Merge branch 'MDL-59832_master-v2' of git://github.com/markn86/moodle
authorEloy Lafuente (stronk7) <stronk7@moodle.org>
Tue, 29 Aug 2017 23:21:22 +0000 (01:21 +0200)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Tue, 29 Aug 2017 23:21:22 +0000 (01:21 +0200)
course/lib.php
user/index.php

index 8b22a9a..2ccc6f1 100644 (file)
@@ -3893,18 +3893,17 @@ function course_get_user_navigation_options($context, $course = null) {
 
     // Frontpage settings?
     if ($isfrontpage) {
-        if ($course->id == SITEID) {
-            $options->participants = has_capability('moodle/site:viewparticipants', $sitecontext);
-        } else {
-            $options->participants = has_capability('moodle/course:viewparticipants', context_course::instance($course->id));
-        }
-
+        // We are on the front page, so make sure we use the proper capability (site:viewparticipants).
+        $options->participants = has_capability('moodle/site:viewparticipants', $sitecontext) ||
+            has_capability('moodle/course:enrolreview', $sitecontext);
         $options->badges = !empty($CFG->enablebadges) && has_capability('moodle/badges:viewbadges', $sitecontext);
         $options->tags = !empty($CFG->usetags) && $isloggedin;
         $options->search = !empty($CFG->enableglobalsearch) && has_capability('moodle/search:query', $sitecontext);
         $options->calendar = $isloggedin;
     } else {
-        $options->participants = has_capability('moodle/course:viewparticipants', $context);
+        // We are in a course, so make sure we use the proper capability (course:viewparticipants).
+        $options->participants = has_capability('moodle/course:viewparticipants', $context) ||
+            has_capability('moodle/course:enrolreview', $context);
         $options->badges = !empty($CFG->enablebadges) && !empty($CFG->badges_allowcoursebadges) &&
                             has_capability('moodle/badges:viewbadges', $context);
         // Add view grade report is permitted.
index 9fc526f..9431d52 100644 (file)
@@ -74,10 +74,16 @@ $frontpagectx = context_course::instance(SITEID);
 
 if ($isfrontpage) {
     $PAGE->set_pagelayout('admin');
-    require_capability('moodle/site:viewparticipants', $systemcontext);
+    if (!has_any_capability(['moodle/site:viewparticipants', 'moodle/course:enrolreview'], $systemcontext)) {
+        // We know they do not have any of the capabilities, so lets throw an exception using the capability with the least access.
+        throw new required_capability_exception($systemcontext, 'moodle/site:viewparticipants', 'nopermissions', '');
+    }
 } else {
     $PAGE->set_pagelayout('incourse');
-    require_capability('moodle/course:viewparticipants', $context);
+    if (!has_any_capability(['moodle/course:viewparticipants', 'moodle/course:enrolreview'], $context)) {
+        // We know they do not have any of the capabilities, so lets throw an exception using the capability with the least access.
+        throw new required_capability_exception($context, 'moodle/course:viewparticipants', 'nopermissions', '');
+    }
 }
 
 // Trigger events.