adding capabilities

backup/restorelib.php

@@ -5349,7 +5349,7 @@ function restore_execute(&$restore,$info,$course_header,&$errorstr) {
             $course = get_record("course","id",$restore->course_id); 
             fix_course_sortorder();
             //Make the user a teacher if the course hasn't teachers (bug 2381)
-            if (!isadmin()) {
+            if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 if (!$checktea = get_records('user_teachers','course', $restore->course_id)) {
                     //Add the teacher to the course
                     $status = add_teacher($USER->id, $restore->course_id);

course/category.php

@@ -37,7 +37,7 @@
         $navbaritem = update_category_button($category->id);
 
         $creatorediting = !empty($USER->categoryediting);
-        $adminediting = (isadmin() and $creatorediting);
+        $adminediting = (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) and $creatorediting);
 
     } else {
         if (!$category->visible) {
@@ -49,7 +49,7 @@
     }
 
 
-    if (isadmin()) {
+    if (has_capability('moodle/category:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         /// Rename the category if requested
         if (!empty($rename) and confirm_sesskey()) {
             $category->name = $rename;
@@ -412,7 +412,7 @@
 
 
     echo '<center>';
-    if (isadmin() and $numcourses > 1) {           /// Print button to re-sort courses by name
+    if (has_capability('moodle/category:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) and $numcourses > 1) {           /// Print button to re-sort courses by name
         unset($options);
         $options['id'] = $category->id;
         $options['resort'] = 'name';

course/index.php

@@ -25,7 +25,7 @@
         require_login();
     }
 
-    if (isadmin()) {
+    if (has_capability('moodle/category:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if ($categoryedit !== -1) {
             $USER->categoryediting = $categoryedit;
         }
@@ -58,13 +58,15 @@
         }
 
         echo "<center>";
-        if (isloggedin() and !isguest() and !isadmin() and !iscreator()) {  // Print link to request a new course
+
+        /// I am not sure this context in the next has_capability call is correct. 
+        if (isloggedin() and !isguest() and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {  // Print link to request a new course
             print_single_button("request.php", NULL, get_string("courserequest"), "get");
         }
         if (iscreator()) {       // Print link to create a new course
             print_single_button("edit.php", NULL, get_string("addnewcourse"), "get");
         }
-        if (isadmin() and !empty($CFG->enablecourserequests)) {
+        if (has_capability('moodle/site:approvecourse' get_context_instance(CONTEXT_SYSTEM, SITEID)),  and !empty($CFG->enablecourserequests)) {
             print_single_button('pending.php',NULL, get_string('coursespending'),"get");
         }
         echo "</center>";

course/lib.php

@@ -43,7 +43,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
             $users[$guest->id] = fullname($guest);
         }
 
-        if (isadmin()) {
+        if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             if ($ccc = get_records("course", "", "", "fullname")) {
                 foreach ($ccc as $cc) {
                     if ($cc->category) {
@@ -144,7 +144,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
         echo "<center>";
         echo "<table>";
 
-        if (isadmin()) {
+        if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             echo "<tr><td><b>" . get_string("courses") . "</b></td><td>";
             choose_from_menu ($courses, "id", $course->id, "");
             echo "</td></tr>";
@@ -2090,7 +2090,9 @@ function course_allowed_module($course,$mod) {
     if (empty($course->restrictmodules)) {
         return true;
     }
-    if (isadmin()) {
+
+    // i am not sure this capability is correct
+    if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         return true;
     }
     if (is_numeric($mod)) {

course/pending.php

@@ -8,9 +8,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:approvecourse', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $approve      = optional_param('approve', 0, PARAM_INT);
     $reject       = optional_param('reject', 0, PARAM_INT);

course/report/log/lib.php

@@ -10,7 +10,8 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
     if ($numcourses < COURSE_MAX_COURSES_PER_DROPDOWN && !$showcourses) {
         $showcourses = 1;
     }
-
+
+    $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
     $context = get_context_instance(CONTEXT_COURSE, $course->id);
 
     /// Setup for group handling.
@@ -55,7 +56,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
         }
     }
 
-    if (isadmin() && $showcourses) {
+    if (has_capability('moodle/site:viewreports', $sitecontext) && $showcourses) {
         if ($ccc = get_records("course", "", "", "fullname","id,fullname,category")) {
             foreach ($ccc as $cc) {
                 if ($cc->category) {
@@ -102,7 +103,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
         }
     }
 
