MDL-30482 - Glossary - Adding capability to other areas using glossary

blocks/glossary_random/block_glossary_random.php

@@ -118,6 +118,10 @@ class block_glossary_random extends block_base {
     function get_content() {
         global $USER, $CFG, $DB;
 
+        if (!has_capability('mod/glossary:view', $this->context)) {
+            return '';
+        }
+
         if (empty($this->config->glossary)) {
             $this->content = new stdClass();
             $this->content->text   = get_string('notyetconfigured','block_glossary_random');

filter/glossary/filter.php

@@ -57,7 +57,7 @@ class filter_glossary extends moodle_text_filter {
             $nothingtodo = false;
         }
 
-        if ($nothingtodo === true) {
+        if (($nothingtodo === true) || (!has_capability('mod/glossary:view', $this->context))) {
             return $text;
         }
 

mod/glossary/db/access.php

@@ -26,6 +26,21 @@ defined('MOODLE_INTERNAL') || die();
 
 $capabilities = array(
 
+    'mod/glossary:view' => array(
+
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'archetypes' => array(
+            'frontpage' => CAP_ALLOW,
+            'guest' => CAP_ALLOW,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'manager' => CAP_ALLOW
+        )
+    ),
+
+
     'mod/glossary:write' => array(
 
         'riskbitmask' => RISK_SPAM,

mod/glossary/lang/en/glossary.php

@@ -181,6 +181,7 @@ $string['glossary:managecategories'] = 'Manage categories';
 $string['glossary:managecomments'] = 'Manage comments';
 $string['glossary:manageentries'] = 'Manage entries';
 $string['glossary:rate'] = 'Rate entries';
+$string['glossary:view'] = 'View entries';
 $string['glossarytype'] = 'Glossary type';
 $string['glossarytype_help'] = 'A main glossary is a glossary in which entries from secondary glossaries can be imported. There can only be one main glossary in a course. if glossary entry import is not required, all glossaries in the course can be secondary glossaries.';
 $string['glossary:view'] = 'View glossary';

mod/glossary/lib.php

@@ -323,7 +323,7 @@ function glossary_user_complete($course, $user, $mod, $glossary) {
  * @return bool
  */
 function glossary_print_recent_activity($course, $viewfullnames, $timestart) {
-    global $CFG, $USER, $DB, $OUTPUT;
+    global $CFG, $USER, $DB, $OUTPUT, $PAGE;
 
     //TODO: use timestamp in approved field instead of changing timemodified when approving in 2.0
     if (!defined('GLOSSARY_RECENT_ACTIVITY_LIMIT')) {
@@ -351,6 +351,9 @@ function glossary_print_recent_activity($course, $viewfullnames, $timestart) {
     $approvals = array();
     foreach ($ids as $glinstanceid => $glcmid) {
         $context = get_context_instance(CONTEXT_MODULE, $glcmid);
+        if (!has_capability('mod/glossary:view', $context)) {
+            continue;
+        }
         // get records glossary entries that are approved if user has no capability to approve entries.
         if (has_capability('mod/glossary:approve', $context)) {
             $approvals[] = ' ge.glossaryid = :glsid'.$glinstanceid.' ';
@@ -369,11 +372,14 @@ function glossary_print_recent_activity($course, $viewfullnames, $timestart) {
     $fromsql = implode($joins, "\n");
 
     $params['timestart'] = $timestart;
-    $clausesql = ' WHERE ge.timemodified > :timestart AND (';
-    $approvalsql = implode($approvals, ' OR ');
-
-    $ordersql = ') ORDER BY ge.timemodified ASC';
+    $clausesql = ' WHERE ge.timemodified > :timestart ';
 
+    if (count($approvals) > 0) {
+        $approvalsql = 'AND ('. implode($approvals, ' OR ') .') ';
+    } else {
+    	$approvalsql = '';
+    }
+    $ordersql = 'ORDER BY ge.timemodified ASC';
     $entries = $DB->get_records_sql($selectsql.$fromsql.$clausesql.$approvalsql.$ordersql, $params, 0, (GLOSSARY_RECENT_ACTIVITY_LIMIT+1));
 
     if (empty($entries)) {
@@ -2832,7 +2838,7 @@ function glossary_extend_settings_navigation(settings_navigation $settings, navi
 
     $glossary = $DB->get_record('glossary', array("id" => $PAGE->cm->instance));
 
-    if (!empty($CFG->enablerssfeeds) && !empty($CFG->glossary_enablerssfeeds) && $glossary->rsstype && $glossary->rssarticles  && can_access_course($PAGE->course, $USER)) {
+    if (!empty($CFG->enablerssfeeds) && !empty($CFG->glossary_enablerssfeeds) && $glossary->rsstype && $glossary->rssarticles && has_capability('mod/glossary:view', $PAGE->cm->context)) {
         require_once("$CFG->libdir/rsslib.php");
 
         $string = get_string('rsstype','forum');

mod/glossary/rsslib.php

@@ -52,8 +52,7 @@
                 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
             }
             //context id from db should match the submitted one
-            //no specific capability required to view glossary entries so just check user is enrolled
-            if ($context->id != $modcontext->id || !can_access_course($course, $USER)) {
+            if ($context->id != $modcontext->id || !has_capability('mod/glossary:view', $modcontext)) {
                 return null;
             }
         }

mod/glossary/version.php

@@ -25,7 +25,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$module->version   = 2012022000;       // The current module version (Date: YYYYMMDDXX)
+$module->version   = 2012031200;       // The current module version (Date: YYYYMMDDXX)
 $module->requires  = 2011112900;       // Requires this Moodle version
 $module->component = 'mod_glossary';   // Full name of the plugin (used for diagnostics)
 $module->cron      = 0;

mod/glossary/view.php

@@ -48,7 +48,8 @@ if (!empty($id)) {
 }
 
 require_course_login($course->id, true, $cm);
-$context = get_context_instance(CONTEXT_MODULE, $cm->id);
+$context = context_module::instance($cm->id);
+require_capability('mod/glossary:view', $context);
 
 // Prepare format_string/text options
 $fmtoptions = array(