moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 09:26:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

79
mod/assignment/db/access.php Normal file
View file

@ -0,0 +1,79 @@
<?php
//
// Capability definitions for the assignment module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_assignment_capabilities = array(
'mod/assignment:view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/assignment:submit' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/assignment:grade' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

21
mod/assignment/lib.php
View file

@ -106,8 +106,11 @@ class assignment_base {
* This in turn calls the methods producing individual parts of the page
*/
function view() {
add_to_log($this->course->id, "assignment", "view", "view.php?id={$this->cm->id}",
$context = get_context_instance(CONTEXT_MODULE,$this->cm->id);
has_capability('mod/assignment:view', $context->id, true);
add_to_log($this->course->id, "assignment", "view", "view.php?id={$this->cm->id}",
$this->assignment->id, $this->cm->id);
$this->view_header();
@ -273,9 +276,13 @@ class assignment_base {
$submitted = '';
if (isteacher($this->course->id)) {
if (!isteacheredit($this->course->id) and (groupmode($this->course, $this->cm) == SEPARATEGROUPS)) {
$count = $this->count_real_submissions($this->currentgroup); // Only their group
$context = get_context_instance(CONTEXT_MODULE,$this->cm->id);
if (has_capability('mod/assignment:grade', $context->id) && (groupmode($this->course, $this->cm) == SEPARATEGROUPS)) {
// if this user can mark and is put in a group
// then he can only see/mark submission in his own groups
if (user_group($this->course->id, $USER->id)) {
$count = $this->count_real_submissions($this->currentgroup); // Only their groups
} else {
$count = $this->count_real_submissions(); // Everyone
}
@ -2349,7 +2356,9 @@ function assignment_print_overview($courses, &$htmlarray) {
$str .= '<div class="info">'.$strduedateno.'</div>';
}
if (isteacher($assignment->course)) {
// if (isteacher($assignment->course)) {
$context = get_context_instance(CONTEXT_MODULE,$this->cm->id);
if (has_capability('mod/assignment:grade', $context->id)) {
$submissions = count_records_sql("SELECT COUNT(*)
FROM {$CFG->prefix}assignment_submissions a,
{$CFG->prefix}user_students s,

51
mod/assignment/type/online/assignment.class.php
View file

@ -13,8 +13,11 @@ class assignment_online extends assignment_base {
function view() {
global $USER;
$submission = $this->get_submission();
$context = get_context_instance(CONTEXT_MODULE,$this->cm->id);
has_capability('mod/assignment:view', $context->id, true);
$submission = $this->get_submission();
//Guest can not submit nor edit an assignment (bug: 4604)
if (isguest($USER->id)) {
@ -56,27 +59,29 @@ class assignment_online extends assignment_base {
notify(get_string('submissionsaved', 'assignment'));
}
print_simple_box_start('center', '70%', '', '', 'generalbox', 'online');
if ($editmode) {
$this->view_edit_form($submission);
} else {
if ($submission) {
echo format_text($submission->data1, $submission->data2);
} else if (isguest($USER->id)) { //fix for #4604
echo '<center>'. get_string('guestnosubmit', 'assignment').'</center>';
} else if ($this->isopen()){ //fix for #4206
echo '<center>'.get_string('emptysubmission', 'assignment').'</center>';
}
if ($editable) {
print_single_button('view.php', array('id'=>$this->cm->id,'edit'=>'1'),
get_string('editmysubmission', 'assignment'));
}
}
print_simple_box_end();
if ($editmode and $this->usehtmleditor) {
use_html_editor(); // MUst be at the end of the page
}
if (has_capability('mod/assignment:submit', $context->id)) {
print_simple_box_start('center', '70%', '', '', 'generalbox', 'online');
if ($editmode) {
$this->view_edit_form($submission);
} else {
if ($submission) {
echo format_text($submission->data1, $submission->data2);
} else if (isguest($USER->id)) { //fix for #4604
echo '<center>'. get_string('guestnosubmit', 'assignment').'</center>';
} else if ($this->isopen()){ //fix for #4206
echo '<center>'.get_string('emptysubmission', 'assignment').'</center>';
}
if ($editable) {
print_single_button('view.php', array('id'=>$this->cm->id,'edit'=>'1'),
get_string('editmysubmission', 'assignment'));
}
}
print_simple_box_end();
if ($editmode and $this->usehtmleditor) {
use_html_editor(); // MUst be at the end of the page
}
}
$this->view_feedback();

9
mod/assignment/type/uploadsingle/assignment.class.php
View file

@ -45,9 +45,12 @@ class assignment_uploadsingle extends assignment_base {
}
function view() {
global $USER;
$context = get_context_instance(CONTEXT_MODULE,$this->cm->id);
has_capability('mod/assignment:view', $context->id, true);
add_to_log($this->course->id, "assignment", "view", "view.php?id={$this->cm->id}", $this->assignment->id, $this->cm->id);
$this->view_header();
@ -66,7 +69,7 @@ class assignment_uploadsingle extends assignment_base {
}
}
if (!isguest($USER->id) && $this->isopen() && (!$filecount || $this->assignment->resubmit || !$submission->timemarked)) {
if (has_capability('mod/assignment:submit', $context->id) && $this->isopen() && (!$filecount || $this->assignment->resubmit || !$submission->timemarked)) {
$this->view_upload_form();
}

2
mod/assignment/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005060100;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 60;

80
mod/chat/db/access.php Normal file
View file

@ -0,0 +1,80 @@
<?php
//
// Capability definitions for the chat module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_chat_capabilities = array(
'mod/chat:chat' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/chat:readlog' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/chat:deletelog' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

10
mod/chat/gui_header_js/index.php
View file

@ -17,13 +17,17 @@
if (!$cm = get_coursemodule_from_instance('chat', $chat->id, $course->id)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_login($course->id, false, $cm);
require_login($course->id, false, $cm);
has_capability('mod/chat:chat',$context->id, true);
/*
if (isguest()) {
error('Guest does not have access to chat rooms');
}
*/
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string("activityiscurrentlyhidden"));

14
mod/chat/lib.php
View file

@ -199,7 +199,19 @@ function chat_print_recent_activity($course, $isteacher, $timestart) {
$current = 0;
}
if ($chat = get_record('chat', 'id', $chatuser->chatid)) {
if (!($isteacher or instance_is_visible('chat', $chat))) { // Chat hidden to students
// we find the course module id
$chatmod = get_record('modules', 'name', 'chat');
$SQL = "select * from {$CFG->prefix}course_modules where
course = $course->id
and module = $chatmod->id
and instance = $chat->id";
$cm = get_records_sql($SQL);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
// needs to be fixed
if (!(has_capability('mod/chat:readlog', $context->id) or instance_is_visible('chat', $chat))) { // Chat hidden to students
//if (!($isteacher or instance_is_visible('chat', $chat))) { // Chat hidden to students
continue;
}
if (!$outputstarted) {

22
mod/chat/report.php
View file

@ -21,14 +21,16 @@
error('Course is misconfigured');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_login($course->id, false, $cm);
$isteacher = isteacher($course->id);
$isteacheredit = isteacheredit($course->id);
if (isguest() or (!$isteacher and !$chat->studentlogs)) {
error('You can not view these chat reports');
}
//if (isguest() or (!$isteacher and !$chat->studentlogs)) {
//error('You can not view these chat reports');
//}
has_capability('mod/chat:readlog', $context->id, true); // if can't even read, kill
add_to_log($course->id, 'chat', 'report', "report.php?id=$cm->id", $chat->id, $cm->id);
@ -62,7 +64,8 @@
$groupselect = "";
}
if ($deletesession and $isteacheredit) {
//if ($deletesession and $isteacheredit) {
if ($deletesession and has_capability('mod/chat:deletelog', $context->id)) {
notice_yesno(get_string('deletesessionsure', 'chat'),
"report.php?id=$cm->id&amp;deletesession=1&amp;confirmdelete=1&amp;start=$start&amp;end=$end&amp;sesskey=$USER->sesskey",
"report.php?id=$cm->id");
@ -86,7 +89,8 @@
print_simple_box_end('center');
}
if (!$deletesession or !$isteacheredit) {
if (!$deletesession or !has_capability('mod/chat:deletelog', $context->id)) {
//if (!$deletesession or !$isteacheredit) {
print_continue("report.php?id=$cm->id");
}
@ -120,7 +124,8 @@
/// Delete a session if one has been specified
if ($deletesession and $isteacheredit and $confirmdelete and $start and $end and confirm_sesskey()) {
if ($deletesession and has_capability('mod/chat:deletelog', $context->id) and $confirmdelete and $start and $end and confirm_sesskey()) {
//if ($deletesession and $isteacheredit and $confirmdelete and $start and $end and confirm_sesskey()) {
delete_records_select('chat_messages', "chatid = $chat->id AND
timestamp >= '$start' AND
timestamp <= '$end' $groupselect");
@ -181,14 +186,15 @@
foreach ($sessionusers as $sessionuser => $usermessagecount) {
if ($user = get_record('user', 'id', $sessionuser)) {
print_user_picture($user->id, $course->id, $user->picture);
echo '&nbsp;'.fullname($user, $isteacher);
echo '&nbsp;'.fullname($user, $isteacher); // need to fix this
echo "&nbsp;($usermessagecount)<br />";
}
}
echo '<p align="right">';
echo "<a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend\">$strseesession</a>";
if ($isteacheredit) {
//if ($isteacheredit)
if (has_capability('mod/chat:deletelog', $context->id)) {
echo "<br /><a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend&amp;deletesession=1\">$strdeletesession</a>";
}
echo '</p>';

2
mod/chat/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005031000; // The (date) version of this module
$module->version = 2006080800; // The (date) version of this module
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 300; // How often should cron check this module (seconds)?

18
mod/chat/view.php
View file

@ -40,9 +40,12 @@
}
}
require_course_login($course, true, $cm);
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
// Initialize $PAGE, compute blocks
@ -72,8 +75,9 @@
}
echo '<td id="middle-column">';
if (($chat->studentlogs or isteacher($course->id)) and !isguest()) {
if ($chat->studentlogs or has_capability('mod/chat:readlog',$context->id)) {
//if (($chat->studentlogs or isteacher($course->id)) and !isguest()) {
echo '<div class="reportlink">';
echo "<a href=\"report.php?id=$cm->id\">".
get_string('viewreport', 'chat').'</a>';
@ -99,13 +103,14 @@
/// Print the main part of the page
if (!isguest()) {
//if (!isguest()) {
if (has_capability('mod/chat:chat',$context->id, true)) {
print_simple_box_start('center');
link_to_popup_window ("/mod/chat/gui_$CFG->chat_method/index.php?id=$chat->id$groupparam",
"chat$course->id$chat->id$groupparam", "$strenterchat", 500, 700, get_string('modulename', 'chat'));
print_simple_box_end();
} else {
/*
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
@ -116,6 +121,7 @@
print_footer($course);
exit;
*/
}

93
mod/choice/db/access.php Normal file
View file

@ -0,0 +1,93 @@
<?php
//
// Capability definitions for the choice module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_choice_capabilities = array(
'mod/choice:choose' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/choice:readresponses' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/choice:deleteresponses' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/choice:downloadresponses' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

34
mod/choice/lib.php
View file

@ -155,9 +155,11 @@ $cdisplay = array();
if (isset($text)) { //make sure there are no dud entries in the db with blank text values.
$countanswers = (get_records("choice_answers", "optionid", $optionid));
$countans = 0;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!empty($countanswers)) {
foreach ($countanswers as $ca) { //only return enrolled users.
if (isstudent($cm->course, $ca->userid) or isteacher($cm->course, $ca->userid)) {
foreach ($countanswers as $ca) { //only return enrolled users.
if (has_capability('mod/choice:choose', $context->id)) {
//if (isstudent($cm->course, $ca->userid) or isteacher($cm->course, $ca->userid)) {
$countans = $countans+1;
}
}
@ -254,12 +256,13 @@ $cdisplay = array();
function choice_user_submit_response($formanswer, $choice, $userid, $courseid, $cm) {
$current = get_record('choice_answers', 'choiceid', $choice->id, 'userid', $userid);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$countanswers = get_records("choice_answers", "optionid", $formanswer);
if ($countanswers) {
$countans = 0;
foreach ($countanswers as $ca) { //only return enrolled users.
if (isstudent($courseid, $ca->userid) or isteacher($courseid, $ca->userid)) {
if (has_capability('mod/choice:choose', $context->id)) {
//if (isstudent($courseid, $ca->userid) or isteacher($courseid, $ca->userid)) {
$countans = $countans+1;
}
}
@ -300,10 +303,12 @@ $current = get_record('choice_answers', 'choiceid', $choice->id, 'userid', $user
function choice_show_reportlink($choice, $courseid, $cmid) {
$context = get_context_instance(CONTEXT_MODULE, $cmid);
if ( $allanswers = get_records("choice_answers", "choiceid", $choice->id)) {
$responsecount = 0;
foreach ($allanswers as $aa) {
if (isstudent($courseid, $aa->userid) or isteacher($courseid, $aa->userid)) { //check to make sure user is enrolled in course.
if (has_capability('mod/choice:readresponses', $context->id)) {
//if (isstudent($courseid, $aa->userid) or isteacher($courseid, $aa->userid)) { //check to make sure user is enrolled in course.
$responsecount++;
}
}
@ -316,8 +321,9 @@ function choice_show_reportlink($choice, $courseid, $cmid) {
}
function choice_show_results($choice, $course, $cm, $forcepublish='') {
global $CFG, $COLUMN_HEIGHT, $USER;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
print_heading(get_string("responses", "choice"));
if (empty($forcepublish)) { //alow the publish setting to be overridden
$forcepublish = $choice->publish;
@ -374,11 +380,11 @@ function choice_show_results($choice, $course, $cm, $forcepublish='') {
switch ($forcepublish) {
case CHOICE_PUBLISH_NAMES:
$isteacher = isteacher($course->id);
//$isteacher = isteacher($course->id);
$tablewidth = (int) (100.0 / count($useranswer));
if (isteacher($course->id, $USER->id)) {
if (has_capability('mod/choice:readresponses', $context->id)) {
//if (isteacher($course->id, $USER->id)) {
echo '<div id="tablecontainer">';
echo '<form id="attemptsform" method="post" action="'.$_SERVER['PHP_SELF'].'" onsubmit="var menu = document.getElementById(\'menuaction\'); return (menu.options[menu.selectedIndex].value == \'delete\' ? \''.addslashes(get_string('deleteattemptcheck','quiz')).'\' : true);">';
echo '<input type="hidden" name="id" value="'.$cm->id.'" />';
@ -414,6 +420,7 @@ function choice_show_results($choice, $course, $cm, $forcepublish='') {
echo "<table width=\"100%\">";
foreach ($userlist as $user) {
// this needs to be fixed
if (!($optionid==0 && isadmin($user->id)) && !($optionid==0 && isteacher($course->id, $user->id) && !(isteacheredit($course->id, $user->id)) ) ) { //make sure admins and hidden teachers are not shown in not answered yet column.
echo "<tr>";
if (isteacher($course->id, $USER->id) && !($optionid==0)) {
@ -443,7 +450,8 @@ function choice_show_results($choice, $course, $cm, $forcepublish='') {
$countanswers = get_records("choice_answers", "optionid", $optionid);
$countans = 0;
if (!empty($countanswers)) {
foreach ($countanswers as $ca) { //only return enrolled users.
foreach ($countanswers as $ca) { //only return enrolled users.
// needs fixing too
if (isstudent($course->id, $ca->userid) or isteacher($course->id, $ca->userid)) {
$countans = $countans+1;
}
@ -462,7 +470,8 @@ function choice_show_results($choice, $course, $cm, $forcepublish='') {
}
/// Print "Select all" etc.
if (isteacher($course->id, $USER->id)) {
if (has_capability('mod/choice:readresponses', $context->id)) {
//if (isteacher($course->id, $USER->id)) {
echo '<tr><td><p>';
echo '<tr><td>';
echo '<a href="javascript:select_all_in(\'DIV\',null,\'tablecontainer\');">'.get_string('selectall', 'quiz').'</a> / ';
@ -479,7 +488,8 @@ function choice_show_results($choice, $course, $cm, $forcepublish='') {
echo "</tr></table>";
if (isteacher($course->id, $USER->id)) {
//if (isteacher($course->id, $USER->id)) {
if (has_capability('mod/choice:readresponses', $context->id)) {
echo "</form></div>";
}
break;