-    if (isadmin() && !$course->category) {
+    if (has_capability('moodle/site:viewreports', $sitecontext) && !$course->category) {
         $activities["site_errors"] = get_string("siteerrors");
         if ($modid === "site_errors") {
             $selectedactivity = "site_errors";
@@ -156,14 +157,14 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
     echo "<input type=\"hidden\" name=\"chooselog\" value=\"1\" />\n";
     echo "<input type=\"hidden\" name=\"showusers\" value=\"$showusers\" />\n";
     echo "<input type=\"hidden\" name=\"showcourses\" value=\"$showcourses\" />\n";
-    if (isadmin() && $showcourses) { 
+    if (has_capability('moodle/site:viewreports', $sitecontext) && $showcourses) { 
         choose_from_menu ($courses, "id", $course->id, "");
     } else {
         //        echo '<input type="hidden" name="id" value="'.$course->id.'" />';
         $courses = array();
         $courses[$course->id] = $course->fullname . ((empty($course->category)) ? ' (Site) ' : '');
         choose_from_menu($courses,"id",$course->id,false);
-        if (isadmin()) {
+        if (has_capability('moodle/site:viewreports', $sitecontext)) {
             $a->url = "$CFG->wwwroot/course/report/log/index.php?chooselog=0&group=$selectedgroup&user=$selecteduser"
                 ."&id=$course->id&date=$selecteddate&modid=$selectedactivity&showcourses=1&showusers=$showusers";
             print_string('logtoomanycourses','moodle',$a);

course/report/stats/lib.php

@@ -21,7 +21,7 @@ function report_stats_mode_menu($course, $mode, $time) {
         $options = array();
         $options[STATS_MODE_GENERAL] = get_string('statsmodegeneral');
         $options[STATS_MODE_DETAILED] = get_string('statsmodedetailed');
-        if (isadmin()) {
+        if (has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             $options[STATS_MODE_RANKED] = get_string('reports');
         }
 

course/report/stats/report.php

@@ -1,5 +1,7 @@
 <?php
 
+    // all queries on teacher table will break (i mean already broken)
+
     $courses = get_courses('all','c.shortname','c.id,c.shortname,c.fullname');
     $courseoptions = array();
 
@@ -24,7 +26,7 @@
             $param = stats_get_parameters($time,null,$course->id,$mode); // we only care about the table and the time string.
             $sql =  'SELECT DISTINCT s.userid,s.roleid,u.firstname,u.lastname,u.idnumber  FROM '.$CFG->prefix.'stats_user_'.$param->table.' s JOIN '.$CFG->prefix.'user u ON u.id = s.userid '
                 .'WHERE courseid = '.$course->id.' AND timeend >= '.$param->timeafter  . ((!empty($param->stattype)) ? ' AND stattype = \''.$param->stattype.'\'' : '');
-            if (!isadmin()) {
+            if (!has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 $sql .= ' AND (s.roleid = 1 OR s.userid = '.$USER->id .")";
             }
             $sql .= " ORDER BY s.roleid ";
@@ -47,7 +49,7 @@
             $users[$u->userid] = $role.' - '.fullname($u,true);
         }
         if (empty($time)) {
-            if (isadmin()) {
+            if (has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 $sql = 'SELECT t.userid,u.firstname,u.lastname,u.idnumber,1 AS roleid FROM '.$CFG->prefix.'user_teachers t JOIN '.$CFG->prefix.'user u ON u.id = t.userid WHERE course = '.$course->id;
                 $moreusers = get_records_sql($sql);
                 foreach ($moreusers as $u) {

filter/algebra/filter.php

@@ -67,7 +67,7 @@ function string_file_picture_algebra($imagefile, $tex= "", $height="", $width=""
     $width = "width=\"$width\"";
   }
   if ($imagefile) {
-    if (!file_exists("$CFG->dataroot/$CFG->algebrafilterdir/$imagefile") && isadmin()) {
+    if (!file_exists("$CFG->dataroot/$CFG->algebrafilterdir/$imagefile") && has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
       $output .= "<a href=\"$CFG->wwwroot/$CFG->algebrafilterdir/algebradebug.php\">";
     } else {
       $output .= "<a target=\"popup\" title=\"TeX\" href=";

