MDL-37473 completion: Add missing cap checks to tracked users functions

Namely get_num_tracked_users and is_tracked_user()

diff --git a/blocks/completionstatus/block_completionstatus.php b/blocks/completionstatus/block_completionstatus.php
index 12f0ea1..b2cb803 100644 (file)
--- a/blocks/completionstatus/block_completionstatus.php
+++ b/blocks/completionstatus/block_completionstatus.php
@@ -220,7 +220,7 @@ class block_completionstatus extends block_base {
             $this->content->footer = '<br><a href="'.$details->out().'">'.get_string('moredetails', 'completion').'</a>';
         } else {
             // If user is not enrolled, show error
-            $this->content->text = get_string('notenroled', 'completion');
+            $this->content->text = get_string('nottracked', 'completion');
         }
 
         if (has_capability('report/completion:view', $context)) {

diff --git a/blocks/selfcompletion/block_selfcompletion.php b/blocks/selfcompletion/block_selfcompletion.php
index 9ea6db4..fe0d3af 100644 (file)
--- a/blocks/selfcompletion/block_selfcompletion.php
+++ b/blocks/selfcompletion/block_selfcompletion.php
@@ -87,7 +87,7 @@ class block_selfcompletion extends block_base {
 
         // Check this user is enroled
         if (!$info->is_tracked_user($USER->id)) {
-            $this->content->text = get_string('notenroled', 'completion');
+            $this->content->text = get_string('nottracked', 'completion');
             return $this->content;
         }
 

diff --git a/course/togglecompletion.php b/course/togglecompletion.php
index 3773890..0be2108 100644 (file)
--- a/course/togglecompletion.php
+++ b/course/togglecompletion.php
@@ -45,6 +45,11 @@ if ($courseid) {
     require_login($course);
 
     $completion = new completion_info($course);
+    if (!$completion->is_enabled()) {
+        throw new moodle_exception('completionnotenabled', 'completion');
+    } elseif (!$completion->is_tracked_user($USER->id)) {
+        throw new moodle_exception('nottracked', 'completion');
+    }
 
     // Check if we are marking a user complete via the completion report
     $user = optional_param('user', 0, PARAM_INT);
@@ -136,7 +141,9 @@ if (isguestuser() or !confirm_sesskey()) {
 // Now change state
 $completion = new completion_info($course);
 if (!$completion->is_enabled()) {
-    die;
+    throw new moodle_exception('completionnotenabled', 'completion');
+} elseif (!$completion->is_tracked_user($USER->id)) {
+    throw new moodle_exception('nottracked', 'completion');
 }
 
 // Check completion state is manual

diff --git a/lang/en/completion.php b/lang/en/completion.php
index a488b9d..d3230bb 100644 (file)
--- a/lang/en/completion.php
+++ b/lang/en/completion.php
@@ -135,9 +135,10 @@ $string['markcomplete']='Mark complete';
 $string['markedcompleteby']='Marked complete by {$a}';
 $string['markingyourselfcomplete']='Marking yourself complete';
 $string['moredetails']='More details';
-$string['notcompleted'] = 'Not completed';
 $string['nocriteriaset']='No completion criteria set for this course';
+$string['notcompleted'] = 'Not completed';
 $string['notenroled']='You are not enrolled in this course';
+$string['nottracked']='You are currently not being tracked by completion in this course';
 $string['notyetstarted']='Not yet started';
 $string['overallcriteriaaggregation']='Overall criteria type aggregation';
 $string['pending']='Pending';

diff --git a/lib/completionlib.php b/lib/completionlib.php
index 1dd79dd..4a4abcb 100644 (file)
--- a/lib/completionlib.php
+++ b/lib/completionlib.php
@@ -1021,7 +1021,7 @@ class completion_info {
      * @return bool
      */
     public function is_tracked_user($userid) {
-        return is_enrolled(context_course::instance($this->course->id), $userid, '', true);
+        return is_enrolled(context_course::instance($this->course->id), $userid, 'moodle/course:isincompletionreports', true);
     }
 
     /**
@@ -1038,7 +1038,7 @@ class completion_info {
         global $DB;
 
         list($enrolledsql, $enrolledparams) = get_enrolled_sql(
-                context_course::instance($this->course->id), '', $groupid, true);
+                context_course::instance($this->course->id), 'moodle/course:isincompletionreports', $groupid, true);
         $sql  = 'SELECT COUNT(eu.id) FROM (' . $enrolledsql . ') eu JOIN {user} u ON u.id = eu.id';
         if ($where) {
             $sql .= " WHERE $where";