moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

59
course/category.php
View file

@ -289,6 +289,9 @@
}
foreach ($courses as $acourse) {
$context = get_context_instance(CONTEXT_COURSE, $acourse->id);
$count++;
$up = ($count > 1 || !$atfirstpage);
$down = ($count < $numcourses || !$atlastpage);
@ -305,24 +308,40 @@
echo '<a title="'.$strassignteachers.'" href="'.$CFG->wwwroot.'/course/teacher.php?id='.
$acourse->id.'">'.
'<img src="'.$CFG->pixpath.'/t/user.gif" height="11" width="11" border="0" alt="'.$strassignteachers.'" /></a> ';
echo '<a title="'.$strdelete.'" href="delete.php?id='.$acourse->id.'">'.
'<img src="'.$CFG->pixpath.'/t/delete.gif" height="11" width="11" border="0" alt="'.$strdelete.'" /></a> ';
if (!empty($acourse->visible)) {
echo '<a title="'.$strhide.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;hide='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'<img src="'.$CFG->pixpath.'/t/hide.gif" height="11" width="11" border="0" alt="'.$strhide.'" /></a> ';
} else {
echo '<a title="'.$strshow.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;show='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'<img src="'.$CFG->pixpath.'/t/show.gif" height="11" width="11" border="0" alt="'.$strshow.'" /></a> ';
if (has_capability('moodle/course:delete', $context->id)) {
echo '<a title="'.$strdelete.'" href="delete.php?id='.$acourse->id.'">'.
'<img src="'.$CFG->pixpath.'/t/delete.gif" height="11" width="11" border="0" alt="'.$strdelete.'" /></a> ';
}
if (has_capability('moodle/course:visibility', $context->id)) {
if (!empty($acourse->visible)) {
echo '<a title="'.$strhide.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;hide='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'<img src="'.$CFG->pixpath.'/t/hide.gif" height="11" width="11" border="0" alt="'.$strhide.'" /></a> ';
} else {
echo '<a title="'.$strshow.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;show='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'<img src="'.$CFG->pixpath.'/t/show.gif" height="11" width="11" border="0" alt="'.$strshow.'" /></a> ';
}
}
if (has_capability('moodle/site:backup', $context->id)) {
echo '<a title="'.$strbackup.'" href="../backup/backup.php?id='.$acourse->id.'">'.
'<img src="'.$CFG->pixpath.'/t/backup.gif" height="11" width="11" border="0" alt="" /></a> ';
}
if (has_capability('moodle/site:restore', $context->id)) {
echo '<a title="'.$strrestore.'" href="../files/index.php?id='.$acourse->id.
'&amp;wdir=/backupdata">'.
'<img src="'.$CFG->pixpath.'/t/restore.gif" height="11" width="11" border="0" alt="" /></a> ';
}
echo '<a title="'.$strbackup.'" href="../backup/backup.php?id='.$acourse->id.'">'.
'<img src="'.$CFG->pixpath.'/t/backup.gif" height="11" width="11" border="0" alt="'.$strbackup.'" /></a> ';
echo '<a title="'.$strrestore.'" href="../files/index.php?id='.$acourse->id.
'&amp;wdir=/backupdata">'.
'<img src="'.$CFG->pixpath.'/t/restore.gif" height="11" width="11" border="0" alt="'.$strrestore.'" /></a> ';
echo '<a title="'.$strrestore.'" href="../files/index.php?id='.$acourse->id.
'&amp;wdir=/backupdata">'.
'<img src="'.$CFG->pixpath.'/t/restore.gif" height="11" width="11" border="0" alt="'.$strrestore.'" /></a> ';
if ($up) {
echo '<a title="'.$strmoveup.'" href="category.php?id='.$category->id.'&amp;page='.$page.
@ -399,14 +418,16 @@
print_single_button('category.php', $options, get_string('resortcoursesbyname'), 'get');
}
if (iscreator()) { /// Print button to create a new course
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (has_capability('moodle/course:create', $context->id)) { /// Print button to create a new course
unset($options);
$options['category'] = $category->id;
print_single_button('edit.php', $options, get_string('addnewcourse'), 'get');
echo '<br />';
}
if (isadmin()) { /// Print form to rename the category
$context = get_context_instance(CONTEXT_COURSECAT, $id);
if (has_capability('moodle/category:update', $context->id)) { /// Print form to rename the category
$strrename= get_string('rename');
echo '<form name="renameform" action="category.php" method="post">';
echo '<input type="hidden" name="id" value="'.$category->id.'" />';
@ -415,10 +436,10 @@
echo '<input type="submit" value="'.$strrename.'" />';
echo "</form>";
echo "<br />";
print_course_search();
}
}
print_course_search();
echo "</center>";
print_footer();

