Commit 342e74f8 authored by Nigel McNie's avatar Nigel McNie
Browse files

Prevent users from leaving a group (in group_remove_user) when they are the...

Prevent users from leaving a group (in group_remove_user) when they are the only admin in the group.

Add caching to group_user_can_leave.
parent 0448eadd
......@@ -129,6 +129,7 @@ $string['groupnotfound'] = 'Group with id %s not found';
$string['groupconfirmleave'] = 'Are you sure you want to leave this group?';
$string['groupconfirmleavehasviews'] = 'Are you sure you want to leave this group? Some of your views use this group for access control, leaving this group would mean that the members of the group would not have access to the views';
$string['cantleavegroup'] = 'You can\'t leave this group';
$string['usercantleavegroup'] = 'This user cannot leave this group';
$string['leavespecifiedgroup'] = 'Leave group \'%s\'';
$string['memberslist'] = 'Members: ';
$string['nogroups'] = 'No groups';
......
......@@ -35,21 +35,31 @@ defined('INTERNAL') || die();
* @param int $userid (optional, will default to logged in user)
*/
function group_user_can_leave($group, $userid=null) {
static $result;
$userid = optional_userid($userid);
if (is_numeric($group)) {
if (!$group = get_record('group', 'id', $group, 'deleted', 0)) {
return false;
}
}
// TODO: disallow users from leaving if they are the only administrator in the group
// Return cached value if we have it
if (isset($result[$group->id][$userid])) {
return $result[$group->id][$userid];
}
if ($group->jointype == 'controlled') {
return false;
return ($result[$group->id][$userid] = false);
}
return true;
if (group_user_access($group->id, $userid) == 'admin'
&& count_records('group_member', 'group', $group->id, 'role', 'admin') == 1) {
return ($result[$group->id][$userid] = false);
}
return ($result[$group->id][$userid] = true);
}
/**
......@@ -60,6 +70,9 @@ function group_user_can_leave($group, $userid=null) {
* @param int $user id of user to remove
*/
function group_remove_user($group, $userid) {
if (!group_user_can_leave($group, $userid)) {
throw new AccessDeniedException(get_string('usercantleavegroup', 'group'));
}
db_begin();
delete_records('group_member', 'group', $group, 'member', $userid);
delete_records_sql(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment