moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-49246 gradebook: add capability checks on key manager pages.

Browse source
This commit is contained in:
Simey Lameze 2015-02-23 16:18:46 +08:00
parent dba564c7db
commit ead4d41e39
5 changed files with 37 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
grade/export/key.php
View file

@ -25,6 +25,7 @@
require_once('../../config.php'); require_once('../../config.php');
require_once('key_form.php'); require_once('key_form.php');
require_once($CFG->dirroot.'/grade/lib.php');
/// get url variables /// get url variables
$courseid = optional_param('courseid', 0, PARAM_INT); $courseid = optional_param('courseid', 0, PARAM_INT);
@ -62,6 +63,12 @@ require_login($course);
$context = context_course::instance($course->id); $context = context_course::instance($course->id);
require_capability('moodle/grade:export', $context); require_capability('moodle/grade:export', $context);
// Check if the user has at least one grade publishing capability.
$plugins = grade_helper::get_plugins_export($course->id);
if (!isset($plugins['keymanager'])) {
print_error('nopermissions');
}
// extra security check // extra security check
if (!empty($key->userid) and $USER->id != $key->userid) { if (!empty($key->userid) and $USER->id != $key->userid) {
print_error('notownerofkey'); print_error('notownerofkey');

6
grade/export/keymanager.php
View file

@ -39,6 +39,12 @@ $context = context_course::instance($id);
require_capability('moodle/grade:export', $context); require_capability('moodle/grade:export', $context);
// Check if the user has at least one grade publishing capability.
$plugins = grade_helper::get_plugins_export($course->id);
if (!isset($plugins['keymanager'])) {
print_error('nopermissions');
}
print_grade_page_head($course->id, 'export', 'keymanager', get_string('keymanager', 'grades')); print_grade_page_head($course->id, 'export', 'keymanager', get_string('keymanager', 'grades'));
$stredit = get_string('edit'); $stredit = get_string('edit');

7
grade/import/key.php
View file

@ -25,6 +25,7 @@
require_once('../../config.php'); require_once('../../config.php');
require_once('key_form.php'); require_once('key_form.php');
require_once($CFG->dirroot.'/grade/lib.php');
/// get url variables /// get url variables
$courseid = optional_param('courseid', 0, PARAM_INT); $courseid = optional_param('courseid', 0, PARAM_INT);
@ -62,6 +63,12 @@ require_login($course);
$context = context_course::instance($course->id); $context = context_course::instance($course->id);
require_capability('moodle/grade:import', $context); require_capability('moodle/grade:import', $context);
// Check if the user has at least one grade publishing capability.
$plugins = grade_helper::get_plugins_import($course->id);
if (!isset($plugins['keymanager'])) {
print_error('nopermissions');
}
// extra security check // extra security check
if (!empty($key->userid) and $USER->id != $key->userid) { if (!empty($key->userid) and $USER->id != $key->userid) {
print_error('notownerofkey'); print_error('notownerofkey');

6
grade/import/keymanager.php
View file

@ -39,6 +39,12 @@ $context = context_course::instance($id);
require_capability('moodle/grade:import', $context); require_capability('moodle/grade:import', $context);
// Check if the user has at least one grade publishing capability.
$plugins = grade_helper::get_plugins_import($course->id);
if (!isset($plugins['keymanager'])) {
print_error('nopermissions');
}
print_grade_page_head($course->id, 'import', 'keymanager', get_string('keymanager', 'grades')); print_grade_page_head($course->id, 'import', 'keymanager', get_string('keymanager', 'grades'));
$stredit = get_string('edit'); $stredit = get_string('edit');

14
grade/lib.php
View file

@ -2847,8 +2847,9 @@ abstract class grade_helper {
$importplugins[$plugin] = new grade_plugin_info($plugin, $url, $pluginstr); $importplugins[$plugin] = new grade_plugin_info($plugin, $url, $pluginstr);
} }
// Show key manager if grade publishing is enabled and the user has xml publishing capability.
if ($CFG->gradepublishing) { // XML is the only grade import plugin that has publishing feature.
if ($CFG->gradepublishing && has_capability('gradeimport/xml:publish', $context)) {
$url = new moodle_url('/grade/import/keymanager.php', array('id'=>$courseid)); $url = new moodle_url('/grade/import/keymanager.php', array('id'=>$courseid));
$importplugins['keymanager'] = new grade_plugin_info('keymanager', $url, get_string('keymanager', 'grades')); $importplugins['keymanager'] = new grade_plugin_info('keymanager', $url, get_string('keymanager', 'grades'));
} }
@ -2875,17 +2876,24 @@ abstract class grade_helper {
} }
$context = context_course::instance($courseid); $context = context_course::instance($courseid);
$exportplugins = array(); $exportplugins = array();
$canpublishgrades = 0;
if (has_capability('moodle/grade:export', $context)) { if (has_capability('moodle/grade:export', $context)) {
foreach (core_component::get_plugin_list('gradeexport') as $plugin => $plugindir) { foreach (core_component::get_plugin_list('gradeexport') as $plugin => $plugindir) {
if (!has_capability('gradeexport/'.$plugin.':view', $context)) { if (!has_capability('gradeexport/'.$plugin.':view', $context)) {
continue; continue;
} }
// All the grade export plugins has grade publishing capabilities.
if (has_capability('gradeexport/'.$plugin.':publish', $context)) {
$canpublishgrades++;
}
$pluginstr = get_string('pluginname', 'gradeexport_'.$plugin); $pluginstr = get_string('pluginname', 'gradeexport_'.$plugin);
$url = new moodle_url('/grade/export/'.$plugin.'/index.php', array('id'=>$courseid)); $url = new moodle_url('/grade/export/'.$plugin.'/index.php', array('id'=>$courseid));
$exportplugins[$plugin] = new grade_plugin_info($plugin, $url, $pluginstr); $exportplugins[$plugin] = new grade_plugin_info($plugin, $url, $pluginstr);
} }
if ($CFG->gradepublishing) { // Show key manager if grade publishing is enabled and the user has at least one grade publishing capability.
if ($CFG->gradepublishing && $canpublishgrades != 0) {
$url = new moodle_url('/grade/export/keymanager.php', array('id'=>$courseid)); $url = new moodle_url('/grade/export/keymanager.php', array('id'=>$courseid));
$exportplugins['keymanager'] = new grade_plugin_info('keymanager', $url, get_string('keymanager', 'grades')); $exportplugins['keymanager'] = new grade_plugin_info('keymanager', $url, get_string('keymanager', 'grades'));
} }