Commit b2602346 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Fix some more plans permission stuff (bug #618532)


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 6111384f
......@@ -35,8 +35,10 @@ safe_require('artefact','plans');
define('TITLE', get_string('deleteplan','artefact.plans'));
$id = param_integer('id');
$todelete = artefact_instance_from_id($id);
$USER->can_edit_artefact($todelete);
$todelete = new ArtefactTypePlan($id);
if (!$USER->can_edit_artefact($todelete)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
$deleteform = array(
'name' => 'deleteplanform',
......
......@@ -35,8 +35,10 @@ safe_require('artefact','plans');
define('TITLE', get_string('deletetask','artefact.plans'));
$id = param_integer('id');
$todelete = artefact_instance_from_id($id);
$USER->can_edit_artefact($todelete);
$todelete = new ArtefactTypeTask($id);
if (!$USER->can_edit_artefact($todelete)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
$deleteform = array(
'name' => 'deletetaskform',
......
......@@ -138,6 +138,17 @@ class ArtefactTypePlan extends ArtefactType {
$plans['pagination_js'] = $pagination['javascript'];
}
public static function validate(Pieform $form, $values) {
global $USER;
if (!empty($values['plan'])) {
$id = (int) $values['plan'];
$artefact = new ArtefactTypePlan($id);
if (!$USER->can_edit_artefact($artefact)) {
$form->set_error('submit', get_string('canteditdontown'));
}
}
}
public static function submit(Pieform $form, $values) {
global $USER, $SESSION;
......@@ -146,7 +157,6 @@ class ArtefactTypePlan extends ArtefactType {
if (!empty($values['plan'])) {
$id = (int) $values['plan'];
$artefact = new ArtefactTypePlan($id);
$USER->can_edit_artefact($id);
}
else {
$artefact = new ArtefactTypePlan();
......@@ -184,6 +194,7 @@ class ArtefactTypePlan extends ArtefactType {
'name' => empty($plan) ? 'addplan' : 'editplan',
'plugintype' => 'artefact',
'pluginname' => 'task',
'validatecallback' => array(generate_artefact_class_name('plan'),'validate'),
'successcallback' => array(generate_artefact_class_name('plan'),'submit'),
'elements' => $elements,
);
......@@ -374,6 +385,7 @@ class ArtefactTypeTask extends ArtefactType {
'name' => empty($task) ? 'addtasks' : 'edittask',
'plugintype' => 'artefact',
'pluginname' => 'task',
'validatecallback' => array(generate_artefact_class_name('task'),'validate'),
'successcallback' => array(generate_artefact_class_name('task'),'submit'),
'elements' => $elements,
);
......@@ -444,6 +456,17 @@ class ArtefactTypeTask extends ArtefactType {
return $elements;
}
public static function validate(Pieform $form, $values) {
global $USER;
if (!empty($values['task'])) {
$id = (int) $values['task'];
$artefact = new ArtefactTypeTask($id);
if (!$USER->can_edit_artefact($artefact)) {
$form->set_error('submit', get_string('canteditdontown'));
}
}
}
public static function submit(Pieform $form, $values) {
global $USER, $SESSION;
......
......@@ -36,7 +36,9 @@ safe_require('artefact', 'plans');
$id = param_integer('id',0);
if ($id) {
$plan = new ArtefactTypePlan($id);
$USER->can_edit_artefact($plan);
if (!$USER->can_edit_artefact($plan)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
define('TITLE', get_string('newtask','artefact.plans'));
$form = ArtefactTypeTask::get_form($id);
}
......
......@@ -43,8 +43,11 @@ $id = param_integer('id');
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
$plan = artefact_instance_from_id($id);
$USER->can_edit_artefact($plan);
$plan = new ArtefactTypePlan($id);
if (!$USER->can_edit_artefact($plan)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
$tasks = ArtefactTypeTask::get_tasks($plan->get('id'), $offset, $limit);
ArtefactTypeTask::build_tasks_list_html($tasks);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment