Prevent users from leaving a group (in group_remove_user) when they are the...

Prevent users from leaving a group (in group_remove_user) when they are the only admin in the group. Add caching to group_user_can_leave.

Prevent users from leaving a group (in group_remove_user) when they are the...
Prevent users from leaving a group (in group_remove_user) when they are the only admin in the group. Add caching to group_user_can_leave.
342e74f8 · Nigel McNie · 0448eadd · 342e74f8 · 342e74f8
Commit 342e74f8 authored Aug 21, 2008 by Nigel McNie
--- a/htdocs/lang/en.utf8/group.php
+++ b/htdocs/lang/en.utf8/group.php
@@ -129,6 +129,7 @@ $string['groupnotfound'] = 'Group with id %s not found';
 $string['groupconfirmleave'] = 'Are you sure you want to leave this group?';
 $string['groupconfirmleavehasviews'] = 'Are you sure you want to leave this group? Some of your views use this group for access control, leaving this group would mean that the members of the group would not have access to the views';
 $string['cantleavegroup'] = 'You can\'t leave this group';
+$string['usercantleavegroup'] = 'This user cannot leave this group';
 $string['leavespecifiedgroup'] = 'Leave group \'%s\'';
 $string['memberslist'] = 'Members: ';
 $string['nogroups'] = 'No groups';

--- a/htdocs/lib/group.php
+++ b/htdocs/lib/group.php
@@ -35,21 +35,31 @@ defined('INTERNAL') || die();
 * @param int $userid (optional, will default to logged in user)
 */
 function group_user_can_leave($group, $userid=null) {
+    static $result;

    $userid = optional_userid($userid);
-    
+
    if (is_numeric($group)) {
        if (!$group = get_record('group', 'id', $group, 'deleted', 0)) {
            return false;
        }
    }
-    
-    // TODO: disallow users from leaving if they are the only administrator in the group
+
+    // Return cached value if we have it
+    if (isset($result[$group->id][$userid])) {
+        return $result[$group->id][$userid];
+    }
    
    if ($group->jointype == 'controlled') {
-        return false;
+        return ($result[$group->id][$userid] = false);
    }
-    return true;
+
+    if (group_user_access($group->id, $userid) == 'admin'
+        && count_records('group_member', 'group', $group->id, 'role', 'admin') == 1) {
+        return ($result[$group->id][$userid] = false);
+    }
+
+    return ($result[$group->id][$userid] = true);
 }

 /**
@@ -60,6 +70,9 @@ function group_user_can_leave($group, $userid=null) {
 * @param int $user id of user to remove
 */
 function group_remove_user($group, $userid) {    
+    if (!group_user_can_leave($group, $userid)) {
+        throw new AccessDeniedException(get_string('usercantleavegroup', 'group'));
+    }
    db_begin();
    delete_records('group_member', 'group', $group, 'member', $userid);
    delete_records_sql(