moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-08 10:26:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-56565 navigation: fix for cap checks in nav and context header

Browse source 
Fix to:
- Make sure we properly check both user and course contexts in
the load_for_user function in navigation lib and user the
user_can_view_profile function for same-course access checks.
- Use user_can_view_profile in the renderer's context_header to
properly decide whether a user can view another user's picture
and messaging options in the page header.
This commit is contained in:
Jake Dallimore 2017-03-09 15:50:24 +08:00 committed by Mr. Jenkins (CiBoT)
parent 02e5a9d766
commit 012555492e
2 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/outputrenderers.php
View file

@ -4075,6 +4075,7 @@ EOD;
public function context_header($headerinfo = null, $headinglevel = 1) {
global $DB, $USER, $CFG;
require_once($CFG->dirroot . '/user/lib.php');
$context = $this->page->context;
$heading = null;
$imagedata = null;
@ -4100,7 +4101,7 @@ EOD;
// Only provide user information if the user is the current user, or a user which the current user can view.
$canviewdetails = false;
if ($user->id == $USER->id || has_capability('moodle/user:viewdetails', $this->page->context)) {
if ($user->id == $USER->id || user_can_view_profile($user)) {
$canviewdetails = true;
}