MDL-21097 Correctly check capabilities for frontpage editing mode

author Marina Glancy <marina@moodle.com>

Wed, 5 Jun 2013 08:06:56 +0000 (18:06 +1000)

committer Marina Glancy <marina@moodle.com>

Wed, 5 Jun 2013 08:11:08 +0000 (18:11 +1000)
author Marina Glancy <marina@moodle.com>
Wed, 5 Jun 2013 08:06:56 +0000 (18:06 +1000)
committer Marina Glancy <marina@moodle.com>
Wed, 5 Jun 2013 08:11:08 +0000 (18:11 +1000)
diff --git a/index.php b/index.php

index 0e8398b..ce56de5 100644 (file)
--- a/index.php
+++ b/index.php
@@ -40,6 +40,9 @@
      }
      $PAGE->set_url('/', $urlparams);
      $PAGE->set_course($SITE);
+    $PAGE->set_other_editing_capability('moodle/course:update');
+    $PAGE->set_other_editing_capability('moodle/course:manageactivities');
+    $PAGE->set_other_editing_capability('moodle/course:activityvisibility');
  
      // Prevent caching of this page to stop confusion when changing page after making AJAX changes
      $PAGE->set_cacheable(false);
@@ -89,8 +92,6 @@
      }
  
      $PAGE->set_pagetype('site-index');
-    $PAGE->set_other_editing_capability('moodle/course:manageactivities');
-    $PAGE->set_other_editing_capability('moodle/course:activityvisibility');
      $PAGE->set_docs_path('');
      $PAGE->set_pagelayout('frontpage');
      $editing = $PAGE->user_is_editing();
@@ -137,7 +138,7 @@
  
              echo format_text($summarytext, $section->summaryformat, $summaryformatoptions);
  
-            if ($editing) {
+            if ($editing && has_capability('moodle/course:update', $context)) {
                  $streditsummary = get_string('editsummary');
                  echo "<a title=\"$streditsummary\" ".
                       " href=\"course/editsection.php?id=$section->id\"><img src=\"" . $OUTPUT->pix_url('t/edit') . "\" ".
author	Marina Glancy <marina@moodle.com>
	Wed, 5 Jun 2013 08:06:56 +0000 (18:06 +1000)
committer	Marina Glancy <marina@moodle.com>
	Wed, 5 Jun 2013 08:11:08 +0000 (18:11 +1000)