MDL-10579 Implement capability checks in grade import/export/report/edit pages - work in progress

refactoring - reports now use real index.php
2025-08-08 02:16:41 +02:00 · 2007-07-23 22:20:07 +00:00 · 2007-07-23 22:20:07 +00:00 · 65dd61bda6
commit 65dd61bda6
parent 7229af7890
12 changed files with 332 additions and 348 deletions
--- a/grade/report/user/index.php
+++ b/grade/report/user/index.php
@ -1,28 +1,110 @@
 <?php // $Id$

-/// This creates and handles the whole user report interface, sans header and footer
+///////////////////////////////////////////////////////////////////////////
+// NOTICE OF COPYRIGHT                                                   //
+//                                                                       //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment         //
+//          http://moodle.org                                            //
+//                                                                       //
+// Copyright (C) 1999 onwards  Martin Dougiamas  http://moodle.com       //
+//                                                                       //
+// This program is free software; you can redistribute it and/or modify  //
+// it under the terms of the GNU General Public License as published by  //
+// the Free Software Foundation; either version 2 of the License, or     //
+// (at your option) any later version.                                   //
+//                                                                       //
+// This program is distributed in the hope that it will be useful,       //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of        //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         //
+// GNU General Public License for more details:                          //
+//                                                                       //
+//          http://www.gnu.org/copyleft/gpl.html                         //
+//                                                                       //
+///////////////////////////////////////////////////////////////////////////

-require_once($CFG->dirroot.'/grade/report/user/lib.php');
+require_once '../../../config.php';
+require_once $CFG->libdir.'/gradelib.php';
+require_once $CFG->dirroot.'/grade/lib.php';
+require_once $CFG->dirroot.'/grade/report/user/lib.php';

-// get the params
-if (!$userid = optional_param('user', 0, PARAM_INT)) {
-    // current user
-    $userid = $USER->id;
+$courseid = required_param('id');
+$userid   = optional_param('userid', $USER->id, PARAM_INT);
+
+/// basic access checks
+if (!$course = get_record('course', 'id', $courseid)) {
+    print_error('nocourseid');
+}
+require_login($course);
+
+if (!$user = get_complete_user_data('id', $userid)) {
+    error("Incorrect userid");
 }

-// Create a report instance
-$report = new grade_report_user($courseid, $gpr, $context, $userid);
+$context     = get_context_instance(CONTEXT_COURSE, $course->id);
+$usercontext = get_context_instance(CONTEXT_PERSONAL, $user->id);
+require_capability('gradereport/user:view', $context);

-// find total number of participants
-$numusers = $report->get_numusers();
+$access = true;
+if (has_capability('moodle/grade:viewall', $context)) {
+    //ok - can view all course grades

-$gradetotal = 0;
-$gradesum = 0;
+} else if ($user->id == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
+    //ok - can view own grades

-// print the page
-print_heading(get_string('modulename', 'gradereport_user'). " - ".fullname($report->user));
-
-if ($report->fill_table()) {
-    echo $report->print_table(true);
+} else if (has_capability('moodle/grade:view', $usercontext) and $course->showgrades) {
+    // ok - can view grades of this user- parent most probably
+    
+} else {
+    $acces = false;
 }
+
+/// return tracking object
+$gpr = new grade_plugin_return(array('type'=>'report', 'plugin'=>'user', 'courseid'=>$courseid, 'userid'=>$userid));
+
+/// last selected report session tracking
+if (!isset($USER->grade_last_report)) {
+    $USER->grade_last_report = array();
+}
+$USER->grade_last_report[$course->id] = 'user';
+
+/// Build navigation
+$strgrades  = get_string('grades');
+$reportname = get_string('modulename', 'gradereport_user');
+
+$navlinks = array(array('name'=>$strgrades, 'link'=>$CFG->wwwroot.'/grade/index.php?id='.$courseid, 'type'=>'misc'),
+                  array('name'=>$reportname, 'link'=>'', 'type'=>'misc'));
+$navigation = build_navigation($navlinks);
+
+
+/// Print header
+print_header_simple($strgrades.':'.$reportname, ':'.$strgrades, $navigation,
+                    '', '', true, '', navmenu($course));
+
+/// Print the plugin selector at the top
+print_grade_plugin_selector($courseid, 'report', 'user');
+
+if ($access) {
+
+    //first make sure we have proper final grades - this must be done before constructing of the grade tree
+    grade_regrade_final_grades($courseid);
+
+    // Create a report instance
+    $report = new grade_report_user($courseid, $gpr, $context, $userid);
+    
+    $gradetotal = 0;
+    $gradesum = 0;
+    
+    // print the page
+    print_heading(get_string('modulename', 'gradereport_user'). ' - '.fullname($report->user));
+    
+    if ($report->fill_table()) {
+        echo $report->print_table(true);
+    }
+
+} else {
+    // no access to grades!
+    echo "Can not view grades."; //TODO: localize
+}
+print_footer($course);
+
 ?>