Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-6770

Add permissions check moodle/site:viewuseridentity

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.3
    • Component/s: Module: Scheduler
    • Labels:
      None
    • Plugin Version:
      2016100402
    • Affected Branches:
      MOODLE_32_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE

      Description

      Hi!
      I wanted to have my teachers not to be able to see the students emails on scheduler. While in Moodle you can set the permission to hide the emails, the plugin will not check those permissions also.
      I did few improvements (at least for my case! ) by adding the following (Sorry it's not a working patch, because i had to remove few modifications that i made on those files also on the same commit :/) But it gives an idea about the changes made.
      Thank you

      — a/locallib.php
      +++ b/locallib.php
      @@ -117,12 +117,17 @@ function scheduler_print_user($user, $course, $messageselect=false, $return=fals
      if (!empty($user->role) and ($user->role <> $course->teacher))

      { $output .= $string->role .': '. $user->role .'<br />'; }

      -
      +//FIX permission
      +if (has_capability('moodle/site:viewuseridentity', $context)) {
      $extrafields = scheduler_get_user_fields($user);
      +///Fix Permission we replaced the next line
      +// $extrafields = scheduler_get_user_fields($user);
      foreach ($extrafields as $field)

      { $output .= $field->title . ': ' . $field->value . '<br />'; }

      -
      +//Fix Permission
      +}else{$extrafields = scheduler_get_user_fields(null);}
      +///Fix Permission
      if (!isset($hiddenfields['lastaccess'])) {
      if ($user->lastaccess) {
      $output .= $string->lastaccess .': '. userdate($user->lastaccess);
      diff --git a/teacherview.php b/teacherview.php
      index 3095767..263650a 100644
      — a/teacherview.php
      +++ b/teacherview.php
      @@ -545,7 +542,12 @@
      new pix_icon('t/approve', '', 'moodle'),
      get_string('markasseennow', 'scheduler') );

      +//Fix Need to check if teacher has permission to get those userfields
      +if (has_capability('moodle/site:viewuseridentity', $context))

      { $userfields = scheduler_get_user_fields($student); +}

      else

      { $userfields = scheduler_get_user_fields(null); }

      +///Fix Comment the original line
      +// $userfields = scheduler_get_user_fields($student);
      $fieldvals = array();
      foreach ($userfields as $f) {
      $fieldvals[] = $f->value;
      — a/exportlib.php
      +++ b/exportlib.php
      @@ -125,7 +125,7 @@ function scheduler_get_export_fields() {
      $result[] = new scheduler_student_field('child', 'child', 25);
      $result[] = new scheduler_student_field('studentfirstname', 'firstname');
      $result[] = new scheduler_student_field('studentlastname', 'lastname');
      -$result[] = new scheduler_student_field('studentemail', 'email');
      +//Fix Commented missing Permissions $result[] = new scheduler_student_field('studentemail', 'email');
      $result[] = new scheduler_student_field('studentusername', 'username');
      $result[] = new scheduler_student_field('studentidnumber', 'idnumber');

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                13/Nov/17