webservice MDL-18655 add new capability moodle/user:viewalldetails allowing to see...
authorjerome mouneyrac <jerome@moodle.com>
Fri, 5 Nov 2010 06:55:43 +0000 (06:55 +0000)
committerjerome mouneyrac <jerome@moodle.com>
Fri, 5 Nov 2010 06:55:43 +0000 (06:55 +0000)
lang/en/role.php
lib/db/access.php
lib/filebrowser/file_info_context_user.php
user/externallib.php
user/profile/lib.php

index f992ba1..372be9e 100644 (file)
@@ -357,6 +357,7 @@ $string['user:managesyspages'] = 'Configure default page layout for public user
 $string['user:readuserblogs'] = 'See all user blogs';
 $string['user:readuserposts'] = 'See all user posts';
 $string['user:update'] = 'Update user profiles';
 $string['user:readuserblogs'] = 'See all user blogs';
 $string['user:readuserposts'] = 'See all user posts';
 $string['user:update'] = 'Update user profiles';
+$string['user:viewalldetails'] = 'View user full information';
 $string['user:viewdetails'] = 'View user profiles';
 $string['user:viewhiddendetails'] = 'View hidden details of users';
 $string['user:viewuseractivitiesreport'] = 'See user activity reports';
 $string['user:viewdetails'] = 'View user profiles';
 $string['user:viewhiddendetails'] = 'View hidden details of users';
 $string['user:viewuseractivitiesreport'] = 'See user activity reports';
index bab8d9e..f9e60ea 100644 (file)
@@ -471,6 +471,16 @@ $capabilities = array(
         )
     ),
 
         )
     ),
 
+    'moodle/user:viewalldetails' => array(
+        'riskbitmask' => RISK_PERSONAL,
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_USER,
+        'archetypes' => array(
+            'manager' => CAP_ALLOW
+        ),
+        'clonepermissionsfrom' => 'moodle/user:update'
+    ),
+
     'moodle/user:viewhiddendetails' => array(
 
         'riskbitmask' => RISK_PERSONAL,
     'moodle/user:viewhiddendetails' => array(
 
         'riskbitmask' => RISK_PERSONAL,
index 6ba756e..a75efed 100644 (file)
@@ -113,7 +113,10 @@ class file_info_context_user extends file_info {
     protected function get_area_user_profile($itemid, $filepath, $filename) {
         global $CFG;
 
     protected function get_area_user_profile($itemid, $filepath, $filename) {
         global $CFG;
 
-        if (!has_capability('moodle/user:update', $this->context)) {
+        $readaccess = has_capability('moodle/user:update', $this->context);
+        $writeaccess = has_capability('moodle/user:viewalldetails', $this->context);
+
+        if (!$readaccess and !$writeaccess) {
             // the idea here is that only admins should be able to list/modify files in user profile, the rest has to use profile page
             return null;
         }
             // the idea here is that only admins should be able to list/modify files in user profile, the rest has to use profile page
             return null;
         }
@@ -137,7 +140,8 @@ class file_info_context_user extends file_info {
             }
         }
         $urlbase = $CFG->wwwroot.'/pluginfile.php';
             }
         }
         $urlbase = $CFG->wwwroot.'/pluginfile.php';
-        return new file_info_stored($this->browser, $this->context, $storedfile, $urlbase, get_string('areauserprofile', 'repository'), false, true, true, false);
+        return new file_info_stored($this->browser, $this->context, $storedfile, $urlbase, 
+                get_string('areauserprofile', 'repository'), false, $readaccess, $writeaccess, false);
     }
 
     protected function get_area_user_draft($itemid, $filepath, $filename) {
     }
 
     protected function get_area_user_draft($itemid, $filepath, $filename) {
index ea60acc..4ada039 100644 (file)
@@ -321,9 +321,6 @@ class moodle_user_external extends external_api {
             }
         }
 
             }
         }
 
-
-
-
         $transaction->allow_commit();
 
         return null;
         $transaction->allow_commit();
 
         return null;
@@ -363,10 +360,6 @@ class moodle_user_external extends external_api {
         //they are "user" related
         require_once($CFG->dirroot . "/user/profile/lib.php");
 
         //they are "user" related
         require_once($CFG->dirroot . "/user/profile/lib.php");
 
-        $context = get_context_instance(CONTEXT_SYSTEM);
-        require_capability('moodle/user:viewdetails', $context);
-        self::validate_context($context);
-
         $params = self::validate_parameters(self::get_users_by_id_parameters(),
                 array('userids'=>$userids));
 
         $params = self::validate_parameters(self::get_users_by_id_parameters(),
                 array('userids'=>$userids));
 
@@ -377,6 +370,10 @@ class moodle_user_external extends external_api {
         $result = array();
         foreach ($users as $user) {
 
         $result = array();
         foreach ($users as $user) {
 
+            $context = get_context_instance(CONTEXT_USER, $user->id);
+            require_capability('moodle/user:viewalldetails', $context);
+            self::validate_context($context);
+
             if (empty($user->deleted)) {
 
                 $userarray = array();
             if (empty($user->deleted)) {
 
                 $userarray = array();
index 3df14c2..d83271a 100644 (file)
@@ -267,10 +267,12 @@ class profile_field_base {
                 if ($this->userid == $USER->id) {
                     return true;
                 } else {
                 if ($this->userid == $USER->id) {
                     return true;
                 } else {
-                    return has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM));
+                    return has_capability('moodle/user:viewalldetails',
+                            get_context_instance(CONTEXT_USER, $this->userid));
                 }
             default:
                 }
             default:
-                return has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM));
+                return has_capability('moodle/user:viewalldetails',
+                        get_context_instance(CONTEXT_USER, $this->userid));
         }
     }
 
         }
     }