public function process_edit() { require_capability('users:editcapabilities'); $capability_id = (int) $this->input->post('capability_id'); if (!empty($capability_id)) { $redirect_url = base_url() . 'users/capability/edit/' . $capability_id; } $this->form_validation->set_rules('name', 'Name', 'trim|required'); $this->form_validation->set_rules('description', 'Description', 'trim|required'); $this->form_validation->set_rules('dependson', 'Parent capability', 'required'); $success = $this->form_validation->run(); if (!$success) { add_message('Some of the fields were not filled correctly. Please check the messages below.', 'danger'); return $this->edit($capability_id); } $capability_data = array('name' => $this->input->post('name'), 'description' => $this->input->post('description'), 'dependson' => $this->input->post('dependson')); $updated_or_added = empty($capability_id) ? 'added' : 'updated'; if (empty($capability_id)) { if (!($capability_id = $this->capability_model->add($capability_data))) { add_message('Could not create this capability!', 'danger'); redirect($redirect_url); } } else { if (!$this->capability_model->edit($capability_id, $capability_data)) { add_message('Could not update this capability!', 'danger'); redirect($redirect_url); } } add_message("The {$capability_data['name']} capability has been successfully {$updated_or_added}!", 'success'); redirect(base_url() . 'users/capability/browse'); }
function display() { global $CFG, $PAGE; require_capability('format/page:managepages', $this->context); $locks = format_page_lock::get_locks(); $mform = new format_page_lock_form($CFG->wwwroot . '/course/format/page/format.php', format_page_lock::decode($this->page->locks)); if ($mform->is_cancelled()) { redirect($PAGE->url_build('action', 'manage')); } else { if ($data = $mform->get_data()) { $lockdata = array(); foreach ($locks as $lock) { $lockdata = array_merge($lockdata, $lock->process_form($data)); } $lockinfo = array(); $lockinfo['showprereqs'] = $data->showprereqs; $lockinfo['visible'] = $data->visible; $lockinfo['locks'] = $lockdata; if (empty($lockinfo['locks'])) { $lockinfo = ''; } else { $lockinfo = format_page_lock::encode($lockinfo); } if (!set_field('format_page', 'locks', $lockinfo, 'id', $this->page->id)) { error('Failed to save lock information'); } redirect($PAGE->url_build('page', $this->page->id, 'action', 'lock')); } else { $PAGE->print_tabs('manage'); $mform->display(); } } }
function praxe_view_headm() { global $USER, $cm, $tab, $tab_modes, $CFG, $context; //$praxeaction = optional_param('praxeaction', null, PARAM_ALPHAEXT); //$school = optional_param('school', null, PARAM_INT); switch ($tab) { case PRAXE_TAB_HEADM_HOME: //$schoolid = optional_param('schoolid', 0, PARAM_INT); if ($schools = praxe_get_schools($USER->id)) { $this->content .= self::show_schools($schools, array('mode' => $tab_modes['headm'][PRAXE_TAB_HEADM_EDITSCHOOL])); } else { $this->content .= get_string('noschoolsavailable', 'praxe'); } break; case PRAXE_TAB_HEADM_ADDSCHOOL: self::addschool_form(); break; case PRAXE_TAB_HEADM_TEACHERS: $schoolid = optional_param('schoolid', 0, PARAM_INT); if ($schoolid > 0) { $this->content .= self::school_teachers_by_schools($USER->id, $schoolid); } else { $this->content .= self::school_teachers_by_schools($USER->id); } break; case PRAXE_TAB_HEADM_LOCATIONS: $schoolid = optional_param('schoolid', 0, PARAM_INT); if ($schoolid > 0) { $this->content .= self::show_locations($schoolid); } else { $this->content .= self::show_locations(null, $USER->id); $this->content .= "<p>" . get_string('to_create_location_choose_school', 'praxe') . "</p>"; } break; case PRAXE_TAB_HEADM_EDITSCHOOL: $schoolid = required_param('schoolid', PARAM_INT); $school = praxe_get_school($schoolid); if (!praxe_has_capability('editownschool') || !is_object($school) || !$school->headmaster == $USER->id) { print_error('notallowedaction', 'praxe'); } self::addschool_form(); $this->form->set_form_to_edit($school); break; case PRAXE_TAB_HEADM_ASSIGNTEACHERS: require_capability('mod/praxe:assignteachertoownschool', $context, $USER->id); $schoolid = required_param('schoolid', PARAM_INT); require_once $CFG->dirroot . '/mod/praxe/c_assignteachers.php'; $this->form = new praxe_assignteachers($schoolid); break; case PRAXE_TAB_HEADM_ADDLOCATION: require_capability('mod/praxe:createownlocation', $context, $USER->id); $schoolid = required_param('schoolid', PARAM_INT); require_once $CFG->dirroot . '/mod/praxe/c_addlocation.php'; $this->form = new praxe_addlocation($schoolid); break; default: redirect($CFG->wwwroot . '/mod/praxe/view.php?id=' . $cm->id); break; } }
public static function fix_page($pages) { //Don't forget to set it as static global $CFG, $DB; $params = self::validate_parameters(self::fix_page_parameters(), array('pages' => $pages)); $transaction = $DB->start_delegated_transaction(); //If an exception is thrown in the below code, all DB queries in this code will be rollback. $newpages = array(); foreach ($params['pages'] as $page) { $page = (object) $page; if (!($student = $DB->get_record('user', array('id' => $page->studentid)))) { throw new invalid_parameter_exception('No student with the specified id'); } list($cm, $emarking, $course, $context) = emarking_get_cm_course_instance_by_id($page->cmid); // now security checks self::validate_context($context); require_capability('mod/emarking:uploadexam', $context); // finally fix the page $page->id = emarking_fix_page($page->fileid, $student, $emarking, $context, $page->pagenumber); if ($page->id > 0) { $newpages[] = array('id' => $page->id); } } $transaction->allow_commit(); return $newpages; }
/** * Manage inplace editable saves. * * @param string $itemtype The type of item. * @param int $itemid The ID of the item. * @param mixed $newvalue The new value * @return string */ function tool_usertours_inplace_editable($itemtype, $itemid, $newvalue) { $context = \context_system::instance(); external_api::validate_context($context); require_capability('tool/usertours:managetours', $context); if ($itemtype === 'tourname') { $tour = helper::get_tour($itemid); $tour->set_name($newvalue)->persist(); return helper::render_tourname_inplace_editable($tour); } else { if ($itemtype === 'tourdescription') { $tour = helper::get_tour($itemid); $tour->set_description($newvalue)->persist(); return helper::render_tourdescription_inplace_editable($tour); } else { if ($itemtype === 'tourenabled') { $tour = helper::get_tour($itemid); $tour->set_enabled(!!$newvalue)->persist(); return helper::render_tourenabled_inplace_editable($tour); } else { if ($itemtype === 'stepname') { $step = helper::get_step($itemid); $step->set_title($newvalue)->persist(); return helper::render_stepname_inplace_editable($step); } } } } }
public function edit($invoice_tenancy_id, $order_id) { require_capability('orders:viewdocuments'); $this->load->model('miniant/abbreviation_model'); $this->load->model('miniant/invoice_tenancy_abbreviation_model'); $invoice_tenancy = $this->invoice_tenancy_model->get($invoice_tenancy_id); $invoice = $this->invoice_model->get(array('order_id' => $order_id), true); $tenancy = $this->tenancy_model->get($invoice_tenancy->tenancy_id); $abbreviations = $this->abbreviation_model->get(); $invoice_tenancy_abbreviations = $this->invoice_tenancy_abbreviation_model->get(array('invoice_tenancy_id' => $invoice_tenancy_id)); $invoice_tenancy->system_time = $this->order_model->get_total_time($invoice->order_id); form_element::$default_data['technician_time_hours'] = floor($invoice_tenancy->technician_time / 60 / 60); form_element::$default_data['technician_time_minutes'] = ($invoice_tenancy->technician_time - form_element::$default_data['technician_time_hours'] * 60 * 60) / 60; foreach ($abbreviations as $key => $abbreviation) { $abbreviations[$key]->selected = false; foreach ($invoice_tenancy_abbreviations as $invoice_tenancy_abbreviation) { if ($invoice_tenancy_abbreviation->abbreviation_id == $abbreviation->id) { $abbreviations[$key]->selected = true; } } } $title = "Edit invoice for {$tenancy->name}, job J{$order_id}"; $help = "Use this form to edit the time spent by technicians on this job."; $this->config->set_item('replacer', array('miniant' => null, 'orders' => array('/miniant/orders/order/index|Jobs'), 'documents' => array('/miniant/orders/documents/index/html/' . $order_id . '/0|Tenancy invoices', $order_id => 'J' . $order_id, $invoice_tenancy_id => 'Edit invoice'))); $this->config->set_item('exclude', array('edit')); $this->config->set_item('exclude_segment', array(7)); $title_options = array('title' => $title, 'help' => $help, 'expand' => 'page', 'icons' => array()); $pageDetails = array('title' => $title, 'title_options' => $title_options, 'content_view' => 'orders/documents/edit', 'tenancy' => $tenancy, 'invoice' => $invoice, 'order_id' => $order_id, 'abbreviations' => $abbreviations, 'invoice_tenancy_abbreviations' => $invoice_tenancy_abbreviations, 'invoice_tenancy' => $invoice_tenancy, 'jstoload' => array('bootstrap-slider'), 'feature_type' => 'Custom Feature', 'csstoload' => array('slider')); $this->load->view('template/default', $pageDetails); }
public function view_tree($unit_type_id) { $this->load->model('miniant/diagnostic_tree_model'); require_capability('orders:viewdiagnosticrules'); $tree = $this->diagnostic_tree_model->get_tree(); // Remove parts that cannot have issues foreach ($tree as $this_unit_type_id => $unit_type_object) { if ($this_unit_type_id != $unit_type_id) { unset($tree[$this_unit_type_id]); continue; } else { $unit_type_name = $unit_type_object->unit_type; } foreach ($unit_type_object->part_types as $key => $part_type) { if (!$part_type->can_have_issues) { unset($tree[$this_unit_type_id]->part_types[$key]); } } } $this->config->set_item('replacer', array('miniant' => null, 'steps' => array('/home|Administration', '/miniant/orders/steps/diagnostic_rules|Diagnostic rules'), 'orders' => null, 'view_tree' => array($unit_type_name))); $title = 'Diagnostic business rules'; $help = 'This tree can be used to edit diagnostic business rules'; $title_options = array('title' => $title, 'help' => $help, 'icons' => array()); $pageDetails = array('title' => $title, 'title_options' => $title_options, 'content_view' => 'orders/steps', 'tree' => $tree, 'jstoload' => array('orders/steps'), 'feature_type' => 'Custom Feature', 'unit_type_name' => $unit_type_name, 'module' => 'miniant', 'csstoload' => array('tree')); $this->load->view('template/default', $pageDetails); }
/** * Simulate the imscp/view.php web interface page: trigger events, completion, etc... * * @param int $imscpid the imscp instance id * @return array of warnings and status result * @since Moodle 3.0 * @throws moodle_exception */ public static function view_imscp($imscpid) { global $DB, $CFG; require_once($CFG->dirroot . "/mod/imscp/lib.php"); $params = self::validate_parameters(self::view_imscp_parameters(), array( 'imscpid' => $imscpid )); $warnings = array(); // Request and permission validation. $imscp = $DB->get_record('imscp', array('id' => $params['imscpid']), '*', MUST_EXIST); list($course, $cm) = get_course_and_cm_from_instance($imscp, 'imscp'); $context = context_module::instance($cm->id); self::validate_context($context); require_capability('mod/imscp:view', $context); // Call the imscp/lib API. imscp_view($imscp, $course, $cm, $context); $result = array(); $result['status'] = true; $result['warnings'] = $warnings; return $result; }
/** * Creates tags * Ex: tag_create('A VeRY cOoL Tag, Another NICE tag') * will create the following normalized {@link tag_normalize()} entries in tags table: * 'a very cool tag' * 'another nice tag' * * @param string $tag_names_csv CSV tag names (can be unnormalized) to be created. * @param string $tag_type type of tag to be created ("default" is the default value). * @return an array of tags ids, indexed by their normalized names */ function tag_create($tag_names_csv, $tag_type = "default") { global $USER; $textlib = textlib_get_instance(); $tags = explode(",", $tag_names_csv); $tag_object = new StdClass(); $tag_object->tagtype = $tag_type; $tag_object->userid = $USER->id; $systemcontext = get_context_instance(CONTEXT_SYSTEM); $can_create_tags = has_capability('moodle/tag:create', $systemcontext); $norm_tag_names_csv = ''; foreach ($tags as $tag) { // rawname keeps the original casing of the string $tag_object->rawname = tag_normalize($tag, false); // name lowercases the string $tag_object->name = tag_normalize($tag); $norm_tag_names_csv .= $tag_object->name . ','; $tag_object->timemodified = time(); $exists = record_exists('tag', 'name', $tag_object->name); if (!$exists && is_tag_name_valid($tag_object->name)) { if ($can_create_tags) { insert_record('tag', $tag_object); } else { require_capability('moodle/tag:create', $systemcontext); } } } $norm_tag_names_csv = $textlib->substr($norm_tag_names_csv, 0, -1); return tags_id($norm_tag_names_csv); }
/** * Updates the value in database and returns itself, called from inplace_editable callback * * @param int $itemid * @param mixed $newvalue * @return \self */ public static function update($itemid, $newvalue) { require_capability('moodle/tag:manage', context_system::instance()); $tag = core_tag_tag::get($itemid, '*', MUST_EXIST); $tag->update(array('rawname' => $newvalue)); return new self($tag); }
/** * Get course/cm/zoom objects from url parameters, and check for login/permissions. * * @return array Array of ($course, $cm, $zoom) */ function zoom_get_instance_setup() { global $DB; $id = optional_param('id', 0, PARAM_INT); // Course_module ID, or $n = optional_param('n', 0, PARAM_INT); // ... zoom instance ID - it should be named as the first character of the module. if ($id) { $cm = get_coursemodule_from_id('zoom', $id, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $zoom = $DB->get_record('zoom', array('id' => $cm->instance), '*', MUST_EXIST); } else { if ($n) { $zoom = $DB->get_record('zoom', array('id' => $n), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $zoom->course), '*', MUST_EXIST); $cm = get_coursemodule_from_instance('zoom', $zoom->id, $course->id, false, MUST_EXIST); } else { print_error('You must specify a course_module ID or an instance ID'); } } require_login($course, true, $cm); $context = context_module::instance($cm->id); require_capability('mod/zoom:view', $context); return array($course, $cm, $zoom); }