23
mod/choice/report.php
View file

@ -17,10 +17,14 @@
}
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/choice:readresponses', $context->id, true);
//if (!isteacher($course->id)) {
// error("Only teachers can look at this page");
//}
if (!$choice = choice_get_choice($cm->instance)) {
error("Course module is incorrect");
@ -32,7 +36,8 @@
add_to_log($course->id, "choice", "report", "report.php?id=$cm->id", "$choice->id",$cm->id);
if ($action == 'delete') { //some responses need to be deleted
if ($action == 'delete' && has_capability('mod/choice:deleteresponses',$context->id, true)) {
//if ($action == 'delete') { //some responses need to be deleted
$attemptids = isset($_POST['attemptid']) ? $_POST['attemptid'] : array(); //get array of repsonses to delete.
choice_delete_responses($attemptids); //delete responses.
redirect("report.php?id=$cm->id");
@ -81,7 +86,8 @@
ksort($useranswer);
//print spreadsheet if one is asked for:
if ($download == "xls") {
//if ($download == "xls") {
if ($download == "xls" && has_capability('mod/choice:downloadresponses', $context->id, true)) {
require_once("$CFG->libdir/excellib.class.php");
/// Calculate file name
@ -137,8 +143,9 @@
exit;
}
// print text file
if ($download == "txt") {
// print text file
//if ($download == "txt") {
if ($download == "txt" && has_capability('mod/choice:downloadresponses', $context->id, true)) {
$filename = clean_filename("$course->shortname ".strip_tags(format_string($choice->name,true))).'.txt';
header("Content-Type: application/download\n");

2
mod/choice/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006020900;
$module->version = 2006080800;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;

11
mod/choice/view.php
View file

@ -16,6 +16,9 @@
}
require_course_login($course, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/choice:choose', $context->id, true);
if (!$choice = choice_get_choice($cm->instance)) {
error("Course module is incorrect");
@ -30,8 +33,8 @@
if ($form = data_submitted()) {
$timenow = time();
if (isteacher($course->id, $USER->id)) {
if (has_capability('mod/choice:deleteresponses', $context->id)) {
//if (isteacher($course->id, $USER->id)) {
if ($action == 'delete') { //some responses need to be deleted
choice_delete_responses($attemptids); //delete responses.
redirect("view.php?id=$cm->id");
@ -56,8 +59,8 @@
"<a href=\"index.php?id=$course->id\">$strchoices</a> -> ".format_string($choice->name), "", "", true,
update_module_button($cm->id, $course->id, $strchoice), navmenu($course, $cm));
if (isteacher($course->id)) {
if (has_capability('mod/choice:readresponses', $context->id)) {
//if (isteacher($course->id)) {
choice_show_reportlink($choice, $course->id, $cm->id);
} else if (!$cm->visible) {
notice(get_string("activityiscurrentlyhidden"));

9
mod/data/comment.php
View file

@ -26,15 +26,18 @@
}
require_login($course->id);
if ($commentid) {
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if ($commentid) {
if (! $comment = get_record('data_comments', 'id', $commentid)) {
error('Comment ID is misconfigured');
}
if ($comment->recordid != $record->id) {
error('Comment ID is misconfigured');
}
if (!isteacher($course->id) && $comment->userid != $USER->id) {
if (!has_capability('mod/data:managecomments', $context->id) && $comment->userid != $USER->id) {
error('Comment is not yours to edit!');
}
}

150
mod/data/db/access.php Normal file
View file

@ -0,0 +1,150 @@
<?php
//
// Capability definitions for the data module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_data_capabilities = array(
'mod/data:readentry' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:writeentry' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:comment' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:rate' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:approve' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:manageentries' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:managecomments' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:managetemplates' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

50
mod/data/db/postgres7.sql
View file

@ -92,6 +92,56 @@ CREATE TABLE prefix_data_ratings (
rating integer NOT NULL default '0'
);
# Roles tables
CREATE TABLE prefix_roles (
`id` SERIAL PRIMARY KEY,
`name` varchar(255) NOT NULL default '',
`description` text NOT NULL default '',
`priority` decimal(2,2) NOT NULL default '0',
);
CREATE TABLE prefix_contexts (
`id` SERIAL PRIMARY KEY,
`system` int(1) NOT NULL default '0',
`metacourseid` int(10) NOT NULL default '0',
`coursecatid` int(10) NOT NULL default '0',
`courseid` int(10) NOT NULL default '0',
`moduleinstance` int(10) NOT NULL default '0',
`userid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_role_assignments (
`id` SERIAL PRIMARY KEY,
`roldid` int(10) NOT NULL default '0',
`contextid` int(10) NOT NULL default '0',
`userid` int(10) NOT NULL default '0',
`groupid` int(10) NOT NULL default '0',
`timestart` int(10) NOT NULL default '0',
`timeend` int(10) NOT NULL default '0',
`timemodified` int(10) NOT NULL default '0',
`modifierid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_capability_overrides (
`id` SERIAL PRIMARY KEY,
`contextid` int(10) NOT NULL default '0',
`roleid` int(10) NOT NULL default '0',
`module` varchar(255) NOT NULL default '',
`capability` varchar(255) NOT NULL default '',
`allow` int(1) NOT NULL default '0',
`priority` double(2,2) NOT NULL default '0',
`timemodified` int(10) NOT NULL default '0',
`modifierid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_role_capabilities (
`id` SERIAL PRIMARY KEY,
`module` varchar(255) NOT NULL default '',
`capability` varchar(255) NOT NULL default '',
`allow` int(1) NOT NULL default '0',
);
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'view', 'data', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'add', 'data', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'update', 'data', 'name');

4
mod/data/field.php
View file

@ -65,6 +65,10 @@
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:managetemplates', $context->id, true);
if (!isteacheredit($course->id)){
error(get_string('noaccess','data'));
}

9
mod/data/import.php
View file

@ -57,13 +57,18 @@
}
}
if (isteacher($course->id)) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:uploadentries', $context->id, true);
if (has_capability('mod/data:managetemplates', $context->id)) {
if (!count_records('data_fields','dataid',$data->id)) { // Brand new database!
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
}
///checking for participants
// needs fixing?
/*
if ((!isteacher($course->id)) && $data->participants == DATA_TEACHERS_ONLY) {
error ('students are not allowed to participate in this activity');
}
@ -72,7 +77,7 @@
if (!isteacher($course->id) or !data_isowner($rid) or !confirm_sesskey()){
error (get_string('noaccess','data'));
}
}
}*/
/// Print the page header

45
mod/data/lib.php
View file

@ -548,12 +548,16 @@ function data_numentries($data){
****************************************************************/
function data_add_record($data, $groupid=0){
global $USER;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$record->userid = $USER->id;
$record->dataid = $data->id;
$record->groupid = $groupid;
$record->timecreated = $record->timemodified = time();
if (isteacher($data->course)) {
if (has_capability('mod/data:approve', $context->id)) {
//if (isteacher($data->course)) {
$record->approved = 1;
} else {
$record->approved = 0;
@ -835,6 +839,9 @@ function data_get_coursemodule_info($coursemodule) {
function data_print_template($template, $records, $data, $search='',$page=0, $return=false) {
global $CFG;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
static $fields = NULL;
static $isteacher;
static $dataid = NULL;
@ -872,7 +879,7 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
/// Replacing special tags (##Edit##, ##Delete##, ##More##)
$patterns[]='/\#\#Edit\#\#/i';
$patterns[]='/\#\#Delete\#\#/i';
if ($isteacher or data_isowner($record->id)) {
if (has_capability('mod/data:manageentries', $context->id) or data_isowner($record->id)) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
.$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/edit.gif" height="11" width="11" border="0" alt="'.get_string('edit').'" /></a>';
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
@ -892,7 +899,7 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
'&amp;course='.$data->course.'">'.fullname($record).'</a>';
$patterns[]='/\#\#Approve\#\#/i';
if ($isteacher && ($data->approval) && (!$record->approved)){
if (has_capability('mod/data:approve', $context->id) && ($data->approval) && (!$record->approved)){
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;approve='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/i/approve.gif" height="11" width="11" border="0" alt="'.get_string('approve').'" /></a>';
} else {
$replacement[] = '';
@ -984,19 +991,22 @@ function data_print_preference_form($data, $perpage, $search, $sort='', $order='
function data_print_ratings($data, $record) {
global $USER;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$ratingsmenuused = false;
if ($data->ratings and !empty($USER->id)) {
if ($ratings->scale = make_grades_menu($data->scale)) {
$ratings->assesspublic = $data->assesspublic;
$ratings->allow = (($data->assessed != 2 or isteacher($data->course)) && !isguest());
$ratings->allow = ($data->assessed != 2 or has_capability('mod/data:rate', $context->id));
if ($ratings->allow) {
echo '<div class="ratings" align="center">';
echo '<form name="form" method="post" action="rate.php">';
$useratings = true;
if ($useratings) {
if ((isteacher($data->course) or $ratings->assesspublic) and !data_isowner($record->id)) {
data_print_ratings_mean($record->id, $ratings->scale, isteacher($data->course));
if ((has_capability('mod/data:rate', $context->id) or $ratings->assesspublic) and !data_isowner($record->id)) {
data_print_ratings_mean($record->id, $ratings->scale, has_capability('mod/data:rate', $context->id));
if (!empty($ratings->allow)) {
echo '&nbsp;';
data_print_rating_menu($record->id, $USER->id, $ratings->scale);
@ -1155,7 +1165,10 @@ function data_print_comment($data, $comment, $page=0) {
global $USER, $CFG;
$stredit = get_string('edit');
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$stredit = get_string('edit');
$strdelete = get_string('delete');
$user = get_record('user','id',$comment->userid);
@ -1192,7 +1205,7 @@ function data_print_comment($data, $comment, $page=0) {
/// Commands
echo '<div class="commands">';
if (data_isowner($comment->recordid) or isteacher($data->course)) {
if (data_isowner($comment->recordid) or has_capability('mod/data:managecomments', $context->id)) {
echo '<a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&amp;mode=edit&amp;commentid='.$comment->id.'&amp;page='.$page.'">'.$stredit.'</a>';
echo '| <a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&amp;mode=delete&amp;commentid='.$comment->id.'&amp;page='.$page.'">'.$strdelete.'</a>';
}
@ -1239,13 +1252,15 @@ function data_convert_arrays_to_strings(&$fieldinput) {
}
}
function data_clean_field_name($fn) {
$fn = trim($fn);
//hack from clean_filename - to be replaced by something nicer later
$fn = preg_replace("/[\\000-\\x2c\\x2f\\x3a-\\x40\\x5b-\\x5e\\x60\\x7b-\\177]/s", '_', $fn);
$fn = preg_replace("/_+/", '_', $fn);
$fn = preg_replace("/\.\.+/", '.', $fn);
return $fn;
// returns the $cm given $data
function data_get_cm($data) {
global $CFG, $course;
$datamod = get_record('modules', 'name', 'data');
$SQL = "select * from {$CFG->prefix}course_modules
where course = $course->id and
module = $datamod->id and
instance = $data->id";
return get_record_sql($SQL);
}
?>

13
mod/data/tabs.php
View file

@ -28,6 +28,9 @@
if (empty($currenttab) or empty($data) or empty($course)) {
error('You cannot call this script in that way');
}
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$inactive = NULL;
$row = array();
@ -40,13 +43,13 @@
$row[] = new tabobject('single', $CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;mode=single', get_string('single','data'), '', true);
}
if (isloggedin() and !isguest()) {
if (isteacher($course->id) or ($data->participants == DATA_STUDENTS_ONLY) or
($data->participants == DATA_TEACHERS_AND_STUDENTS)){
$addstring = empty($editentry) ? get_string('add', 'data') : get_string('editentry', 'data');
//if (isloggedin() and !isguest()) {
if (isloggedin()) {
if (has_capability('mod/data:writeentry', $context->id)) { // took out participation list here!
$addstring = empty($editentry) ? get_string('add', 'data') : get_string('editentry', 'data');
$row[] = new tabobject('add', $CFG->wwwroot.'/mod/data/edit.php?d='.$data->id, $addstring, '', true);
}
if (isteacher($course->id)) {
if (has_capability('mod/data:managetemplates', $context->id)) {
if ($currenttab == 'list') {
$defaultemplate = 'listtemplate';
} else if ($currenttab == 'add') {

6
mod/data/templates.php
View file

@ -56,7 +56,9 @@
}
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:managetemplates', $context->id, true);
/*
if (!isteacheredit($course->id)){
error(get_string('noaccess','data'));
}
@ -66,7 +68,7 @@
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
}
*/
//add_to_log($course->id, 'data', 'templates view', "templates.php?id=$cm->id&amp;d=$data->id", $data->id, $cm->id);

2
mod/data/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006052400;
$module->version = 2006080800;
$module->requires = 2005060230; // Requires this Moodle version
$module->cron = 60;

20
mod/data/view.php
View file

@ -42,7 +42,6 @@
/// These can be added to perform an action on a record
$approve = optional_param('approve', 0, PARAM_INT); //approval recordid
$delete = optional_param('delete', 0, PARAM_INT); //delete recordid
if ($id) {
if (! $cm = get_record('course_modules', 'id', $id)) {
@ -82,12 +81,13 @@
$record = NULL;
}
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:readentry', $context->id, true);
/// If it's hidden then it's don't show anything. :)
if (empty($cm->visible) and !isteacher($course->id)) {
if (empty($cm->visible) and !has_capability('mod/data:managetemplates', $context->id)) {
$strdatabases = get_string("modulenameplural", "data");
$navigation = "<a href=\"index.php?id=$course->id\">$strdatabases</a> ->";
print_header_simple(format_string($data->name), "",
@ -96,7 +96,7 @@
}
/// If we have an empty Database then redirect because this page is useless without data
if (isteacher($course->id)) {
if (has_capability('mod/data:managetemplates', $context->id)) {
if (!record_exists('data_fields','dataid',$data->id)) { // Brand new database!
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
@ -198,7 +198,7 @@
/// Delete any requested records
if ($delete && confirm_sesskey() && (isteacher($course->id) or data_isowner($delete))) {
if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context->id) or data_isowner($delete))) {
if ($confirm = optional_param('confirm',0,PARAM_INT)) {
if ($deleterecord = get_record('data_records', 'id', $delete)) { // Need to check this is valid
if ($deleterecord->dataid == $data->id) { // Must be from this database
@ -249,7 +249,7 @@
/// Approve any requested records
if ($approve && confirm_sesskey() && isteacher($course->id)) {
if ($approve && confirm_sesskey() && has_capability('mod/data:approve', $context->id)) {
if ($approverecord = get_record('data_records', 'id', $approve)) { // Need to check this is valid
if ($approverecord->dataid == $data->id) { // Must be from this database
$newrecord->id = $approverecord->id;
@ -262,7 +262,7 @@
}
// If not teacher, check whether user has sufficient records to view
if (!isteacher($course->id) and data_numentries($data) < $data->requiredentriestoview){
if (!has_capability('mod/data:managetemplates', $context->id) and data_numentries($data) < $data->requiredentriestoview){
notify (($data->requiredentriestoview - data_numentries($data)).'&nbsp;'.get_string('insufficiententries','data'));
echo '</td></tr></table>';
print_footer($course);
@ -272,7 +272,7 @@
/// We need to examine the whole dataset to produce the correct paging
if ((!isteacher($course->id)) && ($data->approval)) {
if ((!has_capability('mod/data:managetemplates', $context->id)) && ($data->approval)) {
if (isloggedin()) {
$approveselect = ' AND (r.approved=1 OR r.userid='.$USER->id.') ';
} else {
@ -390,7 +390,7 @@
if (empty($records)) { // Nothing to show!
if ($record) { // Something was requested so try to show that at least (bug 5132)
if (isteacher($course->id) || empty($data->approval) ||
if (has_capability('mod/data:manageentries', $context->id) || empty($data->approval) ||
$record->approved || (isloggedin() && $record->userid == $USER->id)) {
if (!$currentgroup || $record->groupid == $currentgroup || $record->groupid == 0) {
$records[] = $record;

32
mod/exercise/assessments.php
View file

@ -55,6 +55,8 @@
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$strexercises = get_string("modulenameplural", "exercise");
$strexercise = get_string("modulename", "exercise");
$strassessments = get_string("assessments", "exercise");
@ -71,7 +73,7 @@
/******************* admin amend Grading Grade ************************************/
if ($action == 'adminamendgradinggrade' ) {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
if (empty($aid)) {
@ -109,7 +111,7 @@
/******************* admin confirm delete ************************************/
elseif ($action == 'adminconfirmdelete' ) {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
if (empty($aid)) {
@ -125,7 +127,7 @@
/******************* admin delete ************************************/
elseif ($action == 'admindelete' ) {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
if (empty($aid)) {
@ -145,7 +147,7 @@
/*********************** admin list of asssessments (of a submission) (by teachers)**************/
elseif ($action == 'adminlist') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -161,7 +163,7 @@
/****************** admin list of asssessments by a student (used by teachers only )******************/
elseif ($action == 'adminlistbystudent') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -258,7 +260,7 @@
/****************** edit assessment elements (for teachers) ***********************/
elseif ($action == 'editelements') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -455,7 +457,7 @@
/****************** insert/update assignment elements (for teachers)***********************/
elseif ($action == 'insertelements') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -572,7 +574,7 @@
/****************** list assessments for grading (Student submissions)(by teachers)*********************/
elseif ($action == 'listungradedstudentsubmissions') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
exercise_list_ungraded_assessments($exercise, "student");
@ -584,7 +586,7 @@
******************Teacher's submissions) (by teachers)****/
elseif ($action == 'listungradedstudentassessments') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
exercise_list_ungraded_assessments($exercise, "teacher");
@ -603,7 +605,7 @@
/******************* regrade student assessments ************************************/
elseif ($action == 'regradestudentassessments' ) {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
// get all the student assessments
@ -636,7 +638,7 @@
/****************** teacher assessment : grading of assessment and submission (from student) ************/
elseif ($action == 'teacherassessment') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -659,7 +661,7 @@
/****************** teacher table : show assessments by exercise and teacher ************/
elseif ($action == 'teachertable') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -850,7 +852,7 @@
}
// is user allowed to resubmit?
if (isteacher($course->id)) {
if (has_capability('mod/exercise:assess', $context->id)) {
if (!$submission = get_record("exercise_submissions", "id", $assessment->submissionid)) {
error ("Updateassessment: submission record not found");
}
@ -885,7 +887,7 @@
/****************** update teacher assessment (by teacher only) ***************************/
elseif ($action == 'updateteacherassessment') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}
@ -1098,7 +1100,7 @@
/****************** update grading grade(by teacher) ***************************/
elseif ($action == 'updategradinggrade') {
if (!isteacher($course->id)) {
if (!has_capability('mod/exercise:assess', $context->id)) {
error("Only teachers can look at this page");
}

52
mod/exercise/db/access.php Normal file
View file

@ -0,0 +1,52 @@
<?php
//
// Capability definitions for the exercise module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_exercise_capabilities = array(
'mod/exercise:assess' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

2
mod/exercise/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005031000;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 60;

6
mod/exercise/view.php
View file

@ -38,6 +38,8 @@
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
// ...log activity...
add_to_log($course->id, "exercise", "view", "view.php?id=$cm->id", $exercise->id, $cm->id);
@ -308,8 +310,8 @@
/****************** submission of assignment by teacher only***********************/
elseif ($action == 'submitassignment') {
if (!isteacheredit($course->id)) {
error("Only teachers with editing permissions can do this.");
if (!has_capability('mod/exercise:assess', $context->id)) {
//error("Only teachers with editing permissions can do this.");
}
exercise_print_assignment_info($exercise);

276
mod/forum/db/access.php Normal file
View file

@ -0,0 +1,276 @@
<?php
//
// Capability definitions for the forum module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_forum_capabilities = array(
'mod/forum:viewforum' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewdiscussion' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewdiscussionsfromallgroups' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_PREVENT,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:startdiscussion' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:replypost' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewrating' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewanyrating' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:rate' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:createattachment' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:deleteownpost' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:deleteanypost' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:splitdiscussions' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:movediscussions' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:editanypost' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewqandawithoutposting' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:viewsubscribers' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/forum:managesubscriptions' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

37
mod/forum/db/mysql.php
View file

@ -223,15 +223,42 @@ function forum_upgrade($oldversion) {
if ($oldversion < 2006011700) {
table_column('forum_posts','','mailnow','integer');
}
if ($oldversion < 2006011702) {
execute_sql("INSERT INTO {$CFG->prefix}log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'CONCAT(firstname,\' \',lastname)')");
// Upgrades for new roles and capabilities support.
if ($oldversion < 2006011701) {
// forum.open defines what students can do:
// 0 = No discussions, no replies
// 1 = No discussions, but replies are allowed
// 2 = Discussions and replies are allowed
// Delete column forum.open
// forum.assessed defines who can rate posts:
// 1 = Everyone can rate posts
// 2 = Only teachers can rate posts
// Delete column forum.assessed
// forum.assesspublic defines whether students can see everybody's
// ratings:
// 0 = Students can only see their own ratings
// 1 = Students can see everyone's ratings
// Delete column forum.assesspublic
}
return true;
}
?>
?>

1
mod/forum/db/mysql.sql
View file

@ -163,7 +163,6 @@ INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum',
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'add discussion', 'forum_discussions', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'add post', 'forum_posts', 'subject');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'update post', 'forum_posts', 'subject');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'CONCAT(firstname,\' \',lastname)');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'move discussion', 'forum_discussions', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'view subscribers', 'forum', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'view discussion', 'forum_discussions', 'name');

10
mod/forum/db/postgres7.php
View file

@ -156,7 +156,6 @@ function forum_upgrade($oldversion) {
}
if ($oldversion < 2006011600) {
notify('forum_type does not exists, you can ignore and this will properly removed');
execute_sql("ALTER TABLE {$CFG->prefix}forum DROP CONSTRAINT {$CFG->prefix}forum_type");
execute_sql("ALTER TABLE {$CFG->prefix}forum ADD CONSTRAINT {$CFG->prefix}forum_type CHECK (type IN ('single','news','general','social','eachuser','teacher','qanda')) ");
}
@ -171,15 +170,6 @@ function forum_upgrade($oldversion) {
table_column('forum_posts','','mailnow','integer');
}
if ($oldversion < 2006011701) {
execute_sql("ALTER TABLE {$CFG->prefix}forum DROP CONSTRAINT {$CFG->prefix}forum_type_check");
}
if ($oldversion < 2006011702) {
execute_sql("INSERT INTO {$CFG->prefix}log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'firstname||\' \'||lastname')");
}
return true;
}

1
mod/forum/db/postgres7.sql
View file

@ -175,7 +175,6 @@ INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum',
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'add discussion', 'forum_discussions', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'add post', 'forum_posts', 'subject');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'update post', 'forum_posts', 'subject');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'firstname||\' \'||lastname');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'move discussion', 'forum_discussions', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'view subscribers', 'forum', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('forum', 'view discussion', 'forum_discussions', 'name');

91
mod/forum/discuss.php
View file

@ -25,17 +25,20 @@
notify("Bad forum ID stored in this discussion");
}
if ($forum->type == "teacher") {
require_login($course->id);
if (! $cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) {
error('Course Module ID was incorrect');
}
$canviewdiscussion = false;
if (!isteacher($course->id)) {
error("You must be a $course->teacher to view this forum");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (has_capability('mod/forum:viewdiscussion', $context->id)) {
$canviewdiscussion = true;
}
} elseif ($forum->type == "news") {
if (!((isadmin() and !empty($CFG->admineditalways))
|| isteacher($course->id)
|| (!empty($USER->id) && $USER->id == $discussion->userid)
if ($forum->type == "news") {
if (!($canviewdiscussion || $USER->id == $discussion->userid
|| (($discussion->timestart == 0 || $discussion->timestart <= time())
&& ($discussion->timeend == 0 || $discussion->timeend > time())))) {
error('Discussion ID was incorrect or no longer exists', "$CFG->wwwroot/mod/forum/view.php?f=$forum->id");
@ -50,58 +53,15 @@
if (!empty($move)) {
if (!isteacher($course->id)) {
error("Only teachers can do that!");
if (has_capability('mod/forum:movediscussions', $context->id)) {
error("You do not have the permission to move this discussion!");
}
if ($forum = get_record("forum", "id", $move)) {
if (!forum_move_attachments($discussion, $move)) {
notify("Errors occurred while moving attachment directories - check your file permissions");
}
if (!$fromforum = get_record("forum", "id", $discussion->forum)) {
notify('Bad forum ID stored in this discussion');
}
set_field("forum_discussions", "forum", $forum->id, "id", $discussion->id);
$discussion->forum = $forum->id;
$discussion->timemodified = time();
// Leave behind a skeleton discussion containing only a post which
// notifies that the discussion has been moved.
$skeleton = clone($discussion);
$skeleton->forum = $fromforum->id;
$skeleton->name = addslashes( $skeleton->name . ' ' . get_string('movedmarker', 'forum') );
// Prepare replacement parameters for message content string
// - these create the link to the new discussion location
$link = new stdClass;
$me = strip_querystring(me());
$link->discusshref = $me . '?d=' . $discussion->id;
$link->forumhref = dirname($me) . '/view.php?f=' . $forum->id;
$link->forumname = $forum->name;
// retrieve translateable message content
$skeleton->intro = addslashes( get_string('discussionmovedpost', 'forum', $link) );
$skeleton->format = 1;
$skeleton->mailnow = 0;
// add the skeleton discussion to the database
if (!($skeleton->id = forum_add_discussion($skeleton, $msg))) {
notify('Failed to add discussion-moved notification : '. $msg);
}
if (update_record('forum_discussions', $discussion)) {
// Update RSS feeds for both from and to forums.
require_once('rsslib.php');
require_once($CFG->libdir.'/rsslib.php');
// Delete the RSS files for the 2 forums because we want to force
// the regeneration of the feeds since the discussions have been
// moved.
if (!forum_rss_delete_file($forum) || !forum_rss_delete_file($fromforum)) {
notify('Could not purge the cached RSS feeds for the source and/or'.
'destination forum(s) - check your file permissionsforums');
}
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
add_to_log($course->id, "forum", "move discussion", "discuss.php?d=$discussion->id", "$discussion->id",
$cm->id);
@ -195,9 +155,9 @@
if ($groupmode and !isteacheredit($course->id)) { // Groups must be kept separate
if ($groupmode and !has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) { // Groups must be kept separate
//change this to ismember
$mygroupid = mygroupid($course->id);//only useful if 0, otherwise it's an array now
$mygroupid = mygroupid($course->id); //only useful if 0, otherwise it's an array now
if ($groupmode == SEPARATEGROUPS) {
require_login();
@ -212,7 +172,9 @@
}
} else if ($groupmode == VISIBLEGROUPS) {
$canreply = ((empty($mygroupid) and $discussion->groupid == -1) || (ismember($discussion->groupid) || $mygroupid == $discussion->groupid));
$canreply = ( (empty($mygroupid) && $discussion->groupid == -1) ||
(ismember($discussion->groupid) || $mygroupid == $discussion->groupid) &&
has_capability('mod/forum:replypost', $context->id) );
}
}
@ -222,7 +184,7 @@
echo '<table width="100%"><tr><td width="33%">';
if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id))) {
if ($groups = get_records_menu('groups', 'courseid', $course->id, 'name ASC', 'id,name')) {
print_group_menu($groups, $groupmode, $discussion->groupid, "view.php?id=$cm->id&amp;group=");
}
@ -232,7 +194,7 @@
forum_print_mode_form($discussion->id, $displaymode);
echo "</td><td width=\"33%\">";
if (isteacher($course->id) && $forum->type != "teacher") { // Popup menu to move discussions to other forums
if (has_capability('mod/forum:movediscussions', $context->id)) { // Popup menu to move discussions to other forums
if ($forums = get_all_instances_in_course("forum", $course)) {
if ($course->format == 'weeks') {
$strsection = get_string("week");
@ -266,7 +228,8 @@
notify(get_string('thisforumisthrottled','forum',$a));
}
if ($forum->type == 'qanda' && !isteacher($forum->course) && !forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
if ($forum->type == 'qanda' && !has_capability('mod/forum:viewqandawithoutposting', $context->id) &&
!forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
notify(get_string('qandanotify','forum'));
}
@ -275,9 +238,9 @@
}
/// Print the actual discussion
forum_print_discussion($course, $forum, $discussion, $post, $displaymode, $canreply);
$canrate = has_capability('mod/forum:rate', $context->id);
forum_print_discussion($course, $forum, $discussion, $post, $displaymode, $canreply, $canrate);
print_footer($course);
?>
?>

28
mod/forum/index.php
View file

@ -91,7 +91,9 @@
foreach ($forums as $forum) {
if (!isset($forum->visible)) {
$forum->visible = instance_is_visible("forum", $forum);
if (!$forum->visible and !isteacher($course->id)) {
$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!$forum->visible and !has_capability('moodle/course:viewhiddenactivities', $context->id)) {
if (isset($forum->keyreference)) {
unset($learningforums[$forum->keyreference]);
}
@ -106,12 +108,14 @@
unset($learningforums[$forum->keyreference]);
}
break;
/*
case "teacher":
if (isteacher($course->id)) {
$forum->visible = true;
$generalforums[] = $forum;
}
break;
*/
default:
if (!$course->category or empty($forum->section)) { // Site level or section 0
$generalforums[] = $forum;
@ -153,13 +157,19 @@
if ($generalforums) {
foreach ($generalforums as $forum) {
if (isset($forum->groupmode)) {
$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (isset($forum->groupmode)) {
$groupmode = groupmode($course, $forum); /// Can do this because forum->groupmode is defined
} else {
$groupmode = NOGROUPS;
}
if ($groupmode == SEPARATEGROUPS and !isteacheredit($course->id)) {
// this is potentially wrong logic. could possibly check for if user has the right to hmmm
if ($groupmode == SEPARATEGROUPS and !has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) {
$count = count_records_select("forum_discussions", "forum = '$forum->id' AND (groupid = '$currentgroup' OR groupid = '-1')");
} else {
$count = count_records("forum_discussions", "forum", "$forum->id");
@ -167,7 +177,7 @@
if ($usetracking) {
if (($forum->trackingtype == FORUM_TRACKING_ON) || !isset($untracked[$forum->id])) {
$groupid = ($groupmode==SEPARATEGROUPS && !isteacheredit($course->id)) ? $currentgroup : false;
$groupid = ($groupmode==SEPARATEGROUPS && !has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) ? $currentgroup : false;
$unread = forum_tp_count_forum_unread_posts($USER->id, $forum->id, $groupid);
if ($unread > 0) {
$unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>';
@ -177,6 +187,7 @@
$unreadlink = '<span class="read"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>';
}
if ($forum->trackingtype == FORUM_TRACKING_OPTIONAL) {
$trackedlink = '<a title="'.$strnotrackforum.'" href="settracking.php?id='.
$forum->id.'">'.$stryes.'</a>';
@ -226,7 +237,7 @@
if (forum_is_forcesubscribed($forum->id)) {
$sublink = $stryes;
} else {
if ($groupmode and !isteacheredit($course->id) and !mygroupid($course->id)) {
if ($groupmode and !has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id) and !mygroupid($course->id)) {
$sublink = $strno; // Can't subscribe to a group forum (not in a group)
$forumlink = format_string($forum->name,true);
} else {
@ -303,11 +314,12 @@
if ($learningforums) {
$currentsection = "";
foreach ($learningforums as $key => $forum) {
$groupmode = groupmode($course, $forum); /// Can do this because forum->groupmode is defined
if ($groupmode == SEPARATEGROUPS and !isteacheredit($course->id)) {
$forum->visible = instance_is_visible("forum", $forum);
$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id);
if ($groupmode == SEPARATEGROUPS and !has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) {
$count = count_records("forum_discussions", "forum", "$forum->id", "groupid", $currentgroup);
} else {
$count = count_records("forum_discussions", "forum", "$forum->id");

310
mod/forum/lib.php
View file

@ -81,9 +81,6 @@ if (!isset($CFG->forum_enabletimedposts)) { // Newish feature that is not quit
$CFG->forum_enabletimedposts = false;
}
if (!isset($CFG->forum_enablerssfeeds)) { // Disable forum RSS feeds by default
$CFG->forum_enablerssfeeds = false;
}
/// STANDARD FUNCTIONS ///////////////////////////////////////////////////////////
@ -111,10 +108,6 @@ function forum_add_instance($forum) {
$forum->assesstimefinish = 0;
}
//sanitize given values a bit
$forum->warnafter = clean_param($forum->warnafter, PARAM_INT);
$forum->blockafter = clean_param($forum->blockafter, PARAM_INT);
if (! $forum->id = insert_record('forum', $forum)) {
return false;
}
@ -244,9 +237,7 @@ function forum_cron () {
}
if (!empty($USER->id)) { // Remember real USER account if necessary
$realuser = clone($USER); //PHP5 compatibility
} else {
$realuser = false;
$realuser = $USER;
}
/// Posts older than 2 days will not be mailed. This is to avoid the problem where
@ -1105,48 +1096,95 @@ function forum_get_child_posts($parent, $forumid) {
ORDER BY p.created ASC");
}
/**
* Returns a list of posts found using an array of search terms.
* e.g. word +word -word
* @param $searchterms
* @param $courseid
* @param $page
* @param $recordsperpage=50
* @param &$totalcount
* @param $groupid - either a single groupid or an array of groupids.
* this specifies the groups the search is to be carried
* for. However, please note that, unless the user has
* the capability 'mod/forum:viewdiscussionsfromallgroups',
* we will restrict the search to a subset of groups from
* $groupid. The subset consists of the groups the user
* really is in.
* @param $extrasql
*/
function forum_search_posts($searchterms, $courseid, $page=0, $recordsperpage=50,
&$totalcount, $groupid=0, $extrasql='') {
function forum_search_posts($searchterms, $courseid, $page=0, $recordsperpage=50, &$totalcount, $sepgroups=0, $extrasql='') {
/// Returns a list of posts found using an array of search terms
/// eg word +word -word
///
global $CFG, $USER;
require_once($CFG->libdir.'/searchlib.php');
if (!isteacher($courseid)) {
$notteacherforum = "AND f.type <> 'teacher'";
$forummodule = get_record("modules", "name", "forum");
$onlyvisible = "AND d.forum = f.id AND f.id = cm.instance AND cm.visible = 1 AND cm.module = $forummodule->id";
$onlyvisibletable = ", {$CFG->prefix}course_modules cm, {$CFG->prefix}forum f";
if (!empty($sepgroups)) {
$separategroups = SEPARATEGROUPS;
$selectgroup = " AND ( NOT (cm.groupmode='$separategroups'".
" OR (c.groupmode='$separategroups' AND c.groupmodeforce='1') )";//.
$selectgroup .= " OR d.groupid = '-1'"; //search inside discussions for all groups too
foreach ($sepgroups as $sepgroup){
$selectgroup .= " OR d.groupid = '$sepgroup->id'";
}
$selectgroup .= ")";
// " OR d.groupid = '$groupid')";
$selectcourse = " AND d.course = '$courseid' AND c.id='$courseid'";
$coursetable = ", {$CFG->prefix}course c";
} else {
$selectgroup = '';
$selectcourse = " AND d.course = '$courseid'";
$coursetable = '';
}
$forummodule = get_record("modules", "name", "forum");
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); // Will need to fix this.
// Take into account forum visibility.
if (has_capability('moodle/course:viewhiddenactivities', $coursecontext->id)) {
$onlyvisible = '';
$onlyvisibletable = '';
} else {
$notteacherforum = "";
$onlyvisible = "AND d.forum = f.id
AND f.id = cm.instance
AND cm.visible = 1
AND cm.module = $forummodule->id";
$onlyvisibletable = ", {$CFG->prefix}course_modules cm, {$CFG->prefix}forum f";
}
// Take into account user groups.
if (has_capability('mod/forum:viewdiscussionsfromallgroups', $modcontext->id)) {
$selectgroup = '';
$onlyvisible = "";
$onlyvisibletable = "";
$coursetable = '';
if ($courseid == SITEID && isadmin()) {
$selectcourse = '';
} else {
$selectcourse = " AND d.course = '$courseid'";
}
} else {
$searchgroupid = mygroupid($courseid);
if ($groupid) {
// Okay we don't necessarily trust the groups specified. We'll
// force the search to occur for a subset of the groups the user
// is really in.
$novalidgroups = false;
if (is_array($groupid)) {
foreach ($searchgroupid as $index => $validgroupid) {
if (array_search($validgroupid, $groupid) === false) {
unset($searchgroupid[$index]);
}
}
if (count($searchgroupid) == 0) {
$novalidgroups = true;
}
} else {
if (array_search($groupid, $searchgroupid) === false) {
$novalidgroups = true;
}
}
if ($novalidgroups) {
error('The user does not belong in the group(s) specified '.
'by $groupid and the user does not have the '.
'required permission to view posts from all '.
'groups.');
}
}
$separategroups = SEPARATEGROUPS;
$selectgroup = " AND ( NOT (cm.groupmode='$separategroups'".
" OR (c.groupmode='$separategroups' AND c.groupmodeforce='1') )";//.
foreach ($searchgroupid as $index => $value){
$selectgroup .= " OR d.groupid = '$value'";
}
$selectgroup .= ")";
// " OR d.groupid = '$groupid')";
$selectcourse = " AND d.course = '$courseid' AND c.id='$courseid'";
$coursetable = ", {$CFG->prefix}course c";
}
$timelimit = '';
@ -1190,14 +1228,23 @@ function forum_search_posts($searchterms, $courseid, $page=0, $recordsperpage=50
$parsearray = $parser->get_parsed_array();
$messagesearch = search_generate_SQL($parsearray,'p.message','p.subject','p.userid','u.id','u.firstname','u.lastname','p.modified', 'd.forum');
}
/*
$selectsql = "{$CFG->prefix}forum_posts p,
{$CFG->prefix}forum_discussions d,
{$CFG->prefix}user u $onlyvisibletable $coursetable
WHERE ($messagesearch)
AND p.userid = u.id
AND p.discussion = d.id $selectcourse $notteacherforum $onlyvisible $selectgroup $timelimit $extrasql";
*/
$selectsql = "{$CFG->prefix}forum_posts p,
{$CFG->prefix}forum_discussions d,
{$CFG->prefix}user u $onlyvisibletable $coursetable
WHERE ($messagesearch)
AND p.userid = u.id
AND p.discussion = d.id $selectcourse $onlyvisible $selectgroup $timelimit $extrasql";
$totalcount = count_records_sql("SELECT COUNT(*) FROM $selectsql");
return get_records_sql("SELECT p.*,d.forum, u.firstname,u.lastname,u.email,u.picture FROM
@ -2264,14 +2311,14 @@ function forum_print_mode_form($discussion, $mode) {
function forum_search_form($course, $search='') {
global $CFG;
$output = '<div class="forumsearchform">';
$output .= '<form name="search" action="'.$CFG->wwwroot.'/mod/forum/search.php" style="display:inline">';
$output = '<table border="0" cellpadding="0" cellspacing="0"><tr><td nowrap="nowrap">';
$output .= helpbutton('search', get_string('search'), 'moodle', true, false, '', true);
$output .= '&nbsp;<form name="search" action="'.$CFG->wwwroot.'/mod/forum/search.php" style="display:inline">';
$output .= '<input name="search" type="text" size="18" value="'.$search.'" alt="search" />';
$output .= '<input value="'.get_string('searchforums', 'forum').'" type="submit" />';
$output .= '<input name="id" type="hidden" value="'.$course->id.'" />';
$output .= '</form>';
$output .= helpbutton('search', get_string('search'), 'moodle', true, false, '', true);
$output .= '</div>';
$output .= '</td></tr></table>';
return $output;
}
@ -2712,32 +2759,32 @@ function forum_user_has_posted_discussion($forumid, $userid) {
}
}
function forum_user_has_posted($forumid,$did,$userid) {
function forum_user_has_posted($forumid, $did, $userid) {
return record_exists('forum_posts','discussion',$did,'userid',$userid);
}
function forum_user_can_post_discussion($forum, $currentgroup=false, $groupmode='', $edit=0) {
function forum_user_can_post_discussion($forum, $currentgroup=false, $groupmode='') {
// $forum is an object
global $USER, $SESSION;
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $forum->course)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:startdiscussion', $context->id)) {
return false;
}
if ($forum->type == "eachuser") {
if ($edit) { // fix for 5551, if 1 post per user, should allow edit, if poster is owner
$post = get_record('forum_posts','id',$edit);
return ($post->userid == $USER->id); // editting your own post?
} else {
return (! forum_user_has_posted_discussion($forum->id, $USER->id));
}
} else if ($forum->type == 'qanda') {
return isteacher($forum->course);
} else if ($forum->type == "teacher") {
return isteacher($forum->course);
return (!forum_user_has_posted_discussion($forum->id, $USER->id));
} else if ($currentgroup) {
return (isteacheredit($forum->course) or (ismember($currentgroup) and $forum->open == 2));
} else if (isteacher($forum->course)) {
return true;
return (has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)
or (ismember($currentgroup) and $forum->open == 2));
} else {
//else it might be group 0 in visible mode
if ($groupmode == VISIBLEGROUPS){
return ($forum->open == 2 AND ismember($currentgroup));
return ($forum->open == 2 and ismember($currentgroup));
}
else {
return ($forum->open == 2);
@ -2745,59 +2792,66 @@ function forum_user_can_post_discussion($forum, $currentgroup=false, $groupmode=
}
}
/**
* This function checks whether the user can reply to posts in a forum
* discussion. Use forum_user_can_post_discussion() to check whether the user
* can start dicussions.
* @param $forum - forum object
* @param $user - user object
*/
function forum_user_can_post($forum, $user=NULL) {
// $forum, $user are objects
if ($user) {
$isteacher = isteacher($forum->course, $user->id);
if (!$forum->open) {
// No point doing the more expensive has_capability checks.
return false;
}
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $forum->course)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (isset($user)) {
$canreply = has_capability('mod/forum:replypost', $context->id, false, $user->id);
} else {
$isteacher = isteacher($forum->course);
$canreply = has_capability('mod/forum:replypost', $context->id, false);
}
if ($forum->type == "teacher") {
return $isteacher;
} else if ($isteacher) {
return true;
} else {
return $forum->open;
}
return $canreply;
}
//checks to see if a user can view a particular post
function forum_user_can_view_post($post, $course, $cm, $forum, $discussion, $user=NULL){
global $CFG, $USER;
if (!$user){
$user = $USER;
}
if (isteacheredit($course->id)) {
return true;
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:viewdiscussion', $modcontext->id)) {
return false;
}
if ($forum->type == 'teacher'){ //teacher type forum
return isteacher($course->id);
}
/// Make sure the user is allowed in the course
if (!(isstudent($course->id) or
isteacher($course->id) or
($course->id == SITEID && !$CFG->forcelogin) or
(isguest() && $course->guest) )){
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
if (!has_capability('moodle/course:view', $coursecontext->id)) {
return false;
}
/// If it's a grouped discussion, make sure the user is a member
if ($discussion->groupid > 0) {
if ($cm->groupmode == SEPARATEGROUPS) {
return ismember($discussion->groupid);
return ismember($discussion->groupid) ||
has_capability('mod/forum:viewdiscussionsfromallgroups', $modcontext->id);
}
}
return true;
}
function forum_user_can_see_discussion($forum,$discussion,$user=NULL) {
function forum_user_can_see_discussion($forum, $discussion, $contextid, $user=NULL) {
global $USER;
if (empty($user) || empty($user->id)) {
@ -2815,29 +2869,30 @@ function forum_user_can_see_discussion($forum,$discussion,$user=NULL) {
return false;
}
}
if ($forum->type == 'qanda') {
return (forum_user_has_posted($forum->id,$discussion->id,$user->id) || isteacher($forum->course));
if (!has_capability('mod/forum:viewdiscussion', $contextid)) {
return false;
}
if ($forum->type == 'qanda' &&
!forum_user_has_posted($forum->id, $discussion->id, $user->id) &&
!has_capability('mod/forum:viewqandawithoutposting', $contextid)) {
return false;
}
return true;
}
function forum_user_can_see_post($forum,$discussion,$post,$user=NULL) {
function forum_user_can_see_post($forum, $discussion, $post, $user=NULL) {
global $USER;
if (empty($user) || empty($user->id)) {
$user = $USER;
}
// retrive objects (yuk)
if (is_numeric($forum)) {
if (!$forum = get_record('forum','id',$forum)) {
return false;
}
}
if (isteacher($forum->course)) {
return true;
}
if (is_numeric($discussion)) {
if (!$discussion = get_record('forum_discussions','id',$discussion)) {
return false;
@ -2848,14 +2903,29 @@ function forum_user_can_see_post($forum,$discussion,$post,$user=NULL) {
return false;
}
}
if (!isset($post->id) && isset($post->parent)) {
$post->id = $post->parent;
}
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $forum->course)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (empty($user) || empty($user->id)) {
$user = $USER;
}
if (!has_capability('mod/forum:viewdiscussion', $context->id, false, $user->id)) {
return false;
}
if ($forum->type == 'qanda') {
$firstpost = forum_get_firstpost_from_discussion($discussion->id);
return (forum_user_has_posted($forum->id,$discussion->id,$user->id) || $firstpost->id == $post->id || isteacher($forum->course));
return (forum_user_has_posted($forum->id,$discussion->id,$user->id) ||
$firstpost->id == $post->id ||
has_capability('mod/forum:viewqandawithoutposting', $context->id, false, $user->id));
}
return true;
}
@ -2877,6 +2947,12 @@ function forum_user_can_see_post($forum,$discussion,$post,$user=NULL) {
function forum_print_latest_discussions($course, $forum, $maxdiscussions=5, $displayformat='plain', $sort='',
$currentgroup=-1, $groupmode=-1, $page=-1) {
global $CFG, $USER;
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $forum->course)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
/// Sort out some defaults
@ -2906,7 +2982,8 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions=5, $dis
$currentgroup = get_current_group($course->id);
}
if (!$currentgroup and ($groupmode != SEPARATEGROUPS or isteacheredit($course->id)) ) {
if (!$currentgroup and ($groupmode != SEPARATEGROUPS or
has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) ) {
$visiblegroups = -1;
} else {
$visiblegroups = $currentgroup;
@ -3098,7 +3175,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions=5, $dis
}
function forum_print_discussion($course, $forum, $discussion, $post, $mode, $canreply=NULL) {
function forum_print_discussion($course, $forum, $discussion, $post, $mode, $canreply=NULL, $canrate=false) {
global $USER, $CFG;
@ -3120,11 +3197,12 @@ function forum_print_discussion($course, $forum, $discussion, $post, $mode, $can
$ratings->assesspublic = $forum->assesspublic;
$ratings->assesstimestart = $forum->assesstimestart;
$ratings->assesstimefinish = $forum->assesstimefinish;
$ratings->allow = (($forum->assessed != 2 or isteacher($course->id)) && !isguest());
$ratings->allow = $canrate;
if ($ratings->allow) {
echo '<form name="form" method="post" action="rate.php">';
echo '<input type="hidden" name="id" value="'.$course->id.'" />';
echo '<input type="hidden" name="forumid" value="'.$forum->id.'" />';
}
}
}
@ -3241,7 +3319,7 @@ function forum_print_posts_threaded($parent, $courseid, $depth, $ratings, $reply
if (!forum_user_can_see_post($post->forum,$post->discussion,$post)) {
continue;
}
$by->name = fullname($post, isteacher($courseid));
$by->name = fullname($post);
$by->date = userdate($post->modified);
if ($istracking) {
@ -3426,19 +3504,17 @@ function forum_update_subscriptions_button($courseid, $forumid) {
// Prints the editing button on subscribers page
global $CFG, $USER;
if (isteacher($courseid)) {
if (!empty($USER->subscriptionsediting)) {
$string = get_string("turneditingoff");
$edit = "off";
} else {
$string = get_string("turneditingon");
$edit = "on";
}
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/mod/forum/subscribers.php\">".
"<input type=\"hidden\" name=\"id\" value=\"$forumid\" />".
"<input type=\"hidden\" name=\"edit\" value=\"$edit\" />".
"<input type=\"submit\" value=\"$string\" /></form>";
if (!empty($USER->subscriptionsediting)) {
$string = get_string("turneditingoff");
$edit = "off";
} else {
$string = get_string("turneditingon");
$edit = "on";
}
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/mod/forum/subscribers.php\">".
"<input type=\"hidden\" name=\"id\" value=\"$forumid\" />".
"<input type=\"hidden\" name=\"edit\" value=\"$edit\" />".
"<input type=\"submit\" value=\"$string\" /></form>";
}
function forum_add_user($userid, $courseid) {

2
mod/forum/markposts.php
View file

@ -29,7 +29,7 @@
if (isguest()) { // Guests can't change forum
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
$wwwroot = str_replace('http','https', $wwwroot);
}
$strforums = get_string('modulenameplural', 'forum');

32
mod/forum/mod.html
View file

@ -105,17 +105,6 @@
<?php print_textarea($usehtmleditor, 20, 50, 680, 400, 'intro', $form->intro); ?>
</td>
</tr>
<tr valign="top">
<td align="right"><b><?php print_string('allowdiscussions', 'forum', strtolower("$course->student")) ?>:</b></td>
<td>
<?php
choose_from_menu($FORUM_OPEN_MODES, 'open', $form->open, '');
helpbutton('allowdiscussions', get_string('allowdiscussions',
'forum', moodle_strtolower("$course->student")), 'forum');
?>
</td>
</tr>
<tr>
<td align="right"><b><?php print_string('forcesubscribeq', 'forum') ?>:</b></td>
<td>
@ -218,26 +207,7 @@
echo ' />';
echo '&nbsp;'.get_string('ratingsuse', 'forum').':';
echo '</td></tr>';
echo '<tr><td>';
// The odd order below was to maintain backward compatibility
unset($options);
$options[2] = get_string('ratingonlyteachers', 'forum', moodle_strtolower($course->teachers));
$options[1] = get_string('ratingeveryone', 'forum');
echo get_string('users').': ';
echo '</td><td>';
choose_from_menu($options, 'assessed', $form->assessed, '');
echo '</td></tr>';
echo '<tr><td>';
unset($options);
$options[0] = get_string('ratingpublicnot', 'forum', $course->students);
$options[1] = get_string('ratingpublic', 'forum', $course->students);
echo get_string('view').': ';
echo '</td><td>';
choose_from_menu($options, 'assesspublic', $form->assesspublic, '');
echo '</td></tr>';
echo '<tr><td>';
echo get_string('grade').': ';
echo '</td><td>';

21
mod/forum/post.html
View file

@ -1,4 +1,9 @@
<?php
/**
* This file is required by post.php. Therefore, the context objects
* $modcontext and $coursecontext are available to the script.
*/
if (!isset($discussion->timestart)) {
$discussion->timestart = 0;
}
@ -59,7 +64,8 @@ if (!isset($discussion->timeend)) {
<?php
if (forum_is_forcesubscribed($forum->id)) {
print_string("everyoneissubscribed", "forum");
} else if ($forum->forcesubscribe != FORUM_DISALLOWSUBSCRIBE || isteacher($forum->course)){
} else if ($forum->forcesubscribe != FORUM_DISALLOWSUBSCRIBE ||
has_capability('moodle/course:manageactivities', $coursecontext->id)){
unset($options);
if (forum_is_subscribed($USER->id, $post->forum)) {
$options[0] = get_string("subscribestart", "forum");
@ -102,7 +108,10 @@ if (!isset($discussion->timeend)) {
<?php } ?>
<?php if (isadmin() && empty($post->id)) { ?>
<?php
if (has_capability('moodle/course:manageactivities', $coursecontext->id)
&& empty($post->id)) {
?>
<tr valign="top">
<td align="right"><b><?php print_string("mailnow", "forum") ?>:</b></td>
@ -113,9 +122,8 @@ if (!isset($discussion->timeend)) {
<?php } ?>
<?php if (!empty($CFG->forum_enabletimedposts) &&
isteacher($course->id) && $forum->type == 'news' && !$post->parent) {
// This is the first post of a discussion in news forum
<?php if (!empty($CFG->forum_enabletimedposts) && !$post->parent) {
// This is the first post of a discussion, and timed posts are enabled.
?>
<tr valign="top">
<td align="right"><b><?php print_string("displayperiod", "forum") ?>:<br />(<?php print_string("optional") ?>)&nbsp;</b></td>
@ -150,7 +158,7 @@ if (!isset($discussion->timeend)) {
<?php } else { ?>
<input type="hidden" name="timestartdisabled" value="1" />
<input type="hidden" name="timeenddisabled" value="1" />
<?php } ?>
<? } ?>
<tr>
<td align="center" colspan="2">
<input type="hidden" name="course" value="<?php p($post->course) ?>" />
@ -158,6 +166,7 @@ if (!isset($discussion->timeend)) {
<input type="hidden" name="discussion" value="<?php p($post->discussion) ?>" />
<input type="hidden" name="parent" value="<?php p($post->parent) ?>" />
<input type="hidden" name="userid" value="<?php p($post->userid) ?>" />
<input type="hidden" name="groupid" value="<?php p($post->groupid) ?>" />
<input type="hidden" name="edit" value="<?php p($post->edit) ?>" />
<input type="submit" value="<?php p(($post->edit) ? get_string('savechanges') : get_string('posttoforum', 'forum')); ?>" />
</td>

264
mod/forum/post.php
View file

@ -12,14 +12,18 @@
$prune = optional_param('prune',0,PARAM_INT);
$name = optional_param('name','',PARAM_CLEAN);
$confirm = optional_param('confirm',0,PARAM_INT);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
if (isguest()) {
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
$wwwroot = str_replace('http','https', $wwwroot);
}
if (!empty($forum)) { // User is starting a new discussion in a forum
if (isset($forum)) { // User is starting a new discussion in a forum
if (! $forum = get_record('forum', 'id', $forum)) {
error('The forum number was incorrect');
}
@ -38,7 +42,10 @@
error('The course number was incorrect');
}
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) { // For the logs
// Teacher forum?
$cm->id = 0;
} else {
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
}
$strforums = get_string('modulenameplural', 'forum');
@ -61,84 +68,54 @@
require_login(0, false); // Script is useless unless they're logged in
if ($post = data_submitted()) {
if (! $forum = get_record('forum', 'id', $forum)) {
error('The forum number was incorrect');
if (empty($post->course)) {
error('No course was defined!');
}
if (!$course = get_record('course', 'id', $forum->course)) {
if (!$course = get_record('course', 'id', $post->course)) {
error('Could not find specified course!');
}
require_login($course->id, false);
$adminedit = (isadmin() and !empty($CFG->admineditalways));
if (!empty($course->lang)) { // Override current language
$CFG->courselang = $course->lang;
}
if (empty($SESSION->fromurl)) {
$errordestination = "$CFG->wwwroot/mod/forum/view.php?f=$forum->id";
$errordestination = "$CFG->wwwroot/mod/forum/view.php?f=$post->forum";
} else {
$errordestination = $SESSION->fromurl;
}
$post->subject = clean_param(strip_tags($post->subject, '<lang><span>'), PARAM_CLEAN); // Strip all tags except multilang
$post->subject = strip_tags($post->subject, '<lang><span>'); // Strip all tags except lang
//$post->message will be cleaned later before display
//$post->message = clean_text($post->message, $post->format); // Clean up any bad tags
$post->attachment = isset($_FILES['attachment']) ? $_FILES['attachment'] : NULL;
if (!$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) { // For the logs
if (!$cm = get_coursemodule_from_instance("forum", $post->forum, $course->id)) { // For the logs
$cm->id = 0;
}
if (($post->subject == '') or ($post->message == '')) {
if (!$post->subject or !$post->message) {
$post->error = get_string("emptymessage", "forum");
} else if ($post->edit) {
/// Updating a post
if (! $oldpost = forum_get_post_full($post->edit)) {
error("Post ID was incorrect");
}
if (($oldpost->userid <> $USER->id) and !$adminedit) {
error("You can't edit other people's posts!");
}
if (! $discussion = get_record("forum_discussions", "id", $oldpost->discussion)) {
error("This post is not part of a discussion!");
}
if ($discussion->forum != $forum->id) {
error("The forum number is incorrect");
}
if ($discussion->course != $course->id) {
error("The course number is incorrect");
}
if (!($forum->type == 'news' && !$oldpost->parent && $discussion->timestart > time())) {
if (((time() - $oldpost->created) > $CFG->maxeditingtime) and !$adminedit) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)) );
}
}
$updatepost = new object;
$updatepost->id = $oldpost->id;
$updatepost->parent = $oldpost->parent;
$updatepost->forum = $oldpost->forum;
$updatepost->discussion = $oldpost->discussion;
$updatepost->userid = $oldpost->userid;
$updatepost->subject = $post->subject; //already cleaned
$updatepost->message = $post->message; //cleaning only before display
$updatepost->format = $post->format;
$updatepost->attachment = $post->attachment;
$updatepost->course = $course->id;
$updatepost->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$updatepost->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
} else if ($post->edit) { // Updating a post
$post->id = $post->edit;
$message = '';
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$oldpost->parent) {
$updatediscussion = new object;
$updatediscussion->id = $oldpost->discussion;
//fix for bug #4314
if (!$realpost = get_record('forum_posts','id',$post->id)){
$realpost = new object;
$realpost->userid = -1;
}
if ( !(($realpost->userid == $USER->id && has_capability('mod/forum:replypost', $modcontext->id)) ||
has_capability('mod/forum:editanypost', $modcontext->id)) )
error("You can not update this post");
}
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$post->parent) {
$updatediscussion->id = $post->discussion;
if (empty($post->timestartdisabled)) {
$updatediscussion->timestart = make_timestamp($post->timestartyear, $post->timestartmonth, $post->timestartday);
} else {
@ -158,10 +135,10 @@
if (!isset($post->error)) {
if (forum_update_post($updatepost,$message)) {
if (forum_update_post($post,$message)) {
add_to_log($course->id, "forum", "update post",
"discuss.php?d=$updatepost->discussion&amp;parent=$updatepost->id", "$updatepost->id", $cm->id);
"discuss.php?d=$post->discussion&amp;parent=$post->id", "$post->id", $cm->id);
$timemessage = 2;
if (!empty($message)) { // if we're printing stuff about the file upload
@ -169,10 +146,10 @@
}
$message .= '<br />'.get_string("postupdated", "forum");
if ($subscribemessage = forum_post_subscription($updatepost)) {
if ($subscribemessage = forum_post_subscription($post)) {
$timemessage = 4;
}
redirect(forum_go_back_to("discuss.php?d=$updatepost->discussion#$updatepost->id"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("discuss.php?d=$post->discussion#$post->id"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotupdate", "forum"), $errordestination);
@ -180,49 +157,12 @@
exit;
}
} else if ($post->discussion) {
/// Adding a new post to an existing discussion
if (! $discussion = get_record("forum_discussions", "id", $post->discussion)) {
error("This post is not part of a discussion!");
}
if ($discussion->forum != $forum->id) {
error("The forum number is incorrect");
}
if ($discussion->course != $course->id) {
error("The course number is incorrect");
}
if (! $parent = forum_get_post_full($post->parent)) {
error("Parent post does not exist");
}
if ($parent->discussion != $discussion->id) {
error("Parent not in this discussion");
}
if (! forum_user_can_post($forum)) {
error("Sorry, but you can not post in this forum.");
}
$newpost = new object;
$newpost->parent = $post->parent;
$newpost->forum = $forum->id;
$newpost->discussion = $discussion->id;
$newpost->parent = $parent->id;
$newpost->subject = $post->subject; //already cleaned
$newpost->message = $post->message; //cleaning only before display
$newpost->format = $post->format;
$newpost->mailnow = optional_param('mailnow', 0, PARAM_BOOL);
$newpost->course = $course->id;
$newpost->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$newpost->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
} else if ($post->discussion) { // Adding a new post to an existing discussion
$message = '';
if ($newpost->id = forum_add_new_post($newpost,$message)) {
if ($post->id = forum_add_new_post($post,$message)) {
add_to_log($course->id, "forum", "add post",
"discuss.php?d=$newpost->discussion&amp;parent=$newpost->id", "$newpost->id", $cm->id);
"discuss.php?d=$post->discussion&amp;parent=$post->id", "$post->id", $cm->id);
$timemessage = 2;
if (!empty($message)) { // if we're printing stuff about the file upload
@ -230,51 +170,29 @@
}
$message .= '<br />'.get_string("postadded", "forum", format_time($CFG->maxeditingtime));
if ($subscribemessage = forum_post_subscription($newpost)) {
if ($subscribemessage = forum_post_subscription($post)) {
$timemessage = 4;
}
if ($newpost->mailnow) {
if ($post->mailnow) {
$message .= get_string("postmailnow", "forum");
$timemessage = 4;
}
redirect(forum_go_back_to("discuss.php?d=$newpost->discussion#$newpost->id"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("discuss.php?d=$post->discussion#$post->id"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotadd", "forum"), $errordestination);
}
exit;
} else {
/// Adding a new discussion
if (! forum_user_can_post_discussion($forum)) {
error("Sorry, but you can not post a new discussion in this forum.");
}
$discussion = new object;
$discussion->forum = $forum->id;
$discussion->course = $course->id;
$discussion->mailnow = optional_param('mailnow', 0, PARAM_BOOL);
$discussion->name = $post->subject;
} else { // Adding a new discussion
$post->mailnow = empty($post->mailnow) ? 0 : 1;
$discussion = $post;
$discussion->name = $post->subject;
$discussion->intro = $post->message;
$discussion->format = $post->format;
$discussion->groupid = get_current_group($course->id);
if (isteacheredit($course->id) and $discussion->groupid == 0) {
$discussion->groupid = -1;
}
$discussion->course = $course->id;
$discussion->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$discussion->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
if (! forum_user_can_post_discussion($forum)) {
error("Sorry, but you can not post a new discussion in this forum.");
}
$newstopic = false;
if (get_field('forum', 'type', 'id', $forum) == 'news') {
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$post->parent) {
$newstopic = true;
}
if ($newstopic && empty($post->timestartdisabled)) {
@ -302,7 +220,7 @@
}
$message .= '<br />'.get_string("postadded", "forum", format_time($CFG->maxeditingtime));
if ($discussion->mailnow) {
if ($post->mailnow) {
$message .= get_string("postmailnow", "forum");
$timemessage = 4;
}
@ -311,7 +229,7 @@
$timemessage = 4;
}
redirect(forum_go_back_to("view.php?f=$discussion->forum"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("view.php?f=$post->forum"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotadd", "forum"), $errordestination);
@ -328,8 +246,7 @@
$defaultformat = FORMAT_MOODLE;
}
if (!empty($post->error)) {
/// User is re-editing a failed posting
if (isset($post->error)) { // User is re-editing a failed posting
// Set up all the required objects again, and reuse the same $post
@ -369,14 +286,9 @@
}
}
} else if (!empty($forum)) {
/// User is starting a new discussion in a forum
} else if (!empty($forum)) { // User is starting a new discussion in a forum
if (!empty($_SERVER["HTTP_REFERER"])) {
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
} else {
$SESSION->fromurl = '';
}
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
if (! $forum = get_record("forum", "id", $forum)) {
error("The forum number was incorrect ($forum)");
@ -390,7 +302,7 @@
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (!$cm->visible and !isteacher($course->id)) {
if (!$cm->visible and !has_capability('moodle/course:manageactivities', $coursecontext->id)) {
error(get_string("activityiscurrentlyhidden"));
}
}
@ -406,10 +318,14 @@
$post->message = "";
$post->format = $defaultformat;
$post->groupid = get_current_group($course->id);
if ($post->groupid == 0) {
$post->groupid = -1;
}
forum_set_return();
} else if (!empty($reply)) {
/// User is writing a new reply
} else if (!empty($reply)) { // User is writing a new reply
if (! $parent = forum_get_post_full($reply)) {
error("Parent post ID was incorrect");
@ -429,13 +345,13 @@
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (groupmode($course, $cm) and !isteacheredit($course->id)) { // Make sure user can post here
if (groupmode($course, $cm)) { // Make sure user can post here
$mygroupid = mygroupid($course->id);
if (!((empty($mygroupid) and $discussion->groupid == -1) || (ismember($discussion->groupid)/*$mygroupid == $discussion->groupid*/))) {
error("Sorry, but you can not post in this discussion.");
}
}
if (!$cm->visible and !isteacher($course->id)) {
if (!$cm->visible and !has_capability('moodle/course:manageactivities', $coursecontext->id)) {
error(get_string("activityiscurrentlyhidden"));
}
}
@ -458,15 +374,13 @@
unset($SESSION->fromdiscussion);
} else if (!empty($edit)) {
/// User is editing their own post
$adminedit = (isadmin() and !empty($CFG->admineditalways));
} else if (!empty($edit)) { // User is editing their own post
if (! $post = forum_get_post_full($edit)) {
error("Post ID was incorrect");
}
if (($post->userid <> $USER->id) and !$adminedit) {
if (($post->userid <> $USER->id) and
!has_capability('mod/forum:editanypost', $modcontext->id)) {
error("You can't edit other people's posts!");
}
if ($post->parent) {
@ -481,9 +395,9 @@
error("The forum number was incorrect ($discussion->forum)");
}
if (!($forum->type == 'news' && !$post->parent && $discussion->timestart > time())) {
if (((time() - $post->created) > $CFG->maxeditingtime) and !$adminedit) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)),
"$CFG->wwwroot/mod/forum/discuss.php?d=$discussion->id#$post->id" );
if (((time() - $post->created) > $CFG->maxeditingtime) and
!has_capability('mod/forum:editanypost', $modcontext->id)) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)) );
}
}
if (! $course = get_record("course", "id", $discussion->course)) {
@ -500,8 +414,7 @@
unset($SESSION->fromdiscussion);
} else if (!empty($delete)) {
/// User is deleting a post
} else if (!empty($delete)) { // User is deleting a post
if (! $post = forum_get_post_full($delete)) {
error("Post ID was incorrect");
@ -512,8 +425,9 @@
if (! $forum = get_record("forum", "id", $discussion->forum)) {
error("The forum number was incorrect ($discussion->forum)");
}
if (($post->userid <> $USER->id) and !isteacher($forum->course)) {
error("You can't delete other people's posts!");
if ( !(($post->userid == $USER->id && has_capability('mod/forum:deleteownpost', $modcontext->id))
|| has_capability('mod/forum:deleteanypost', $modcontext->id)) ) {
error("You can't delete this post!");
}
if (!empty($forum->course)) {
if ($course = get_record('course', 'id', $forum->course)) {
@ -525,13 +439,13 @@
$replycount = forum_count_replies($post);
if (!empty($confirm) and confirm_sesskey()) { // User has confirmed the delete
if (!empty($confirm)) { // User has confirmed the delete
if ($post->totalscore) {
notice(get_string("couldnotdeleteratings", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
} else if ($replycount && !isteacher($course->id)) {
} else if ($replycount && !has_capability('mod/forum:deleteanypost', $modcontext->id)) {
error(get_string("couldnotdeletereplies", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
@ -552,7 +466,7 @@
redirect("view.php?f=$discussion->forum",
get_string("deleteddiscussion", "forum"), 1);
} else if (forum_delete_post($post, isteacher($course->id))) {
} else if (forum_delete_post($post, has_capability('mod/forum:deleteanypost', $modcontext->id))) {
add_to_log($discussion->course, "forum", "delete post",
"discuss.php?d=$post->discussion", "$post->id", $cm->id);
@ -565,19 +479,18 @@
}
} else {
// User just asked to delete something
} else { // User just asked to delete something
forum_set_return();
if ($replycount) {
if (!isteacher($course->id)) {
if (!has_capability('mof/forum:deleteanypost', $modcontext->id)) {
error(get_string("couldnotdeletereplies", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
}
print_header();
notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
"post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
"post.php?delete=$delete&amp;confirm=$delete",
$_SERVER["HTTP_REFERER"]);
forum_print_post($post, $course->id, $ownpost=false, $reply=false, $link=false);
@ -592,7 +505,7 @@
} else {
print_header();
notice_yesno(get_string("deletesure", "forum", $replycount),
"post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
"post.php?delete=$delete&amp;confirm=$delete",
$_SERVER["HTTP_REFERER"]);
forum_print_post($post, $forum->course, $ownpost=false, $reply=false, $link=false);
}
@ -602,8 +515,7 @@
die;
} else if (!empty($prune)) {
// Teacher is pruning
} else if (!empty($prune)) { // Teacher is pruning
if (!$post = forum_get_post_full($prune)) {
error("Post ID was incorrect");
@ -614,7 +526,7 @@
if (!$forum = get_record("forum", "id", $discussion->forum)) {
error("The forum number was incorrect ($discussion->forum)");
}
if (!isteacher($forum->course)) {
if (!has_capability('mod/forum:splitdiscussions', $modcontext->id)) {
error("You can't split discussions!");
}
if (!$post->parent) {
@ -624,12 +536,11 @@
$cm->id = 0;
}
if (!empty($name) and confirm_sesskey()) { // User has confirmed the prune
if (!empty($name)) { // User has confirmed the prune
$newdiscussion = new object;
$newdiscussion->course = $discussion->course;
$newdiscussion->forum = $discussion->forum;
$newdiscussion->name = strip_tags($name, '<lang><span>'); // Strip all tags except multilang
$newdiscussion->name = $name;
$newdiscussion->firstpost = $post->id;
$newdiscussion->userid = $discussion->userid;
$newdiscussion->groupid = $discussion->groupid;
@ -644,7 +555,7 @@
$newpost->id = $post->id;
$newpost->parent = 0;
$newpost->subject = $newdiscussion->name;
$newpost->subject = $name;
if (!update_record("forum_posts", $newpost)) {
error('Could not update the original post');
@ -752,11 +663,12 @@
if (!empty($parent) && !forum_user_can_see_post($forum,$discussion,$post)) {
error("You cannot reply to this post");
}
if (empty($parent) && !forum_user_can_post_discussion($forum, false, '', $edit)) {
if (empty($parent) && !forum_user_can_post_discussion($forum)) {
error("You cannot start a new discussion in this forum");
}
if ($forum->type == 'qanda' && !isteacher($forum->course) && !forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
if ($forum->type == 'qanda' && !has_capability('mod/forum:viewqandawithoutposting', $modcontext->id) &&
!forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
notify(get_string('qandanotify','forum'));
}
@ -770,7 +682,7 @@
} else {
$user_read_array = array();
}
if ($forum->type != 'qanda' || forum_user_can_see_discussion($forum,$discussion)) {
if ($forum->type != 'qanda' || forum_user_can_see_discussion($forum, $discussion, $modcontext->id)) {
forum_print_posts_threaded($parent->id, $course->id, 0, false, false, $user_read_array, $discussion->forum);
}
}

