Commit 6ddb7507 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Add 'hidemembersfrommembers' group setting (bug #504830)



This creates groups in which members can't search for each other.
Group admins can get to the member listing, but tutors cannot: the
stated use case is anonymous reviewer groups.

Change-Id: Id2550e574b55ceeb43958475340e967de16850f1
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 15c5fdff
...@@ -53,6 +53,7 @@ $ALLOWEDKEYS = array( ...@@ -53,6 +53,7 @@ $ALLOWEDKEYS = array(
'editroles', 'editroles',
'hidden', 'hidden',
'hidemembers', 'hidemembers',
'hidemembersfrommembers',
); );
if ($USER->get('admin')) { if ($USER->get('admin')) {
$ALLOWEDKEYS[] = 'usersautoadded'; $ALLOWEDKEYS[] = 'usersautoadded';
......
...@@ -66,13 +66,14 @@ class PluginBlocktypeGroupMembers extends SystemBlocktype { ...@@ -66,13 +66,14 @@ class PluginBlocktypeGroupMembers extends SystemBlocktype {
$groupid = $instance->get_view()->get('group'); $groupid = $instance->get_view()->get('group');
// If the group has hidden membership, display nothing to non-members // If the group has hidden membership, display nothing
$usergroups = $USER->get('grouproles'); $usergroups = $USER->get('grouproles');
if (!isset($usergroups[$groupid])) { $group = defined('GROUP') && $groupid == GROUP ? group_current_group() : get_record('group', 'id', $groupid);
$group = defined('GROUP') && $groupid == GROUP ? group_current_group() : get_record('group', 'id', $groupid); if ($group->hidemembersfrommembers && (!isset($usergroups[$groupid]) || $usergroups[$groupid] != 'admin')) {
if ($group->hidemembers) { return '';
return ''; }
} if ($group->hidemembers && !isset($usergroups[$groupid])) {
return '';
} }
require_once('searchlib.php'); require_once('searchlib.php');
......
...@@ -70,6 +70,7 @@ else { ...@@ -70,6 +70,7 @@ else {
'editroles' => 'all', 'editroles' => 'all',
'hidden' => 0, 'hidden' => 0,
'hidemembers' => 0, 'hidemembers' => 0,
'hidemembersfrommembers' => 0,
); );
} }
...@@ -250,6 +251,12 @@ if ($cancreatecontrolled) { ...@@ -250,6 +251,12 @@ if ($cancreatecontrolled) {
'description' => get_string('hidemembersdescription', 'group'), 'description' => get_string('hidemembersdescription', 'group'),
'defaultvalue' => $group_data->hidemembers, 'defaultvalue' => $group_data->hidemembers,
); );
$elements['hidemembersfrommembers'] = array(
'type' => 'checkbox',
'title' => get_string('hidemembersfrommembers', 'group'),
'description' => get_string('hidemembersfrommembersdescription', 'group'),
'defaultvalue' => $group_data->hidemembersfrommembers,
);
} }
else { else {
$form['elements']['hidden'] = array( $form['elements']['hidden'] = array(
...@@ -260,6 +267,10 @@ else { ...@@ -260,6 +267,10 @@ else {
'type' => 'hidden', 'type' => 'hidden',
'value' => $group_data->hidemembers, 'value' => $group_data->hidemembers,
); );
$form['elements']['hidemembersfrommembers'] = array(
'type' => 'hidden',
'value' => $group_data->hidemembersfrommembers,
);
} }
$elements['general'] = array( $elements['general'] = array(
...@@ -349,6 +360,7 @@ function editgroup_submit(Pieform $form, $values) { ...@@ -349,6 +360,7 @@ function editgroup_submit(Pieform $form, $values) {
'editroles' => $values['editroles'], 'editroles' => $values['editroles'],
'hidden' => intval($values['hidden']), 'hidden' => intval($values['hidden']),
'hidemembers' => intval($values['hidemembers']), 'hidemembers' => intval($values['hidemembers']),
'hidemembersfrommembers' => intval($values['hidemembersfrommembers']),
); );
db_begin(); db_begin();
......
...@@ -45,8 +45,13 @@ define('TITLE', $group->name . ' - ' . get_string('Members', 'group')); ...@@ -45,8 +45,13 @@ define('TITLE', $group->name . ' - ' . get_string('Members', 'group'));
$role = group_user_access($group->id); $role = group_user_access($group->id);
if ($group->hidemembers && !$role && !$USER->get('admin') && !$USER->get('staff')) { if (!$USER->get('admin') && !$USER->get('staff')) {
throw new AccessDeniedException(); if (!$role && ($group->hidemembers || $group->hidemembersfrommembers)) {
throw new AccessDeniedException();
}
if ($role != 'admin' && $group->hidemembersfrommembers) {
throw new AccessDeniedException();
}
} }
if (!empty($membershiptype) && $role != 'admin') { if (!empty($membershiptype) && $role != 'admin') {
......
...@@ -45,8 +45,13 @@ if (!is_logged_in() && !$group->public) { ...@@ -45,8 +45,13 @@ if (!is_logged_in() && !$group->public) {
$role = group_user_access($group->id); $role = group_user_access($group->id);
if ($group->hidemembers && !$role && !$USER->get('admin') && !$USER->get('staff')) { if (!$USER->get('admin') && !$USER->get('staff')) {
json_reply('local', get_string('accessdenied', 'error')); if (!$role && ($group->hidemembers || $group->hidemembersfrommembers)) {
json_reply('local', get_string('accessdenied', 'error'));
}
if ($role != 'admin' && $group->hidemembersfrommembers) {
json_reply('local', get_string('accessdenied', 'error'));
}
} }
$membershiptype = param_variable('membershiptype', ''); $membershiptype = param_variable('membershiptype', '');
......
...@@ -100,6 +100,8 @@ $string['hiddengroup'] = 'Hidden group'; ...@@ -100,6 +100,8 @@ $string['hiddengroup'] = 'Hidden group';
$string['hiddengroupdescription'] = 'Do not list this group on the Find Groups page.'; $string['hiddengroupdescription'] = 'Do not list this group on the Find Groups page.';
$string['hidemembers'] = 'Hide membership'; $string['hidemembers'] = 'Hide membership';
$string['hidemembersdescription'] = 'Hide the group\'s membership listing from non-members.'; $string['hidemembersdescription'] = 'Hide the group\'s membership listing from non-members.';
$string['hidemembersfrommembers'] = 'Hide membership from members';
$string['hidemembersfrommembersdescription'] = 'Members cannot be listed except by group admins. Admins will still be listed on the group home page.';
$string['editgroupmembership'] = 'Edit group membership'; $string['editgroupmembership'] = 'Edit group membership';
$string['editmembershipforuser'] = 'Edit membership for %s'; $string['editmembershipforuser'] = 'Edit membership for %s';
......
...@@ -346,6 +346,7 @@ ...@@ -346,6 +346,7 @@
<FIELD NAME="editroles" TYPE="char" LENGTH="20" NOTNULL="true" ENUM="true" ENUMVALUES="'all', 'notmember', 'admin'" DEFAULT="all" /> <FIELD NAME="editroles" TYPE="char" LENGTH="20" NOTNULL="true" ENUM="true" ENUMVALUES="'all', 'notmember', 'admin'" DEFAULT="all" />
<FIELD NAME="hidden" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" /> <FIELD NAME="hidden" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
<FIELD NAME="hidemembers" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" /> <FIELD NAME="hidemembers" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
<FIELD NAME="hidemembersfrommembers" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
</FIELDS> </FIELDS>
<KEYS> <KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="id" /> <KEY NAME="primary" TYPE="primary" FIELDS="id" />
......
