Merge branch 'MDL-59671-master-fix' of git://github.com/lameze/moodle

2025-04-21 16:32:18 +02:00 · 2017-08-09 15:09:08 +08:00 · 2017-08-09 15:09:08 +08:00 · ffd1747b11
commit ffd1747b11
parent ba07a8e7da 436d39ba85
5 changed files with 19 additions and 9 deletions
--- a/calendar/classes/external/event_exporter.php
+++ b/calendar/classes/external/event_exporter.php
@ -236,7 +236,7 @@ class event_exporter extends exporter {
        }

        $values['canedit'] = calendar_edit_event_allowed($legacyevent);
-        $values['candelete'] = (!$values['isactionevent'] && $values['canedit']);
+        $values['candelete'] = calendar_delete_event_allowed($legacyevent);

        // Handle event subscription.
        $values['subscription'] = null;
--- a/calendar/delete.php
+++ b/calendar/delete.php
@ -57,10 +57,10 @@ require_login($course);
 if (!$course) {
    $PAGE->set_context(context_system::instance()); //TODO: wrong
 }
-
-// Check the user has the required capabilities to edit an event
-if (!calendar_edit_event_allowed($event)) {
-    print_error('nopermissions');
+$title = get_string('deleteevent', 'calendar');
+// Check the user has the required capabilities to delete an event
+if (!calendar_delete_event_allowed($event)) {
+    print_error('nopermissions', 'error', $PAGE->url, $title);
 }

 // Count the repeats, do we need to consider the possibility of deleting repeats
@ -88,7 +88,6 @@ if ($confirm) {
 }

 // Prepare the page to show the confirmation form
-$title = get_string('deleteevent', 'calendar');
 $strcalendar = get_string('calendar', 'calendar');

 $PAGE->navbar->add($strcalendar, $viewcalendarurl);
--- a/calendar/externallib.php
+++ b/calendar/externallib.php
@ -91,8 +91,8 @@ class core_calendar_external extends external_api {
            $eventobj = calendar_event::load($event['eventid']);

            // Let's check if the user is allowed to delete an event.
-            if (!calendar_edit_event_allowed($eventobj)) {
-                throw new moodle_exception("nopermissions");
+            if (!calendar_delete_event_allowed($eventobj)) {
+                throw new moodle_exception('nopermissions', 'error', '', get_string('deleteevent', 'calendar'));
            }
            // Time to do the magic.
            $eventobj->delete($event['repeat']);
--- a/calendar/lib.php
+++ b/calendar/lib.php
@ -2493,6 +2493,17 @@ function calendar_edit_event_allowed($event) {
    return false;
 }

+/**
+ * Return the capability for deleting a calendar event.
+ *
+ * @param calendar_event $event The event object
+ * @return bool Whether the user has permission to delete the event or not.
+ */
+function calendar_delete_event_allowed($event) {
+    // Only allow delete if you have capabilities and it is not an module event.
+    return (calendar_edit_event_allowed($event) && empty($event->modulename));
+}
+
 /**
 * Returns the default courses to display on the calendar when there isn't a specific
 * course to display.
--- a/calendar/renderer.php
+++ b/calendar/renderer.php
@ -228,7 +228,7 @@ class core_calendar_renderer extends plugin_renderer_base {

        $output .= $this->output->box_start('card-header clearfix');
        if (calendar_edit_event_allowed($event) && $showactions) {
-            if (empty($event->cmid)) {
+            if (calendar_delete_event_allowed($event)) {
                $editlink = new moodle_url(CALENDAR_URL.'event.php', array('action' => 'edit', 'id' => $event->id));
                $deletelink = new moodle_url(CALENDAR_URL.'delete.php', array('id' => $event->id));
                if (!empty($event->calendarcourseid)) {