}
return $url;
}
+
+/**
+ * Check if a user has the permission to viewdetails in a shared course's context.
+ *
+ * @param object $user The other user's details.
+ * @param object $course Use this course to see if we have permission to see this user's profile.
+ * @param context $usercontext The user context if available.
+ * @return bool true for ability to view this user, else false.
+ */
+function user_can_view_profile($user, $course = null, $usercontext = null) {
+ global $USER, $CFG;
+
+ if ($user->deleted) {
+ return false;
+ }
+
+ // If any of these four things, return true.
+ // Number 1.
+ if ($USER->id == $user->id) {
+ return true;
+ }
+
+ // Number 2.
+ if (empty($CFG->forceloginforprofiles)) {
+ return true;
+ }
+
+ if (empty($usercontext)) {
+ $usercontext = context_user::instance($user->id);
+ }
+ // Number 3.
+ if (has_capability('moodle/user:viewdetails', $usercontext)) {
+ return true;
+ }
+
+ // Number 4.
+ if (has_coursecontact_role($user->id)) {
+ return true;
+ }
+
+ if (isset($course)) {
+ $sharedcourses = array($course);
+ } else {
+ $sharedcourses = enrol_get_shared_courses($USER->id, $user->id, true);
+ }
+ foreach ($sharedcourses as $sharedcourse) {
+ $coursecontext = context_course::instance($sharedcourse->id);
+ if (has_capability('moodle/user:viewdetails', $coursecontext)) {
+ if (!groups_user_groups_visible($sharedcourse, $user->id)) {
+ // Not a member of the same group.
+ continue;
+ }
+ return true;
+ }
+ }
+ return false;
+}
+
require_once($CFG->dirroot . '/my/lib.php');
require_once($CFG->dirroot . '/tag/lib.php');
require_once($CFG->dirroot . '/user/profile/lib.php');
+require_once($CFG->dirroot . '/user/lib.php');
require_once($CFG->libdir.'/filelib.php');
$userid = optional_param('id', 0, PARAM_INT);
$currentuser = ($user->id == $USER->id);
$context = $usercontext = context_user::instance($userid, MUST_EXIST);
-if (!$currentuser &&
- !empty($CFG->forceloginforprofiles) &&
- !has_capability('moodle/user:viewdetails', $context) &&
- !has_coursecontact_role($userid)) {
+if (!user_can_view_profile($user, null, $context)) {
// Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366).
$struser = get_string('user');
require_once("../config.php");
require_once($CFG->dirroot.'/user/profile/lib.php');
+require_once($CFG->dirroot.'/user/lib.php');
require_once($CFG->dirroot.'/tag/lib.php');
require_once($CFG->libdir . '/filelib.php');
require_once($CFG->libdir . '/badgeslib.php');
$PAGE->set_title("$strpersonalprofile: ");
$PAGE->set_heading("$strpersonalprofile: ");
- // Check course level capabilities.
- if (!has_capability('moodle/user:viewdetails', $coursecontext) && // Normal enrolled user or mnager.
- ($user->deleted or !has_capability('moodle/user:viewdetails', $usercontext))) { // Usually parent.
+ // Check to see if the user can see this user's profile.
+ if (!user_can_view_profile($user, $course, $usercontext) && !$isparent) {
print_error('cannotviewprofile');
}
exit;
}
- // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group.
- // Except when we are a parent, in which case we would not be in any group.
- if (groups_get_course_groupmode($course) == SEPARATEGROUPS
- and $course->groupmodeforce
- and !has_capability('moodle/site:accessallgroups', $coursecontext)
- and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)
- and !$isparent) {
- if (!isloggedin() or isguestuser()) {
- // Do not use require_login() here because we might have already used require_login($course).
- redirect(get_login_url());
- }
- $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name'));
- $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name'));
- if (!array_intersect($mygroups, $usergroups)) {
- print_error("groupnotamember", '', "../course/view.php?id=$course->id");
- }
+ if (!isloggedin() or isguestuser()) {
+ // Do not use require_login() here because we might have already used require_login($course).
+ redirect(get_login_url());
}
}