moodle/course/group.php
moodler bbbf2d4015 ROLES AND PERMISSIONS - FIRST CHECK-IN
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
2006-08-08 05:13:06 +00:00

86 lines
2.7 KiB
PHP

<?php // $Id$
/// Shows current group, and allows editing of the group
/// icon and other settings related to that group
/// This script appears within a popup window
require_once('../config.php');
require_once('lib.php');
$id = required_param('id', PARAM_INT); // Course id
$group = optional_param('group', 0, PARAM_INT); // Optionally look at other groups
if (! $course = get_record('course', 'id', $id) ) {
error("That's an invalid course id");
}
require_login($course->id);
if (! $group = get_record("groups", "id", $group, "courseid", $course->id)) {
notice('Specified group could not be found!', "#");
close_window_button();
}
// this is fine since group inherits course settings, this allows 1) teacher to edit all groups
// 2 someone with a role with a cap to modify a specific group
$context = get_context_instance(CONTEXT_GROUP, $group->id);
// this is really weird
if (!has_capability('moodle/course:managegroups', $context->id)) {
close_window();
}
/// Print the headers of the page
print_header(get_string('groupinfoedit').' : '.$group->name);
/// If data submitted, then process and store.
if ($form = data_submitted() and confirm_sesskey()) {
if (empty($form->name)) {
$err['name'] = get_string("missingname");
} else {
require_once($CFG->dirroot.'/lib/uploadlib.php');
$um = new upload_manager('imagefile',false,false,null,false,0,true,true);
if ($um->preprocess_files()) {
require_once("$CFG->libdir/gdlib.php");
if (save_profile_image($group->id, $um, 'groups')) {
$group->picture = 1;
}
}
// Setting a new object in order to avoid updating other columns for the record,
// which could lead to SQL injection vulnerabilities.
// Be VERY sure to sanitize all parameters that go into $dataobj!
$dataobj = new stdClass;
$dataobj->id = $group->id;
$dataobj->name = clean_text($form->name);
$dataobj->description = clean_text($form->description);
$dataobj->hidepicture = empty($form->hidepicture) ? 0 : 1;
$dataobj->password = required_param('password', PARAM_ALPHANUM);
$dataobj->picture = $group->picture;
if (!update_record('groups', $dataobj)) {
notify("A strange error occurred while trying to save");
} else {
notify(get_string('changessaved'));
}
close_window(3);
}
}
$usehtmleditor = false;
include('group-edit.html');
echo "</body></html>";
?>