course/group.php

   1 <?php // $Id$
   2
   3 /// Shows current group, and allows editing of the group
   4 /// icon and other settings related to that group
   5
   6 /// This script appears within a popup window
   7
   8     require_once('../config.php');
   9     require_once('lib.php');
  10
  11     $id    = required_param('id', PARAM_INT);          // Course id
  12     $group = optional_param('group', 0, PARAM_INT);    // Optionally look at other groups
  13
  14     if (! $course = get_record('course', 'id', $id) ) {
  15         error("That's an invalid course id");
  16     }
  17
  18     require_login($course->id);
  19
  20     if (! $group = get_record("groups", "id", $group, "courseid", $course->id)) {
  21         notice('Specified group could not be found!', "#");
  22         close_window_button();
  23     }
  24
  25     // this is fine since group inherits course settings, this allows 1) teacher to edit all groups
  26     // 2 someone with a role with a cap to modify a specific group
  27     $context = get_context_instance(CONTEXT_GROUP, $group->id);
  28
  29     // this is really weird
  30     if (!has_capability('moodle/course:managegroups', $context)) {
  31         close_window();
  32     }
  33
  34 /// Print the headers of the page
  35
  36     print_header(get_string('groupinfoedit').' : '.$group->name);
  37
  38
  39 /// If data submitted, then process and store.
  40
  41     if ($form = data_submitted() and confirm_sesskey()) {
  42
  43         if (empty($form->name)) {
  44             $err['name'] = get_string("missingname");
  45
  46         } else {
  47             require_once($CFG->dirroot.'/lib/uploadlib.php');
  48
  49             $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
  50             if ($um->preprocess_files()) {
  51                 require_once("$CFG->libdir/gdlib.php");
  52
  53                 if (save_profile_image($group->id, $um, 'groups')) {
  54                     $group->picture = 1;
  55                 }
  56             }
  57
  58             // Setting a new object in order to avoid updating other columns for the record,
  59             // which could lead to SQL injection vulnerabilities.
  60
  61             // Be VERY sure to sanitize all parameters that go into $dataobj!
  62
  63             $dataobj = new stdClass;
  64             $dataobj->id          = $group->id;
  65             $dataobj->name        = clean_text($form->name);
  66             $dataobj->description = clean_text($form->description);
  67             $dataobj->hidepicture = empty($form->hidepicture) ? 0 : 1;
  68             $dataobj->password    = required_param('password', PARAM_ALPHANUM);
  69             $dataobj->picture = $group->picture;
  70             if (!update_record('groups', $dataobj)) {
  71                 notify("A strange error occurred while trying to save");
  72             } else {
  73                 notify(get_string('changessaved'));
  74             }
  75             close_window(3);
  76         }
  77     }
  78
  79
  80     $usehtmleditor = false;
  81
  82     include('group-edit.html');
  83
  84     echo "</body></html>";
  85 ?>