moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "MDL-35556 completion: Improve user completion data permission checking"

Browse source 
This reverts commit f493d528c2.
This commit is contained in:
Dan Poltawski 2012-11-09 16:50:09 +08:00
parent d2dc4c4551
commit cd1a9d05e8
3 changed files with 19 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

20
blocks/completionstatus/details.php
View file

@ -46,9 +46,25 @@ if ($userid) {
// Check permissions // Check permissions
require_login(); require_login($course);
if (!completion_can_view_data($user->id, $course)) { $coursecontext = context_course::instance($course->id);
$personalcontext = context_user::instance($user->id);
$can_view = false;
// Can view own report
if ($USER->id == $user->id) {
$can_view = true;
} else if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) {
$can_view = true;
} else if (has_capability('report/completion:view', $coursecontext)) {
$can_view = true;
} else if (has_capability('report/completion:view', $personalcontext)) {
$can_view = true;
}
if (!$can_view) {
print_error('cannotviewreport'); print_error('cannotviewreport');
} }

67
lib/completionlib.php
View file

@ -146,73 +146,6 @@ define('COMPLETION_AGGREGATION_ALL', 1);
define('COMPLETION_AGGREGATION_ANY', 2); define('COMPLETION_AGGREGATION_ANY', 2);
/**
* Utility function for checking if the logged in user can view
* another's completion data for a particular course
*
* @access public
* @param int $userid Completion data's owner
* @param mixed $course Course object or Course ID (optional)
* @return boolean
*/
function completion_can_view_data($userid, $course = null) {
global $USER;
if (!isloggedin()) {
return false;
}
if (!is_object($course)) {
$cid = $course;
$course = new object();
$course->id = $cid;
}
// Check if this is the site course
if ($course->id == SITEID) {
$course = null;
}
// Check if completion is enabled
if ($course) {
$cinfo = new completion_info($course);
if (!$cinfo->is_enabled()) {
return false;
}
} else {
if (!completion_info::is_enabled_for_site()) {
return false;
}
}
// Is own user's data?
if ($USER->id == $userid) {
return true;
}
// Check capabilities
$personalcontext = context_user::instance($userid);
if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) {
return true;
} elseif (has_capability('report/completion:view', $personalcontext)) {
return true;
}
if ($courseid) {
$coursecontext = context_course::instance($course->id);
} else {
$coursecontext = context_system::instance();
}
if (has_capability('report/completion:view', $coursecontext)) {
return true;
}
return false;
}
/** /**
* Class represents completion information for a course. * Class represents completion information for a course.
* *

7
report/completion/index.php
View file

@ -561,12 +561,7 @@ foreach ($progress as $user) {
} else { } else {
print PHP_EOL.'<tr id="user-'.$user->id.'">'; print PHP_EOL.'<tr id="user-'.$user->id.'">';
if (completion_can_view_data($user->id, $course)) { $userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
$userurl = new moodle_url('/blocks/completionstatus/details.php', array('course' => $course->id, 'user' => $user->id));
} else {
$userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
}
print '<th scope="row"><a href="'.$userurl->out().'">'.fullname($user).'</a></th>'; print '<th scope="row"><a href="'.$userurl->out().'">'.fullname($user).'</a></th>';
foreach ($extrafields as $field) { foreach ($extrafields as $field) {
echo '<td>'.s($user->{$field}).'</td>'; echo '<td>'.s($user->{$field}).'</td>';