From 181991e791a13a3c383234718c26c499e31d3df1 Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Sat, 12 Mar 2011 19:04:26 +0100 Subject: [PATCH] MDL-26621 respect email privacy settings on the main user profile and fix missing context --- lib/enrollib.php | 41 +++++++++++++++++++++++++++++++++++++++++ user/profile.php | 9 ++++++--- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/lib/enrollib.php b/lib/enrollib.php index 5c338b5008f..96a70f00ea8 100644 --- a/lib/enrollib.php +++ b/lib/enrollib.php @@ -221,6 +221,47 @@ function enrol_check_plugins($user) { } /** + * Do these two students share any course? + * + * The courses has to be visible and enrolments has to be active, + * timestart and timeend restrictions are ignored. + * + * @param stdClass|int $user1 + * @param stdClass|int $user2 + * @return bool + */ +function enrol_sharing_course($user1, $user2) { + global $DB, $CFG; + + $user1 = !empty($user1->id) ? $user1->id : $user1; + $user2 = !empty($user2->id) ? $user2->id : $user2; + + if (empty($user1) or empty($user2)) { + return false; + } + + if (!$plugins = explode(',', $CFG->enrol_plugins_enabled)) { + return false; + } + + list($plugins, $params) = $DB->get_in_or_equal($plugins, SQL_PARAMS_NAMED, 'ee00'); + $params['enabled'] = ENROL_INSTANCE_ENABLED; + $params['active1'] = ENROL_USER_ACTIVE; + $params['active2'] = ENROL_USER_ACTIVE; + $params['user1'] = $user1; + $params['user2'] = $user2; + + $sql = "SELECT DISTINCT 'x' + FROM {enrol} e + JOIN {user_enrolments} ue1 ON (ue1.enrolid = e.id AND ue1.status = :active1 AND ue1.userid = :user1) + JOIN {user_enrolments} ue2 ON (ue1.enrolid = e.id AND ue1.status = :active2 AND ue2.userid = :user2) + JOIN {course} c ON (c.id = e.courseid AND c.visible = 1) + WHERE e.status = :enabled AND e.enrol $plugins"; + + return $DB->record_exists_sql($sql, $params); +} + +/** * This function adds necessary enrol plugins UI into the course edit form. * * @param MoodleQuickForm $mform diff --git a/user/profile.php b/user/profile.php index a3730515c9e..8559d197853 100644 --- a/user/profile.php +++ b/user/profile.php @@ -63,8 +63,10 @@ if (!$currentuser && !empty($CFG->forceloginforprofiles) && !has_capability('moodle/user:viewdetails', $context) && !has_coursecontact_role($userid)) { + // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) $struser = get_string('user'); + $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM)); $PAGE->set_title("$SITE->shortname: $struser"); // Do not leak the name $PAGE->set_heading("$SITE->shortname: $struser"); $PAGE->set_url('/user/profile.php', array('id'=>$userid)); @@ -247,9 +249,10 @@ if (has_capability('moodle/user:viewhiddendetails', $context)) { } } -if ($user->maildisplay == 1 - or ($user->maildisplay == 2 && !isguestuser()) - or has_capability('moodle/course:useremail', $context)) { +if ($currentuser + or $user->maildisplay == 1 + or has_capability('moodle/course:useremail', $context) + or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER))) { print_row(get_string("email").":", obfuscate_mailto($user->email, '')); } -- 2.11.4.GIT