From cd1a9d05e8f24882f41a5a56d945619021af997a Mon Sep 17 00:00:00 2001 From: Dan Poltawski Date: Fri, 9 Nov 2012 16:50:09 +0800 Subject: [PATCH] Revert "MDL-35556 completion: Improve user completion data permission checking" This reverts commit f493d528c20b023a8b847a44161b82b05f8fc6c8. --- blocks/completionstatus/details.php | 20 ++++++++- lib/completionlib.php | 67 ----------------------------- report/completion/index.php | 7 +-- 3 files changed, 19 insertions(+), 75 deletions(-) diff --git a/blocks/completionstatus/details.php b/blocks/completionstatus/details.php index 3878964e1e4ce..bb1b051562f6d 100644 --- a/blocks/completionstatus/details.php +++ b/blocks/completionstatus/details.php @@ -46,9 +46,25 @@ // Check permissions -require_login(); +require_login($course); + +$coursecontext = context_course::instance($course->id); +$personalcontext = context_user::instance($user->id); + +$can_view = false; + +// Can view own report +if ($USER->id == $user->id) { + $can_view = true; +} else if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) { + $can_view = true; +} else if (has_capability('report/completion:view', $coursecontext)) { + $can_view = true; +} else if (has_capability('report/completion:view', $personalcontext)) { + $can_view = true; +} -if (!completion_can_view_data($user->id, $course)) { +if (!$can_view) { print_error('cannotviewreport'); } diff --git a/lib/completionlib.php b/lib/completionlib.php index fc841d0245f8a..05d24d47ea1c7 100644 --- a/lib/completionlib.php +++ b/lib/completionlib.php @@ -146,73 +146,6 @@ define('COMPLETION_AGGREGATION_ANY', 2); -/** - * Utility function for checking if the logged in user can view - * another's completion data for a particular course - * - * @access public - * @param int $userid Completion data's owner - * @param mixed $course Course object or Course ID (optional) - * @return boolean - */ -function completion_can_view_data($userid, $course = null) { - global $USER; - - if (!isloggedin()) { - return false; - } - - if (!is_object($course)) { - $cid = $course; - $course = new object(); - $course->id = $cid; - } - - // Check if this is the site course - if ($course->id == SITEID) { - $course = null; - } - - // Check if completion is enabled - if ($course) { - $cinfo = new completion_info($course); - if (!$cinfo->is_enabled()) { - return false; - } - } else { - if (!completion_info::is_enabled_for_site()) { - return false; - } - } - - // Is own user's data? - if ($USER->id == $userid) { - return true; - } - - // Check capabilities - $personalcontext = context_user::instance($userid); - - if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) { - return true; - } elseif (has_capability('report/completion:view', $personalcontext)) { - return true; - } - - if ($courseid) { - $coursecontext = context_course::instance($course->id); - } else { - $coursecontext = context_system::instance(); - } - - if (has_capability('report/completion:view', $coursecontext)) { - return true; - } - - return false; -} - - /** * Class represents completion information for a course. * diff --git a/report/completion/index.php b/report/completion/index.php index 217383d832f57..a09a3dc577ff2 100644 --- a/report/completion/index.php +++ b/report/completion/index.php @@ -561,12 +561,7 @@ } else { print PHP_EOL.''; - if (completion_can_view_data($user->id, $course)) { - $userurl = new moodle_url('/blocks/completionstatus/details.php', array('course' => $course->id, 'user' => $user->id)); - } else { - $userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id)); - } - + $userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id)); print ''.fullname($user).''; foreach ($extrafields as $field) { echo ''.s($user->{$field}).'';