moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-17464 profile reports are now respecting course report caps

Browse source
This commit is contained in:
skodak 2008-11-30 12:04:27 +00:00
parent 683dacd065
commit 358e2a0bd2
8 changed files with 140 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

14
course/report/log/db/access.php
View file

@ -49,8 +49,20 @@ $coursereport_log_capabilities = array(
), ),
'clonepermissionsfrom' => 'moodle/site:viewreports', 'clonepermissionsfrom' => 'moodle/site:viewreports',
) ),
'coursereport/log:viewtoday' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
),
'clonepermissionsfrom' => 'moodle/site:viewreports',
)
); );
?> ?>

4
course/report/log/graph.php
View file

@ -17,9 +17,7 @@
require_login($course); require_login($course);
$context = get_context_instance(CONTEXT_COURSE, $course->id); $context = get_context_instance(CONTEXT_COURSE, $course->id);
if ($course->showreports and $USER->id == $user and !isguestuser()) { if (!$course->showreports or $USER->id != $user) {
// no cap required to view own graph
} else {
require_capability('coursereport/log:view', $context); require_capability('coursereport/log:view', $context);
} }

2
course/report/log/version.php
View file

@ -23,7 +23,7 @@
// // // //
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
$plugin->version = 2007101502; $plugin->version = 2007101503;
$plugin->requires = 2007101532; $plugin->requires = 2007101532;
?> ?>

2
course/report/stats/graph.php
View file

@ -24,7 +24,9 @@
require_login($course); require_login($course);
$context = get_context_instance(CONTEXT_COURSE, $course->id); $context = get_context_instance(CONTEXT_COURSE, $course->id);
if (!$course->showreports or $USER->id != $userid) {
require_capability('coursereport/stats:view', $context); require_capability('coursereport/stats:view', $context);
}
stats_check_uptodate($course->id); stats_check_uptodate($course->id);

