MDL-11951 - supplemental - need capability checks in the outer if of the file too. Merged from MOODLE_19_STABLE.
This commit is contained in:
@@ -5,12 +5,19 @@
|
||||
if (get_site()) { //do not use during installation
|
||||
$frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID);
|
||||
|
||||
if ($hassiteconfig
|
||||
or has_capability('moodle/course:update', $frontpagecontext)
|
||||
or has_capability('moodle/role:assign', $frontpagecontext)
|
||||
or has_capability('moodle/site:restore', $frontpagecontext)
|
||||
or has_capability('moodle/site:backup', $frontpagecontext)
|
||||
or has_capability('moodle/course:managefiles', $frontpagecontext)) {
|
||||
if ($hassiteconfig or has_any_capability(array(
|
||||
'moodle/course:update',
|
||||
'moodle/role:assign',
|
||||
'moodle/site:restore',
|
||||
'moodle/site:backup',
|
||||
'moodle/course:managefiles',
|
||||
'moodle/question:add',
|
||||
'moodle/question:editmine',
|
||||
'moodle/question:editall',
|
||||
'moodle/question:viewmine',
|
||||
'moodle/question:viewall',
|
||||
'moodle/question:movemine',
|
||||
'moodle/question:moveall'), $frontpagecontext)) {
|
||||
|
||||
// "frontpage" settingpage
|
||||
$temp = new admin_settingpage('frontpagesettings', get_string('frontpagesettings','admin'), 'moodle/course:update', false, $frontpagecontext);
|
||||
|
||||
@@ -429,6 +429,28 @@ function has_capability($capability, $context, $userid=NULL, $doanything=true) {
|
||||
return has_capability_in_accessdata($capability, $context, $ACCESS[$userid], $doanything);
|
||||
}
|
||||
|
||||
/**
|
||||
* This function returns whether the current user has any of the capabilities in the
|
||||
* $capabilities array. This is a simple wrapper around has_capability for convinience.
|
||||
*
|
||||
* There are probably tricks that could be done to improve the performance here, for example,
|
||||
* check the capabilities that are already cached first.
|
||||
*
|
||||
* @param array $capabilities - an array of capability names.
|
||||
* @param object $context - a context object (record from context table)
|
||||
* @param integer $userid - a userid number, empty if current $USER
|
||||
* @param bool $doanything - if false, ignore do anything
|
||||
* @return bool
|
||||
*/
|
||||
function has_any_capability($capabilities, $context, $userid=NULL, $doanything=true) {
|
||||
foreach ($capabilities as $capability) {
|
||||
if (has_any_capability($capability, $context, $userid, $doanything)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uses 1 DB query to answer whether a user is an admin at the sitelevel.
|
||||
* It depends on DB schema >=1.7 but does not depend on the new datastructures
|
||||
|
||||
Reference in New Issue
Block a user