moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

course categories: MDL-17502 when deleting a category and its contents, check moodle/course:delete capability.

Browse source 
* Note: this would never lead to problems with default role definions.
* Also ended up mostly rewriting delete_category_form to simplify the messages that are displayed.
* New helper function require_all_capabilities, a bit like require_any_capability.
This commit is contained in:
tjhunt 2008-12-08 07:28:19 +00:00
parent fc11edbfa0
commit 8a1b1c328d
6 changed files with 119 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

118
course/delete_category_form.php
View file

@ -1,63 +1,116 @@
<?php //$Id$
require_once($CFG->libdir.'/formslib.php');
require_once($CFG->libdir.'/questionlib.php');
class delete_category_form extends moodleform {
var $_category;
function definition() {
global $CFG;
global $CFG, $DB;
$mform =& $this->_form;
$category = $this->_customdata;
ensure_context_subobj_present($category, CONTEXT_COURSECAT);
$this->_category = $category;
$mform->addElement('header','general', get_string('categorycurrentcontents', '', format_string($category->name)));
$displaylist = array();
$notused = array();
make_categories_list($displaylist, $notused, 'moodle/course:create', $category->id);
// Check permissions, to see if it OK to give the option to delete
// the contents, rather than move elsewhere.
/// Check permissions, to see if it OK to give the option to delete
/// the contents, rather than move elsewhere.
/// Are there any subcategories of this one, can they be deleted?
$candeletecontent = true;
$tocheck = array($category);
$tocheck = get_child_categories($category->id);
$containscategories = !empty($tocheck);
$categoryids = array($category->id);
while (!empty($tocheck)) {
$checkcat = array_pop($tocheck);
$childcategoryids[] = $checkcat->id;
$tocheck = $tocheck + get_child_categories($checkcat->id);
if (!has_capability('moodle/category:manage', $checkcat->context)) {
if ($candeletecontent && !has_capability('moodle/category:manage', $checkcat->context)) {
$candeletecontent = false;
break;
}
}
// TODO check that the user is allowed to delete all the courses MDL-17502!
/// Are there any courses in here, can they be deleted?
list($test, $params) = $DB->get_in_or_equal($categoryids);
$containedcourses = $DB->get_records_sql(
"SELECT id,1 FROM {course} c WHERE c.category $test", $params);
$containscourses = false;
if ($containedcourses) {
$containscourses = true;
foreach ($containedcourses as $courseid => $notused) {
if ($candeletecontent && !can_delete_course($courseid)) {
$candeletecontent = false;
break;
}
}
}
/// Are there any questions in the question bank here?
$containsquestions = question_context_has_any_questions($category->context);
/// Get the list of categories we might be able to move to.
$testcaps = array();
if ($containscourses) {
$testcaps[] = 'moodle/course:create';
}
if ($containscategories || $containsquestions) {
$testcaps[] = 'moodle/category:manage';
}
$displaylist = array();
$notused = array();
if (!empty($testcaps)) {
make_categories_list($displaylist, $notused, $testcaps, $category->id);
}
/// Now build the options.
$options = array();
if ($displaylist) {
$options[0] = get_string('move');
$options[0] = get_string('movecontentstoanothercategory');
}
if ($candeletecontent) {
$options[1] = get_string('delete');
$options[1] = get_string('deleteallcannotundo');
}
if (empty($options)) {
print_error('nocategorydelete', 'error', 'index.php', format_string($category->name));
}
/// Now build the form.
$mform->addElement('header','general', get_string('categorycurrentcontents', '', format_string($category->name)));
$mform->addElement('select', 'fulldelete', get_string('categorycontents'), $options);
$mform->disabledIf('newparent', 'fulldelete', 'eq', '1');
$mform->setDefault('newparent', 0);
if ($displaylist) {
$mform->addElement('select', 'newparent', get_string('movecategorycontentto'), $displaylist);
if (in_array($category->parent, $displaylist)) {
$mform->setDefault('newparent', $category->parent);
if ($containscourses || $containscategories || $containsquestions) {
if (empty($options)) {
print_error('youcannotdeletecategory', 'error', 'index.php', format_string($category->name));
}
/// Describe the contents of this category.
$contents = '<ul>';
if ($containscategories) {
$contents .= '<li>' . get_string('subcategories') . '</li>';
}
if ($containscourses) {
$contents .= '<li>' . get_string('courses') . '</li>';
}
if ($containsquestions) {
$contents .= '<li>' . get_string('questionsinthequestionbank') . '</li>';
}
$contents .= '</ul>';
$mform->addElement('static', 'emptymessage', get_string('thiscategorycontains'), $contents);
/// Give the options for what to do.
$mform->addElement('select', 'fulldelete', get_string('whattodo'), $options);
if (count($options) == 1) {
$mform->hardFreeze('fulldelete');
$mform->setConstant('fulldelete', reset(array_keys($options)));
}
if ($displaylist) {
$mform->addElement('select', 'newparent', get_string('movecategorycontentto'), $displaylist);
if (in_array($category->parent, $displaylist)) {
$mform->setDefault('newparent', $category->parent);
}
$mform->disabledIf('newparent', 'fulldelete', 'eq', '1');
}
} else {
$mform->addElement('hidden', 'fulldelete', 1);
$mform->addElement('static', 'emptymessage', '', get_string('deletecategoryempty'));
}
$mform->addElement('hidden', 'delete');
@ -73,12 +126,9 @@ class delete_category_form extends moodleform {
function validation($data, $files) {
$errors = parent::validation($data, $files);
if (!empty($data['fulldelete'])) {
// already verified
} else {
if (empty($data['newparent'])) {
$errors['newparent'] = get_string('required');
}
if (empty($data['fulldelete']) && empty($data['newparent'])) {
/// When they have chosen the move option, they must specify a destination.
$errors['newparent'] = get_string('required');
}
if ($data['sure'] != md5(serialize($this->_category))) {

5
course/index.php
View file

@ -108,11 +108,6 @@
require_once($CFG->libdir . '/questionlib.php');
print_category_edit_header();
print_heading($heading);
print_box(get_string('deletecategorycheck2'), 'generalbox boxwidthnormal boxaligncenter');
if (question_context_has_any_questions($context)) {
print_box(get_string('deletecoursecategorywithquestions', 'question'),
'generalbox boxwidthnormal boxaligncenter');
}
$mform->display();
admin_externalpage_print_footer();
exit();

7
course/lib.php
View file

@ -1749,8 +1749,9 @@ function get_child_categories($parentid) {
*
* @param array $list For output, accumulates an array categoryid => full category path name
* @param array $parents For output, accumulates an array categoryid => list of parent category ids.
* @param string $requiredcapability if given, only categories where the current
* user has this capability will be added to $list.
* @param string/array $requiredcapability if given, only categories where the current
* user has this capability will be added to $list. Can also be an array of capabilities,
* in which case they are all required.
* @param integer $excludeid Omit this category and its children from the lists built.
* @param object $category Build the tree starting at this category - otherwise starts at the top level.
* @param string $path For internal use, as part of recursive calls.
@ -1787,7 +1788,7 @@ function make_categories_list(&$list, &$parents, $requiredcapability = '',
if ($requiredcapability) {
ensure_context_subobj_present($category, CONTEXT_COURSECAT);
}
if (!$requiredcapability || has_capability($requiredcapability, $category->context)) {
if (!$requiredcapability || has_all_capabilities($requiredcapability, $category->context)) {
$list[$category->id] = $path;
}
}