MDL-12122 Applied Petr's suggested capability fix

grade/lib.php

@@ -132,18 +132,6 @@ class graded_users_iterator {
         return true;
     }
 
-    /**
-     * Returns the number of graded users in the course. Needs to be called after init(), otherwise returns null.
-     * @return int Number of users in course
-     */
-    function users_count() {
-        if (method_exists($this->users_rs, 'RecordCount')) {
-            return $this->users_rs->RecordCount();
-        } else {
-            return null;
-        }
-    }
-
     /**
      * Returns information about the next user
      * @return mixed array of user info, all grades and feedback or null when no more users found
@@ -256,8 +244,12 @@ class graded_users_iterator {
  * @param bool $return If true, will return the HTML, otherwise, will print directly
  * @return null
  */
-function print_graded_users_selector($course, $actionpage, $userid='all', $return=false) {
-    global $CFG;
+function print_graded_users_selector($course, $actionpage, $userid=null, $return=false) {
+    global $CFG, $USER;
+    
+    if (is_null($userid)) {
+        $userid = $USER->id;
+    }
 
     $context = get_context_instance(CONTEXT_COURSE, $course->id);
 
@@ -266,8 +258,8 @@ function print_graded_users_selector($course, $actionpage, $userid='all', $retur
     $gui = new graded_users_iterator($course);
     $gui->init();
     
-    if ($userid != 'all') {
-        $menu['all'] = get_string('allusers', 'grades') . ' (' . $gui->users_count() . ')';
+    if ($userid !== 0) {
+        $menu[0] = get_string('allusers', 'grades');
     }
     
     while ($userdata = $gui->next_user()) {
@@ -277,6 +269,10 @@ function print_graded_users_selector($course, $actionpage, $userid='all', $retur
 
     $gui->close();
 
+    if ($userid !== 0) {
+        $menu[0] .= " (" . (count($menu) - 1) . ")";
+    }
+
     return popup_form($CFG->wwwroot.'/grade/' . $actionpage . '&userid=', $menu, 'choosegradeduser', $userid, 'choose', '', '', 
                         $return, 'self', get_string('selectalloroneuser', 'grades')); 
 }

grade/report/user/index.php

@@ -28,7 +28,7 @@ require_once $CFG->dirroot.'/grade/lib.php';
 require_once $CFG->dirroot.'/grade/report/user/lib.php';
 
 $courseid = required_param('id');
-$userid   = optional_param('userid', $USER->id, PARAM_ALPHANUM);
+$userid   = optional_param('userid', $USER->id, PARAM_INT);
 
 /// basic access checks
 if (!$course = get_record('course', 'id', $courseid)) {
@@ -36,14 +36,18 @@ if (!$course = get_record('course', 'id', $courseid)) {
 }
 require_login($course);
 
+$context     = get_context_instance(CONTEXT_COURSE, $course->id);
+require_capability('gradereport/user:view', $context);
 
-if ($userid != 'all' && !$user = get_complete_user_data('id', $userid)) {
+if (empty($userid)) {
+    require_capability('moodle/grade:viewall', $context);
+
+} else {
+    if (!get_complete_user_data('id', $userid)) {
     error("Incorrect userid");
 }
 
-$context     = get_context_instance(CONTEXT_COURSE, $course->id);
-$usercontext = get_context_instance(CONTEXT_USER, $userid);
-require_capability('gradereport/user:view', $context);
+}
 
 $access = true;
 if (has_capability('moodle/grade:viewall', $context)) {
@@ -52,7 +56,7 @@ if (has_capability('moodle/grade:viewall', $context)) {
 } else if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
     //ok - can view own grades
 
-} else if (has_capability('moodle/grade:viewall', $usercontext) and $course->showgrades) {
+} else if ($has_capability('moodle/grade:viewall', get_context_instance(CONTEXT_USER, $userid)) and $course->showgrades) {
     // ok - can view grades of this user- parent most probably
 
 } else {
@@ -92,7 +96,7 @@ if ($access) {
         print_graded_users_selector($course, 'report/user/index.php?id=' . $course->id, $userid);
         echo '</div>';
         
-        if ($userid == 'all') {
+        if ($userid === 0) {
             $gui = new graded_users_iterator($course);
             $gui->init();
             while ($userdata = $gui->next_user()) {