74
course/user.php
View file

@ -5,8 +5,6 @@
require_once("../config.php"); require_once("../config.php");
require_once("lib.php"); require_once("lib.php");
$modes = array("outline", "complete", "todaylogs", "alllogs");
$id = required_param('id',PARAM_INT); // course id $id = required_param('id',PARAM_INT); // course id
$user = required_param('user',PARAM_INT); // user id $user = required_param('user',PARAM_INT); // user id
$mode = optional_param('mode', "todaylogs", PARAM_ALPHA); $mode = optional_param('mode', "todaylogs", PARAM_ALPHA);
@ -22,7 +20,16 @@
} }
require_login(); require_login();
$COURSE = clone($course); $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
require_login();
if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext) and !has_capability('moodle/course:view', $coursecontext)) {
// do not require parents to be enrolled in courses ;-)
course_setup($course);
} else {
require_login($course);
}
if ($user->deleted) { if ($user->deleted) {
print_header(); print_header();
@ -31,12 +38,52 @@
die; die;
} }
$coursecontext = get_context_instance(CONTEXT_COURSE, $id); // prepare list of allowed modes
$personalcontext = get_context_instance(CONTEXT_USER, $user->id); $myreports = ($course->showreports and $USER->id == $user->id);
$anyreport = has_capability('moodle/user:viewuseractivitiesreport', $personalcontext);
// if in either context, we can read report, then we can proceed $modes = array();
if (!(has_capability('moodle/site:viewreports', $coursecontext) or ($course->showreports and $USER->id == $user->id) or has_capability('moodle/user:viewuseractivitiesreport', $personalcontext))) {
print_error('nopermissiontoviewpage', 'error'); if ($myreports or $anyreport or has_capability('coursereport/outline:view', $coursecontext)) {
$modes[] = 'outline';
}
if ($myreports or $anyreport or has_capability('coursereport/outline:view', $coursecontext)) {
$modes[] = 'complete';
}
if ($myreports or $anyreport or has_capability('coursereport/log:viewtoday', $coursecontext)) {
$modes[] = 'todaylogs';
}
if ($myreports or $anyreport or has_capability('coursereport/log:view', $coursecontext)) {
$modes[] = 'alllogs';
}
if ($myreports or $anyreport or has_capability('coursereport/stats:view', $coursecontext)) {
$modes[] = 'stats';
}
if (has_capability('moodle/grade:viewall', $coursecontext)) {
//ok - can view all course grades
$modes[] = 'grade';
} else if ($course->showgrades and $user->id == $USER->id and has_capability('moodle/grade:view', $coursecontext)) {
//ok - can view own grades
$modes[] = 'grade';
} else if ($course->showgrades and has_capability('moodle/grade:viewall', $personalcontext)) {
// ok - can view grades of this user - parent most probably
$modes[] = 'grade';
}
if (empty($modes)) {
require_capability('moodle/user:viewuseractivitiesreport', $personalcontext);
}
if (!in_array($mode, $modes)) {
// forbidden or non-exitent mode
$mode = reset($modes);
} }
add_to_log($course->id, "course", "user report", "user.php?id=$course->id&user=$user->id&mode=$mode", "$user->id"); add_to_log($course->id, "course", "user report", "user.php?id=$course->id&user=$user->id&mode=$mode", "$user->id");
@ -73,8 +120,6 @@
$showroles = 1; $showroles = 1;
include($CFG->dirroot.'/user/tabs.php'); include($CFG->dirroot.'/user/tabs.php');
get_all_mods($course->id, $mods, $modnames, $modnamesplural, $modnamesused);
switch ($mode) { switch ($mode) {
case "grade": case "grade":
if (empty($CFG->grade_profilereport) or !file_exists($CFG->dirroot.'/grade/report/'.$CFG->grade_profilereport.'/lib.php')) { if (empty($CFG->grade_profilereport) or !file_exists($CFG->dirroot.'/grade/report/'.$CFG->grade_profilereport.'/lib.php')) {
@ -84,7 +129,6 @@
require_once $CFG->dirroot.'/grade/lib.php'; require_once $CFG->dirroot.'/grade/lib.php';
require_once $CFG->dirroot.'/grade/report/'.$CFG->grade_profilereport.'/lib.php'; require_once $CFG->dirroot.'/grade/report/'.$CFG->grade_profilereport.'/lib.php';
$course = $DB->get_record('course', array('id'=>required_param('id', PARAM_INT)));
$functionname = 'grade_report_'.$CFG->grade_profilereport.'_profilereport'; $functionname = 'grade_report_'.$CFG->grade_profilereport.'_profilereport';
if (function_exists($functionname)) { if (function_exists($functionname)) {
$functionname($course, $user); $functionname($course, $user);
@ -156,8 +200,7 @@
} }
// MDL-10818, do not display broken graph when user has no permission to view graph // MDL-10818, do not display broken graph when user has no permission to view graph
if (has_capability('coursereport/stats:view', get_context_instance(CONTEXT_COURSE, $id)) || if ($myreports or has_capability('coursereport/stats:view', $coursecontext)) {
($course->showreports and $USER->id == $user->id)) {
echo '<center><img src="'.$CFG->wwwroot.'/course/report/stats/graph.php?mode='.STATS_MODE_DETAILED.'&course='.$course->id.'&time='.$time.'&report='.STATS_REPORT_USER_VIEW.'&userid='.$user->id.'" alt="'.get_string('statisticsgraph').'" /></center>'; echo '<center><img src="'.$CFG->wwwroot.'/course/report/stats/graph.php?mode='.STATS_MODE_DETAILED.'&course='.$course->id.'&time='.$time.'&report='.STATS_REPORT_USER_VIEW.'&userid='.$user->id.'" alt="'.get_string('statisticsgraph').'" /></center>';
} }
@ -185,9 +228,10 @@
} }
print_table($table); print_table($table);
break; break;
case "outline" : case "outline" :
case "complete" : case "complete" :
default: get_all_mods($course->id, $mods, $modnames, $modnamesplural, $modnamesused);
$sections = get_all_sections($course->id); $sections = get_all_sections($course->id);
for ($i=0; $i<=$course->numsections; $i++) { for ($i=0; $i<=$course->numsections; $i++) {
@ -277,6 +321,8 @@
} }
} }
break; break;
default:
// can not be reached ;-)
} }

1
lang/en_utf8/coursereport_log.php
View file

@ -2,6 +2,7 @@
$string['log:view'] = 'View course logs'; $string['log:view'] = 'View course logs';
$string['log:viewlive'] = 'View live logs'; $string['log:viewlive'] = 'View live logs';
$string['log:viewtoday'] = 'View today\'s logs';
$string['loglive'] = 'Live logs'; $string['loglive'] = 'Live logs';

59
user/tabs.php
View file

@ -177,44 +177,71 @@
$toprow[] = new tabobject('notes', $CFG->wwwroot.'/notes/index.php?course='.$course->id . '&amp;user=' . $user->id, get_string('notes', 'notes')); $toprow[] = new tabobject('notes', $CFG->wwwroot.'/notes/index.php?course='.$course->id . '&amp;user=' . $user->id, get_string('notes', 'notes'));
} }
/// Current user must be teacher of the course or the course allows user to view their reports /// Find out if user allowed to see all reports of this user (usually parent) or individual course reports
//print_object($course); $myreports = ($course->showreports and $USER->id == $user->id);
//print_object($user); $anyreport = has_capability('moodle/user:viewuseractivitiesreport', $personalcontext);
// add in logic to check course read report
if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext) || ($course->showreports and $USER->id == $user->id) || has_capability('moodle/user:viewuseractivitiesreport', $coursecontext)) {
$toprow[] = new tabobject('reports', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=outline', get_string('activityreports'));
if (in_array($currenttab, array('outline', 'complete', 'todaylogs', 'alllogs', 'stats', 'grade'))) {
$inactive = array('reports');
$activetwo = array('reports');
$secondrow = array(); $secondrow = array();
if ($myreports or $anyreport or has_capability('coursereport/outline:view', $coursecontext)) {
$secondrow[] = new tabobject('outline', $CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('outline', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=outline', get_string('outlinereport')); '&amp;user='.$user->id.'&amp;mode=outline', get_string('outlinereport'));
}
if ($myreports or $anyreport or has_capability('coursereport/outline:view', $coursecontext)) {
$secondrow[] = new tabobject('complete', $CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('complete', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=complete', get_string('completereport')); '&amp;user='.$user->id.'&amp;mode=complete', get_string('completereport'));
}
if ($myreports or $anyreport or has_capability('coursereport/log:viewtoday', $coursecontext)) {
$secondrow[] = new tabobject('todaylogs', $CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('todaylogs', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=todaylogs', get_string('todaylogs')); '&amp;user='.$user->id.'&amp;mode=todaylogs', get_string('todaylogs'));
}
if ($myreports or $anyreport or has_capability('coursereport/log:view', $coursecontext)) {
$secondrow[] = new tabobject('alllogs', $CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('alllogs', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=alllogs', get_string('alllogs')); '&amp;user='.$user->id.'&amp;mode=alllogs', get_string('alllogs'));
}
if (!empty($CFG->enablestats)) { if (!empty($CFG->enablestats)) {
if ($myreports or $anyreport or has_capability('coursereport/stats:view', $coursecontext)) {
$secondrow[] = new tabobject('stats',$CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('stats',$CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=stats',get_string('stats')); '&amp;user='.$user->id.'&amp;mode=stats',get_string('stats'));
} }
}
if ($course->showgrades) { if (has_capability('moodle/grade:viewall', $coursecontext)) {
//ok - can view all course grades
$gradeaccess = true;
} else if ($course->showgrades and $user->id == $USER->id and has_capability('moodle/grade:view', $coursecontext)) {
//ok - can view own grades
$gradeaccess = true;
} else if ($course->showgrades and has_capability('moodle/grade:viewall', $personalcontext)) {
// ok - can view grades of this user - parent most probably
$gradeaccess = true;
} else {
$gradeaccess = false;
}
if ($gradeaccess) {
$secondrow[] = new tabobject('grade', $CFG->wwwroot.'/course/user.php?id='.$course->id. $secondrow[] = new tabobject('grade', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=grade', get_string('grade')); '&amp;user='.$user->id.'&amp;mode=grade', get_string('grade'));
} }
if ($secondrow) {
$toprow[] = new tabobject('reports', $CFG->wwwroot.'/course/user.php?id='.$course->id.
'&amp;user='.$user->id.'&amp;mode=outline', get_string('activityreports'));
if (in_array($currenttab, array('outline', 'complete', 'todaylogs', 'alllogs', 'stats', 'grade'))) {
$inactive = array('reports');
$activetwo = array('reports');
} else {
$secondrow = array();
} }
} }
} //close last bracket (individual tags) } //close last bracket (individual tags)

2
version.php
View file

@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine // This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php) // whether upgrades should be performed (see lib/db/*.php)
$version = 2008112902; // YYYYMMDD = date of the last version bump $version = 2008113000; // YYYYMMDD = date of the last version bump
// XX = daily increments // XX = daily increments
$release = '2.0 dev (Build: 20081128)'; // Human-friendly version name $release = '2.0 dev (Build: 20081128)'; // Human-friendly version name