MDL-12122 Applied Petr's suggested capability fix

This commit is contained in:
nicolasconnault 2008-01-17 16:25:48 +00:00
parent d08bba8354
commit 879c99bbd1
2 changed files with 23 additions and 23 deletions

View File

@ -132,18 +132,6 @@ class graded_users_iterator {
return true; return true;
} }
/**
* Returns the number of graded users in the course. Needs to be called after init(), otherwise returns null.
* @return int Number of users in course
*/
function users_count() {
if (method_exists($this->users_rs, 'RecordCount')) {
return $this->users_rs->RecordCount();
} else {
return null;
}
}
/** /**
* Returns information about the next user * Returns information about the next user
* @return mixed array of user info, all grades and feedback or null when no more users found * @return mixed array of user info, all grades and feedback or null when no more users found
@ -256,8 +244,12 @@ class graded_users_iterator {
* @param bool $return If true, will return the HTML, otherwise, will print directly * @param bool $return If true, will return the HTML, otherwise, will print directly
* @return null * @return null
*/ */
function print_graded_users_selector($course, $actionpage, $userid='all', $return=false) { function print_graded_users_selector($course, $actionpage, $userid=null, $return=false) {
global $CFG; global $CFG, $USER;
if (is_null($userid)) {
$userid = $USER->id;
}
$context = get_context_instance(CONTEXT_COURSE, $course->id); $context = get_context_instance(CONTEXT_COURSE, $course->id);
@ -266,8 +258,8 @@ function print_graded_users_selector($course, $actionpage, $userid='all', $retur
$gui = new graded_users_iterator($course); $gui = new graded_users_iterator($course);
$gui->init(); $gui->init();
if ($userid != 'all') { if ($userid !== 0) {
$menu['all'] = get_string('allusers', 'grades') . ' (' . $gui->users_count() . ')'; $menu[0] = get_string('allusers', 'grades');
} }
while ($userdata = $gui->next_user()) { while ($userdata = $gui->next_user()) {
@ -277,6 +269,10 @@ function print_graded_users_selector($course, $actionpage, $userid='all', $retur
$gui->close(); $gui->close();
if ($userid !== 0) {
$menu[0] .= " (" . (count($menu) - 1) . ")";
}
return popup_form($CFG->wwwroot.'/grade/' . $actionpage . '&userid=', $menu, 'choosegradeduser', $userid, 'choose', '', '', return popup_form($CFG->wwwroot.'/grade/' . $actionpage . '&userid=', $menu, 'choosegradeduser', $userid, 'choose', '', '',
$return, 'self', get_string('selectalloroneuser', 'grades')); $return, 'self', get_string('selectalloroneuser', 'grades'));
} }

View File

@ -28,7 +28,7 @@ require_once $CFG->dirroot.'/grade/lib.php';
require_once $CFG->dirroot.'/grade/report/user/lib.php'; require_once $CFG->dirroot.'/grade/report/user/lib.php';
$courseid = required_param('id'); $courseid = required_param('id');
$userid = optional_param('userid', $USER->id, PARAM_ALPHANUM); $userid = optional_param('userid', $USER->id, PARAM_INT);
/// basic access checks /// basic access checks
if (!$course = get_record('course', 'id', $courseid)) { if (!$course = get_record('course', 'id', $courseid)) {
@ -36,14 +36,18 @@ if (!$course = get_record('course', 'id', $courseid)) {
} }
require_login($course); require_login($course);
$context = get_context_instance(CONTEXT_COURSE, $course->id);
require_capability('gradereport/user:view', $context);
if ($userid != 'all' && !$user = get_complete_user_data('id', $userid)) { if (empty($userid)) {
require_capability('moodle/grade:viewall', $context);
} else {
if (!get_complete_user_data('id', $userid)) {
error("Incorrect userid"); error("Incorrect userid");
} }
$context = get_context_instance(CONTEXT_COURSE, $course->id); }
$usercontext = get_context_instance(CONTEXT_USER, $userid);
require_capability('gradereport/user:view', $context);
$access = true; $access = true;
if (has_capability('moodle/grade:viewall', $context)) { if (has_capability('moodle/grade:viewall', $context)) {
@ -52,7 +56,7 @@ if (has_capability('moodle/grade:viewall', $context)) {
} else if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) { } else if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
//ok - can view own grades //ok - can view own grades
} else if (has_capability('moodle/grade:viewall', $usercontext) and $course->showgrades) { } else if ($has_capability('moodle/grade:viewall', get_context_instance(CONTEXT_USER, $userid)) and $course->showgrades) {
// ok - can view grades of this user- parent most probably // ok - can view grades of this user- parent most probably
} else { } else {
@ -92,7 +96,7 @@ if ($access) {
print_graded_users_selector($course, 'report/user/index.php?id=' . $course->id, $userid); print_graded_users_selector($course, 'report/user/index.php?id=' . $course->id, $userid);
echo '</div>'; echo '</div>';
if ($userid == 'all') { if ($userid === 0) {
$gui = new graded_users_iterator($course); $gui = new graded_users_iterator($course);
$gui->init(); $gui->init();
while ($userdata = $gui->next_user()) { while ($userdata = $gui->next_user()) {