7
course/edit.php
View file

@ -19,7 +19,9 @@
error("Course ID was incorrect");
}
if (!isteacheredit($course->id)) {
$context = get_context_instance(CONTEXT_COURSE, $id);
if (!has_capability('moodle/course:update', $context->id)) {
error("You do not currently have editing privileges!");
}
@ -38,7 +40,8 @@
}
} else { // Admin is creating a new course
if (!iscreator()) {
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!has_capability('moodle/course:create',$context->id)) {
error("You do not currently have course creation privileges!");
}

18
course/group.php
View file

@ -16,16 +16,20 @@
}
require_login($course->id);
if (!isteacheredit($course->id)) {
close_window();
}
if (! $group = get_record("groups", "id", $group, "courseid", $course->id)) {
if (! $group = get_record("groups", "id", $group, "courseid", $course->id)) {
notice('Specified group could not be found!', "#");
close_window_button();
}
}
// this is fine since group inherits course settings, this allows 1) teacher to edit all groups
// 2 someone with a role with a cap to modify a specific group
$context = get_context_instance(CONTEXT_GROUP, $group->id);
// this is really weird
if (!has_capability('moodle/course:managegroups', $context->id)) {
close_window();
}
/// Print the headers of the page

3
course/groups.php
View file

@ -36,8 +36,9 @@
}
require_login($course->id);
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if (!isteacheredit($course->id)) {
if (!has_capability('moodle/course:managegroups', $context->id)) {
redirect("group.php?id=$course->id"); // Not allowed to see all groups
}

63
course/index.php
View file

@ -14,6 +14,8 @@
$moveto = optional_param('moveto',-1,PARAM_INT);
$moveup = optional_param('moveup',0,PARAM_INT);
$movedown = optional_param('movedown',0,PARAM_INT);
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!$site = get_site()) {
error("Site isn't defined!");
@ -97,7 +99,7 @@
/// If data for a new category was submitted, then add it
if ($form = data_submitted() and confirm_sesskey()) {
if ($form = data_submitted() and confirm_sesskey() and has_capability('moodle/category:create', $context->id)) {
if (!empty($form->addcategory)) {
unset($newcategory);
$newcategory->name = $form->addcategory;
@ -114,7 +116,10 @@
/// Delete a category if necessary
if (!empty($delete) and confirm_sesskey()) {
if ($deletecat = get_record("course_categories", "id", $delete)) {
// context is coursecat, if not present admins should have it set in site level
$context = get_context_instance(CONTEXT_COURSECAT, $delete);
if ($deletecat = get_record("course_categories", "id", $delete) and has_capability('moodle/category:delete', $context->id)) {
if (!empty($sure) && $sure == md5($deletecat->timemodified)) {
/// Send the children categories to live with their grandparent
if ($childcats = get_records("course_categories", "parent", $deletecat->id)) {
@ -269,17 +274,17 @@
fix_course_sortorder();
/// Print form for creating new categories
echo "<center>";
echo "<form name=\"addform\" action=\"index.php\" method=\"post\">";
echo "<input type=\"text\" size=\"30\" alt=\"$straddnewcategory\" name=\"addcategory\" />";
echo "<input type=\"submit\" value=\"$straddnewcategory\" />";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo "</form>";
echo "</center>";
echo "<br />";
if (has_capability('moodle/category:create', $context->id)) {
echo "<center>";
echo "<form name=\"addform\" action=\"index.php\" method=\"post\">";
echo "<input type=\"text\" size=\"30\" alt=\"$straddnewcategory\" name=\"addcategory\" />";
echo "<input type=\"submit\" value=\"$straddnewcategory\" />";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo "</form>";
echo "</center>";
echo "<br />";
}
/// Print out the categories with all the knobs
@ -310,7 +315,11 @@
echo "<center>";
unset($options);
$options["category"] = $category->id;
print_single_button("edit.php", $options, get_string("addnewcourse"), "get");
if (has_capability('moodle/course:create', $context->id)) {
print_single_button("edit.php", $options, get_string("addnewcourse"), "get");
}
print_single_button('pending.php',NULL, get_string('coursespending'),"get");
echo "<br />";
echo "</center>";
@ -336,6 +345,8 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $
}
if ($category) {
$context = get_context_instance(CONTEXT_COURSECAT, $category->id);
echo "<tr><td align=\"left\" nowrap=\"nowrap\">";
for ($i=0; $i<$depth;$i++) {
echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
@ -348,16 +359,20 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $
echo "<td nowrap=\"nowrap\">"; /// Print little icons
echo "<a title=\"$str->delete\" href=\"index.php?delete=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/delete.gif\" height=\"11\" width=\"11\" border=\"0\" alt=\"$str->delete\" /></a> ";
if (!empty($category->visible)) {
echo "<a title=\"$str->hide\" href=\"index.php?hide=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/hide.gif\" height=\"11\" width=\"11\" border=\"0\" alt=\"$str->hide\" /></a> ";
} else {
echo "<a title=\"$str->show\" href=\"index.php?show=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/show.gif\" height=\"11\" width=\"11\" border=\"0\"alt=\"$str->show\" /></a> ";
}
if (has_capability('moodle/category:delete', $context->id)) {
echo "<a title=\"$str->delete\" href=\"index.php?delete=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/delete.gif\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
}
if (has_capability('moodle/category:visibility', $context->id)) {
if (!empty($category->visible)) {
echo "<a title=\"$str->hide\" href=\"index.php?hide=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/hide.gif\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
} else {
echo "<a title=\"$str->show\" href=\"index.php?show=$category->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$CFG->pixpath/t/show.gif\" height=\"11\" width=\"11\" border=\"0\"alt=\"\" /></a> ";
}
}
if ($up) {
echo "<a title=\"$str->moveup\" href=\"index.php?moveup=$category->id&amp;sesskey=$USER->sesskey\"><img".

65
course/mod.php
View file

@ -62,9 +62,8 @@
$mod->coursemodule = $cm->id;
}
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
has_capability('moodle/course:update', $context->id, true);
$mod->course = $course->id;
$mod->modulename = clean_param($mod->modulename, PARAM_SAFEDIR); // For safety
@ -242,9 +241,8 @@
}
}
if (!isteacheredit($section->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $section->course);
has_capability('moodle/course:update', $context->id, true);
if (!ismoving($section->course)) {
error("You need to copy something first!");
@ -272,9 +270,8 @@
error("This course module doesn't exist");
}
if (!isteacheredit($cm->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
$cm->indent += $indent;
@ -299,9 +296,8 @@
error("This course module doesn't exist");
}
if (!isteacheredit($cm->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
set_coursemodule_visible($cm->id, 0);
@ -320,9 +316,8 @@
error("This course module doesn't exist");
}
if (!isteacheredit($cm->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
if (! $section = get_record("course_sections", "id", $cm->section)) {
error("This module doesn't exist");
@ -352,9 +347,8 @@
error("This course module doesn't exist");
}
if (!isteacheredit($cm->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
set_coursemodule_groupmode($cm->id, $groupmode);
@ -373,9 +367,8 @@
error("This course module doesn't exist");
}
if (!isteacheredit($cm->course)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
if (! $section = get_record("course_sections", "id", $cm->section)) {
error("This module doesn't exist");
@ -415,10 +408,9 @@
error("This course doesn't exist");
}
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $cm->course);
has_capability('moodle/course:update', $context->id, true);
if (! $module = get_record("modules", "id", $cm->module)) {
error("This module doesn't exist");
}
@ -472,9 +464,8 @@
error("This course doesn't exist");
}
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
has_capability('moodle/course:update', $context->id, true);
if (! $module = get_record("modules", "id", $cm->module)) {
error("This module doesn't exist");
@ -530,10 +521,9 @@
error("This course doesn't exist");
}
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
has_capability('moodle/course:update', $context->id, true);
if (! $module = get_record("modules", "id", $cm->module)) {
error("This module doesn't exist");
}
@ -629,9 +619,8 @@
error("No action was specfied");
}
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
has_capability('moodle/course:update', $context->id, true);
$streditinga = get_string("editinga", "moodle", $fullmodulename);
$strmodulenameplural = get_string("modulenameplural", $module->name);
@ -646,6 +635,12 @@
"<a href=\"$CFG->wwwroot/mod/$module->name/index.php?id=$course->id\">$strmodulenameplural</a> ->
$strnav $streditinga", $focuscursor, "", false);
if (!empty($cm->id)) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$currenttab = 'update';
include_once($CFG->dirroot.'/admin/roles/tabs.php');
}
unset($SESSION->modform); // Clear any old ones that may be hanging around.
$modform = "../mod/$module->name/mod.html";

