mirror of
https://github.com/moodle/moodle.git
synced 2025-01-17 13:38:32 +01:00
MDL-12373 - More instances of links to the participants list being shown in the navigation bar to people without the necessary capability.
I have not copied and pasted the same code into lots of different places. That sucks. We really need to refactor this into a function that builds the navigation up to, and including the user's name. However, I don't have time now. A list of the places touched by this bug (MDL-12373) will at least give a complete list of places that such a refactoring would have to touch.
This commit is contained in:
tjhunt
parent
d1a2a97ba3
commit
b26adbef4c
@ -131,7 +131,9 @@
|
||||
/// course header
|
||||
$navlinks = array();
|
||||
if ($courseid != SITEID) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
|
||||
}
|
||||
$navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc');
|
||||
$navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
|
||||
$navigation = build_navigation($navlinks);
|
||||
|
||||
@ -126,7 +126,9 @@
|
||||
$navlinks = array();
|
||||
/// course header
|
||||
if ($course->id != SITEID) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
|
||||
}
|
||||
$navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc');
|
||||
$navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
|
||||
$navigation = build_navigation($navlinks);
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
|
||||
$navlinks = array();
|
||||
|
||||
if ($course->id != SITEID) {
|
||||
if ($course->id != SITEID && has_capability('moodle/course:viewparticipants', $coursecontext)) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "../user/index.php?id=$course->id", 'type' => 'misc');
|
||||
}
|
||||
|
||||
|
||||
@ -40,7 +40,9 @@
|
||||
$fullname = fullname($user, has_capability('moodle/site:viewfullnames', $syscontext));
|
||||
|
||||
$navlinks = array();
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core');
|
||||
if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id)) || has_capability('moodle/site:viewparticipants', $syscontext)) {
|
||||
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core');
|
||||
}
|
||||
$navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", 'type' => 'title');
|
||||
$navlinks[] = array('name' => $strforumposts, 'link' => '', 'type' => 'title');
|
||||
$navlinks[] = array('name' => $strmode, 'link' => '', 'type' => 'title');
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
require_once('edit_form.php');
|
||||
|
||||
/// create form
|
||||
$noteform = new note_edit_form(null, $extradata);
|
||||
$noteform = new note_edit_form();
|
||||
|
||||
/// if form was cancelled then return to the previous notes list
|
||||
if ($noteform->is_cancelled()) {
|
||||
@ -69,7 +69,9 @@
|
||||
|
||||
/// output HTML
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');
|
||||
|
||||
@ -15,6 +15,12 @@ if (!$note = note_load($noteid)) {
|
||||
if (!$course = get_record('course', 'id', $note->courseid)) {
|
||||
error('Incorrect course id found');
|
||||
}
|
||||
|
||||
// locate user information
|
||||
if (!$user = get_record('user', 'id', $note->userid)) {
|
||||
error('Incorrect user id found');
|
||||
}
|
||||
|
||||
// require login to access notes
|
||||
require_login($course->id);
|
||||
|
||||
@ -42,8 +48,13 @@ if (data_submitted() && confirm_sesskey()) {
|
||||
$optionsno = array('course'=>$course->id, 'user'=>$note->userid);
|
||||
|
||||
// output HTML
|
||||
$crumbs = array(array('name' => $strnotes, 'link' => '', 'type' => 'activity'));
|
||||
print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($crumbs));
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('delete'), 'link' => '', 'type' => 'activity');
|
||||
print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($nav));
|
||||
notice_yesno(get_string('deleteconfirm', 'notes'), 'delete.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
|
||||
echo '<br />';
|
||||
note_print($note, NOTES_SHOW_BODY | NOTES_SHOW_HEAD);
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
/// get option values for the user select
|
||||
|
||||
/// create form
|
||||
$noteform = new note_edit_form(null);
|
||||
$noteform = new note_edit_form();
|
||||
|
||||
/// if form was cancelled then return to the notes list of the note
|
||||
if ($noteform->is_cancelled()) {
|
||||
@ -72,7 +72,9 @@
|
||||
|
||||
/// output HTML
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');
|
||||
|
||||
@ -13,7 +13,6 @@ class note_edit_form extends moodleform {
|
||||
$mform->addElement('textarea', 'content', $strcontent, array('rows'=>15, 'cols'=>40));
|
||||
$mform->setType('content', PARAM_RAW);
|
||||
$mform->addRule('content', get_string('nocontent', 'notes'), 'required', null, 'client');
|
||||
$mform->setHelpButton('content', 'writing');
|
||||
|
||||
$mform->addElement('select', 'publishstate', $strpublishstate, note_get_state_names());
|
||||
$mform->setDefault('publishstate', NOTES_STATE_PUBLIC);
|
||||
|
||||
@ -48,10 +48,18 @@
|
||||
|
||||
|
||||
/// output HTML
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
$coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
|
||||
} else {
|
||||
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
|
||||
}
|
||||
$systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
|
||||
|
||||
$strnotes = get_string('notes', 'notes');
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
if ($userid) {
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user