filter/tex/filter.php

@@ -60,7 +60,7 @@ function string_file_picture_tex($imagefile, $tex= "", $height="", $width="", $a
         $width = "width=\"$width\"";
     }
     if ($imagefile) {
-        if (!file_exists("$CFG->dataroot/$CFG->texfilterdir/$imagefile") && isadmin()) {
+        if (!file_exists("$CFG->dataroot/$CFG->texfilterdir/$imagefile") && has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
           $output .= "<a href=\"$CFG->wwwroot/$CFG->texfilterdir/texdebug.php\">";
         } else {
           $output .= "<a target=\"popup\" title=\"TeX\" href=";

index.php

@@ -48,7 +48,7 @@
         require_login();
     }
 
-    if (isadmin()) {
+    if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if (moodle_needs_upgrading()) {
             redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php');
         }
@@ -181,10 +181,10 @@
 
             case FRONTPAGECOURSELIST:
 
-                if (isloggedin() and !isadmin() and !isguest() and empty($CFG->disablemycourses)) {
+                if (isloggedin() and !has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) and !isguest() and empty($CFG->disablemycourses)) {
                     print_heading_block(get_string('mycourses'));
                     print_my_moodle();
-                } else if ((!isadmin() and !isguest()) or (count_records('course') <= FRONTPAGECOURSELIMIT)) {
+                } else if ((!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) and !isguest()) or (count_records('course') <= FRONTPAGECOURSELIMIT)) {
                     // admin should not see list of courses when there are too many of them
                     print_heading_block(get_string('availablecourses'));
                     print_courses(0, '100%', true);
@@ -219,9 +219,9 @@
     echo '</td>';
 
     // The right column
-    if (blocks_have_content($pageblocks, BLOCK_POS_RIGHT) || $editing || isadmin()) {
+    if (blocks_have_content($pageblocks, BLOCK_POS_RIGHT) || $editing || has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         echo '<td style="width: '.$preferred_width_right.'px;" id="right-column">';
-        if (isadmin()) {
+        if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             echo '<div align="center">'.update_course_icon($SITE->id).'</div>';
             echo '<br />';
         }

lib/datalib.php

@@ -1734,7 +1734,7 @@ function count_login_failures($mode, $username, $lastlogin) {
 
     $select = 'module=\'login\' AND action=\'error\' AND time > '. $lastlogin;
 
-    if (isadmin()) {    // Return information about all accounts
+    if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {    // Return information about all accounts
         if ($count->attempts = count_records_select('log', $select)) {
             $count->accounts = count_records_select('log', $select, 'COUNT(DISTINCT info)');
             return $count;

lib/db/access.php

@@ -88,6 +88,34 @@
         )
     ),
 
+    'moodle/site:readallmessages' => array(
+
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_PREVENT,
+            'coursecreator' => CAP_PREVENT,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/site:approvecourse' => array(
+
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_PREVENT,
+            'coursecreator' => CAP_PREVENT,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
     'moodle/site:import' => array(
 
         'captype' => 'write',

lib/pagelib.php

@@ -301,7 +301,7 @@ function init_full() {
 
     // is this  page always editable, regardless of anything else?
     function edit_always() {
-        return (isadmin() &&  defined('ADMIN_STICKYBLOCKS'));
+        return (has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) &&  defined('ADMIN_STICKYBLOCKS'));
     }
 }
 
@@ -352,7 +352,7 @@ function init_full() {
     // When is a user said to have "editing rights" in this page? This would have something
     // to do with roles, in the future.
     function user_allowed_editing() {
-        if (isadmin() && defined('ADMIN_STICKYBLOCKS')) {
+        if (has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) && defined('ADMIN_STICKYBLOCKS')) {
             return true;
         }
         return isteacheredit($this->id);
@@ -361,7 +361,7 @@ function user_allowed_editing() {
     // Is the user actually editing this page right now? This would have something
     // to do with roles, in the future.
     function user_is_editing() {
-        if (isadmin() && defined('ADMIN_STICKYBLOCKS')) {
+        if (has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) && defined('ADMIN_STICKYBLOCKS')) {
             return true;
         }
         return isediting($this->id);

lib/statslib.php

@@ -820,13 +820,13 @@ function stats_get_report_options($courseid,$mode) {
     case STATS_MODE_DETAILED:
         $reportoptions[STATS_REPORT_USER_ACTIVITY] = get_string('statsreport'.STATS_REPORT_USER_ACTIVITY);
         $reportoptions[STATS_REPORT_USER_ALLACTIVITY] = get_string('statsreport'.STATS_REPORT_USER_ALLACTIVITY);
-        if (isadmin()) {
+        if (has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             $site = get_site();
             $reportoptions[STATS_REPORT_USER_LOGINS] = get_string('statsreport'.STATS_REPORT_USER_LOGINS);
         }
         break;
     case STATS_MODE_RANKED:
-        if (isadmin()) {
+        if (has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             $reportoptions[STATS_REPORT_ACTIVE_COURSES] = get_string('statsreport'.STATS_REPORT_ACTIVE_COURSES);
             $reportoptions[STATS_REPORT_ACTIVE_COURSES_WEIGHTED] = get_string('statsreport'.STATS_REPORT_ACTIVE_COURSES_WEIGHTED);
             $reportoptions[STATS_REPORT_PARTICIPATORY_COURSES] = get_string('statsreport'.STATS_REPORT_PARTICIPATORY_COURSES);

lib/weblib.php

@@ -2109,7 +2109,7 @@ function print_header ($title='', $heading='', $navigation='', $focus='',
                     } else {
                         $menu .= get_string('failedloginattemptsall', '', $count);
                     }
-                    if (isadmin()) {
+                    if (has_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                         $menu .= ' (<a href="'.$CFG->wwwroot.'/course/report/log/index.php'.
                                              '?chooselog=1&amp;id=1&amp;modid=site_errors">'.get_string('logs').'</a>)';
                     }
@@ -2635,7 +2635,7 @@ function print_navigation ($navigation, $return=false) {
         }
         $navigation = '<li title="'.$nav_text.'"><img src="'.$CFG->pixpath.'/a/r_breadcrumb.gif" class="resize" alt="" /> '
             .str_replace('->', '</li><li title="'.$nav_text.'"><img src="'.$CFG->pixpath.'/a/r_breadcrumb.gif" class="resize" alt="" /> ', $navigation)."</li>\n";
-        $output .= '<li class="first"><a target="'. $CFG->framename .'" href="'. $CFG->wwwroot.((!isadmin() && !empty($USER->id) && !empty($CFG->mymoodleredirect) && !isguest())
+        $output .= '<li class="first"><a target="'. $CFG->framename .'" href="'. $CFG->wwwroot.((!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) && !empty($USER->id) && !empty($CFG->mymoodleredirect) && !isguest())
                                                                        ? '/my' : '') .'/">'. $site->shortname ."</a></li>\n". $navigation;
         $output .= "</ul>\n";  
     }

login/change_password.php

@@ -140,10 +140,10 @@ function validate_form($frm, &$err) {
     if (empty($frm->username)){
         $err->username = get_string('missingusername');
     } else {
-        if (!isadmin() and empty($frm->password)){
+        if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
             $err->password = get_string('missingpassword');
         } else {  
-            if (!isadmin()) {
+            if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 //require non adminusers to give valid password
                 if(!$validpw) {
                     $err->password = get_string('wrongpassword');
@@ -169,7 +169,7 @@ function validate_form($frm, &$err) {
         if ($frm->newpassword1 <> $frm->newpassword2) {
             $err->newpassword2 = get_string('passwordsdiffer');
         } else {
-            if(!isadmin() and ($frm->password === $frm->newpassword1)){
+            if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
                 $err->newpassword1 = get_string('mustchangepassword');
             }
         }

login/change_password_form.html

@@ -26,7 +26,7 @@
 <tr valign="top">
     <td><?php print_string("username") ?>:</td>
     <td>
-    <?php if (isadmin() || empty($frm->username)) { ?>
+    <?php if (has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) || empty($frm->username)) { ?>
         <input type="text" name="username" size="25" value="<?php p($frm->username) ?>" alt="<?php print_string("username") ?>" />
     <?php } else { ?>
         <input type="hidden" name="username" value="<?php p($frm->username)?>" />  <?php p($frm->username)?>
@@ -35,7 +35,7 @@
     </td>
 </tr>
 
-<?php if (!isadmin()) { ?>
+<?php if (!ihas_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { ?>
     <tr valign="top">
         <td><?php print_string("oldpassword") ?>:</td>
         <td><input type="password" name="password" size="25" value="<?php p($frm->password) ?>" alt="<?php print_string("password") ?>" />