderno cannot be deleted. Status must be expired."); + //} if (empty($cmdconfirm)) { $table->data[] = array("$authstrs->unenrolstudent", ""); @@ -462,7 +494,9 @@ function get_order_status_desc($order) $ret = new stdClass(); if (intval($order->transid) == 0) { // test transaction - $ret->actions = array(ORDER_DELETE); + if (isadmin()) { + $ret->actions = array(ORDER_DELETE); + } $ret->status = 'tested'; return $ret; } @@ -473,22 +507,30 @@ function get_order_status_desc($order) if (getsettletime($order->timecreated) < $timediff30) { $order->status = AN_STATUS_EXPIRE; update_record("enrol_authorize", $order); - $ret->actions = array(ORDER_DELETE); + if (isadmin()) { + $ret->actions = array(ORDER_DELETE); + } $ret->status = 'expired'; } else { - $ret->actions = array(ORDER_CAPTURE, ORDER_VOID); + if (isadmin()) { + $ret->actions = array(ORDER_CAPTURE, ORDER_VOID); + } $ret->status = 'authorizedpendingcapture'; } return $ret; case AN_STATUS_AUTHCAPTURE: if (settled($order)) { - $ret->actions = array(ORDER_REFUND); + if (isadmin()) { + $ret->actions = array(ORDER_REFUND); + } $ret->status = 'capturedsettled'; } else { - $ret->actions = array(ORDER_VOID); + if (isadmin()) { + $ret->actions = array(ORDER_VOID); + } $ret->status = 'capturedpendingsettle'; } return $ret; @@ -499,7 +541,9 @@ function get_order_status_desc($order) $ret->status = 'settled'; } else { - $ret->actions = array(ORDER_VOID); + if (isadmin()) { + $ret->actions = array(ORDER_VOID); + } $ret->status = 'refunded'; } return $ret; @@ -510,7 +554,10 @@ function get_order_status_desc($order) return $ret; case AN_STATUS_EXPIRE: - $ret->actions = array(ORDER_DELETE); + + if (isadmin()) { + $ret->actions = array(ORDER_DELETE); + } $ret->status = 'expired'; return $ret;