moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

20
blog/edit.php
View file

@ -16,29 +16,31 @@ if (!$referrer = optional_param('referrer','', PARAM_URL)) {
}
}
//first verify that user is not a guest
if (isguest()) {
error(get_string('noguestpost', 'blog'), $referrer);
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!has_capability('moodle/blog:readentries', $context->id)) {
error(get_string('nopost', 'blog'), $referrer);
}
// make sure that the person trying to edit have access right
// Make sure that the person trying to edit have access right
if ($editid = optional_param('editid', 0, PARAM_INT)) {
$blogEntry = get_record('post', 'id', $editid);
if (!blog_user_can_edit_post($blogEntry)) {
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
if (!blog_user_can_edit_post($blogEntry, $context->id)) {
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
}
}
//check to see if there is a requested blog to edit
// Check to see if there is a requested blog to edit
if (isloggedin() && !isguest()) {
$userid = $USER->id;
} else {
error(get_string('noblogspecified', 'blog') .'<a href="'. $CFG->blog_blogurl .'">' .get_string('viewentries', 'blog') .'</a>');
}
// if we are trying to delete an non-existing blog entry
// If we are trying to delete an non-existing blog entry
if (isset($act) && ($act == 'del') && (empty($blogEntry))) {
error ('the entry you are trying to delete does not exist');
}
@ -153,7 +155,7 @@ function do_delete($postid) {
// check ownership
$blogEntry = get_record('post','id',$postid);
if (blog_user_can_edit_post($blogEntry)) {
if (blog_user_can_edit_post($blogEntry, $context->id)) {
if (delete_records('post','id',$postid)) {
//echo "bloginfo_arg:"; //debug

3
blog/header.php
View file

@ -237,6 +237,3 @@ if (blocks_have_content($pageblocks, BLOCK_POS_LEFT) || $editing) {
print '<!-- Begin page content -->' . "\n";
print '<td width="*">';
?>
<table width="100%">
<tr>
<td height="100%" valign="top">

61
blog/index.php
View file

@ -26,6 +26,8 @@ $postid = optional_param('postid',0,PARAM_INT);
$filtertype = optional_param('filtertype', '', PARAM_ALPHA);
$filterselect = optional_param('filterselect', 0, PARAM_INT);
/// overwrite filter code here
if ($filtertype) {
@ -48,7 +50,6 @@ if ($filtertype) {
}
$userid =0;
$groupid = 0;
break;
case 'group':
@ -61,7 +62,6 @@ if ($filtertype) {
$groupid = 0;
}
$userid = 0;
break;
case 'user':
@ -69,13 +69,12 @@ if ($filtertype) {
$userid = $filterselect;
}
$groupid = 0;
break;
default:
break;
}
} else if ($userid) { //default to user
} else if ($userid) { // default to user
$filtertype = 'user';
$filterselect = $userid;
} else {
@ -83,43 +82,53 @@ if ($filtertype) {
$filterselect = '';
}
/// rights checking
/// Rights checking.
switch ($filtertype) {
case 'site':
if ($CFG->bloglevel < BLOG_SITE_LEVEL && (!isadmin())) {
error ('site blogs is not enabled');
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if ($CFG->bloglevel < BLOG_SITE_LEVEL &&
!has_capability('moodle/site:config', $context->id)) {
error('Site blogs is not enabled');
} else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
require_login();
}
break;
case 'course':
if ($CFG->bloglevel < BLOG_COURSE_LEVEL && (!isadmin())) {
error ('course blogs is not enabled');
$context = get_context_instance(CONTEXT_COURSE, $courseid);
if ($CFG->bloglevel < BLOG_COURSE_LEVEL &&
!has_capability('moodle/course:update', $context->id)) {
error('Course blogs is not enabled');
}
if (!isstudent($filterselect) && !isteacher($filterselect)) {
error ('you must be a student in this course to view course blogs');
if (!has_capability('moodle/blog:readentry', $context->id)) {
error('You do not have the required permissions to to view course blogs');
}
/// check if viewer is student
break;
case 'group':
if ($CFG->bloglevel < BLOG_GROUP_LEVEL && (!isadmin())) {
error ('group blogs is not enabled');
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$coursecontext = get_context_instance(CONTEXT_COURSE, $courseid);
if ($CFG->bloglevel < BLOG_GROUP_LEVEL &&
!has_capability('moodle/site:config', $sitecontext->id)) {
error ('Group blogs is not enabled');
}
if (!isteacheredit($course) and (groupmode($course) == SEPARATEGROUPS)) {
if (!has_capability('moodle/course:update', $coursecontext->id) &&
groupmode($course) == SEPARATEGROUPS) {
if (!ismember($filterselect)) {
error ('you are not in this group');
error ('You are not a member of this group');
}
}
/// check if user is editting teacher, or if spg, is member
break;
case 'user':
if ($CFG->bloglevel < BLOG_USER_LEVEL && (!isadmin())) {
$context = get_context_instance(CONTEXT_SYSTEM, $context->id);
if ($CFG->bloglevel < BLOG_USER_LEVEL &&
!has_capability('moodle/site:config', SITEID)) {
error ('Blogs is not enabled');
}
if ($CFG->bloglevel == BLOG_USER_LEVEL and $USER->id != $filterselect and !isadmin()) {
if ($CFG->bloglevel == BLOG_USER_LEVEL && $USER->id != $filterselect &&
!has_capability('moodle/site:config', $context->id)) {
error ('Under this setting, you can only view your own blogs');
}
@ -134,12 +143,20 @@ switch ($filtertype) {
// first set the start and end day equal to the day argument passed in from the get vars
if ($limit == 'none') {
$limit = get_user_preferences('blogpagesize',10);
$limit = get_user_preferences('blogpagesize', 10);
}
include($CFG->dirroot .'/blog/header.php');
$blogpage = optional_param('blogpage',0,PARAM_INT);
// prints the tabs
$currenttab = 'blogs';
$user = $USER;
if (!$course) {
$course = get_record('course', 'id', optional_param('courseid', SITEID, PARAM_INT));
}
require_once($CFG->dirroot .'/user/tabs.php');
$blogpage = optional_param('blogpage', 0, PARAM_INT);
blog_print_html_formatted_entries($userid, $postid, $limit, ($blogpage * $limit) ,$filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect);

115
blog/lib.php
View file

@ -3,19 +3,22 @@
/**
* Library of functions and constants for blog
*/
require_once($CFG->libdir .'/blocklib.php');
require_once($CFG->libdir .'/pagelib.php');
require_once('rsslib.php');
require_once($CFG->dirroot .'/blog/blogpage.php');
/* blog access level constant declaration */
/**
* Blog access level constant declaration
*/
define ('BLOG_USER_LEVEL', 1);
define ('BLOG_GROUP_LEVEL', 2);
define ('BLOG_COURSE_LEVEL', 3);
define ('BLOG_SITE_LEVEL', 4);
define ('BLOG_GLOBAL_LEVEL', 5);
/**
* Definition of blogcourse page type (blog page with course id present).
*/
@ -25,15 +28,18 @@
$BLOG_YES_NO_MODES = array ( '0' => get_string('no'),
'1' => get_string('yes') );
//set default setting for $CFG->blog_* vars used by blog's blocks
//if they are not already. Otherwise errors are thrown
//when an attempt is made to use an empty var.
// Set default setting for $CFG->blog_* vars used by blog's blocks.
// If they are not already. Otherwise errors are thrown when an attempt
// is made to use an empty var.
if (empty($SESSION->blog_editing_enabled)) {
$SESSION->blog_editing_enabled = false;
}
// checks to see if user has visited blogpages before, if not, install 2 default blocks
// (blog_menu and blog_tags)
/**
* Checks to see if user has visited blogpages before, if not, install 2
* default blocks (blog_menu and blog_tags).
*/
function blog_check_and_install_blocks() {
global $USER;
if (isloggedin() && !isguest()) {
@ -78,6 +84,7 @@
return ($SESSION->blog_editing_enabled);
}
/**
* This function is in lib and not in BlogInfo because entries being searched
* might be found in any number of blogs rather than just one.
@ -132,9 +139,10 @@
print $output;
}
/**
* This function is in lib and not in BlogInfo because entries being searched
* might be found in any number of blogs rather than just one.
* This function is in lib and not in BlogInfo because entries being searched
* might be found in any number of blogs rather than just one.
*
* This function builds an array which can be used by the included
* template file, making predefined and nicely formatted variables available
@ -184,7 +192,7 @@
echo '</td>';
echo '<td class="topic starter"><div class="subject">'.$template['title'].'</div><div class="author">';
$fullname = fullname($user, isteacher($template['userid']));
$fullname = fullname($user, $template['userid']);
$by->name = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.
$user->id.'&amp;course='.$course->id.'">'.$fullname.'</a>';
$by->date = $template['lastmod'];
@ -240,11 +248,14 @@
echo '<div class="commands">';
if (isset($USER->id)) {
if (($template['userid'] == $USER->id) or isadmin()) {
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
$canmanage = has_capability('moodle/blog:manageentries', $context->id);
if (($template['userid'] == $USER->id) or $canmanage) {
echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?editid='.$blogEntry->id.'&amp;sesskey='.sesskey().'">'.$stredit.'</a>';
}
if (($template['userid'] == $USER->id) or isadmin()) {
if (($template['userid'] == $USER->id) or $canmanage) {
echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?act=del&amp;editid='.$blogEntry->id.'&amp;sesskey='.sesskey().'">'.$strdelete.'</a>';
}
}
@ -255,6 +266,7 @@
}
/**
* Use this function to retrieve a list of publish states available for
* the currently logged in user.
@ -274,25 +286,36 @@
return $options;
}
// user can edit if he's an admin, or blog owner
function blog_user_can_edit_post($blogEntry) {
/**
* User can edit a blog entry if this is their own blog post and they have
* the capability moodle/blog:writeentry, or if they have the capability
* moodle/blog:manageentries.
*/
function blog_user_can_edit_post($blogEntry, $contextid) {
global $CFG, $USER;
return (isadmin() || ($blogEntry->userid == $USER->id));
return ((has_capability('moodle/blog:writeentries', $contextid) &&
$blogEntry->userid == $USER->id) ||
has_capability('moodle/blog:manageentries', $context->id));
}
/// Checks to see if a user can view the blogs of another user.
/// He can do so, if he is admin, in any same non-spg course,
/// or spg group, but same group member
/**
* Checks to see if a user can view the blogs of another user.
* He can do so, if he has the moodle/blog:readentry capability. In the
* case of spg group course, the user also needs to be in the same group.
*/
function blog_user_can_view_user_post($targetuserid, $blogEntry=null) {
global $CFG, $USER;
$canview = 0; //bad start
if (isadmin()) {
return true;
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!has_capability('moodle/blog:readentry', $context->id)) {
return false;
}
if ($USER->id && ($USER->id == $targetuserid)) {
@ -302,17 +325,17 @@
if ($blogEntry and $blogEntry->publishstate == 'draft') { // can not view draft
return false;
}
$usercourses = get_my_courses($targetuserid);
foreach ($usercourses as $usercourse) {
/// if viewer and user sharing same non-spg course, then grant permission
if (groupmode($usercourse)!= SEPARATEGROUPS){
if (isstudent($usercourse->id) || isteacher($usercourse->id)) {
$canview = 1;
return $canview;
}
// If the viewer and user are sharing same non-spg course, then
// grant permission.
if (groupmode($usercourse) != SEPARATEGROUPS) {
$canview = 1;
return $canview;
} else {
/// now we need every group the user is in, and check to see if view is a member
// Now we need every group the user is in, and check to see
// if view is a member.
if ($usergroups = user_group($usercourse->id, $targetuserid)) {
foreach ($usergroups as $usergroup) {
if (ismember($usergroup->id)) {
@ -325,14 +348,16 @@
}
if (!$canview && $CFG->bloglevel < BLOG_SITE_LEVEL) {
error ('you can not view this user\'s blogs');
error ('You can not view this user\'s blogs');
}
return $canview;
}
/// moved from BlogEntry class
/**
* Moved from BlogEntry class.
*/
function get_formatted_entry_body($body, $format) {
global $CFG;
include_once($CFG->libdir .'/weblib.php');
@ -342,8 +367,10 @@
return stripslashes_safe($body);
}
/// Main filter function
/**
* Main filter function.
*/
function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) {
global $CFG, $USER;
@ -522,18 +549,25 @@
return $records;
}
/**
* get the count of viewable entries, easiest way is to count fetch_entries
* this is used for print_paging_bar
* this is not ideal, but because of the UNION in the sql in fetch_entries,
* it is hard to use count_records_sql
*/
function get_viewable_entry_count($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC') {
function get_viewable_entry_count($userid, $postid='', $fetchlimit=10,
$fetchstart='', $filtertype='', $filterselect='', $tagid='',
$tag ='', $sort='lastmodified DESC') {
$blogEntries = fetch_entries($userid, $postid, $fetchlimit, $fetchstart,$filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', false);
$blogEntries = fetch_entries($userid, $postid, $fetchlimit,
$fetchstart, $filtertype, $filterselect, $tagid, $tag,
$sort='lastmodified DESC', false);
return count($blogEntries);
}
/// Find the base url from $_GET variables, for print_paging_bar
function get_baseurl($filtertype, $filterselect) {
@ -570,7 +604,8 @@
$querystring = '?';
}
return strip_querystring(qualified_me()) . $querystring. 'filtertype='.$filtertype.'&amp;filterselect='.$filterselect.'&amp;';
return strip_querystring(qualified_me()) . $querystring. 'filtertype='.
$filtertype.'&amp;filterselect='.$filterselect.'&amp;';
}
?>
?>

