Commit 2f14fc60 authored by Ruslan Kabalin's avatar Ruslan Kabalin Committed by Francois Marier
Browse files

Prevent users from being promoted to admin of "standard.controlled" or "course" grouptypes



(LP: #492009)
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
Signed-off-by: default avatarRuslan Kabalin <ruslan.kabalin@luns.net.uk>
parent f79aceef
......@@ -39,8 +39,17 @@ class PluginGrouptypeCourse extends PluginGrouptype {
class GroupTypeCourse extends GroupType {
public static function allowed_join_types() {
return array('controlled', 'request');
public static function allowed_join_types($all=false) {
global $USER;
return self::user_allowed_join_types($USER, $all);
}
public static function user_allowed_join_types($user, $all=false) {
$jointypes = array();
if (defined('INSTALLER') || $all || $user->get('admin') || $user->get('staff') || $user->is_institutional_admin() || $user->is_institutional_staff()) {
$jointypes = array_merge($jointypes, array('controlled', 'request'));
}
return $jointypes;
}
public static function can_be_created_by_user() {
......
......@@ -76,6 +76,7 @@ abstract class GroupType {
public static abstract function allowed_join_types();
public static abstract function user_allowed_join_types($user);
/**
* Returns whether the currently logged in user can create a group of this
* grouptype
......
......@@ -45,9 +45,13 @@ class GroupTypeStandard extends GroupType {
public static function allowed_join_types($all=false) {
global $USER;
return self::user_allowed_join_types($USER, $all);
}
public static function user_allowed_join_types($user, $all=false) {
$jointypes = array('open', 'request', 'invite');
if (defined('INSTALLER') || $all || $USER->get('admin') || $USER->get('staff') || $USER->is_institutional_admin() || $USER->is_institutional_staff()) {
$jointypes[] = 'controlled';
if (defined('INSTALLER') || $all || $user->get('admin') || $user->get('staff') || $user->is_institutional_admin() || $user->is_institutional_staff()) {
$jointypes[] = 'controlled';
}
return $jointypes;
}
......
......@@ -106,7 +106,14 @@ function group_can_change_role($groupid, $userid, $role) {
return false;
}
// Maybe one day more checks will be needed - they go here
// admin role permissions check
if ($role == 'admin') {
$group = group_current_group();
$user = new User();
$user->find_by_id($userid);
safe_require('grouptype', $group->grouptype);
return in_array($group->jointype, call_static_method('GroupType' . $group->grouptype, 'user_allowed_join_types', $user));
}
return true;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment