From 436d39ba85e5375c8908dc28e097c4d28e1dc9d8 Mon Sep 17 00:00:00 2001 From: Simey Lameze Date: Wed, 9 Aug 2017 14:48:06 +0800 Subject: [PATCH] MDL-59671 core_calendar: replace current delete permission checks --- calendar/classes/external/event_exporter.php | 2 +- calendar/delete.php | 9 ++++----- calendar/externallib.php | 4 ++-- calendar/renderer.php | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/calendar/classes/external/event_exporter.php b/calendar/classes/external/event_exporter.php index dd189b71da3..ce78114b53e 100644 --- a/calendar/classes/external/event_exporter.php +++ b/calendar/classes/external/event_exporter.php @@ -236,7 +236,7 @@ class event_exporter extends exporter { } $values['canedit'] = calendar_edit_event_allowed($legacyevent); - $values['candelete'] = (!$values['isactionevent'] && $values['canedit']); + $values['candelete'] = calendar_delete_event_allowed($legacyevent); // Handle event subscription. $values['subscription'] = null; diff --git a/calendar/delete.php b/calendar/delete.php index 93c6c4d6bce..79f464fccda 100644 --- a/calendar/delete.php +++ b/calendar/delete.php @@ -57,10 +57,10 @@ require_login($course); if (!$course) { $PAGE->set_context(context_system::instance()); //TODO: wrong } - -// Check the user has the required capabilities to edit an event -if (!calendar_edit_event_allowed($event)) { - print_error('nopermissions'); +$title = get_string('deleteevent', 'calendar'); +// Check the user has the required capabilities to delete an event +if (!calendar_delete_event_allowed($event)) { + print_error('nopermissions', 'error', $PAGE->url, $title); } // Count the repeats, do we need to consider the possibility of deleting repeats @@ -88,7 +88,6 @@ if ($confirm) { } // Prepare the page to show the confirmation form -$title = get_string('deleteevent', 'calendar'); $strcalendar = get_string('calendar', 'calendar'); $PAGE->navbar->add($strcalendar, $viewcalendarurl); diff --git a/calendar/externallib.php b/calendar/externallib.php index 129bf60183f..2356f9eabf5 100644 --- a/calendar/externallib.php +++ b/calendar/externallib.php @@ -91,8 +91,8 @@ class core_calendar_external extends external_api { $eventobj = calendar_event::load($event['eventid']); // Let's check if the user is allowed to delete an event. - if (!calendar_edit_event_allowed($eventobj)) { - throw new moodle_exception("nopermissions"); + if (!calendar_delete_event_allowed($eventobj)) { + throw new moodle_exception('nopermissions', 'error', '', get_string('deleteevent', 'calendar')); } // Time to do the magic. $eventobj->delete($event['repeat']); diff --git a/calendar/renderer.php b/calendar/renderer.php index 940be31519d..f1bebaab0c1 100644 --- a/calendar/renderer.php +++ b/calendar/renderer.php @@ -228,7 +228,7 @@ class core_calendar_renderer extends plugin_renderer_base { $output .= $this->output->box_start('card-header clearfix'); if (calendar_edit_event_allowed($event) && $showactions) { - if (empty($event->cmid)) { + if (calendar_delete_event_allowed($event)) { $editlink = new moodle_url(CALENDAR_URL.'event.php', array('action' => 'edit', 'id' => $event->id)); $deletelink = new moodle_url(CALENDAR_URL.'delete.php', array('id' => $event->id)); if (!empty($event->calendarcourseid)) {