mirror of
https://github.com/moodle/moodle.git
synced 2025-08-03 16:13:28 +02:00
MDL-12373 - More instances of links to the participants list being shown in the navigation bar to people without the necessary capability.
I have not copied and pasted the same code into lots of different places. That sucks. We really need to refactor this into a function that builds the navigation up to, and including the user's name. However, I don't have time now. A list of the places touched by this bug (MDL-12373) will at least give a complete list of places that such a refactoring would have to touch.
This commit is contained in:
tjhunt
parent
d1a2a97ba3
commit
b26adbef4c
9 changed files with 41 additions and 13 deletions
|
|
@ -31,7 +31,7 @@
|
|||
require_once('edit_form.php');
|
||||
|
||||
/// create form
|
||||
$noteform = new note_edit_form(null, $extradata);
|
||||
$noteform = new note_edit_form();
|
||||
|
||||
/// if form was cancelled then return to the previous notes list
|
||||
if ($noteform->is_cancelled()) {
|
||||
|
|
@ -69,7 +69,9 @@
|
|||
|
||||
/// output HTML
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');
|
||||
|
|
|
|||
|
|
@ -15,6 +15,12 @@ if (!$note = note_load($noteid)) {
|
|||
if (!$course = get_record('course', 'id', $note->courseid)) {
|
||||
error('Incorrect course id found');
|
||||
}
|
||||
|
||||
// locate user information
|
||||
if (!$user = get_record('user', 'id', $note->userid)) {
|
||||
error('Incorrect user id found');
|
||||
}
|
||||
|
||||
// require login to access notes
|
||||
require_login($course->id);
|
||||
|
||||
|
|
@ -42,8 +48,13 @@ if (data_submitted() && confirm_sesskey()) {
|
|||
$optionsno = array('course'=>$course->id, 'user'=>$note->userid);
|
||||
|
||||
// output HTML
|
||||
$crumbs = array(array('name' => $strnotes, 'link' => '', 'type' => 'activity'));
|
||||
print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($crumbs));
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('delete'), 'link' => '', 'type' => 'activity');
|
||||
print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($nav));
|
||||
notice_yesno(get_string('deleteconfirm', 'notes'), 'delete.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
|
||||
echo '<br />';
|
||||
note_print($note, NOTES_SHOW_BODY | NOTES_SHOW_HEAD);
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
/// get option values for the user select
|
||||
|
||||
/// create form
|
||||
$noteform = new note_edit_form(null);
|
||||
$noteform = new note_edit_form();
|
||||
|
||||
/// if form was cancelled then return to the notes list of the note
|
||||
if ($noteform->is_cancelled()) {
|
||||
|
|
@ -72,7 +72,9 @@
|
|||
|
||||
/// output HTML
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
|
||||
$nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ class note_edit_form extends moodleform {
|
|||
$mform->addElement('textarea', 'content', $strcontent, array('rows'=>15, 'cols'=>40));
|
||||
$mform->setType('content', PARAM_RAW);
|
||||
$mform->addRule('content', get_string('nocontent', 'notes'), 'required', null, 'client');
|
||||
$mform->setHelpButton('content', 'writing');
|
||||
|
||||
$mform->addElement('select', 'publishstate', $strpublishstate, note_get_state_names());
|
||||
$mform->setDefault('publishstate', NOTES_STATE_PUBLIC);
|
||||
|
|
|
|||
|
|
@ -48,10 +48,18 @@
|
|||
|
||||
|
||||
/// output HTML
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
$coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
|
||||
} else {
|
||||
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
|
||||
}
|
||||
$systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
|
||||
|
||||
$strnotes = get_string('notes', 'notes');
|
||||
$nav = array();
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
|
||||
$nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
if ($userid) {
|
||||
$nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue