MDL-59671 core_calendar: replace current delete permission checks

diff --git a/calendar/classes/external/event_exporter.php b/calendar/classes/external/event_exporter.php
index dd189b7..ce78114 100644 (file)
--- a/calendar/classes/external/event_exporter.php
+++ b/calendar/classes/external/event_exporter.php
@@ -236,7 +236,7 @@ class event_exporter extends exporter {
         }
 
         $values['canedit'] = calendar_edit_event_allowed($legacyevent);
-        $values['candelete'] = (!$values['isactionevent'] && $values['canedit']);
+        $values['candelete'] = calendar_delete_event_allowed($legacyevent);
 
         // Handle event subscription.
         $values['subscription'] = null;

diff --git a/calendar/delete.php b/calendar/delete.php
index 93c6c4d..79f464f 100644 (file)
--- a/calendar/delete.php
+++ b/calendar/delete.php
@@ -57,10 +57,10 @@ require_login($course);
 if (!$course) {
     $PAGE->set_context(context_system::instance()); //TODO: wrong
 }
-
-// Check the user has the required capabilities to edit an event
-if (!calendar_edit_event_allowed($event)) {
-    print_error('nopermissions');
+$title = get_string('deleteevent', 'calendar');
+// Check the user has the required capabilities to delete an event
+if (!calendar_delete_event_allowed($event)) {
+    print_error('nopermissions', 'error', $PAGE->url, $title);
 }
 
 // Count the repeats, do we need to consider the possibility of deleting repeats
@@ -88,7 +88,6 @@ if ($confirm) {
 }
 
 // Prepare the page to show the confirmation form
-$title = get_string('deleteevent', 'calendar');
 $strcalendar = get_string('calendar', 'calendar');
 
 $PAGE->navbar->add($strcalendar, $viewcalendarurl);

diff --git a/calendar/externallib.php b/calendar/externallib.php
index 129bf60..2356f9e 100644 (file)
--- a/calendar/externallib.php
+++ b/calendar/externallib.php
@@ -91,8 +91,8 @@ class core_calendar_external extends external_api {
             $eventobj = calendar_event::load($event['eventid']);
 
             // Let's check if the user is allowed to delete an event.
-            if (!calendar_edit_event_allowed($eventobj)) {
-                throw new moodle_exception("nopermissions");
+            if (!calendar_delete_event_allowed($eventobj)) {
+                throw new moodle_exception('nopermissions', 'error', '', get_string('deleteevent', 'calendar'));
             }
             // Time to do the magic.
             $eventobj->delete($event['repeat']);

diff --git a/calendar/renderer.php b/calendar/renderer.php
index 940be31..f1bebaa 100644 (file)
--- a/calendar/renderer.php
+++ b/calendar/renderer.php
@@ -228,7 +228,7 @@ class core_calendar_renderer extends plugin_renderer_base {
 
         $output .= $this->output->box_start('card-header clearfix');
         if (calendar_edit_event_allowed($event) && $showactions) {
-            if (empty($event->cmid)) {
+            if (calendar_delete_event_allowed($event)) {
                 $editlink = new moodle_url(CALENDAR_URL.'event.php', array('action' => 'edit', 'id' => $event->id));
                 $deletelink = new moodle_url(CALENDAR_URL.'delete.php', array('id' => $event->id));
                 if (!empty($event->calendarcourseid)) {