/** * Performs class deletion * @throws moodle_exception If there was an error in passed parameters. * @throws data_object_exception If there was an error deleting the entity. * @param array $data The incoming data parameter. * @return array An array of parameters, if successful. */ public static function class_delete(array $data) { global $USER, $DB; if (static::require_elis_dependencies() !== true) { throw new moodle_exception('ws_function_requires_elis', 'local_datahub'); } // Parameter validation. $params = self::validate_parameters(self::class_delete_parameters(), array('data' => $data)); // Context validation. $context = context_user::instance($USER->id); self::validate_context($context); // Initialize version1elis importplugin for utility functions. $importplugin = rlip_dataplugin_factory::factory('dhimport_version1elis'); // Get the class. $clsid = $DB->get_field(pmclass::TABLE, 'id', array('idnumber' => $data['idnumber'])); if (empty($clsid)) { throw new data_object_exception('ws_class_delete_fail_invalid_idnumber', 'local_datahub', '', $data); } // Capability checking. require_capability('local/elisprogram:class_delete', \local_elisprogram\context\pmclass::instance($clsid)); // Delete the class. $pmclass = new pmclass($clsid); $pmclass->delete(); // Verify class deleted & respond. if (!$DB->record_exists(pmclass::TABLE, array('id' => $clsid))) { return array('messagecode' => get_string('ws_class_delete_success_code', 'local_datahub'), 'message' => get_string('ws_class_delete_success_msg', 'local_datahub')); } else { throw new data_object_exception('ws_class_delete_fail', 'local_datahub'); } }
function view() { global $USER, $OUTPUT; $context = context_module::instance($this->cm->id); require_capability('mod/assignment:view', $context); add_to_log($this->course->id, "assignment", "view", "view.php?id={$this->cm->id}", $this->assignment->id, $this->cm->id); $this->view_header(); $this->view_intro(); $this->view_dates(); $filecount = false; if ($submission = $this->get_submission($USER->id)) { $filecount = $this->count_user_files($submission->id); if ($submission->timemarked) { $this->view_feedback(); } if ($filecount) { echo $OUTPUT->box($this->print_user_files($USER->id, true), 'generalbox boxaligncenter'); } } if (is_enrolled($this->context, $USER, 'mod/assignment:submit') && $this->isopen() && (!$filecount || $this->assignment->resubmit || !$submission->timemarked)) { $this->view_upload_form(); } $this->view_footer(); }
public function index($assignment_id) { require_capability('servicequotes:writesqs'); if (!($assignment = $this->assignment_model->get($assignment_id))) { die("The assignment ID {$assignment_id} could not be found!"); } $this->assignment = $this->assignment_model->get($assignment_id); if (empty($this->assignment)) { add_message('This job is no longer on record.', 'warning'); redirect(base_url()); } $order = $this->order_model->get($this->assignment->order_id); $order_type = $this->order_model->get_type_string($order->order_type_id); parent::update_time($order->id); $diagnostics = $this->diagnostic_model->get_for_technician($this->assignment, $this->session->userdata('technician_id'), $order->senior_technician_id); $diagnostic = reset($diagnostics); $tasks = $this->order_model->get_tasks($order->id); $this->load->library('Miniant_Workflow_manager', array(), 'workflow_manager'); $this->workflow_manager->initialise(array('workflow' => $order_type, 'stage' => 'postjob_checklist', 'param' => $assignment_id, 'module' => 'miniant')); $title_options = array('title' => $order_type . ' post-job checklist', 'help' => 'You must complete these tasks before obtaining the client\'s signature', 'icons' => array()); $complete = $this->order_model->has_statuses($order->id, array('POST-JOB COMPLETE')); if (!$complete) { add_message('You must complete all the tasks below before moving to the next section', 'warning'); } $this->load_stage_view(array('tasks' => $tasks, 'completed' => $complete)); }
/** * Return a list of comments * * @param string $contextlevel ('system, course, user', etc..) * @param int $instanceid * @param string $component the name of the component * @param int $itemid the item id * @param string $area comment area * @param int $page page number * @return array of comments and warnings * @since Moodle 2.9 */ public static function get_comments($contextlevel, $instanceid, $component, $itemid, $area = '', $page = 0) { $warnings = array(); $arrayparams = array('contextlevel' => $contextlevel, 'instanceid' => $instanceid, 'component' => $component, 'itemid' => $itemid, 'area' => $area, 'page' => $page); $params = self::validate_parameters(self::get_comments_parameters(), $arrayparams); $context = self::get_context_from_params($params); self::validate_context($context); require_capability('moodle/comment:view', $context); $args = new stdClass(); $args->context = $context; $args->area = $params['area']; $args->itemid = $params['itemid']; $args->component = $params['component']; $commentobject = new comment($args); $comments = $commentobject->get_comments($params['page']); // False means no permissions to see comments. if ($comments === false) { throw new moodle_exception('nopermissions', 'error', '', 'view comments'); } foreach ($comments as $key => $comment) { list($comments[$key]->content, $comments[$key]->format) = external_format_text($comment->content, $comment->format, $context->id, $params['component'], '', 0); } $results = array('comments' => $comments, 'warnings' => $warnings); return $results; }
/** * Validate access permissions to the report * * @param int $courseid the courseid * @param int $userid the user id to retrieve data from * @param int $groupid the group id * @return array with the parameters cleaned and other required information * @since Moodle 3.2 */ protected static function check_report_access($courseid, $userid, $groupid = 0) { global $USER; // Validate the parameter. $params = self::validate_parameters(self::get_grades_table_parameters(), array('courseid' => $courseid, 'userid' => $userid, 'groupid' => $groupid)); // Compact/extract functions are not recommended. $courseid = $params['courseid']; $userid = $params['userid']; $groupid = $params['groupid']; // Function get_course internally throws an exception if the course doesn't exist. $course = get_course($courseid); $context = context_course::instance($courseid); self::validate_context($context); // Specific capabilities. require_capability('gradereport/user:view', $context); $user = null; if (empty($userid)) { require_capability('moodle/grade:viewall', $context); } else { $user = core_user::get_user($userid, '*', MUST_EXIST); core_user::require_active_user($user); // Check if we can view the user group (if any). // When userid == 0, we are retrieving all the users, we'll check then if a groupid is required. if (!groups_user_groups_visible($course, $user->id)) { throw new moodle_exception('notingroup'); } } $access = false; if (has_capability('moodle/grade:viewall', $context)) { // Can view all course grades. $access = true; } else { if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) { // View own grades. $access = true; } } if (!$access) { throw new moodle_exception('nopermissiontoviewgrades', 'error'); } if (!empty($groupid)) { // Determine is the group is visible to user. if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { // Check to see if groups are being used here. if ($groupmode = groups_get_course_groupmode($course)) { $groupid = groups_get_course_group($course); // Determine is the group is visible to user (this is particullary for the group 0). if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { $groupid = 0; } } return array($params, $course, $context, $user, $groupid); }
function view() { global $USER, $OUTPUT; require_capability('mod/assignment:view', $this->context); $cansubmit = has_capability('mod/assignment:submit', $this->context); add_to_log($this->course->id, 'assignment', 'view', "view.php?id={$this->cm->id}", $this->assignment->id, $this->cm->id); $this->view_header(); if ($this->assignment->timeavailable > time() and !has_capability('mod/assignment:grade', $this->context) // grading user can see it anytime and $this->assignment->var3) { // force hiding before available date echo $OUTPUT->box_start('generalbox boxaligncenter', 'intro'); print_string('notavailableyet', 'assignment'); echo $OUTPUT->box_end(); } else { $this->view_intro(); } $this->view_dates(); if (is_enrolled($this->context, $USER)) { if ($submission = $this->get_submission($USER->id)) { $filecount = $this->count_user_files($submission->id); } else { $filecount = 0; } if ($cansubmit or !empty($filecount)) { //if a user has submitted files using a previous role we should still show the files $this->view_feedback(); if (!$this->drafts_tracked() or !$this->isopen() or $this->is_finalized($submission)) { echo $OUTPUT->heading(get_string('submission', 'assignment'), 3); } else { echo $OUTPUT->heading(get_string('submissiondraft', 'assignment'), 3); } if ($filecount and $submission) { echo $OUTPUT->box($this->print_user_files($USER->id, true), 'generalbox boxaligncenter', 'userfiles'); } else { if (!$this->isopen() or $this->is_finalized($submission)) { echo $OUTPUT->box(get_string('nofiles', 'assignment'), 'generalbox boxaligncenter nofiles', 'userfiles'); } else { echo $OUTPUT->box(get_string('nofilesyet', 'assignment'), 'generalbox boxaligncenter nofiles', 'userfiles'); } } $this->view_upload_form(); if ($this->notes_allowed()) { echo $OUTPUT->heading(get_string('notes', 'assignment'), 3); $this->view_notes(); } $this->view_final_submission(); } } $this->view_footer(); }
/** * Updates the value in database and returns itself, called from inplace_editable callback * * @param int $itemid * @param mixed $newvalue * @return \self */ public static function update($itemid, $newvalue) { global $DB; require_capability('moodle/tag:manage', context_system::instance()); $tagcoll = $DB->get_record('tag_coll', array('id' => $itemid), '*', MUST_EXIST); \core_tag_collection::update($tagcoll, array('name' => $newvalue)); return new self($tagcoll); }
/** * Updates the value in database and returns itself, called from inplace_editable callback * * @param int $itemid * @param mixed $newvalue * @return \self */ public static function update($itemid, $newvalue) { require_capability('moodle/tag:manage', context_system::instance()); $tag = core_tag_tag::get($itemid, '*', MUST_EXIST); $newvalue = (int) clean_param($newvalue, PARAM_BOOL); $tag->update(array('isstandard' => $newvalue)); return new self($tag); }
public function __construct() { parent::__construct(); $this->load->library('form_validation'); $this->config->set_item('replacer', array('orders' => array('index|Jobs'))); $this->config->set_item('exclude', array('index')); require_capability('orders:manageunits'); }
/** * Do any security checks needed for the passed action * * @param string $action */ public function require_capability($action) { global $PAGE; if ($action !== 'addsection') { throw new \coding_exception("Missing capability check for {$action} action"); } require_capability('moodle/course:update', $PAGE->context); }
/** * Do any security checks needed for the passed action * * @param string $action */ public function require_capability($action) { global $PAGE; require_capability('mod/hsuforum:viewdiscussion', $PAGE->context); if (is_guest($PAGE->context)) { print_error('noguest'); } }
function check_move_permissions($forum, $targetforum) { // Check permission for move. require_capability('mod/forumng:movediscussions', $forum->get_context()); require_capability('mod/forumng:movediscussions', $targetforum->get_context()); $aag = has_capability('moodle/site:accessallgroups', $targetforum->get_context()); return $aag; }
public function process_edit() { require_capability('maintenance_contracts:editcontracts'); if ($this->input->post('return')) { redirect(base_url() . 'miniant/maintenance_contracts/browse'); } $required_fields = array('account_id' => "Billing account", 'site_address_id' => "Job site address"); if ($maintenance_contract_id = (int) $this->input->post('maintenance_contract_id')) { $maintenance_contract = $this->maintenance_contract_model->get($maintenance_contract_id); $redirect_url = base_url() . 'miniant/maintenance_contracts/browse'; } else { $required_fields['creation_date'] = "Creation date"; $required_fields['next_maintenance_date'] = "Next maintenance date"; $required_fields['schedule_interval'] = "Schedule type"; } foreach ($required_fields as $field => $description) { $this->form_validation->set_rules($field, $description, 'trim|required'); } $success = $this->form_validation->run(); $action_word = $maintenance_contract_id ? 'updated' : 'created'; if (!$success) { echo validation_errors(); add_message('The form could not be submitted. Please check the errors below', 'danger'); return $this->edit($maintenance_contract_id); } // The billing and property manager contacts are created dynamically through AJAX before we get to this point $billing_contact_id = $this->contact_model->get(array('contact_type_id' => $this->contact_model->get_type_id('Billing'), 'account_id' => $this->input->post('account_id')), true)->id; $maintenance_contract_type_id = $this->input->post('maintenance_contract_type_id'); $maintenance_contract_data = array('creation_date' => human_to_unix($this->input->post('creation_date')), 'account_id' => $this->input->post('account_id'), 'site_address_id' => $this->input->post('site_address_id'), 'billing_contact_id' => $billing_contact_id); $maintenance_contract_data['next_maintenance_date'] = human_to_unix($this->input->post('next_maintenance_date')); $property_manager_contact = $this->contact_model->get(array('contact_type_id' => $this->contact_model->get_type_id('Property manager'), 'account_id' => $this->input->post('account_id')), true); if (!empty($property_manager_contact)) { $maintenance_contract_data['property_manager_contact_id'] = $property_manager_contact->id; } // Don't allow removal of creation date if (empty($maintenance_contract_data['creation_date'])) { unset($maintenance_contract_data['creation_date']); } if (!empty($maintenance_contract_id)) { if (!$this->maintenance_contract_model->edit($maintenance_contract_id, $maintenance_contract_data)) { add_message('Could not update this Maintenance contract!', 'error'); redirect($redirect_url); } else { trigger_event('admin_prep_finished', 'maintenance_contracts', $maintenance_contract_id, false, 'miniant'); $redirect_url = base_url() . 'miniant/maintenance_contracts/browse/'; } } else { if (!($maintenance_contract_id = $this->maintenance_contract_model->add($maintenance_contract_data))) { add_message('Could not create this Maintenance contract!', 'error'); redirect($redirect_url); } else { trigger_event('create_maintenance_contract', 'maintenance_contracts', $maintenance_contract_id, false, 'miniant'); $redirect_url = base_url() . 'miniant/maintenance_contracts/edit/' . $maintenance_contract_id . '#maintenance_contract_units'; } } add_message("Maintenance contract {$maintenance_contract_id} has been successfully {$action_word}!", 'success'); redirect($redirect_url); }
public function process_edit() { require_capability('site:editsettings'); $required_fields = array('name' => 'Name'); if ($setting_id = (int) $this->input->post('setting_id')) { $setting = $this->setting_model->get($setting_id); $redirect_url = base_url() . 'settings/edit/' . $setting_id; } else { $redirect_url = base_url() . 'settings/add'; $setting_id = null; } foreach ($required_fields as $field => $value) { $this->form_validation->set_rules($field, $value, 'trim|required'); } $success = $this->form_validation->run(); $action_word = $setting_id ? 'updated' : 'created'; if (IS_AJAX) { $json = new stdClass(); if ($success) { $json->result = 'success'; $json->message = "setting {$setting_id} has been successfully {$action_word}!"; } else { $json->result = 'error'; $json->message = $this->form_validation->error_string(' ', "\n"); echo json_encode($json); return null; } } else { if (!$success) { add_message('The form could not be submitted. Please check the errors below', 'danger'); $errors = validation_errors(); return $this->edit($setting_id); } } $value = $this->input->post('value'); if (is_array($value)) { $value = implode(',', $value); } $setting_data = array('name' => $this->input->post('name'), 'value' => $value); if (empty($setting_id)) { if (!($setting_id = $this->setting_model->add($setting_data))) { add_message('Could not create this setting!', 'error'); redirect($redirect_url); } } else { if (!$this->setting_model->edit($setting_id, $setting_data)) { add_message('Could not update this setting!', 'error'); redirect($redirect_url); } } // If requested through AJAX, echo response, do not redirect if (IS_AJAX) { echo json_encode($json); return null; } add_message("setting {$setting_id} has been successfully {$action_word}!", 'success'); redirect(base_url() . 'settings'); }
function process_edit() { require_capability('users:editcontacts'); $required_fields = array('first_name' => 'First Name', 'surname' => 'Surname', 'phone' => 'Landline phone 1', 'email' => 'Email address 1', 'account_id' => 'Account', 'contact_type_id' => 'Contact type'); if ($contact_id = (int) $this->input->post('contact_id')) { require_capability('users:editcontacts'); $contact = $this->contact_model->get($contact_id); $redirect_url = base_url() . 'users/contact/edit/' . $contact_id; } else { require_capability('users:writecontacts'); $redirect_url = base_url() . 'users/contact/add'; $contact_id = null; } foreach ($required_fields as $field => $description) { $rule = strstr($field, 'email') ? 'trim|required|valid_email' : 'trim|required'; $this->form_validation->set_rules($field, $description, $rule); } $this->form_validation->set_rules('email2', 'Email address 2', 'trim|valid_email'); $success = $this->form_validation->run(); $action_word = $contact_id ? 'updated' : 'created'; if (IS_AJAX) { $json = new stdClass(); if ($success) { $json->result = 'success'; $json->message = "contact {$contact_id} has been successfully {$action_word}!"; } else { $json->result = 'error'; $json->message = $this->form_validation->error_string(' ', "\n"); echo json_encode($json); return null; } } else { if (!$success) { add_message('The form could not be submitted. Please check the errors below', 'danger'); $errors = validation_errors(); return $this->edit($contact_id); } } $contact_data = array('first_name' => $this->input->post('first_name'), 'surname' => $this->input->post('surname'), 'phone' => $this->input->post('phone'), 'mobile' => $this->input->post('mobile'), 'email' => $this->input->post('email'), 'phone2' => $this->input->post('phone2'), 'mobile2' => $this->input->post('mobile2'), 'email2' => $this->input->post('email2'), 'account_id' => $this->input->post('account_id'), 'contact_type_id' => $this->input->post('contact_type_id')); if (empty($contact_id)) { if (!($contact_id = $this->contact_model->add($contact_data))) { add_message('Could not create this contact!', 'error'); redirect($redirect_url); } } else { if (!$this->contact_model->edit($contact_id, $contact_data)) { add_message('Could not update this contact!', 'error'); redirect($redirect_url); } } // If requested through AJAX, echo response, do not redirect if (IS_AJAX) { echo json_encode($json); return null; } add_message("contact {$contact_id} has been successfully {$action_word}!", 'success'); redirect(base_url() . 'users/contact'); }
/** * Enrolment of users. * * Function throw an exception at the first error encountered. * @param array $enrolments An array of user enrolment * @since Moodle 2.2 */ public static function enrol_users($enrolments) { global $DB, $CFG; require_once $CFG->libdir . '/enrollib.php'; $params = self::validate_parameters(self::enrol_users_parameters(), array('enrolments' => $enrolments)); $transaction = $DB->start_delegated_transaction(); // Rollback all enrolment if an error occurs // (except if the DB doesn't support it). // Retrieve the manual enrolment plugin. $enrol = enrol_get_plugin('manual'); if (empty($enrol)) { throw new moodle_exception('manualpluginnotinstalled', 'enrol_manual'); } foreach ($params['enrolments'] as $enrolment) { // Ensure the current user is allowed to run this function in the enrolment context. $context = context_course::instance($enrolment['courseid'], IGNORE_MISSING); self::validate_context($context); // Check that the user has the permission to manual enrol. require_capability('enrol/manual:enrol', $context); // Throw an exception if user is not able to assign the role. $roles = get_assignable_roles($context); if (!array_key_exists($enrolment['roleid'], $roles)) { $errorparams = new stdClass(); $errorparams->roleid = $enrolment['roleid']; $errorparams->courseid = $enrolment['courseid']; $errorparams->userid = $enrolment['userid']; throw new moodle_exception('wsusercannotassign', 'enrol_manual', '', $errorparams); } // Check manual enrolment plugin instance is enabled/exist. $instance = null; $enrolinstances = enrol_get_instances($enrolment['courseid'], true); foreach ($enrolinstances as $courseenrolinstance) { if ($courseenrolinstance->enrol == "manual") { $instance = $courseenrolinstance; break; } } if (empty($instance)) { $errorparams = new stdClass(); $errorparams->courseid = $enrolment['courseid']; throw new moodle_exception('wsnoinstance', 'enrol_manual', $errorparams); } // Check that the plugin accept enrolment (it should always the case, it's hard coded in the plugin). if (!$enrol->allow_enrol($instance)) { $errorparams = new stdClass(); $errorparams->roleid = $enrolment['roleid']; $errorparams->courseid = $enrolment['courseid']; $errorparams->userid = $enrolment['userid']; throw new moodle_exception('wscannotenrol', 'enrol_manual', '', $errorparams); } // Finally proceed the enrolment. $enrolment['timestart'] = isset($enrolment['timestart']) ? $enrolment['timestart'] : 0; $enrolment['timeend'] = isset($enrolment['timeend']) ? $enrolment['timeend'] : 0; $enrolment['status'] = isset($enrolment['suspend']) && !empty($enrolment['suspend']) ? ENROL_USER_SUSPENDED : ENROL_USER_ACTIVE; $enrol->enrol_user($instance, $enrolment['userid'], $enrolment['roleid'], $enrolment['timestart'], $enrolment['timeend'], $enrolment['status']); } $transaction->allow_commit(); }
function upload() { global $CFG, $USER; require_capability('mod/assignment:submit', get_context_instance(CONTEXT_MODULE, $this->cm->id)); $this->view_header(get_string('upload')); $filecount = $this->count_user_files($USER->id); $submission = $this->get_submission($USER->id); if ($this->isopen() && (!$filecount || $this->assignment->resubmit || !$submission->timemarked)) { if ($submission = $this->get_submission($USER->id)) { //TODO: change later to ">= 0", to prevent resubmission when graded 0 if ($submission->grade > 0 and !$this->assignment->resubmit) { notify(get_string('alreadygraded', 'assignment')); } } $dir = $this->file_area_name($USER->id); require_once $CFG->dirroot . '/lib/uploadlib.php'; $um = new upload_manager('newfile', true, false, $this->course, false, $this->assignment->maxbytes); if ($um->process_file_uploads($dir)) { $newfile_name = $um->get_new_filename(); if ($submission) { $submission->timemodified = time(); $submission->numfiles = 1; $submission->submissioncomment = addslashes($submission->submissioncomment); unset($submission->data1); // Don't need to update this. unset($submission->data2); // Don't need to update this. if (update_record("assignment_submissions", $submission)) { add_to_log($this->course->id, 'assignment', 'upload', 'view.php?a=' . $this->assignment->id, $this->assignment->id, $this->cm->id); $submission = $this->get_submission($USER->id); $this->update_grade($submission); $this->email_teachers($submission); print_heading(get_string('uploadedfile')); } else { notify(get_string("uploadfailnoupdate", "assignment")); } } else { $newsubmission = $this->prepare_new_submission($USER->id); $newsubmission->timemodified = time(); $newsubmission->numfiles = 1; if (insert_record('assignment_submissions', $newsubmission)) { add_to_log($this->course->id, 'assignment', 'upload', 'view.php?a=' . $this->assignment->id, $this->assignment->id, $this->cm->id); $submission = $this->get_submission($USER->id); $this->update_grade($submission); $this->email_teachers($newsubmission); print_heading(get_string('uploadedfile')); } else { notify(get_string("uploadnotregistered", "assignment", $newfile_name)); } } } } else { notify(get_string("uploaderror", "assignment")); //submitting not allowed! } print_continue('view.php?id=' . $this->cm->id); $this->view_footer(); }
/** * Implements callback inplace_editable() allowing to edit values in-place * * @param string $itemtype * @param int $itemid * @param mixed $newvalue * @return \core\output\inplace_editable */ function core_tag_inplace_editable($itemtype, $itemid, $newvalue) { if ($itemtype === 'tagname') { require_capability('moodle/tag:manage', context_system::instance()); $tag = core_tag_tag::get($itemid, '*', MUST_EXIST); $tag->update(array('rawname' => $newvalue)); return new \core_tag\output\tagname($tag); } }
/** * Toggle user vote for a question. * * @param $qid * @return array [string] * @throws \invalid_parameter_exception */ public static function vote($qaqid) { global $DB; $params = self::validate_parameters(self::vote_parameters(), array('qaqid' => $qaqid)); $qaqid = $params['qaqid']; $question = \mod_qa\question::from_id($qaqid); require_capability('mod/qa:vote', $question->get_context()); return $question->toggle_vote(); }