28
course/scales.php
View file

@ -16,6 +16,7 @@
}
require_login($course->id);
$context = get_context_instance(CONTEXT_COURSE, $course->id);
$strscale = get_string("scale");
$strscales = get_string("scales");
@ -93,9 +94,8 @@
//If action is details, show the popup info
if ($action == "details") {
//Check for teacher edit
if (! isteacheredit($course->id)) {
error("Only editing teachers can view scales !");
}
has_capability('moodle/course:managescales', $context->id, true);
//Check for scale
if (! $scale = get_record("scale", "id", $scaleid)) {
error("Scale ID was incorrect");
@ -130,10 +130,8 @@
$sesskey = !empty($USER->id) ? $USER->sesskey : '';
//Check for teacher edit
if (! isteacheredit($course->id)) {
error("Only editing teachers can modify scales !");
}
has_capability('moodle/course:managescales', $context->id, true);
//Check for scale if action = edit
if ($action == "edit") {
if (! $scale = get_record("scale", "id", $scaleid)) {
@ -237,9 +235,7 @@
//If action is delete, do it
if ($action == "delete" and confirm_sesskey()) {
//Check for teacher edit
if (! isteacheredit($course->id)) {
error("Only editing teachers can delete scales !");
}
has_capability('moodle/course:managescales', $context->id, true);
//Check for scale if action = edit
if (! $scale = get_record("scale", "id", $scaleid)) {
error("Scale ID was incorrect");
@ -270,9 +266,7 @@
//If action is down or up, do it
if (($action == "down" || $action == "up") and confirm_sesskey()) {
//Check for teacher edit
if (! isadmin()) {
error("Only administrators can move scales",$CFG->wwwroot.'/course/scales.php?id='.$course->id);
}
has_capability('moodle/course:managescales', $context->id, true);
//Check for scale if action = edit
if (! $scale = get_record("scale", "id", $scaleid)) {
error("Scale ID was incorrect");
@ -302,7 +296,7 @@
}
if ($list) { /// Just list the scales (in a helpwindow)
has_capability('moodle/course:viewscales', $context->id, true);
print_header($strscales);
if (!empty($scaleid)) {
@ -345,7 +339,7 @@
}
} else {
if (isteacheredit($course->id)) {
if (has_capability('moodle/course:managescales', $context->id)) {
echo "<p align=\"center\">(";
print_string("scalestip");
echo ")</p>";
@ -375,9 +369,7 @@
/// The rest is all about editing the scales
if (!isteacheredit($course->id)) {
error("Only editing teachers can modify scales !");
}
has_capability('moodle/course:managescales', $context->id, true);
/// Print out the main page