MDL-35556 completion: Improve user completion data permission checking

lib/completionlib.php

@@ -146,6 +146,73 @@ define('COMPLETION_AGGREGATION_ALL', 1);
 define('COMPLETION_AGGREGATION_ANY', 2);
 
 
+/**
+ * Utility function for checking if the logged in user can view
+ * another's completion data for a particular course
+ *
+ * @access  public
+ * @param   int         $userid     Completion data's owner
+ * @param   mixed       $course     Course object or Course ID (optional)
+ * @return  boolean
+ */
+function completion_can_view_data($userid, $course = null) {
+    global $USER;
+
+    if (!isloggedin()) {
+        return false;
+    }
+
+    if (!is_object($course)) {
+        $cid = $course;
+        $course = new object();
+        $course->id = $cid;
+    }
+
+    // Check if this is the site course
+    if ($course->id == SITEID) {
+        $course = null;
+    }
+
+    // Check if completion is enabled
+    if ($course) {
+        $cinfo = new completion_info($course);
+        if (!$cinfo->is_enabled()) {
+            return false;
+        }
+    } else {
+        if (!completion_info::is_enabled_for_site()) {
+            return false;
+        }
+    }
+
+    // Is own user's data?
+    if ($USER->id == $userid) {
+        return true;
+    }
+
+    // Check capabilities
+    $personalcontext = context_user::instance($userid);
+
+    if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) {
+        return true;
+    } elseif (has_capability('report/completion:view', $personalcontext)) {
+        return true;
+    }
+
+    if ($courseid) {
+        $coursecontext = context_course::instance($course->id);
+    } else {
+        $coursecontext = context_system::instance();
+    }
+
+    if (has_capability('report/completion:view', $coursecontext)) {
+        return true;
+    }
+
+    return false;
+}
+
+
 /**
  * Class represents completion information for a course.
  *