mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-56586 blocks: Fix mess with links to permissions

Browse Source 
problem 1: links to blocks permissions changes were missing in boost
problem 2: when modifying link from dashboard user is returned to profile ('returnurl' passed but not respected)
problem 3: link to check permissions missing from category management page
fix: instead of respecting both 'return' and 'returnurl' parameter use only 'returnurl'
fix: use 'popup' layout when modifying permissions for a block
This commit is contained in:
Marina Glancy 2016-11-21 15:53:00 +08:00
parent b11916d3e7
commit b1e5624ad9
6 changed files with 96 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
admin/roles/assign.php
View File

@ -29,7 +29,7 @@ define("MAX_USERS_TO_LIST_PER_ROLE", 10);
$contextid = required_param('contextid', PARAM_INT);
$roleid = optional_param('roleid', 0, PARAM_INT);
$returnto = optional_param('return', null, PARAM_ALPHANUMEXT);
$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
list($context, $course, $cm) = get_context_info_array($contextid);
@ -53,7 +53,13 @@ if ($course) {
// Security.
require_login($course, false, $cm);
require_capability('moodle/role:assign', $context);
$PAGE->set_url($url);
navigation_node::override_active_url($url);
$pageurl = new moodle_url($url);
if ($returnurl) {
$pageurl->param('returnurl', $returnurl);
}
$PAGE->set_url($pageurl);
$PAGE->set_context($context);
$contextname = $context->get_context_name();
@ -141,6 +147,10 @@ if (!empty($user) && ($user->id != $USER->id)) {
}
$PAGE->set_pagelayout('admin');
if ($context->contextlevel == CONTEXT_BLOCK) {
// Do not show blocks when changing block's settings, it is confusing.
$PAGE->blocks->show_only_fake_blocks(true);
}
$PAGE->set_title($title);
switch ($context->contextlevel) {
@ -186,9 +196,6 @@ if ($roleid) {
// Print the form.
$assignurl = new moodle_url($PAGE->url, array('roleid'=>$roleid));
if ($returnto !== null) {
$assignurl->param('return', $returnto);
}
?>
<form id="assignform" method="post" action="<?php echo $assignurl ?>"><div>
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
@ -235,18 +242,10 @@ if ($roleid) {
// Print a form to swap roles, and a link back to the all roles list.
echo '<div class="backlink">';
$newroleurl = new moodle_url($PAGE->url);
if ($returnto !== null) {
$newroleurl->param('return', $returnto);
}
$select = new single_select($newroleurl, 'roleid', $nameswithcounts, $roleid, null);
$select = new single_select($PAGE->url, 'roleid', $nameswithcounts, $roleid, null);
$select->label = get_string('assignanotherrole', 'core_role');
echo $OUTPUT->render($select);
$backurl = new moodle_url('/admin/roles/assign.php', array('contextid' => $contextid));
if ($returnto !== null) {
$backurl->param('return', $returnto);
}
echo '<p><a href="' . $backurl->out() . '">' . get_string('backtoallroles', 'core_role') . '</a></p>';
echo '<p><a href="' . $PAGE->url . '">' . get_string('backtoallroles', 'core_role') . '</a></p>';
echo '</div>';
} else if (empty($assignableroles)) {
@ -284,9 +283,6 @@ if ($roleid) {
}
} else if ($assigncounts[$roleid] > MAX_USERS_TO_LIST_PER_ROLE) {
$assignurl = new moodle_url($PAGE->url, array('roleid'=>$roleid));
if ($returnto !== null) {
$assignurl->param('return', $returnto);
}
$roleholdernames[$roleid] = '<a href="'.$assignurl.'">'.$strmorethanmax.'</a>';
} else {
$roleholdernames[$roleid] = '';
@ -307,9 +303,6 @@ if ($roleid) {
foreach ($assignableroles as $roleid => $rolename) {
$description = format_string($DB->get_field('role', 'description', array('id'=>$roleid)));
$assignurl = new moodle_url($PAGE->url, array('roleid'=>$roleid));
if ($returnto !== null) {
$assignurl->param('return', $returnto);
}
$row = array('<a href="'.$assignurl.'">'.$rolename.'</a>',
$description, $assigncounts[$roleid]);
if ($showroleholders) {
@ -322,8 +315,8 @@ if ($roleid) {
if ($context->contextlevel > CONTEXT_USER) {
if ($context->contextlevel === CONTEXT_COURSECAT && $returnto === 'management') {
$url = new moodle_url('/course/management.php', array('categoryid' => $context->instanceid));
if ($returnurl) {
$url = new moodle_url($returnurl);
} else {
$url = $context->get_url();
}

