Merge "Bug 1609200: Limit group config to group's admins"

d56d5298 · Robert Lyon · Gerrit Code Review · 321390a2 · 47905d70 · d56d5298
Commit d56d5298 authored Aug 08, 2016 by Robert Lyon Committed by Gerrit Code Review Aug 08, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

htdocs/group/edit.php htdocs/group/edit.php +1 -1

htdocs/lib/group.php htdocs/lib/group.php +18 -0

No files found.
--- a/htdocs/group/edit.php
+++ b/htdocs/group/edit.php
@@ -20,7 +20,7 @@ if ($id = param_integer('id', null)) {
    define('TITLE', get_string('editgroup', 'group'));
    define('GROUP', $id);

-    if (!group_user_access($id)) {
+    if (!group_user_can_configure($id)) {
        $SESSION->add_error_msg(get_string('canteditdontown', 'group'));
        redirect('/group/mygroups.php');
    }

--- a/htdocs/lib/group.php
+++ b/htdocs/lib/group.php
@@ -921,6 +921,24 @@ function group_user_can_leave($group, $userid=null) {
    return ($result[$group->id][$userid] = true);
 }

+/**
+ * Checks whether a user is allowed to change the group's configuration settings.
+ * (via edit/group.php)
+ *
+ * @param int $groupid Group to check
+ * @param int $userid User to check (default: current user)
+ * @param boolean $refresh Whether to re-check the user's role in the database (default: false)
+ */
+function group_user_can_configure($groupid, $userid = null, $refresh = false) {
+
+    if ('admin' === group_user_access($groupid, $userid, $refresh)) {
+        return true;
+    }
+    else {
+        return false;
+    }
+}
+
 /**
 * Removes a user from a group.
 *