12
blog/preferences.php
View file

@ -17,13 +17,11 @@
}
}
//ensure that the logged in user is not using the guest account
if (isguest()) {
error(get_string('noguestpost', 'blog'), $referrer);
}
if (!(isloggedin() && !isguest())) {
error(get_string('noguestpost', 'blog'), $referrer);
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
// Ensure that the logged in user has the capability to post blog entries.
if (!has_capability('moodle/blog:writepost', $context->id)) {
error(get_string('nopost', 'blog'), $referrer);
}
$userid = $USER->id;

7
blog/tags.html
View file

@ -12,7 +12,10 @@ print_heading(get_string('tagmanagement'));
<td>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php if (isadmin()){ ?>
<?php
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (has_capability('moodle/blog:manageofficialtags', $context->id)) {
?>
<select name="tags[]" multiple="multiple" size="8">
<?php
$otags = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'official\' ORDER by text ASC');
@ -72,7 +75,7 @@ print_heading(get_string('tagmanagement'));
<tr>
<td>
<?php if (isadmin()) { ?>
<?php if (has_capability('moodle/blog:manageofficialtags', $context->id)) { ?>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php print_string('addotags','blog');?>:<br/>

56
blog/tags.php
View file

@ -2,16 +2,17 @@
require_once('../config.php');
require_login();
if (isguest()) {
error ('Guests can not modify tags!');
}
//form process
$mode = optional_param('mode','',PARAM_ALPHA);
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
switch ($mode) {
case 'addofficial': /// adding official tags
if (!isadmin() || !confirm_sesskey()) {
case 'addofficial':
/// Adding official tags.
if (!has_capability('moodle/blog:manageofficialtags', $context->id) || !confirm_sesskey()) {
die('you can not add official tags');
}
@ -21,21 +22,25 @@ switch ($mode) {
$tag->type = 'official';
$tagid = insert_record('tags', $tag);
/// write newly added tags back into window opener
/// Write newly added tags back into window opener.
echo '<script language="JavaScript" type="text/javascript">
var o = opener.document.createElement("option");
o.innerHTML = "<option>'.$tag->text.'</option>";
o.value = '.$tagid.';
opener.document.entry[\'otags[]\'].insertBefore(o, null);
</script>';
} else { // tag already exist
} else {
/// Tag already exists.
notify(get_string('tagalready'));
}
break;
case 'addpersonal': /// everyone can add personal tags
if (!confirm_sesskey() || isguest() || !isset($USER->id)) {
case 'addpersonal':
/// Everyone can add personal tags as long as they can write blog entries.
if (!confirm_sesskey() ||
!has_capability('moodle/blog:writeentries', $context->id) ||
!isset($USER->id)) {
error ('you can not add tags');
}
@ -45,20 +50,22 @@ switch ($mode) {
$tag->type = 'personal';
$tagid = insert_record('tags', $tag);
/// write newly added tags back into window opener
/// Write newly added tags back into window opener.
echo '<script language="JavaScript" type="text/javascript">
var o = opener.document.createElement("option");
o.innerHTML = "<option>'.$tag->text.'</option>";
o.value = '.$tagid.';
opener.document.entry[\'ptags[]\'].insertBefore(o, null);
</script>';
} else { //tag already exist
} else {
/// Tag already exists.
notify(get_string('tagalready'));
}
break;
case 'delete': /// delete a tag
case 'delete':
/// Delete a tag.
if (!confirm_sesskey()) {
error('you can not delete tags');
}
@ -69,14 +76,18 @@ switch ($mode) {
$blogtag = get_record('tags','id',$tag);
// you can only delete your own tags, or you have to be an admin
if (!isadmin() and $USER->id != $blogtag->userid) {
// You can only delete your own tags, or you have to have the
// moodle/blog:manageofficialtags capability.
if (!has_capability('moodle/blog:manageofficialtags', $context->id)
&& $USER->id != $blogtag->userid) {
notify(get_string('norighttodeletetag','blog', $blogtag->text));
continue;
}
/// Only admin can delete tags that are referenced
if (!isadmin() && get_records('blog_tag_instance','tagid', $tag)) {
// You can only delete tags that are referenced if you have
// the moodle/blog:manageofficialtags capability.
if (!has_capability('moodle/blog:manageofficialtags', $context->id)
&& get_records('blog_tag_instance','tagid', $tag)) {
notify('tag is used by other users, can not delete!');
continue;
}
@ -84,7 +95,7 @@ switch ($mode) {
delete_records('tags','id',$tag);
delete_records('blog_tag_instance', 'tagid', $tag);
/// remove parent window option via javascript
/// Remove parent window option via javascript.
echo '<script>
var i=0;
while (i < window.opener.document.entry[\'otags[]\'].length) {
@ -107,17 +118,16 @@ switch ($mode) {
}
break;
default: // just displaying tags form
default:
/// Just display the tags form.
break;
}
//print the table
/// Print the table.
print_header();
include_once('tags.html');
print_footer();
?>
?>