Commit 1e4f1c55 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Add group view setting to prevent editing by non-admins (bug #631189)



Admins can set the 'locked' property on a group view, and this will
stop non-admin members from editing the view, regardless of the view
editing permissions given to roles within the group.

Change-Id: I56c113a9d4e8fcab5463fa1c54bf456f7fc2364b
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 76516823
...@@ -959,10 +959,10 @@ class User { ...@@ -959,10 +959,10 @@ class User {
$group = $v->get('group'); $group = $v->get('group');
if ($group) { if ($group) {
$this->reset_grouproles(); $this->reset_grouproles();
if ($v->get('type') == 'grouphomepage' && $this->grouproles[$group] != 'admin') { if (!isset($this->grouproles[$group])) {
return false; return false;
} }
if (!isset($this->grouproles[$group])) { if (($v->get('type') == 'grouphomepage' || $v->get('locked')) && $this->grouproles[$group] != 'admin') {
return false; return false;
} }
require_once('group.php'); require_once('group.php');
......
...@@ -47,6 +47,8 @@ $string['unrecogniseddateformat'] = 'Unrecognised date format'; ...@@ -47,6 +47,8 @@ $string['unrecogniseddateformat'] = 'Unrecognised date format';
$string['allowcommentsonview'] = 'If checked, users will be allowed to leave comments.'; $string['allowcommentsonview'] = 'If checked, users will be allowed to leave comments.';
$string['ownerformat'] = 'Name display format'; $string['ownerformat'] = 'Name display format';
$string['ownerformatdescription'] = 'How do you want people who look at your page to see your name?'; $string['ownerformatdescription'] = 'How do you want people who look at your page to see your name?';
$string['Locked'] = 'Locked';
$string['lockedgroupviewdesc'] = 'If you lock this page, only group admins will be able to edit it.';
$string['profileviewtitle'] = 'Profile page'; $string['profileviewtitle'] = 'Profile page';
$string['dashboardviewtitle'] = 'Dashboard page'; $string['dashboardviewtitle'] = 'Dashboard page';
$string['grouphomepageviewtitle'] = 'Group Homepage'; $string['grouphomepageviewtitle'] = 'Group Homepage';
......
...@@ -671,6 +671,7 @@ ...@@ -671,6 +671,7 @@
<FIELD NAME="allowcomments" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="1" /> <FIELD NAME="allowcomments" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="1" />
<FIELD NAME="approvecomments" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" /> <FIELD NAME="approvecomments" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
<FIELD NAME="accessconf" TYPE="char" LENGTH="40" NOTNULL="false"/> <FIELD NAME="accessconf" TYPE="char" LENGTH="40" NOTNULL="false"/>
<FIELD NAME="locked" TYPE="int" LENGTH="1" DEFAULT="0" NOTNULL="true" />
</FIELDS> </FIELDS>
<KEYS> <KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="id" /> <KEY NAME="primary" TYPE="primary" FIELDS="id" />
......
...@@ -2702,5 +2702,14 @@ function xmldb_core_upgrade($oldversion=0) { ...@@ -2702,5 +2702,14 @@ function xmldb_core_upgrade($oldversion=0) {
change_field_type($table, $field, true, true); change_field_type($table, $field, true, true);
} }
if ($oldversion < 2011091200) {
// Locked group views (only editable by group admins)
$table = new XMLDBTable('view');
$field = new XMLDBField('locked');
$field->setAttributes(XMLDB_TYPE_INTEGER, 1, null, XMLDB_NOTNULL, null, null, null, 0);
add_field($table, $field);
set_field('view', 'locked', 1, 'type', 'grouphomepage');
}
return $status; return $status;
} }
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
defined('INTERNAL') || die(); defined('INTERNAL') || die();
$config = new StdClass; $config = new StdClass;
$config->version = 2011090900; $config->version = 2011091200;
$config->release = '1.5.0dev'; $config->release = '1.5.0dev';
$config->minupgradefrom = 2008040200; $config->minupgradefrom = 2008040200;
$config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)'; $config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';
......
...@@ -70,6 +70,7 @@ class View { ...@@ -70,6 +70,7 @@ class View {
private $approvecomments; private $approvecomments;
private $collection; private $collection;
private $accessconf; private $accessconf;
private $locked;
/** /**
* Valid view layouts. These are read at install time and inserted into * Valid view layouts. These are read at install time and inserted into
...@@ -2450,7 +2451,7 @@ class View { ...@@ -2450,7 +2451,7 @@ class View {
$userid = (!$groupid && !$institution) ? $USER->get('id') : null; $userid = (!$groupid && !$institution) ? $USER->get('id') : null;
$select = ' $select = '
SELECT v.id,v.title,v.description,v.type,v.mtime'; SELECT v.id,v.title,v.description,v.type,v.mtime,v.locked';
$from = ' $from = '
FROM {view} v'; FROM {view} v';
$where = ' $where = '
...@@ -2500,6 +2501,7 @@ class View { ...@@ -2500,6 +2501,7 @@ class View {
$data[$i]['type'] = $viewdata[$i]->type; $data[$i]['type'] = $viewdata[$i]->type;
$data[$i]['title'] = $viewdata[$i]->title; $data[$i]['title'] = $viewdata[$i]->title;
$data[$i]['mtime'] = $viewdata[$i]->mtime; $data[$i]['mtime'] = $viewdata[$i]->mtime;
$data[$i]['locked'] = $viewdata[$i]->locked;
$data[$i]['removable'] = self::can_remove_viewtype($viewdata[$i]->type); $data[$i]['removable'] = self::can_remove_viewtype($viewdata[$i]->type);
$data[$i]['description'] = $viewdata[$i]->description; $data[$i]['description'] = $viewdata[$i]->description;
if (!empty($viewdata[$i]->submitgroupid)) { if (!empty($viewdata[$i]->submitgroupid)) {
...@@ -3719,6 +3721,7 @@ class View { ...@@ -3719,6 +3721,7 @@ class View {
* @return array, array * @return array, array
*/ */
function get_views_and_collections($owner=null, $group=null, $institution=null, $matchconfig=null, $includeprofile=true) { function get_views_and_collections($owner=null, $group=null, $institution=null, $matchconfig=null, $includeprofile=true) {
$excludelocked = $group && group_user_access($group) != 'admin';
$ownersql = self::owner_sql((object) array('owner' => $owner, 'group' => $group, 'institution' => $institution)); $ownersql = self::owner_sql((object) array('owner' => $owner, 'group' => $group, 'institution' => $institution));
$sql = " $sql = "
SELECT v.id AS vid, v.type AS vtype, v.title AS vname, v.accessconf, SELECT v.id AS vid, v.type AS vtype, v.title AS vname, v.accessconf,
...@@ -3729,6 +3732,7 @@ class View { ...@@ -3729,6 +3732,7 @@ class View {
LEFT JOIN {collection} c ON cv.collection = c.id LEFT JOIN {collection} c ON cv.collection = c.id
WHERE v.$ownersql AND v.type IN ('portfolio'"; WHERE v.$ownersql AND v.type IN ('portfolio'";
$sql .= $includeprofile ? ", 'profile') " : ') '; $sql .= $includeprofile ? ", 'profile') " : ') ';
$sql .= $excludelocked ? 'AND v.locked != 1 ' : '';
$sql .= 'ORDER BY c.name, v.title'; $sql .= 'ORDER BY c.name, v.title';
$records = get_records_sql_array($sql, array()); $records = get_records_sql_array($sql, array());
......
...@@ -46,10 +46,10 @@ ...@@ -46,10 +46,10 @@
{/if} {/if}
</td> </td>
<td class="right buttonscell btns2"> <td class="right buttonscell btns2">
{if !$view.submittedto} {if !$view.submittedto && (!$view.locked || $editlocked)}
<a href="{$WWWROOT}view/blocks.php?id={$view.id}" title="{str tag ="editcontentandlayout" section="view"}"><img src="{theme_url filename='images/edit.gif'}" alt="{str tag=edit}"></a> <a href="{$WWWROOT}view/blocks.php?id={$view.id}" title="{str tag ="editcontentandlayout" section="view"}"><img src="{theme_url filename='images/edit.gif'}" alt="{str tag=edit}"></a>
{/if} {/if}
{if !$view.submittedto && $view.removable} {if !$view.submittedto && $view.removable && (!$view.locked || $editlocked)}
<a href="{$WWWROOT}view/delete.php?id={$view.id}" title="{str tag=deletethisview section=view}"><img src="{theme_url filename='images/icon_close.gif'}" alt="{str tag=delete}"></a> <a href="{$WWWROOT}view/delete.php?id={$view.id}" title="{str tag=deletethisview section=view}"><img src="{theme_url filename='images/icon_close.gif'}" alt="{str tag=delete}"></a>
{/if} {/if}
</td>{* rbuttons *} </td>{* rbuttons *}
......
...@@ -125,6 +125,19 @@ $editview = array( ...@@ -125,6 +125,19 @@ $editview = array(
), ),
); );
if ($group) {
$grouproles = $USER->get('grouproles');
if ($grouproles[$group] == 'admin') {
$editview['elements']['locked'] = array(
'type' => 'checkbox',
'title' => get_string('Locked', 'view'),
'description' => get_string('lockedgroupviewdesc', 'view'),
'defaultvalue' => $view->get('locked'),
'disabled' => $view->get('type') == 'grouphomepage', // This page unreachable for grouphomepage anyway
);
}
}
if (!($group || $institution)) { if (!($group || $institution)) {
$default = $view->get('ownerformat'); $default = $view->get('ownerformat');
if (!$default) { if (!$default) {
...@@ -154,6 +167,9 @@ function editview_submit(Pieform $form, $values) { ...@@ -154,6 +167,9 @@ function editview_submit(Pieform $form, $values) {
$view->set('title', $values['title']); $view->set('title', $values['title']);
$view->set('description', $values['description']); $view->set('description', $values['description']);
$view->set('tags', $values['tags']); $view->set('tags', $values['tags']);
if (isset($values['locked'])) {
$view->set('locked', (int)$values['locked']);
}
if (isset($values['ownerformat']) && $view->get('owner')) { if (isset($values['ownerformat']) && $view->get('owner')) {
$view->set('ownerformat', $values['ownerformat']); $view->set('ownerformat', $values['ownerformat']);
} }
......
...@@ -46,7 +46,8 @@ if (!is_logged_in() && !$group->public) { ...@@ -46,7 +46,8 @@ if (!is_logged_in() && !$group->public) {
define('TITLE', $group->name . ' - ' . get_string('groupviews', 'view')); define('TITLE', $group->name . ' - ' . get_string('groupviews', 'view'));
$can_edit = group_user_can_edit_views($group); $role = group_user_access($group->id);
$can_edit = $role && group_role_can_edit_views($group, $role);
// If the user can edit group views, show a page similar to the my views // If the user can edit group views, show a page similar to the my views
// page, otherwise just show a list of the views owned by this group that // page, otherwise just show a list of the views owned by this group that
...@@ -85,6 +86,7 @@ list($searchform, $data, $pagination) = View::views_by_owner($group->id); ...@@ -85,6 +86,7 @@ list($searchform, $data, $pagination) = View::views_by_owner($group->id);
$createviewform = pieform(create_view_form($group->id)); $createviewform = pieform(create_view_form($group->id));
$smarty = smarty(); $smarty = smarty();
$smarty->assign('editlocked', $role == 'admin');
$smarty->assign('views', $data->data); $smarty->assign('views', $data->data);
$smarty->assign('pagination', $pagination['html']); $smarty->assign('pagination', $pagination['html']);
$smarty->assign('searchform', $searchform); $smarty->assign('searchform', $searchform);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment