fix capacities and param names

CHANGELOG.md

@@ -65,3 +65,10 @@ Ajout d'un lien pour revenir au cours, visible par l'étudiant et l'enseignant.
 #### Lien vers l'édition
 
 Ajout d'un bouton en haut de page pour éditer le parcours, visible uniquement par l'enseignant. 
+
+### Gestion des droits
+
+Ajout de vérification du droit d'éditer le cours pour les interfaces d'édition de parcours. Modification de noms de paramètres. 
+
+
+

block_career.php

@@ -52,9 +52,7 @@ class block_career extends block_base
 	 */
 	public function get_content()
 	{
-		global $CFG;
-		global $COURSE;
-		global $DB;
+		global $CFG, $COURSE, $DB, $USER;
 		
 		if ($this->content !== null) {
 			return $this->content;
@@ -97,8 +95,11 @@ class block_career extends block_base
 		if (empty($request)) {
 			$this->content->text .= "<p>" . get_string('any_carrer', 'block_career') . "</p>";
 		}
+
+		if (has_capability('moodle/course:update', $context = context_course::instance($COURSE->id), $USER->id)) {
+			$this->content->text .= '<a href="' . $CFG->wwwroot . '/blocks/career/career_list.php?courseid=' . $COURSE->id . '" type="button " class="btn btn-primary btn-career-block mt-3">Gérer les parcours</a>';
+		}
 		
-		$this->content->text .= '<a href="' . $CFG->wwwroot . '/blocks/career/career_list.php?course=' . $COURSE->id . '" type="button " class="btn btn-primary btn-career-block mt-3">Gérer les parcours</a>';
 		
 		// $this->content->text .= "<p></p>";
 		

career_list.php

 <?php
-	define('NO_OUTPUT_BUFFERING', true);
-	require_once('../../config.php');
-	require_once('entity/block_career_ressource.php');
-	require_once('entity/block_career_section.php');
-	require_once('view/view_career_list.php');
-	
-	global $COURSE;
-	global $USER;
-	global $DB;
-	global $CFG;
-	require_once($CFG->libdir . '/adminlib.php');
-	
-	$id_course = required_param('course', PARAM_INT);
-	
-	$url = new moodle_url('/blocks/career/career_list.php', array('course' => $id_course));
+	// define('NO_OUTPUT_BUFFERING', true);
+require_once('../../config.php');
+require_once('entity/block_career_ressource.php');
+require_once('entity/block_career_section.php');
+require_once('view/view_career_list.php');
+
+global $USER, $DB, $CFG;
+require_once($CFG->libdir . '/adminlib.php');
+
+$id_course = required_param('courseid', PARAM_INT);
+
+$url = new moodle_url('/blocks/career/career_list.php', array('courseid' => $id_course));
 	//Check if the user has capability to update course
-	if (!has_capability('moodle/course:update', $context = context_course::instance($id_course), $USER->id)) {
-		header("Location: {$_SERVER['HTTP_REFERER']}");
-		exit;
-	}
-	
-	$PAGE->set_url($url);
-	$PAGE->set_pagelayout('admin');
-	
-	$course = $DB->get_record('course', array('id' => $id_course), '*', MUST_EXIST);
-	require_login($course, false, NULL);
-	
-	$PAGE->set_title(get_string('title_plugin', 'block_career'));
-	$PAGE->set_heading($OUTPUT->heading($COURSE->fullname, 2, 'headingblock header outline'));
-	
-	$ressource = new block_career_ressource();
-	$section = new block_career_section();
-	echo $OUTPUT->header();
-	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"styles.css\">";
-	$content = new view_career_list();
-	echo $content->get_content();
-	echo $OUTPUT->footer();
\ No newline at end of file
+if (!has_capability('moodle/course:update', $context = context_course::instance($id_course), $USER->id)) {
+	$link = $CFG->wwwroot . '/course/view.php?id=' . $id_course;
+	header("Location: {$link}");
+	exit;
+}
+
+$PAGE->set_url($url);
+$PAGE->set_pagelayout('admin');
+
+$course = $DB->get_record('course', array('id' => $id_course), '*', MUST_EXIST);
+require_login($course, false, NULL);
+
+$PAGE->set_title(get_string('title_plugin', 'block_career'));
+$PAGE->set_heading($OUTPUT->heading($COURSE->fullname, 2, 'headingblock header outline'));
+
+// $ressource = new block_career_ressource();
+// $section = new block_career_section();
+echo $OUTPUT->header();
+	// echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"styles.css\">";
+$content = new view_career_list();
+echo $content->get_content();
+echo $OUTPUT->footer();
\ No newline at end of file

career_setting.php

 <?php
-	
-	ob_start();
-	
-	require_once('../../config.php');
-	global $COURSE, $DB, $CFG;
-	require_once("$CFG->libdir/formslib.php");
-	require_once('entity/block_career_ressource.php');
-	require_once('entity/block_career_section.php');
-	require_once('view/view_career_setting.php');
-	
-	$id_course = required_param('course', PARAM_INT);
-	$url = new moodle_url('/blocks/career/career_setting.php', array('course' => $id_course));
-	
-	$PAGE->set_pagelayout('course');
-	$PAGE->set_url($url);
-	
-	$course = $DB->get_record('course', array('id' => $id_course), '*', MUST_EXIST);
-	require_login($course, false, NULL);
-	
-	
-	$PAGE->set_title(get_string('title_plugin', 'block_career'));
-	$PAGE->set_heading($OUTPUT->heading($COURSE->fullname, 2, 'headingblock header outline'));
-	echo $OUTPUT->header();
-	$PAGE->requires->js("/blocks/career/js/jquery.min.js");
-	$PAGE->requires->js("/blocks/career/js/file.js");
+
+ob_start();
+
+require_once('../../config.php');
+global $COURSE, $DB, $CFG, $USER;
+require_once("$CFG->libdir/formslib.php");
+require_once('entity/block_career_ressource.php');
+require_once('entity/block_career_section.php');
+require_once('view/view_career_setting.php');
+
+$id_course = required_param('courseid', PARAM_INT);
+$url = new moodle_url('/blocks/career/career_setting.php', array('courseid' => $id_course));
+
+$PAGE->set_pagelayout('course');
+$PAGE->set_url($url);
+
+// $course = $DB->get_record('course', array('id' => $id_course), '*', MUST_EXIST);
+require_login($id_course, false, NULL);
+
+// $COURSE is === "1" before require_login !!!
+
+if (!has_capability('moodle/course:update', $context = context_course::instance($COURSE->id), $USER->id)) {
+	$link = $CFG->wwwroot . '/course/view.php?id=' . $COURSE->id;
+	header("Location: {$link}");
+	exit;
+}
+
+$PAGE->set_title(get_string('title_plugin', 'block_career'));
+$PAGE->set_heading($OUTPUT->heading($COURSE->fullname, 2, 'headingblock header outline'));
+echo $OUTPUT->header();
+$PAGE->requires->js("/blocks/career/js/jquery.min.js");
+$PAGE->requires->js("/blocks/career/js/file.js");
 	// echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"styles.css\">";
-	
-	$content = new view_career_setting();
-	echo $content->get_content();
+
+$content = new view_career_setting();
+echo $content->get_content();
 
 	// Delete career
-	if (isset($_GET["delete"]) && $_GET["delete"] == 1) {
-		$DB->execute("DELETE FROM {block_career} WHERE id = ?", array($_GET["id"]));
-		header("Location: $CFG->wwwroot/blocks/career/career_list.php?course=" . $_GET["course"]);
-	}
-	
-	if (!empty($_POST["careerName"])) {
-		
-		$ressourses = "";
-		
-		foreach ($_POST["ressource"] as $value) {
-			if ($value === end($_POST["ressource"])) {
-				$ressourses .= "$value";
-			} else {
-				$ressourses .= "$value,";
-			}
+if (isset($_GET["delete"]) && $_GET["delete"] == 1) {
+	$DB->execute("DELETE FROM {block_career} WHERE id = ?", array($_GET["id"]));
+	header("Location: $CFG->wwwroot/blocks/career/career_list.php?courseid=" . $_GET["courseid"]);
+}
+
+if (!empty($_POST["careerName"])) {
+
+	$ressourses = "";
+
+	foreach ($_POST["ressource"] as $value) {
+		if ($value === end($_POST["ressource"])) {
+			$ressourses .= "$value";
+		} else {
+			$ressourses .= "$value,";
 		}
-		
+	}
+
 		//$record is use for insert/update in database
-		$record = new stdClass();
-		$record->course = intval($_GET["course"]);
-		$record->name = $_POST["careerName"];
-		$record->description = $_POST["descriptionName"]["text"];
-		
+	$record = new stdClass();
+	$record->course = intval($_GET["courseid"]);
+	$record->name = $_POST["careerName"];
+	$record->description = $_POST["descriptionName"]["text"];
+
 		// if (isset($_FILES['imageName']['tmp_name'])) {
 		// 	$pathDir = "img/";
 		// 	$pathFile = $pathDir . basename($_FILES["imageName"]["name"]);
@@ -61,22 +68,22 @@
 		// } else {
 		// 	$record->image = $_POST["imagePath"];
 		// }
-		$record->image = "";
-		
-		$record->ressources = $ressourses;
-		
-		if ($_POST["careerId"] != 0) {
-			$record->id = intval($_POST["careerId"]);
-			$lastinsertid = $DB->update_record('block_career', $record);
-		} else {
-			$lastinsertid = $DB->insert_record('block_career', $record);
-		}
-		
-		if ($lastinsertid != 0) {
-			header("Location: $CFG->wwwroot/blocks/career/career_list.php?course=" . $_GET["course"]);
-		}
-		
+	$record->image = "";
+
+	$record->ressources = $ressourses;
+
+	if ($_POST["careerId"] != 0) {
+		$record->id = intval($_POST["careerId"]);
+		$lastinsertid = $DB->update_record('block_career', $record);
+	} else {
+		$lastinsertid = $DB->insert_record('block_career', $record);
+	}
+
+	if ($lastinsertid != 0) {
+		header("Location: $CFG->wwwroot/blocks/career/career_list.php?courseid=" . $_GET["courseid"]);
 	}
-	
-	
-	echo $OUTPUT->footer();
+
+}
+
+
+echo $OUTPUT->footer();

view/view_career_list.php

 <?php
-	
-	
-	class view_career_list
-	{
-		
-		/**
-		 * @return string
-		 */
-		public function get_content()
-		{
-			global $DB, $CFG;
-			
-			$content = "<h2>" . get_string('title_plugin', 'block_career') . "</h2>";
-			$content .= "<div class='alert alert-info'>" . get_string('heading_plugin', 'block_career') . "</div>";
-			
-			$request = $DB->get_records_sql('SELECT * FROM {block_career} WHERE course = ?', array($_GET["course"]));
-			
+
+
+class view_career_list
+{
+
+/**
+ * @return string
+ */
+public function get_content()
+{
+	global $DB, $CFG, $COURSE, $USER;
+
+	if (!has_capability('moodle/course:update', $context = context_course::instance($COURSE->id), $USER->id)) {
+		$link = $CFG->wwwroot . '/course/view.php?id=' . $COURSE->id;
+		header("Location: {$link}");
+		exit;
+	}
+
+	$content = "<h2>" . get_string('title_plugin', 'block_career') . "</h2>";
+	$content .= "<div class='alert alert-info'>" . get_string('heading_plugin', 'block_career') . "</div>";
+
+	$request = $DB->get_records_sql('SELECT * FROM {block_career} WHERE course = ?', array($_GET["courseid"]));
+
 			// $image = "";
-			
-			foreach ($request as $value) {
-				
+
+	foreach ($request as $value) {
+
 				// if (file_get_contents($value->image) != null) {
 				// 	$image = "<img src='$value->image' class='img_moodle_course'/>";
 				// }
-				
-				$content .= "<div class='card card-block mb-3'>
-				<div class='card-body'>
-				<h2 class='card-title'>$value->name</h2>
-				<p class='card-text'>$value->description</p>
-				<a href='$CFG->wwwroot/blocks/career/career_setting.php?course=" . $_GET["course"] . "&id=$value->id' class='btn btn-primary btn-sm path-list-edit-link'>Modifier</a>
-				</div>
-                </div>";
+
+		$content .= "<div class='card card-block mb-3'>
+		<div class='card-body'>
+		<h2 class='card-title'>$value->name</h2>
+		<p class='card-text'>$value->description</p>
+		<a href='$CFG->wwwroot/blocks/career/career_setting.php?courseid=" . $_GET["courseid"] . "&pathid=$value->id' class='btn btn-primary btn-sm path-list-edit-link'>Modifier</a>
+		</div>
+		</div>";
 
                 // $content .= "<div class='card card_block'>
                 //     <div class='row'>
@@ -39,17 +45,17 @@
                 //         <div class='col-lg-1 col-md-1 padding_column'><a style='color:black' href='$CFG->wwwroot/blocks/career/career_setting.php?course=" . $_GET["course"] . "&id=$value->id'><i class=\"fa fa-cog fa-2x\"></a></i></div>
                 //    </div>
                 // </div>";
-			}
-			
-			if (empty($request)) {
-				$content .= "<p>" . get_string('any_carrer', 'block_career') . "</p>";
-			}
+	}
+
+	if (empty($request)) {
+		$content .= "<p>" . get_string('any_carrer', 'block_career') . "</p>";
+	}
 			// Button for adding course to the list
-			$content .= "<a href='$CFG->wwwroot/blocks/career/career_setting.php?course=" . $_GET["course"] . "' class='btn btn-primary'>" . get_string('add_path', 'block_career') . "</a>";
-			
-			
-			return $content;
-			
-		}
-		
-	}
\ No newline at end of file
+	$content .= "<a href='$CFG->wwwroot/blocks/career/career_setting.php?courseid=" . $COURSE->id . "' class='btn btn-primary'>" . get_string('add_path', 'block_career') . "</a>";
+
+
+	return $content;
+
+}
+
+}
\ No newline at end of file

view/view_career_setting.php

@@ -28,8 +28,8 @@ class view_career_setting extends moodleform
         global $DB, $CFG;
 
         $mform = $this->_form;
-        $careerId = optional_param('id', NULL, PARAM_INT);
-        $course = required_param('course', PARAM_INT);
+        $careerId = optional_param('pathid', NULL, PARAM_INT);
+        $course = required_param('courseid', PARAM_INT);
 
         $name = "";
         $description = "";
@@ -74,7 +74,7 @@ class view_career_setting extends moodleform
 
         $sections = block_career_section::get_sections_by_id_course($course);
 
-        $content .= '<div class="row"><form class="col-12" action="career_setting.php?course=' . $course . '" method="post" enctype="multipart/form-data">';
+        $content .= '<div class="row"><form class="col-12" action="career_setting.php?courseid=' . $course . '" method="post" enctype="multipart/form-data">';
 
         $content .= $temp;
 
@@ -173,12 +173,12 @@ class view_career_setting extends moodleform
             <div class="row mt-3">  
             <div class="col">
             <input type="hidden" name="careerId" value="'.$careerId.'">
-            <a href=' . $CFG->wwwroot . "/blocks/career/career_list.php?course=" . $course . ' class="btn btn-secondary">Annuler</a> ';
+            <a href=' . $CFG->wwwroot . "/blocks/career/career_list.php?courseid=" . $course . ' class="btn btn-secondary">Annuler</a> ';
 
 
 
             if ($careerId != 0) {
-                $content .= "<a href='$CFG->wwwroot/blocks/career/career_setting.php?course=$course&delete=1&id=$careerId' class='btn btn-danger'>Supprimer</a> ";
+                $content .= "<a href='$CFG->wwwroot/blocks/career/career_setting.php?courseid=$course&delete=1&id=$careerId' class='btn btn-danger'>Supprimer</a> ";
             }
 
             $content .= '

view/view_career_unit.php

@@ -52,7 +52,7 @@ $sections = array_combine($keys,$sections);
 ksort($sections);
 
 $cours_url = $CFG->wwwroot . "/course/view.php?id=" . $COURSE->id;
-$edit_url = $CFG->wwwroot . "/blocks/career/career_setting.php?course=" . $COURSE->id . "&id=" . $careerId;
+$edit_url = $CFG->wwwroot . "/blocks/career/career_setting.php?courseid=" . $COURSE->id . "&pathid=" . $careerId;
 
 ?>