moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 01:16:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

9
mod/data/comment.php
View file

@ -26,15 +26,18 @@
}
require_login($course->id);
if ($commentid) {
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if ($commentid) {
if (! $comment = get_record('data_comments', 'id', $commentid)) {
error('Comment ID is misconfigured');
}
if ($comment->recordid != $record->id) {
error('Comment ID is misconfigured');
}
if (!isteacher($course->id) && $comment->userid != $USER->id) {
if (!has_capability('mod/data:managecomments', $context->id) && $comment->userid != $USER->id) {
error('Comment is not yours to edit!');
}
}

150
mod/data/db/access.php Normal file
View file

@ -0,0 +1,150 @@
<?php
//
// Capability definitions for the data module.
//
// The capabilities are loaded into the database table when the module is
// installed or updated. Whenever the capability definitions are updated,
// the module version number should be bumped up.
//
// The system has four possible values for a capability:
// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
//
//
// CAPABILITY NAMING CONVENTION
//
// It is important that capability names are unique. The naming convention
// for capabilities that are specific to modules and blocks is as follows:
// [mod/block]/<component_name>:<capabilityname>
//
// component_name should be the same as the directory name of the mod or block.
//
// Core moodle capabilities are defined thus:
// moodle/<capabilityclass>:<capabilityname>
//
// Examples: mod/forum:viewpost
// block/recent_activity:view
// moodle/site:deleteuser
//
// The variable name for the capability definitions array follows the format
// $<componenttype>_<component_name>_capabilities
//
// For the core capabilities, the variable is $moodle_capabilities.
$mod_data_capabilities = array(
'mod/data:readentry' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:writeentry' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:comment' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:rate' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:approve' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:manageentries' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:managecomments' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'mod/data:managetemplates' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_PREVENT,
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
)
);
?>

50
mod/data/db/postgres7.sql
View file

@ -92,6 +92,56 @@ CREATE TABLE prefix_data_ratings (
rating integer NOT NULL default '0'
);
# Roles tables
CREATE TABLE prefix_roles (
`id` SERIAL PRIMARY KEY,
`name` varchar(255) NOT NULL default '',
`description` text NOT NULL default '',
`priority` decimal(2,2) NOT NULL default '0',
);
CREATE TABLE prefix_contexts (
`id` SERIAL PRIMARY KEY,
`system` int(1) NOT NULL default '0',
`metacourseid` int(10) NOT NULL default '0',
`coursecatid` int(10) NOT NULL default '0',
`courseid` int(10) NOT NULL default '0',
`moduleinstance` int(10) NOT NULL default '0',
`userid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_role_assignments (
`id` SERIAL PRIMARY KEY,
`roldid` int(10) NOT NULL default '0',
`contextid` int(10) NOT NULL default '0',
`userid` int(10) NOT NULL default '0',
`groupid` int(10) NOT NULL default '0',
`timestart` int(10) NOT NULL default '0',
`timeend` int(10) NOT NULL default '0',
`timemodified` int(10) NOT NULL default '0',
`modifierid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_capability_overrides (
`id` SERIAL PRIMARY KEY,
`contextid` int(10) NOT NULL default '0',
`roleid` int(10) NOT NULL default '0',
`module` varchar(255) NOT NULL default '',
`capability` varchar(255) NOT NULL default '',
`allow` int(1) NOT NULL default '0',
`priority` double(2,2) NOT NULL default '0',
`timemodified` int(10) NOT NULL default '0',
`modifierid` int(10) NOT NULL default '0',
);
CREATE TABLE prefix_role_capabilities (
`id` SERIAL PRIMARY KEY,
`module` varchar(255) NOT NULL default '',
`capability` varchar(255) NOT NULL default '',
`allow` int(1) NOT NULL default '0',
);
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'view', 'data', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'add', 'data', 'name');
INSERT INTO prefix_log_display (module, action, mtable, field) VALUES ('data', 'update', 'data', 'name');

4
mod/data/field.php
View file

@ -65,6 +65,10 @@
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:managetemplates', $context->id, true);
if (!isteacheredit($course->id)){
error(get_string('noaccess','data'));
}

9
mod/data/import.php
View file

@ -57,13 +57,18 @@
}
}
if (isteacher($course->id)) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:uploadentries', $context->id, true);
if (has_capability('mod/data:managetemplates', $context->id)) {
if (!count_records('data_fields','dataid',$data->id)) { // Brand new database!
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
}
///checking for participants
// needs fixing?
/*
if ((!isteacher($course->id)) && $data->participants == DATA_TEACHERS_ONLY) {
error ('students are not allowed to participate in this activity');
}
@ -72,7 +77,7 @@
if (!isteacher($course->id) or !data_isowner($rid) or !confirm_sesskey()){
error (get_string('noaccess','data'));
}
}
}*/
/// Print the page header

45
mod/data/lib.php
View file

@ -548,12 +548,16 @@ function data_numentries($data){
****************************************************************/
function data_add_record($data, $groupid=0){
global $USER;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$record->userid = $USER->id;
$record->dataid = $data->id;
$record->groupid = $groupid;
$record->timecreated = $record->timemodified = time();
if (isteacher($data->course)) {
if (has_capability('mod/data:approve', $context->id)) {
//if (isteacher($data->course)) {
$record->approved = 1;
} else {
$record->approved = 0;
@ -835,6 +839,9 @@ function data_get_coursemodule_info($coursemodule) {
function data_print_template($template, $records, $data, $search='',$page=0, $return=false) {
global $CFG;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
static $fields = NULL;
static $isteacher;
static $dataid = NULL;
@ -872,7 +879,7 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
/// Replacing special tags (##Edit##, ##Delete##, ##More##)
$patterns[]='/\#\#Edit\#\#/i';
$patterns[]='/\#\#Delete\#\#/i';
if ($isteacher or data_isowner($record->id)) {
if (has_capability('mod/data:manageentries', $context->id) or data_isowner($record->id)) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
.$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/edit.gif" height="11" width="11" border="0" alt="'.get_string('edit').'" /></a>';
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
@ -892,7 +899,7 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
'&amp;course='.$data->course.'">'.fullname($record).'</a>';
$patterns[]='/\#\#Approve\#\#/i';
if ($isteacher && ($data->approval) && (!$record->approved)){
if (has_capability('mod/data:approve', $context->id) && ($data->approval) && (!$record->approved)){
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;approve='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/i/approve.gif" height="11" width="11" border="0" alt="'.get_string('approve').'" /></a>';
} else {
$replacement[] = '';
@ -984,19 +991,22 @@ function data_print_preference_form($data, $perpage, $search, $sort='', $order='
function data_print_ratings($data, $record) {
global $USER;
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$ratingsmenuused = false;
if ($data->ratings and !empty($USER->id)) {
if ($ratings->scale = make_grades_menu($data->scale)) {
$ratings->assesspublic = $data->assesspublic;
$ratings->allow = (($data->assessed != 2 or isteacher($data->course)) && !isguest());
$ratings->allow = ($data->assessed != 2 or has_capability('mod/data:rate', $context->id));
if ($ratings->allow) {
echo '<div class="ratings" align="center">';
echo '<form name="form" method="post" action="rate.php">';
$useratings = true;
if ($useratings) {
if ((isteacher($data->course) or $ratings->assesspublic) and !data_isowner($record->id)) {
data_print_ratings_mean($record->id, $ratings->scale, isteacher($data->course));
if ((has_capability('mod/data:rate', $context->id) or $ratings->assesspublic) and !data_isowner($record->id)) {
data_print_ratings_mean($record->id, $ratings->scale, has_capability('mod/data:rate', $context->id));
if (!empty($ratings->allow)) {
echo '&nbsp;';
data_print_rating_menu($record->id, $USER->id, $ratings->scale);
@ -1155,7 +1165,10 @@ function data_print_comment($data, $comment, $page=0) {
global $USER, $CFG;
$stredit = get_string('edit');
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$stredit = get_string('edit');
$strdelete = get_string('delete');
$user = get_record('user','id',$comment->userid);
@ -1192,7 +1205,7 @@ function data_print_comment($data, $comment, $page=0) {
/// Commands
echo '<div class="commands">';
if (data_isowner($comment->recordid) or isteacher($data->course)) {
if (data_isowner($comment->recordid) or has_capability('mod/data:managecomments', $context->id)) {
echo '<a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&amp;mode=edit&amp;commentid='.$comment->id.'&amp;page='.$page.'">'.$stredit.'</a>';
echo '| <a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&amp;mode=delete&amp;commentid='.$comment->id.'&amp;page='.$page.'">'.$strdelete.'</a>';
}
@ -1239,13 +1252,15 @@ function data_convert_arrays_to_strings(&$fieldinput) {
}
}
function data_clean_field_name($fn) {
$fn = trim($fn);
//hack from clean_filename - to be replaced by something nicer later
$fn = preg_replace("/[\\000-\\x2c\\x2f\\x3a-\\x40\\x5b-\\x5e\\x60\\x7b-\\177]/s", '_', $fn);
$fn = preg_replace("/_+/", '_', $fn);
$fn = preg_replace("/\.\.+/", '.', $fn);
return $fn;
// returns the $cm given $data
function data_get_cm($data) {
global $CFG, $course;
$datamod = get_record('modules', 'name', 'data');
$SQL = "select * from {$CFG->prefix}course_modules
where course = $course->id and
module = $datamod->id and
instance = $data->id";
return get_record_sql($SQL);
}
?>

13
mod/data/tabs.php
View file

@ -28,6 +28,9 @@
if (empty($currenttab) or empty($data) or empty($course)) {
error('You cannot call this script in that way');
}
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$inactive = NULL;
$row = array();
@ -40,13 +43,13 @@
$row[] = new tabobject('single', $CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;mode=single', get_string('single','data'), '', true);
}
if (isloggedin() and !isguest()) {
if (isteacher($course->id) or ($data->participants == DATA_STUDENTS_ONLY) or
($data->participants == DATA_TEACHERS_AND_STUDENTS)){
$addstring = empty($editentry) ? get_string('add', 'data') : get_string('editentry', 'data');
//if (isloggedin() and !isguest()) {
if (isloggedin()) {
if (has_capability('mod/data:writeentry', $context->id)) { // took out participation list here!
$addstring = empty($editentry) ? get_string('add', 'data') : get_string('editentry', 'data');
$row[] = new tabobject('add', $CFG->wwwroot.'/mod/data/edit.php?d='.$data->id, $addstring, '', true);
}
if (isteacher($course->id)) {
if (has_capability('mod/data:managetemplates', $context->id)) {
if ($currenttab == 'list') {
$defaultemplate = 'listtemplate';
} else if ($currenttab == 'add') {

6
mod/data/templates.php
View file

@ -56,7 +56,9 @@
}
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:managetemplates', $context->id, true);
/*
if (!isteacheredit($course->id)){
error(get_string('noaccess','data'));
}
@ -66,7 +68,7 @@
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
}
*/
//add_to_log($course->id, 'data', 'templates view', "templates.php?id=$cm->id&amp;d=$data->id", $data->id, $cm->id);

2
mod/data/version.php
View file

@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2006052400;
$module->version = 2006080800;
$module->requires = 2005060230; // Requires this Moodle version
$module->cron = 60;

20
mod/data/view.php
View file

@ -42,7 +42,6 @@
/// These can be added to perform an action on a record
$approve = optional_param('approve', 0, PARAM_INT); //approval recordid
$delete = optional_param('delete', 0, PARAM_INT); //delete recordid
if ($id) {
if (! $cm = get_record('course_modules', 'id', $id)) {
@ -82,12 +81,13 @@
$record = NULL;
}
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
has_capability('mod/data:readentry', $context->id, true);
/// If it's hidden then it's don't show anything. :)
if (empty($cm->visible) and !isteacher($course->id)) {
if (empty($cm->visible) and !has_capability('mod/data:managetemplates', $context->id)) {
$strdatabases = get_string("modulenameplural", "data");
$navigation = "<a href=\"index.php?id=$course->id\">$strdatabases</a> ->";
print_header_simple(format_string($data->name), "",
@ -96,7 +96,7 @@
}
/// If we have an empty Database then redirect because this page is useless without data
if (isteacher($course->id)) {
if (has_capability('mod/data:managetemplates', $context->id)) {
if (!record_exists('data_fields','dataid',$data->id)) { // Brand new database!
redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
}
@ -198,7 +198,7 @@
/// Delete any requested records
if ($delete && confirm_sesskey() && (isteacher($course->id) or data_isowner($delete))) {
if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context->id) or data_isowner($delete))) {
if ($confirm = optional_param('confirm',0,PARAM_INT)) {
if ($deleterecord = get_record('data_records', 'id', $delete)) { // Need to check this is valid
if ($deleterecord->dataid == $data->id) { // Must be from this database
@ -249,7 +249,7 @@
/// Approve any requested records
if ($approve && confirm_sesskey() && isteacher($course->id)) {
if ($approve && confirm_sesskey() && has_capability('mod/data:approve', $context->id)) {
if ($approverecord = get_record('data_records', 'id', $approve)) { // Need to check this is valid
if ($approverecord->dataid == $data->id) { // Must be from this database
$newrecord->id = $approverecord->id;
@ -262,7 +262,7 @@
}
// If not teacher, check whether user has sufficient records to view
if (!isteacher($course->id) and data_numentries($data) < $data->requiredentriestoview){
if (!has_capability('mod/data:managetemplates', $context->id) and data_numentries($data) < $data->requiredentriestoview){
notify (($data->requiredentriestoview - data_numentries($data)).'&nbsp;'.get_string('insufficiententries','data'));
echo '</td></tr></table>';
print_footer($course);
@ -272,7 +272,7 @@
/// We need to examine the whole dataset to produce the correct paging
if ((!isteacher($course->id)) && ($data->approval)) {
if ((!has_capability('mod/data:managetemplates', $context->id)) && ($data->approval)) {
if (isloggedin()) {
$approveselect = ' AND (r.approved=1 OR r.userid='.$USER->id.') ';
} else {
@ -390,7 +390,7 @@
if (empty($records)) { // Nothing to show!
if ($record) { // Something was requested so try to show that at least (bug 5132)
if (isteacher($course->id) || empty($data->approval) ||
if (has_capability('mod/data:manageentries', $context->id) || empty($data->approval) ||
$record->approved || (isloggedin() && $record->userid == $USER->id)) {
if (!$currentgroup || $record->groupid == $currentgroup || $record->groupid == 0) {
$records[] = $record;