31
admin/roles/check.php
View File

@ -25,6 +25,7 @@
require_once(__DIR__ . '/../../config.php');
$contextid = required_param('contextid', PARAM_INT);
$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
list($context, $course, $cm) = get_context_info_array($contextid);
@ -49,7 +50,13 @@ require_login($course, false, $cm);
if (!has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'), $context)) {
print_error('nopermissions', 'error', '', get_string('checkpermissions', 'core_role'));
}
$PAGE->set_url($url);
navigation_node::override_active_url($url);
$pageurl = new moodle_url($url);
if ($returnurl) {
$pageurl->param('returnurl', $returnurl);
}
$PAGE->set_url($pageurl);
if ($context->contextlevel == CONTEXT_USER and $USER->id != $context->instanceid) {
$PAGE->navbar->includesettingsbase = true;
@ -75,6 +82,10 @@ $userselector->set_rows(20);
$title = get_string('checkpermissionsin', 'core_role', $contextname);
$PAGE->set_pagelayout('admin');
if ($context->contextlevel == CONTEXT_BLOCK) {
// Do not show blocks when changing block's settings, it is confusing.
$PAGE->blocks->show_only_fake_blocks(true);
}
$PAGE->set_title($title);
switch ($context->contextlevel) {
@ -156,16 +167,7 @@ if (!is_null($reportuser)) {
// Show UI for choosing a user to report on.
echo $OUTPUT->box_start('generalbox boxwidthnormal boxaligncenter', 'chooseuser');
echo '<form method="get" action="' . $CFG->wwwroot . '/' . $CFG->admin . '/roles/check.php" >';
// Hidden fields.
echo '<input type="hidden" name="contextid" value="' . $context->id . '" />';
if (!empty($user->id)) {
echo '<input type="hidden" name="userid" value="' . $user->id . '" />';
}
if ($isfrontpage) {
echo '<input type="hidden" name="courseid" value="' . $courseid . '" />';
}
echo '<form method="post" action="' . $PAGE->url . '" >';
// User selector.
echo $OUTPUT->heading('<label for="reportuser">' . $selectheading . '</label>', 3);
@ -180,7 +182,12 @@ echo $OUTPUT->box_end();
// Appropriate back link.
if ($context->contextlevel > CONTEXT_USER) {
echo html_writer::start_tag('div', array('class'=>'backlink'));
echo html_writer::tag('a', get_string('backto', '', $contextname), array('href'=>$context->get_url()));
if ($returnurl) {
$backurl = new moodle_url($returnurl);
} else {
$backurl = $context->get_url();
}
echo html_writer::link($backurl, get_string('backto', '', $contextname));
echo html_writer::end_tag('div');
}

19
admin/roles/permissions.php
View File

@ -33,7 +33,7 @@ $prevent = optional_param('prevent', 0, PARAM_BOOL);
$allow = optional_param('allow', 0, PARAM_BOOL);
$unprohibit = optional_param('unprohibit', 0, PARAM_BOOL);
$prohibit = optional_param('prohibit', 0, PARAM_BOOL);
$return = optional_param('return', null, PARAM_ALPHANUMEXT);
$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
list($context, $course, $cm) = get_context_info_array($contextid);
@ -56,7 +56,13 @@ if ($course) {
// Security first.
require_login($course, false, $cm);
require_capability('moodle/role:review', $context);
$PAGE->set_url($url);
navigation_node::override_active_url($url);
$pageurl = new moodle_url($url);
if ($returnurl) {
$pageurl->param('returnurl', $returnurl);
}
$PAGE->set_url($pageurl);
if ($context->contextlevel == CONTEXT_USER and $USER->id != $context->instanceid) {
$PAGE->navbar->includesettingsbase = true;
@ -85,6 +91,11 @@ $straction = get_string('permissions', 'core_role'); // Used by tabs.php.
$currenttab = 'permissions';
$PAGE->set_pagelayout('admin');
if ($context->contextlevel == CONTEXT_BLOCK) {
// Do not show blocks when changing block's settings, it is confusing.
$PAGE->blocks->show_only_fake_blocks(true);
}
$PAGE->set_title($title);
switch ($context->contextlevel) {
case CONTEXT_SYSTEM:
@ -219,8 +230,8 @@ echo $OUTPUT->box_end();
if ($context->contextlevel > CONTEXT_USER) {
if ($context->contextlevel === CONTEXT_COURSECAT && $return === 'management') {
$url = new moodle_url('/course/management.php', array('categoryid' => $context->instanceid));
if ($returnurl) {
$url = new moodle_url($returnurl);
} else {
$url = $context->get_url();
}

17
course/classes/management/helper.php
View File

@ -168,6 +168,7 @@ class helper {
* @return array
*/
public static function get_category_listitem_actions(\coursecat $category) {
global $PAGE;
$baseurl = new \moodle_url('/course/management.php', array('categoryid' => $category->id, 'sesskey' => \sesskey()));
$actions = array();
// Edit.
@ -249,11 +250,11 @@ class helper {
);
}
// Roles.
// Assign roles.
if ($category->can_review_roles()) {
$actions['assignroles'] = array(
'url' => new \moodle_url('/admin/roles/assign.php', array('contextid' => $category->get_context()->id,
'return' => 'management')),
'returnurl' => $PAGE->url->out_as_local_url(false))),
'icon' => new \pix_icon('t/assignroles', new \lang_string('assignroles', 'role')),
'string' => new \lang_string('assignroles', 'role')
);
@ -263,12 +264,22 @@ class helper {
if ($category->can_review_permissions()) {
$actions['permissions'] = array(
'url' => new \moodle_url('/admin/roles/permissions.php', array('contextid' => $category->get_context()->id,
'return' => 'management')),
'returnurl' => $PAGE->url->out_as_local_url(false))),
'icon' => new \pix_icon('i/permissions', new \lang_string('permissions', 'role')),
'string' => new \lang_string('permissions', 'role')
);
}
// Check permissions.
if ($category->can_review_permissions()) {
$actions['checkroles'] = array(
'url' => new \moodle_url('/admin/roles/check.php', array('contextid' => $category->get_context()->id,
'returnurl' => $PAGE->url->out_as_local_url(false))),
'icon' => new \pix_icon('i/checkpermissions', new \lang_string('checkpermissions', 'role')),
'string' => new \lang_string('checkpermissions', 'role')
);
}
// Cohorts.
if ($category->can_review_cohorts()) {
$actions['cohorts'] = array(

3
course/tests/management_helper_test.php
View File

@ -1088,8 +1088,11 @@ class core_course_management_helper_test extends advanced_testcase {
* Tests the fetching of actions for a category.
*/
public function test_get_category_listitem_actions() {
global $PAGE;
$this->resetAfterTest(true);
$PAGE->set_url(new moodle_url('/course/management.php'));
$generator = $this->getDataGenerator();
$category = $generator->create_category();
$context = context_system::instance();

55
lib/blocklib.php
View File

@ -1221,36 +1221,39 @@ class block_manager {
$controls[] = new action_menu_link_secondary($url, $icon, $str, $attributes);
}
// Display either "Assign roles" or "Permissions" or "Change permissions" icon (whichever first is available).
$rolesurl = null;
// Assign roles.
if (get_assignable_roles($block->context, ROLENAME_SHORT)) {
$rolesurl = new moodle_url('/admin/roles/assign.php', array('contextid' => $block->context->id));
$rolesurl = new moodle_url('/admin/roles/assign.php', array('contextid' => $block->context->id,
'returnurl' => $this->page->url->out_as_local_url()));
$str = new lang_string('assignrolesinblock', 'block', $blocktitle);
$icon = 'i/assignroles';
} else if (has_capability('moodle/role:review', $block->context) or get_overridable_roles($block->context)) {
$rolesurl = new moodle_url('/admin/roles/permissions.php', array('contextid' => $block->context->id));
$str = get_string('permissions', 'role');
$icon = 'i/permissions';
} else if (has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:assign'), $block->context)) {
$rolesurl = new moodle_url('/admin/roles/check.php', array('contextid' => $block->context->id));
$str = get_string('checkpermissions', 'role');
$icon = 'i/checkpermissions';
}
if ($rolesurl) {
// TODO: please note it is sloppy to pass urls through page parameters!!
// it is shortened because some web servers (e.g. IIS by default) give
// a 'security' error if you try to pass a full URL as a GET parameter in another URL.
$return = $this->page->url->out(false);
$return = str_replace($CFG->wwwroot . '/', '', $return);
$rolesurl->param('returnurl', $return);
$controls[] = new action_menu_link_secondary(
$rolesurl,
new pix_icon($icon, $str, 'moodle', array('class' => 'iconsmall', 'title' => '')),
$str,
array('class' => 'editing_roles')
new pix_icon('i/assignroles', $str, 'moodle', array('class' => 'iconsmall', 'title' => '')),
$str, array('class' => 'editing_assignroles')
);
}
// Permissions.
if (has_capability('moodle/role:review', $block->context) or get_overridable_roles($block->context)) {
$rolesurl = new moodle_url('/admin/roles/permissions.php', array('contextid' => $block->context->id,
'returnurl' => $this->page->url->out_as_local_url()));
$str = get_string('permissions', 'role');
$controls[] = new action_menu_link_secondary(
$rolesurl,
new pix_icon('i/permissions', $str, 'moodle', array('class' => 'iconsmall', 'title' => '')),
$str, array('class' => 'editing_permissions')
);
}
// Change permissions.
if (has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:assign'), $block->context)) {
$rolesurl = new moodle_url('/admin/roles/check.php', array('contextid' => $block->context->id,
'returnurl' => $this->page->url->out_as_local_url()));
$str = get_string('checkpermissions', 'role');
$controls[] = new action_menu_link_secondary(
$rolesurl,
new pix_icon('i/checkpermissions', $str, 'moodle', array('class' => 'iconsmall', 'title' => '')),
$str, array('class' => 'editing_checkroles')
);
}