1
mod/forum/prune.html
View file

@ -11,7 +11,6 @@
<td align="center" colspan="2">
<input type="hidden" name="prune" value="<?php p($prune) ?>" />
<input type="hidden" name="confirm" value="<?php p($prune) ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="submit" value="<?php print_string('prune', 'forum'); ?>" />
</td>
</tr>

21
mod/forum/rate.php
View file

@ -5,13 +5,22 @@
require_once("../../config.php");
require_once("lib.php");
if (isguest()) {
error("Guests are not allowed to rate posts.", $_SERVER["HTTP_REFERER"]);
$id = required_param('id',PARAM_INT); // The course these ratings are part of
$forumid = required_param('forumid',PARAM_INT); // The forum the rated posts are from
if (! $cm = get_coursemodule_from_instance('forum', $forumid, $id)) {
error('Course Module ID was incorrect');
}
$id = required_param('id',PARAM_INT); // The course these ratings are part of
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:ratepost', $context->id) {
error('You do not have the permission to rate this post');
}
if (! $course = get_record("course", "id", $id)) {
error("Course ID was incorrect");
}
@ -73,4 +82,4 @@
error("This page was not accessed correctly");
}
?>
?>

39
mod/forum/report.php
View file

@ -5,8 +5,7 @@
require_once("../../config.php");
require_once("lib.php");
$id = required_param('id',PARAM_INT);
$sort = optional_param('sort', '', PARAM_RAW);
$id = required_param('id',PARAM_INT);
if (! $post = get_record("forum_posts", "id", $id)) {
error("Post ID was incorrect");
@ -23,16 +22,22 @@
if (! $course = get_record("course", "id", $forum->course)) {
error("Course ID was incorrect");
}
if (!isteacher($course->id) and $USER->id != $post->userid) {
error("You can only look at results for posts you own");
if (! $cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) {
error('Course Module ID was incorrect');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:viewrating', $context->id)) {
error('You do not have the capability to view post ratings');
}
if (!has_capability('mod/forum:viewanyrating', $context->id) and $USER->id != $post->userid) {
error("You can only look at results for posts that you made");
}
switch ($sort) {
case 'time': $sqlsort = "r.time ASC"; break;
case 'firstname': $sqlsort = "u.firstname ASC"; break;
case 'rating': $sqlsort = "r.rating ASC"; break;
default: $sqlsort = "r.time ASC";
if (!isset($sort)) {
$sort = "r.time";
}
$scalemenu = make_grades_menu($forum->scale);
@ -44,22 +49,18 @@
print_header("$strratings: ".format_string($post->subject));
if (!$ratings = forum_get_ratings($post->id, $sqlsort)) {
if (!$ratings = forum_get_ratings($post->id, $sort)) {
error("No ratings for this post: \"".format_string($post->subject)."\"");
} else {
echo "<table border=\"0\" cellpadding=\"3\" cellspacing=\"3\" class=\"generalbox\" width=\"100%\">";
echo "<tr>";
echo "<th>&nbsp;</th>";
echo "<th><a href=\"report.php?id=$post->id&amp;sort=firstname\">$strname</a>";
echo "<th width=\"100%\"><a href=\"report.php?id=$post->id&amp;sort=rating\">$strrating</a>";
echo "<th><a href=\"report.php?id=$post->id&amp;sort=time\">$strtime</a>";
echo "<th><a href=\"report.php?id=$post->id&amp;sort=u.firstname\">$strname</a>";
echo "<th width=\"100%\"><a href=\"report.php?id=$post->id&amp;sort=r.rating\">$strrating</a>";
echo "<th><a href=\"report.php?id=$post->id&amp;sort=r.time\">$strtime</a>";
foreach ($ratings as $rating) {
if (isteacher($discussion->course, $rating->id)) {
echo '<tr class="forumpostheadertopic">';
} else {
echo '<tr class="forumpostheader">';
}
echo '<tr class="forumpostheader">';
echo "<td>";
print_user_picture($rating->id, $forum->course, $rating->picture);
echo '<td nowrap="nowrap"><p><font size="-1">'.fullname($rating).'</p>';

29
mod/forum/restorelib.php
View file

@ -165,11 +165,7 @@
$status = true;
//Get the discussions array
if (!empty($info['MOD']['#']['SUBSCRIPTIONS'])) {
$subscriptions = $info['MOD']['#']['SUBSCRIPTIONS']['0']['#']['SUBSCRIPTION'];
} else {
$subscriptions = array();
}
$subscriptions = $info['MOD']['#']['SUBSCRIPTIONS']['0']['#']['SUBSCRIPTION'];
//Iterate over subscriptions
for($i = 0; $i < sizeof($subscriptions); $i++) {
@ -226,11 +222,7 @@
$status = true;
//Get the discussions array
if (!empty($info['MOD']['#']['DISCUSSIONS'])) {
$discussions = $info['MOD']['#']['DISCUSSIONS']['0']['#']['DISCUSSION'];
} else {
$discussions = array();
}
$discussions = $info['MOD']['#']['DISCUSSIONS']['0']['#']['DISCUSSION'];
//Iterate over discussions
for($i = 0; $i < sizeof($discussions); $i++) {
@ -331,11 +323,7 @@
$status = true;
//Get the read array
if (!empty($info['MOD']['#']['READPOSTS'])) {
$readposts = $info['MOD']['#']['READPOSTS']['0']['#']['READ'];
} else {
$readposts = array();
}
$readposts = $info['MOD']['#']['READPOSTS']['0']['#']['READ'];
//Iterate over readposts
for($i = 0; $i < sizeof($readposts); $i++) {
@ -878,17 +866,6 @@
$log->url = "search.php?id=".$log->course."&search=".urlencode($log->info);
$status = true;
break;
case "user report":
//recode the info field (it's the user id)
$user = backup_getid($restore->backup_unique_code,"user",$log->info);
if ($user) {
$log->info = $user->new_id;
//Now, extract the mode from the url field
$mode = substr(strrchr($log->url,"="),1);
$log->url = "user.php?course=".$log->course."&id=".$log->info."&mode=".$mode;
$status = true;
}
break;
default:
if (!defined('RESTORE_SILENTLY')) {
echo "action (".$log->module."-".$log->action.") unknown. Not restored<br />"; //Debug

20
mod/forum/rsslib.php
View file

@ -78,20 +78,6 @@
}
return $status;
}
// Given a forum object, deletes the RSS file
function forum_rss_delete_file($forum) {
global $CFG;
//return unlink("{$CFG->dataroot}/rss/{$modname}/{$forum->id}.xml");
$rssfile = rss_file_name('forum', $forum);
if (file_exists($rssfile)) {
return unlink($rssfile);
} else {
return true;
}
}
function forum_rss_newstuff($forum, $time) {
// If there is new stuff in the forum since $time then this returns
@ -172,7 +158,7 @@
$items = array();
if ($newsince) {
$newsince = " AND (p.modified > '$newsince' OR d.timemodified > '$newsince')";
$newsince = " AND p.modified > '$newsince'";
} else {
$newsince = "";
}
@ -232,7 +218,7 @@
$items = array();
if ($newsince) {
$newsince = " AND (p.modified > '$newsince' OR d.timemodified > '$newsince')";
$newsince = " AND p.modified > '$newsince'";
} else {
$newsince = "";
}
@ -277,7 +263,7 @@
$item->description = format_text($rec->postmessage,$rec->postformat,NULL,$forum->course);
$post_file_area_name = "$forum->course/$CFG->moddata/forum/$forum->id/$rec->postid";
$post_file_area_name = str_replace('//', '/', "$forum->course/$CFG->moddata/$rec->course/forum/$forum->id/$rec->postid");
$post_files = get_directory_list("$CFG->dataroot/$post_file_area_name");
if (!empty($post_files)) {

43
mod/forum/search.php
View file

@ -114,13 +114,13 @@
$searchform = forum_search_form($course, $search);
if ((!isteacheredit($course->id)) and forum_get_separate_modules($course->id)) {
$sepgroups = user_group($course->id, $USER->id);
if ($group = user_group($course->id, $USER->id)) {
$groupid = $group->id;
} else {
$sepgroups = false;
$groupid = 0;
}
if (!$posts = forum_search_posts($searchterms, $course->id, $page*$perpage, $perpage, $totalcount, $sepgroups)) {
if (!$posts = forum_search_posts($searchterms, $course->id, $page*$perpage, $perpage, $totalcount, $groupid)) {
print_header_simple("$strsearchresults", "",
"<a href=\"index.php?id=$course->id\">$strforums</a> ->
@ -361,15 +361,7 @@ function forum_clean_search_terms($words, $prefix='') {
function forum_menu_list($course) {
$menu = array();
$currentgroup = get_current_group($course->id);
$isteacher = isteacher($course->id);
if ($isteacher) { // Add teacher forum
if ($forum = forum_get_course_forum($course->id, 'teacher')) {
$menu[$forum->id] = format_string($forum->name,true);
}
}
if ($forums = get_all_instances_in_course("forum", $course)) {
if ($course->format == 'weeks') {
@ -379,23 +371,19 @@ function forum_menu_list($course) {
}
foreach ($forums as $forum) {
if (!$isteacher) { // Non-teachers
if ($forum->type == "teacher") {
if ($cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) {
if (!isset($forum->visible)) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!instance_is_visible("forum", $forum) &&
!has_capability('moodle/course:viewhiddenactivities', $context->id)) {
continue;
}
}
$groupmode = groupmode($course, $cm); // Groups are being used
if (($groupmode == SEPARATEGROUPS) and ($currentgroup === false)) {
continue;
}
if (!isset($forum->visible)) {
if (! instance_is_visible("forum", $forum)) {
continue;
}
}
if ($cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) {
$groupmode = groupmode($course, $cm); // Groups are being used
if (($groupmode == SEPARATEGROUPS) and ($currentgroup === false)) {
continue;
}
}
}
$menu[$forum->id] = format_string($forum->name,true);
}
}
@ -403,5 +391,4 @@ function forum_menu_list($course) {
return $menu;
}
?>
?>

2
mod/forum/settracking.php
View file

@ -27,7 +27,7 @@
if (isguest()) { // Guests can't change tracking
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
$wwwroot = str_replace('http','https', $wwwroot);
}
$strforums = get_string('modulenameplural', 'forum');

29
mod/forum/subscribe.php
View file

@ -18,20 +18,24 @@
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (groupmode($course, $cm) and !isteacheredit($course->id)) { // Make sure user is allowed
if (! mygroupid($course->id)) {
error("Sorry, but you must be a group member to subscribe.");
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (groupmode($course, $cm) and
!has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) {
if (!mygroupid($course->id)) {
error('Sorry, but you must be a group member to subscribe.');
}
}
} else {
$cm->id = 0;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
}
if ($user) {
if (!isteacher($course->id)) {
error("Only teachers can subscribe/unsubscribe other people!");
if (!has_capability('mod/forum:managesubscriptions', $context->id)) {
error('You do not have the permission to subscribe/unsubscribe other people!');
}
if (! $user = get_record("user", "id", $user)) {
if (!$user = get_record("user", "id", $user)) {
error("User ID was incorrect");
}
} else {
@ -43,7 +47,7 @@
if (isguest()) { // Guests can't subscribe
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
$wwwroot = str_replace('http','https', $wwwroot);
}
$strforums = get_string('modulenameplural', 'forum');
@ -63,15 +67,9 @@
exit;
}
if ($forum->type == "teacher") {
if (!isteacher($course->id)) {
error("You must be a $course->teacher to subscribe to this forum");
}
}
$returnto = forum_go_back_to("index.php?id=$course->id");
if ($force and isteacher($course->id)) {
if ($force and has_capability('mod/forum:managesubscriptions', $context->id)) {
if (forum_is_forcesubscribed($forum->id)) {
forum_forcesubscribe($forum->id, 0);
redirect($returnto, get_string("everyonecanchoose", "forum"), 1);
@ -97,7 +95,8 @@
}
} else { // subscribe
if ($forum->forcesubscribe == FORUM_DISALLOWSUBSCRIBE && !isteacher($forum->course)) {
if ($forum->forcesubscribe == FORUM_DISALLOWSUBSCRIBE &&
!has_capability('mod/forum:managesubscriptions', $context->id)) {
error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
}
if (forum_subscribe($user->id, $forum->id) ) {

22
mod/forum/subscribers.php
View file

@ -21,18 +21,16 @@
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("This page is for teachers only");
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:viewsubscribers', $context->id)) {
error('You do not have the permission to view forum subscribers');
}
unset($SESSION->fromdiscussion);
add_to_log($course->id, "forum", "view subscribers", "subscribers.php?id=$forum->id", $forum->id, $cm->id);
if ($edit != -1) {
$USER->subscriptionsediting = $edit;
}
$strsubscribeall = get_string("subscribeall", "forum");
$strsubscribenone = get_string("subscribenone", "forum");
$strsubscribers = get_string("subscribers", "forum");
@ -41,8 +39,16 @@
$navigation = "<a href=\"index.php?id=$course->id\">$strforums</a> ->
<a href=\"view.php?f=$forum->id\">".format_string($forum->name,true)."</a> -> $strsubscribers";
print_header_simple("$strsubscribers", "", "$navigation",
"", "", true, forum_update_subscriptions_button($course->id, $id));
if (has_capability('mod/forum:managesubscriptions', $context->id)) {
print_header_simple("$strsubscribers", "", "$navigation",
"", "", true, forum_update_subscriptions_button($course->id, $id));
if ($edit != -1) {
$USER->subscriptionsediting = $edit;
}
} else {
print_header_simple("$strsubscribers", "", "$navigation", "", "", true, '');
unset($USER->subscriptionsediting);
}
/// Check to see if groups are being used in this forum
if ($groupmode = groupmode($course, $cm)) { // Groups are being used

34
mod/forum/user.php
View file

@ -27,7 +27,7 @@
require_course_login($course);
add_to_log($course->id, "forum", "user report", "user.php?course=$course->id&amp;id=$user->id&amp;mode=$mode", "$user->id");
add_to_log($course->id, "forum", "user report", "user.php?id=$course->id&amp;user=$user->id&amp;mode=$mode", "$user->id");
$strforumposts = get_string('forumposts', 'forum');
$strparticipants = get_string('participants');
@ -49,11 +49,18 @@
$currenttab = $mode;
include($CFG->dirroot.'/user/tabs.php'); /// Prints out tabs as part of user page
if ((!isteacheredit($course->id)) and forum_get_separate_modules($course->id)) {
$sepgroups = user_group($course->id, $USER->id);
} else {
$sepgroups = false;
$isseparategroups = /*(($course->groupmode == SEPARATEGROUPS and
$course->groupmodeforce and
!isteacheredit($course->id))*/forum_get_separate_modules($course->id);
/*
//editting teacher can view everything so do not pass in groupid
if (isteacheredit ($course->id)){
$isseparategroups = false;
}
*/
$groupid = $isseparategroups ? /*get_current_group*/mygroupid($course->id) : NULL;
switch ($mode) {
case 'posts' :
@ -68,8 +75,10 @@
}
echo '<div class="user-content">';
// Get the posts regardless of group first.
if ($posts = forum_search_posts($searchterms, $course->id, $page*$perpage, $perpage,
$totalcount, $sepgroups, $extrasql)) {
$totalcount, $groupid, $extrasql)) {
print_paging_bar($totalcount, $page, $perpage,
"user.php?id=$user->id&amp;course=$course->id&amp;mode=$mode&amp;perpage=$perpage&amp;");
foreach ($posts as $post) {
@ -80,7 +89,7 @@
if (! $forum = get_record('forum', 'id', "$discussion->forum")) {
error("Could not find forum $discussion->forum");
}
$fullsubject = "<a href=\"view.php?f=$forum->id\">".format_string($forum->name,true)."</a>";
if ($forum->type != 'single') {
$fullsubject .= " -> <a href=\"discuss.php?d=$discussion->id\">".format_string($discussion->name,true)."</a>";
@ -88,19 +97,20 @@
$fullsubject .= " -> <a href=\"discuss.php?d=$post->discussion&amp;parent=$post->id\">".format_string($post->subject,true)."</a>";
}
}
if (isadmin() && $course->id == SITEID) {
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if ($course->id == SITEID && has_capability('moodle/site:config', $context->id)) {
$postcoursename = get_field('course', 'shortname', 'id', $forum->course);
$fullsubject = '<a href="'.$CFG->wwwroot.'/course/view.php?id='.$forum->course.'">'.$postcoursename.'</a> -> '. $fullsubject;
}
$post->subject = $fullsubject;
$fulllink = "<a href=\"discuss.php?d=$post->discussion#$post->id\">".
get_string("postincontext", "forum")."</a>";
forum_print_post($post, $course->id, false, false, false, false, $fulllink);
echo "<br />";
}

2
mod/forum/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006011702;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 60;

32
mod/forum/view.php
View file

@ -60,12 +60,15 @@
$navigation = "<a href=\"index.php?id=$course->id\">$strforums</a> ->";
if ($forum->type == "teacher") {
if (!isteacher($course->id)) {
error("You must be a $course->teacher to view this forum");
}
}
/// Check whether the should be able to view this forum.
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/forum:viewforum', $context->id)) {
error('You do not have the permission to view this forum');
}
if ($cm->id) {
add_to_log($course->id, "forum", "view forum", "view.php?id=$cm->id", "$forum->id", $cm->id);
} else {
@ -75,7 +78,7 @@
print_header_simple(format_string($forum->name), "",
"$navigation ".format_string($forum->name), "", "", true, $buttontext, navmenu($course, $cm));
if (empty($cm->visible) and !isteacher($course->id)) {
if (empty($cm->visible) and !has_capability('moodle/course:manageactivities', $context->id)) {
notice(get_string("activityiscurrentlyhidden"));
}
@ -91,7 +94,9 @@
$currentgroup = get_and_set_current_group($course, $groupmode, $changegroup);
if ($groupmode and ($currentgroup === false) and !isteacheredit($course->id)) {
if ($groupmode and ($currentgroup === false) and
!has_capability('mod/forum:viewdiscussionsfromallgroups', $context->id)) {
print_heading(get_string("notingroup", "forum"));
print_footer($course);
exit;
@ -108,7 +113,9 @@
///menu for students in forums.
//now we need a menu for separategroups as well!
if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
if ($groupmode == VISIBLEGROUPS or ($groupmode and
has_capability('module:forum:viewdiscussionsfromallgroups', $context->id))) {
//the following query really needs to change
if ($groups = get_records_menu("groups", "courseid", $course->id, "name ASC", "id,name")) {
echo '<td>';
@ -143,7 +150,7 @@
$strallowchoice = get_string('allowchoice', 'forum');
helpbutton("subscription", $streveryoneissubscribed, "forum");
echo '&nbsp;<span class="helplink">';
if (isteacher($course->id)) {
if (has_capability('moodle/course:manageactivities', $context->id)) {
echo "<a title=\"$strallowchoice\" href=\"subscribe.php?id=$forum->id&amp;force=no\">$streveryoneissubscribed</a>";
} else {
echo $streveryoneissubscribed;
@ -161,7 +168,7 @@
helpbutton("subscription", $streveryonecanchoose, "forum");
echo '&nbsp;';
if (isteacher($course->id)) {
if (has_capability('moodle/course:manageactivities', $context->id)) {
echo "<span class=\"helplink\"><a title=\"$strforcesubscribe\" href=\"subscribe.php?id=$forum->id&amp;force=yes\">$streveryonecanchoose</a></span>";
echo "<br />";
echo "<span class=\"helplink\"><a href=\"subscribers.php?id=$forum->id\">$strshowsubscribers</a></span>";
@ -223,7 +230,7 @@
notify(get_string('thisforumisthrottled','forum',$a));
}
if ($forum->type == 'qanda' && !isteacher($forum->course)) {
if ($forum->type == 'qanda' && !has_capability('moodle/course:manageactivities', $context->id)) {
notify(get_string('qandanotify','forum'));
}
@ -246,7 +253,8 @@
set_user_preference("forum_displaymode", $mode);
}
$displaymode = get_user_preferences("forum_displaymode", $CFG->forum_displaymode);
forum_print_discussion($course, $forum, $discussion, $post, $displaymode);
$canrate = has_capability('mod/forum:rate', $context->id);
forum_print_discussion($course, $forum, $discussion, $post, $displaymode, NULL, $canrate);
break;
case 'eachuser':

11
mod/glossary/approve.php
View file

@ -12,7 +12,7 @@
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
@ -21,10 +21,11 @@
error("Course module is incorrect");
}
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:approve', $context->id, true);
$newentry->id = $eid;
$newentry->approved = 1;

14
mod/glossary/comment.php
View file

@ -37,8 +37,10 @@
}
require_login($course->id, false, $cm);
if (isguest()) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (isguest()) {
error('Guests are not allowed to post comments', $_SERVER['HTTP_REFERER']);
}
add_to_log($course->id, 'glossary', 'view', "view.php?id=$cm->id", "$glossary->id",$cm->id);
@ -72,10 +74,10 @@
/// Input section
if ( $action == 'delete' ) {
if (($comment->userid <> $USER->id) and !isteacher($glossary->course)) {
if (($comment->userid <> $USER->id) and !has_capability('mod/glossary:managecomments', $context->id)) {
error('You can\'t delete other people\'s comments!');
}
if (!$glossary->allowcomments && !isteacher($glossary->course)) {
if (!$glossary->allowcomments && !has_capability('mod/glossary:managecomments', $context->id)) {
error('You can\'t delete comments in this glossary!');
}
if ( $confirm ) {
@ -111,7 +113,7 @@
print_simple_box_end();
}
} else {
if (!$glossary->allowcomments && !isteacher($glossary->course)) {
if (!$glossary->allowcomments && !has_capability('mod/glossary:comment', $context->id)) {
error('You can\'t add/edit comments to this glossary!');
}
if ( $action == 'edit' ) {
@ -121,7 +123,7 @@
$timetocheck = $comment->timemodified;
}
$ineditperiod = ((time() - $timetocheck < $CFG->maxeditingtime) || $glossary->editalways);
if ( (!$ineditperiod || $USER->id != $comment->userid) and !isteacher($course->id) and $cid) {
if ( (!$ineditperiod || $USER->id != $comment->userid) and !has_capability('mod/glossary:comment', $context->id) and $cid) {
if ( $USER->id != $comment->userid ) {
error('You can\'t edit other people\'s comments!');
} elseif (!$ineditperiod) {

3
mod/glossary/comments.php
View file

@ -25,6 +25,7 @@
error("Entry is incorrect");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_login($course->id, false, $cm);
@ -56,7 +57,7 @@
print_heading(format_string(get_string('commentson','glossary')." <b>\"$entry->concept\"</b>"));
if ($glossary->allowcomments || isteacher($glossary->course)) {
if ($glossary->allowcomments || has_capability('mod/glossary:managecomments', $context->id)) {
print_heading("<a href=\"comment.php?id=$cm->id&amp;eid=$entry->id\">$straddcomment</a> <img title=\"$straddcomment\" src=\"comment.gif\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" />");
}

192
mod/glossary/db/access.php Normal file
View file

@ -0,0 +1,192 @@
<?php
//
// Capability definitions for the glossary module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_glossary_capabilities = array(
'mod/glossary:view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:write' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:manageentries' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:managecategories' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:comment' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:managecomments' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:import' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:export' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:approve' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:rate' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/glossary:viewrating' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
);
?>

5
mod/glossary/deleteentry.php
View file

@ -29,7 +29,8 @@
}
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (isguest()) {
error("Guests are not allowed to edit or delete entries", $_SERVER["HTTP_REFERER"]);
}
@ -38,7 +39,7 @@
error("Glossary is incorrect");
}
if (!isteacher($course->id) and !$glossary->studentcanpost ) {
if (!has_capability('mod/glossary:manageentries', $context->id) ) {
error("You are not allowed to edit or delete entries");
}

20
mod/glossary/edit.php
View file

@ -16,6 +16,8 @@ if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
@ -36,7 +38,7 @@ if ($CFG->dbtype == 'postgres7' ) {
$lcase = 'lcase';
}
if (!$glossary->studentcanpost && !isteacher($glossary->course)) {
if (!$glossary->studentcanpost && !has_capability('mod/glossary:manageentries', $context->id)) {
error("You can't add/edit entries to this glossary!");
}
if ( $confirm ) {
@ -65,7 +67,7 @@ if ( $confirm ) {
$newentry->timemodified = $timenow;
$newentry->approved = 0;
$newentry->aliases = "";
if ( $glossary->defaultapproval or isteacher($course->id) ) {
if ( $glossary->defaultapproval or has_capability('mod/glossary:approve', $context->id) ) {
$newentry->approved = 1;
}
@ -119,7 +121,7 @@ if ( $confirm ) {
//Perhaps too much security? Anyway thanks to skodak (Bug 1823)
$old = get_record('glossary_entries', 'id', $e);
$ineditperiod = ((time() - $old->timecreated < $CFG->maxeditingtime) || $glossary->editalways);
if ( (!$ineditperiod || $USER->id != $old->userid) and !isteacher($course->id) and $e) {
if ( (!$ineditperiod || $USER->id != $old->userid) and !has_capability('mod/glossary:manageentries', $context->id) and $e) {
if ( $USER->id != $old->userid ) {
error("You can't edit other people's entries!");
} elseif (!$ineditperiod) {
@ -164,11 +166,11 @@ if ( $confirm ) {
error("Could not update this glossary entry because this concept already exist.");
}
} else {
$newentry->userid = $USER->id;
$newentry->timecreated = $timenow;
$newentry->sourceglossaryid = 0;
$newentry->teacherentry = isteacher($course->id);
$newentry->teacherentry = has_capability('mod/glossary:manageentries', $context->id);
$permissiongranted = 1;
if ( !$glossary->allowduplicatedentries ) {
@ -235,7 +237,7 @@ if ( $confirm ) {
$newentry->definition = $form->definition;
$newentry->format = $form->format;
$newentry->timemodified = time();
$newentry->approved = $glossary->defaultapproval or isteacher($course->id);
$newentry->approved = $glossary->defaultapproval or has_capability('mod/glossary:approve', context->id);
$newentry->usedynalink = $form->usedynalink;
$newentry->casesensitive = $form->casesensitive;
$newentry->fullmatch = $form->fullmatch;
@ -306,7 +308,7 @@ print_header_simple(format_string($glossary->name), "",
"", true, "", navmenu($course, $cm));
$ineditperiod = ((time() - $newentry->timecreated < $CFG->maxeditingtime) || $glossary->editalways);
if ( (!$ineditperiod || $USER->id != $newentry->userid) and !isteacher($course->id) and $e) {
if ( (!$ineditperiod || $USER->id != $newentry->userid) and !has_capability('mod/glossary:manageentries', $context->id) and $e) {
if ( $USER->id != $newentry->userid ) {
error("You can't edit other people's entries!");
} elseif (!$ineditperiod) {
@ -329,6 +331,10 @@ if ( (!$ineditperiod || $USER->id != $newentry->userid) and !isteacher($course-
$tab = GLOSSARY_ADDENTRY_VIEW;
include("tabs.html");
if (!$e) {
has_capability('glossary_write', $context->id, true);
}
include("edit.html");
echo '</center>';

7
mod/glossary/editcategories.php
View file

@ -19,6 +19,8 @@
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
@ -41,9 +43,8 @@
require_login($course->id, false);
if ( !isteacher($course->id) ) {
error("You must be a teacher to use this page.");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:managecategories', $context->id, true);
$strglossaries = get_string("modulenameplural", "glossary");
$strglossary = get_string("modulename", "glossary");

8
mod/glossary/export.php
View file

@ -22,10 +22,10 @@
error("Course module is incorrect");
}
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
require_login($course->id, false);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:export', $context->id, true);
$strglossaries = get_string("modulenameplural", "glossary");
$strglossary = get_string("modulename", "glossary");

6
mod/glossary/exportentry.php
View file

@ -29,10 +29,8 @@
$lcase = 'lcase';
}
if ( !isteacher($cm->course) ) {
$PermissionGranted = 0;
error('You must be a teacher to use this page.');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:export', $context->id, true);
if (! $course = get_record('course', 'id', $cm->course)) {
error('Course is misconfigured');

8
mod/glossary/exportfile.php
View file

@ -21,10 +21,10 @@
}
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:export', $context->id, true);
$filename = clean_filename(strip_tags(format_string($glossary->name,true)).'.xml');
$content = glossary_generate_export_file($glossary,$l,$cat);

10
mod/glossary/import.php
View file

@ -18,7 +18,7 @@
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
@ -27,10 +27,10 @@
error("Course module is incorrect");
}
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
require_login($course->id, false);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:import', $context->id, true);
if ($dest != 'new' and $dest != 'current') {
$dest = 'current';

39
mod/glossary/lib.php
View file

@ -738,10 +738,11 @@ function glossary_print_entry_aliases($course, $cm, $glossary, $entry,$mode='',
function glossary_print_entry_icons($course, $cm, $glossary, $entry, $mode='',$hook='', $type = 'print') {
global $USER, $CFG;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$output = false; //To decide if we must really return text in "return". Activate when needed only!
$importedentry = ($entry->sourceglossaryid == $glossary->id);
$isteacher = isteacher($course->id);
$ismainglossary = $glossary->mainglossary;
@ -752,16 +753,16 @@ function glossary_print_entry_icons($course, $cm, $glossary, $entry, $mode='',$h
}
$return .= glossary_print_entry_commentslink($course, $cm, $glossary, $entry,$mode,$hook,'html');
if ( (!empty($USER->id) && $glossary->allowcomments && !isguest()) || $isteacher) {
$output = true;
if (has_capability('mod/glossary:comment', $context->id)) {
$output = true;
$return .= ' <a title="' . get_string('addcomment','glossary') . '" href="comment.php?id='.$cm->id.'&amp;eid='.$entry->id.'"><img src="comment.gif" height="11" width="11" border="0" alt="'.get_string('addcomment','glossary').'" /></a>';
}
if ($isteacher or (!empty($USER->id) and $glossary->studentcanpost and $entry->userid == $USER->id)) {
if (has_capability('mod/glossary:write', $context->id) or (!empty($USER->id) and $glossary->studentcanpost and $entry->userid == $USER->id)) {
// only teachers can export entries so check it out
if ($isteacher and !$ismainglossary and !$importedentry) {
$mainglossary = get_record('glossary','mainglossary',1,'course',$course->id);
if (has_capability('mod/glossary:export', $context->id) and !$ismainglossary and !$importedentry) {
$mainglossary = get_record('glossary','mainglossary',1,'course',$course->id);
if ( $mainglossary ) { // if there is a main glossary defined, allow to export the current entry
$output = true;
$return .= ' <a title="'.get_string('exporttomainglossary','glossary') . '" href="exportentry.php?id='.$cm->id.'&amp;entry='.$entry->id.'&amp;mode='.$mode.'&amp;hook='.$hook.'"><img src="export.gif" height="11" width="11" border="0" alt="'.get_string('exporttomainglossary','glossary').'" /></a>';
@ -778,7 +779,7 @@ function glossary_print_entry_icons($course, $cm, $glossary, $entry, $mode='',$h
// -It isn't a imported entry (so nobody can edit a imported (from secondary to main) entry)) and
// -The user is teacher or he is a student with time permissions (edit period or editalways defined).
$ineditperiod = ((time() - $entry->timecreated < $CFG->maxeditingtime) || $glossary->editalways);
if ( !$importedentry and ($isteacher or ($entry->userid == $USER->id and $ineditperiod))) {
if ( !$importedentry and (has_capability('mod/glossary:manageentries', $context->id) or ($entry->userid == $USER->id and $ineditperiod))) {
$output = true;
$return .= " <a title=\"" . get_string("delete") . "\" href=\"deleteentry.php?id=$cm->id&amp;mode=delete&amp;entry=$entry->id&amp;prevmode=$mode&amp;hook=$hook\"><img src=\"";
$return .= $icon;
@ -1301,13 +1302,16 @@ function glossary_print_author_menu($cm, $glossary,$mode, $hook, $sortkey = '',
}
function glossary_print_categories_menu($cm, $glossary, $hook, $category) {
global $CFG;
global $CFG;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
echo '<table border="0" width="100%">';
echo '<tr>';
echo '<td align="center" width="20%">';
if ( isteacher($glossary->course) ) {
if (has_capability('mod/glossary:managecategories', $context->id)) {
$options['id'] = $cm->id;
$options['mode'] = 'cat';
$options['hook'] = $hook;
@ -1507,6 +1511,8 @@ function glossary_sort_entries ( $entry0, $entry1 ) {
function glossary_print_comment($course, $cm, $glossary, $entry, $comment) {
global $CFG, $USER;
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$user = get_record('user', 'id', $comment->userid);
$strby = get_string('writtenby','glossary');
@ -1536,11 +1542,11 @@ function glossary_print_comment($course, $cm, $glossary, $entry, $comment) {
echo '<div class="icons commands">';
$ineditperiod = ((time() - $comment->timemodified < $CFG->maxeditingtime) || $glossary->editalways);
if ( ($glossary->allowcomments && $ineditperiod && $USER->id == $comment->userid) || isteacher($course->id) ) {
if ( ($glossary->allowcomments && $ineditperiod && $USER->id == $comment->userid) || has_capability('mod/glossary:managecomments', $context->id)) {
echo "<a href=\"comment.php?id=$cm->id&amp;eid=$entry->id&amp;cid=$comment->id&amp;action=edit\"><img
alt=\"" . get_string("edit") . "\" src=\"$CFG->pixpath/t/edit.gif\" height=\"11\" width=\"11\" border=\"0\" /></a> ";
}
if ( ($glossary->allowcomments && $USER->id == $comment->userid) || isteacher($course->id) ) {
if ( ($glossary->allowcomments && $USER->id == $comment->userid) || has_capability('mod/glossary:managecomments', $context->id) ) {
echo "<a href=\"comment.php?id=$cm->id&amp;eid=$entry->id&amp;cid=$comment->id&amp;action=delete\"><img
alt=\"" . get_string("delete") . "\" src=\"$CFG->pixpath/t/delete.gif\" height=\"11\" width=\"11\" border=\"0\" /></a>";
}
@ -1552,7 +1558,14 @@ function glossary_print_comment($course, $cm, $glossary, $entry, $comment) {
function glossary_print_entry_ratings($course, $entry, $ratings = NULL) {
global $USER;
global $USER, $CFG;
$glossary = get_record('glossary', 'id', $entry->glossaryid);
$glossarymod = get_record('modules','name','glossary');
$cm = get_record_sql("select * from {$CFG->prefix}course_modules where course = $course->id
and module = $glossarymod->id and instance = $glossary->id");
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$ratingsmenuused = false;
if (!empty($ratings) and !empty($USER->id)) {
@ -1563,7 +1576,7 @@ function glossary_print_entry_ratings($course, $entry, $ratings = NULL) {
}
}
if ($useratings) {
if (isteacher($course->id)) {
if (has_capability('mod/glossary:viewrating', $context->id)) {
glossary_print_ratings_mean($entry->id, $ratings->scale);
if ($USER->id != $entry->userid) {
glossary_print_rating_menu($entry->id, $USER->id, $ratings->scale);

10
mod/glossary/report.php
View file

@ -18,8 +18,12 @@
if (! $course = get_record("course", "id", $glossary->course)) {
error("Course ID was incorrect");
}
if (!isteacher($course->id) and $USER->id != $entry->userid) {
$module = get_record("modules","name","glossary");
$cm = get_record("course_modules","module",$module->id,"instance",$entry->glossaryid);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/glossary:manageentries', $context->id) and $USER->id != $entry->userid) {
error("You can only look at results for your own entries");
}
@ -50,7 +54,7 @@
echo "<th width=\"100%\" class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=rating\">$strrating</a></th>";
echo "<th class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=time\">$strtime</a></th>";
foreach ($ratings as $rating) {
if (isteacher($glossary->course, $rating->id)) {
if (has_capability('mod/glossary:manageentries', $context->id)) {
echo '<tr class="teacher">';
} else {
echo '<tr>';

26
mod/glossary/tabs.html
View file

@ -16,20 +16,19 @@
$data[GLOSSARY_CATEGORY_VIEW]->caption = get_string("categoryview", "glossary");
$data[GLOSSARY_DATE_VIEW]->caption = get_string("dateview", "glossary");
$data[GLOSSARY_AUTHOR_VIEW]->caption = get_string("authorview","glossary");
if (!isguest()) {
if ( isteacher($course->id) or $glossary->studentcanpost ) {
$data[GLOSSARY_ADDENTRY_VIEW]->caption = get_string("addentry", "glossary");
$data[GLOSSARY_ADDENTRY_VIEW]->link = "edit.php?id=$cm->id";
}
if (has_capability('mod/glossary:write', $context->id)) {
$data[GLOSSARY_ADDENTRY_VIEW]->caption = get_string("addentry", "glossary");
$data[GLOSSARY_ADDENTRY_VIEW]->link = "edit.php?id=$cm->id";
}
if ( isteacher($course->id) ) {
if (has_capability('mod/glossary:import', $context->id)) {
$data[GLOSSARY_IMPORT_VIEW]->caption = get_string("importentries", "glossary");
$data[GLOSSARY_EXPORT_VIEW]->caption = get_string("exportentries", "glossary");
$data[GLOSSARY_IMPORT_VIEW]->link = "import.php?id=$cm->id";
$data[GLOSSARY_IMPORT_VIEW]->link = "import.php?id=$cm->id";
}
if (has_capability('mod/glossary:export', $context->id)) {
$data[GLOSSARY_EXPORT_VIEW]->caption = get_string("exportentries", "glossary");
$data[GLOSSARY_EXPORT_VIEW]->link = "export.php?id=$cm->id&amp;mode=$mode&amp;hook=$hook";
}
// $data[GLOSSARY_DATE_VIEW]->link = "view.php?id=$id&amp;tab=".GLOSSARY_DATE_VIEW;
@ -40,9 +39,8 @@
$data[GLOSSARY_CATEGORY_VIEW]->link = "view.php?id=$id&amp;mode=cat";
$data[GLOSSARY_AUTHOR_VIEW]->link = "view.php?id=$id&amp;mode=author";
if (isteacher($course->id)) {
$data[GLOSSARY_APPROVAL_VIEW]->caption = get_string("waitingapproval", "glossary");
if (has_capability('mod/glossary:approve', $context->id)) {
$data[GLOSSARY_APPROVAL_VIEW]->caption = get_string("waitingapproval", "glossary");
$data[GLOSSARY_APPROVAL_VIEW]->link = "";
$hiddenentries = get_records_select("glossary_entries","glossaryid = $glossary->id and approved = 0");

4
mod/glossary/version.php
View file

@ -5,10 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005041900;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)
$release = "1.5 development"; // User-friendly version number
?>

5
mod/glossary/view.php
View file

@ -44,6 +44,9 @@
error("Must specify glossary ID or course module ID");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/glossary:view', $context->id, true); // kill the page if user can't even read
if ($CFG->forcelogin) {
require_login();
}
@ -320,7 +323,7 @@
$ratings->assesstimestart = $glossary->assesstimestart;
$ratings->assesstimefinish = $glossary->assesstimefinish;
}
if ($glossary->assessed == 2 and !isteacher($course->id)) {
if ($glossary->assessed == 2 and !has_capability('mod/glossary:rate', $context->id)) {
$ratings->allow = false;
} else {
$ratings->allow = true;

52
mod/hotpot/db/access.php Normal file
View file

@ -0,0 +1,52 @@
<?php
//
// Capability definitions for the hotpot module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_hotpot_capabilities = array(
'mod/hotpot:view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

2
mod/hotpot/version.php
View file

@ -3,7 +3,7 @@
/// Code fragment to define the version of hotpot
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2006071600; // release date of this version (see note below)
$module->version = 2006080800; // release date of this version (see note below)
$module->release = 'v2.1.21'; // human-friendly version name (used in mod/hotpot/lib.php)
$module->cron = 0; // period for cron to check this module (secs)
// interpretation of YYYYMMDDXY version numbers

2
mod/journal/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006042800;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 60;

2
mod/label/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX)
$module->version = 2006080800; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004052505; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)

2
mod/lams/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005062800; // The current module version (Date: YYYYMMDDXX)
$module->version = 2006080800; // The current module version (Date: YYYYMMDDXX)
$module->cron = 0; // Period for cron to check this module (secs)
?>

2
mod/lesson/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2006050101; // The current module version (Date: YYYYMMDDXX)
$module->version = 2006080800; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)

2
mod/quiz/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by moodle_needs_upgrading() and /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006060700; // The (date) version of this module
$module->version = 2006080800; // The (date) version of this module
$module->requires = 2006022400; // Requires this Moodle version
$module->cron = 0; // How often should cron check this module (seconds)?

52
mod/resource/db/access.php Normal file
View file

@ -0,0 +1,52 @@
<?php
//
// Capability definitions for the resource module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_resource_capabilities = array(
'mod/resource:view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

2
mod/resource/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006042800;
$module->version = 2006080800;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;

66
mod/scorm/db/access.php Normal file
View file

@ -0,0 +1,66 @@
<?php
//
// Capability definitions for the scorm module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_scorm_capabilities = array(
'mod/scorm:view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/scorm:viewgrades' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

2
mod/scorm/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2006050502; // The (date) version of this module
$module->version = 2006080800; // The (date) version of this module
$module->requires = 2005060200; // The version of Moodle that is required
$module->cron = 0; // How often should cron check this module (seconds)?

80
mod/survey/db/access.php Normal file
View file

@ -0,0 +1,80 @@
<?php
//
// Capability definitions for the survey module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_survey_capabilities = array(
'mod/survey:participate' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/survey:readresponses' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/survey:download' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

16
mod/survey/report.php
View file

@ -20,10 +20,9 @@
}
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Sorry, only teachers can see this.");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
//has_capability('mod/survey:readresponses', $context->id, true);
if (! $survey = get_record("survey", "id", $cm->instance)) {
error("Survey ID was incorrect");
@ -86,14 +85,18 @@
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=scales&amp;id=$id\">$strscales</a>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=questions&amp;id=$id\">$strquestions</a>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=students&amp;id=$id\">$course->students</a>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=download&amp;id=$id\">$strdownload</a>";
if (has_capability('mod/survey:download', $context->id)) {
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=download&amp;id=$id\">$strdownload</a>";
}
if (empty($action)) {
$action = "summary";
}
} else {
echo "<a href=\"report.php?action=questions&amp;id=$id\">$strquestions</a>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=students&amp;id=$id\">$course->students</a>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=download&amp;id=$id\">$strdownload</a>";
if (has_capability('mod/survey:download', $context->id)) {
echo "&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"report.php?action=download&amp;id=$id\">$strdownload</a>";
}
if (empty($action)) {
$action = "questions";
}
@ -405,6 +408,7 @@
break;
case "download":
has_capability('mod/survey:download', $context->id, true);
print_heading($strdownload);
echo '<p align="center">'.get_string("downloadinfo", "survey").'</p>';

11
mod/survey/save.php
View file

@ -10,10 +10,6 @@
error("You are not supposed to use this script like that.");
}
if (isguest()) {
error("Guests are not allowed to answer surveys", $_SERVER["HTTP_REFERER"]);
}
$id = required_param('id', PARAM_INT); // Course Module ID
if (! $cm = get_record("course_modules", "id", $id)) {
@ -25,8 +21,11 @@
}
require_login($course->id, false, $cm);
if (! $survey = get_record("survey", "id", $cm->instance)) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/survey:participate', $context->id, true);
if (! $survey = get_record("survey", "id", $cm->instance)) {
error("Survey ID was incorrect");
}

2
mod/survey/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006042800;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 0;

13
mod/survey/view.php
View file

@ -14,6 +14,9 @@
}
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
//has_capability('mod/survey:participate', $context->id, true);
if (! $survey = get_record("survey", "id", $cm->instance)) {
error("Survey ID was incorrect");
@ -39,11 +42,13 @@
$currentgroup = 0;
}
if (isteacheredit($course->id) or ($groupmode == VISIBLEGROUPS)) {
$currentgroup = 0;
//if (isteacheredit($course->id) or ($groupmode == VISIBLEGROUPS)) {
if (has_capability('mod/survey:readresponses', $context->id) or ($groupmode == VISIBLEGROUPS)) {
$currentgroup = 0;
}
if (isteacher($course->id)) {
if (isteacher($course->id)) {
//if (has_capability('mod/survey:readresponses', $context->id)) {
$numusers = survey_count_responses($survey->id, $currentgroup);
echo "<div class=\"reportlink\"><a href=\"report.php?id=$cm->id\">".
get_string("viewsurveyresponses", "survey", $numusers)."</a></div>";

2
mod/wiki/version.php
View file

@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2006042801; // The current module version (Date: YYYYMMDDXX)
$module->version = 2006080800; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005031000; // The current module version (Date: YYYYMMDDXX)
$module->cron = 0; // Period for cron to check this module (secs)

2
mod/workshop/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005041200;
$module->version = 2006080800;
$module->requires = 2005031000; // Requires this Moodle version
$module->cron = 60;