} } } //CAPABILITIES $access_createreports = has_capability('block/ilp:addreport', $context); $access_editreports = has_capability('block/ilp:editreport', $context); $access_deletereports = has_capability('block/ilp:deletereport', $context); $access_viewreports = has_capability('block/ilp:viewreport', $context); $access_viewilp = has_capability('block/ilp:viewilp', $context); $access_viewotherilp = has_capability('block/ilp:viewotherilp', $context); $access_addcomment = has_capability('block/ilp:addcomment', $context); $access_editcomment = has_capability('block/ilp:editcomment', $context); $access_deletecomment = has_capability('block/ilp:deletecomment', $context); $access_viewcomment = has_capability('block/ilp:viewcomment', $context); //check if the current user is an admin or has the ilpviewall capabilty at site level $ilpadmin = has_capability('block/ilp:ilpviewall', $sitecontext); $access_ilp_admin = ilp_is_siteadmin($USER->id) || $ilpadmin ? true : false; if (!empty($access_ilp_admin)) { $access_createreports = true; $access_editreports = true; $access_deletereports = true; $access_viewreports = true; $access_viewilp = true; $access_viewotherilp = true; $access_addcomment = true; $access_editcomment = true; $access_deletecomment = true; $access_viewcomment = true; } //TODO: we should not be in the course context change to another context $PAGE->set_context($context);
/** * returns true or false depending on whether role (or one of the roles given) * has a cappability in a report * * @param int $report_id the id of the report whose permission * is being checked * @param mixed $role_id int a single role id or array filled with * a series of role_ids * @param the id of the capability we are checking if the user has for the report * * @return mixed array with recordset objects or false */ function has_report_permission($report_id, $role_id, $capability_id) { global $USER, $CFG; require_once $CFG->dirroot . "/blocks/ilp/lib.php"; //adding addtional lines that return true if the user is either a site admin or has the ilpviewall capabilty at site level //get sote context $sitecontext = get_context_instance(CONTEXT_SYSTEM); //check for the ilpviewall capability at site level this gives the user rights to view all $ilpadmin = has_capability('block/ilp:ilpviewall', $sitecontext); $is_admin = ilp_is_siteadmin($USER->id) || $ilpadmin ? true : false; //if permissions where returned from then the role (or one of the roles given) has the permission in the course $permissions = $this->get_reportpermissions_by_criteria($report_id, $role_id, $capability_id); return !empty($permissions) || !empty($is_admin) ? true : false; }
if (!empty($capability)) { $access_report_editcomment = $dbc->has_report_permission($report_id, $role_ids, $capability->id); } } if ($access_deletecomment) { $capability = $dbc->get_capability_by_name('block/ilp:deletecomment'); if (!empty($capability)) { $access_report_deletecomment = $dbc->has_report_permission($report_id, $role_ids, $capability->id); } } if ($access_viewcomment) { $capability = $dbc->get_capability_by_name('block/ilp:viewcomment'); if (!empty($capability)) { $access_report_viewcomment = $dbc->has_report_permission($report_id, $role_ids, $capability->id); } } //check for the ilpviewall capability at site level this gives the user rights to view all $ilpadmin = has_capability('block/ilp:ilpviewall', $sitecontext); //this is only in for debug and testing purposes if (ilp_is_siteadmin($USER->id) || $ilpadmin) { $access_report_createreports = 1; $access_report_editreports = 1; $access_report_deletereports = 1; $access_report_viewreports = 1; $access_report_viewilp = 1; $access_report_viewotherilp = 1; } if (empty($access_report_viewotherilp) && $USER->id != $user_id) { //the user doesnt have the capability to create this type of report entry print_error('accessnotallowed', 'block_ilp'); }