...@@ -2720,6 +2720,11 @@ function xmldb_core_upgrade($oldversion=0) { ...@@ -2720,6 +2720,11 @@ function xmldb_core_upgrade($oldversion=0) {
$field = new XMLDBField('hidemembers'); $field = new XMLDBField('hidemembers');
$field->setAttributes(XMLDB_TYPE_INTEGER, 1, null, XMLDB_NOTNULL, null, null, null, 0); $field->setAttributes(XMLDB_TYPE_INTEGER, 1, null, XMLDB_NOTNULL, null, null, null, 0);
add_field($table, $field); add_field($table, $field);
// Setting to hide group members from members
$field = new XMLDBField('hidemembersfrommembers');
$field->setAttributes(XMLDB_TYPE_INTEGER, 1, null, XMLDB_NOTNULL, null, null, null, 0);
add_field($table, $field);
} }
return $status; return $status;
......
...@@ -280,6 +280,7 @@ function group_create($data) { ...@@ -280,6 +280,7 @@ function group_create($data) {
$data['public'] = (isset($data['public'])) ? intval($data['public']) : 0; $data['public'] = (isset($data['public'])) ? intval($data['public']) : 0;
$data['hidden'] = (isset($data['hidden'])) ? intval($data['hidden']) : 0; $data['hidden'] = (isset($data['hidden'])) ? intval($data['hidden']) : 0;
$data['hidemembers'] = (isset($data['hidemembers'])) ? intval($data['hidemembers']) : 0; $data['hidemembers'] = (isset($data['hidemembers'])) ? intval($data['hidemembers']) : 0;
$data['hidemembersfrommembers'] = (isset($data['hidemembersfrommembers'])) ? intval($data['hidemembersfrommembers']) : 0;
$data['usersautoadded'] = (isset($data['usersautoadded'])) ? intval($data['usersautoadded']) : 0; $data['usersautoadded'] = (isset($data['usersautoadded'])) ? intval($data['usersautoadded']) : 0;
$data['quota'] = get_config_plugin('artefact', 'file', 'defaultgroupquota'); $data['quota'] = get_config_plugin('artefact', 'file', 'defaultgroupquota');
...@@ -356,6 +357,7 @@ function group_create($data) { ...@@ -356,6 +357,7 @@ function group_create($data) {
'editroles' => $data['editroles'], 'editroles' => $data['editroles'],
'hidden' => $data['hidden'], 'hidden' => $data['hidden'],
'hidemembers' => $data['hidemembers'], 'hidemembers' => $data['hidemembers'],
'hidemembersfrommembers' => $data['hidemembersfrommembers'],
), ),
'id', 'id',
true true
...@@ -462,7 +464,8 @@ function group_update($new, $create=false) { ...@@ -462,7 +464,8 @@ function group_update($new, $create=false) {
unset($new->institution); unset($new->institution);
unset($new->shortname); unset($new->shortname);
foreach (array('id', 'grouptype', 'public', 'request', 'submittableto', 'editroles', 'hidden', 'hidemembers') as $f) { foreach (array('id', 'grouptype', 'public', 'request', 'submittableto', 'editroles',
'hidden', 'hidemembers', 'hidemembersfrommembers') as $f) {
if (!isset($new->$f)) { if (!isset($new->$f)) {
$new->$f = $old->$f; $new->$f = $old->$f;
} }
...@@ -1464,7 +1467,11 @@ function group_get_menu_tabs() { ...@@ -1464,7 +1467,11 @@ function group_get_menu_tabs() {
), ),
); );
if ($role || !$group->hidemembers) { $memberstab = !$group->hidemembersfrommembers && !$group->hidemembers
|| $role && !$group->hidemembersfrommembers
|| $role == 'admin';
if ($memberstab) {
$menu['members'] = array( $menu['members'] = array(
'path' => 'groups/members', 'path' => 'groups/members',
'url' => 'group/members.php?id='.$group->id, 'url' => 'group/members.php?id='.$group->id,
......
...@@ -2237,7 +2237,7 @@ div.groupbox li.last { ...@@ -2237,7 +2237,7 @@ div.groupbox li.last {
border-top: none; border-top: none;
} }
#editgroup th label { #editgroup th label {
white-space: nowrap; white-space: normal;
} }
form#search, form#filter, div.searchform { form#search, form#filter, div.searchform {
margin-bottom: 10px; margin-bottom: 10px;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment