From 727b75d9d63ab63451882fec4a64ce103ccca4e3 Mon Sep 17 00:00:00 2001 From: Ruslan Kabalin Date: Thu, 3 Dec 2009 17:21:59 +0000 Subject: [PATCH] Prevent ordinary user to be promoted to be an admin of "standard.controlled" or "course" grouptypes. Signed-off-by: Ruslan Kabalin --- htdocs/grouptype/course/lib.php | 13 +++++++++++-- htdocs/grouptype/lib.php | 3 ++- htdocs/grouptype/standard/lib.php | 12 ++++++++---- htdocs/lib/group.php | 9 ++++++++- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/htdocs/grouptype/course/lib.php b/htdocs/grouptype/course/lib.php index 563f9f0..de87592 100644 --- a/htdocs/grouptype/course/lib.php +++ b/htdocs/grouptype/course/lib.php @@ -39,8 +39,17 @@ class PluginGrouptypeCourse extends PluginGrouptype { class GroupTypeCourse extends GroupType { - public static function allowed_join_types() { - return array('controlled', 'request'); + public static function allowed_join_types($all=false) { + global $USER; + return self::user_allowed_join_types($USER, $all); + } + + public static function user_allowed_join_types($user, $all=false) { + $jointypes = array(); + if (defined('INSTALLER') || $all || $user->get('admin') || $user->get('staff') || $user->is_institutional_admin() || $user->is_institutional_staff()) { + $jointypes = array_merge($jointypes, array('controlled', 'request')); + } + return $jointypes; } public static function can_be_created_by_user() { diff --git a/htdocs/grouptype/lib.php b/htdocs/grouptype/lib.php index 525ac7d..fd1483f 100644 --- a/htdocs/grouptype/lib.php +++ b/htdocs/grouptype/lib.php @@ -75,7 +75,8 @@ abstract class GroupType { } public static abstract function allowed_join_types(); - + + public static abstract function user_allowed_join_types($user); /** * Returns whether the currently logged in user can create a group of this * grouptype diff --git a/htdocs/grouptype/standard/lib.php b/htdocs/grouptype/standard/lib.php index 52a80db..9306b48 100644 --- a/htdocs/grouptype/standard/lib.php +++ b/htdocs/grouptype/standard/lib.php @@ -45,9 +45,13 @@ class GroupTypeStandard extends GroupType { public static function allowed_join_types($all=false) { global $USER; + return self::user_allowed_join_types($USER, $all); + } + + public static function user_allowed_join_types($user, $all=false) { $jointypes = array('open', 'request', 'invite'); - if (defined('INSTALLER') || $all || $USER->get('admin') || $USER->get('staff') || $USER->is_institutional_admin() || $USER->is_institutional_staff()) { - $jointypes[] = 'controlled'; + if (defined('INSTALLER') || $all || $user->get('admin') || $user->get('staff') || $user->is_institutional_admin() || $user->is_institutional_staff()) { + $jointypes[] = 'controlled'; } return $jointypes; } @@ -70,8 +74,8 @@ class GroupTypeStandard extends GroupType { public static function default_artefact_rolepermissions() { return array( - 'member' => (object) array('view' => true, 'edit' => true, 'republish' => true), - 'admin' => (object) array('view' => true, 'edit' => true, 'republish' => true), + 'member' => (object) array('view' => true, 'edit' => true, 'republish' => true), + 'admin' => (object) array('view' => true, 'edit' => true, 'republish' => true), ); } diff --git a/htdocs/lib/group.php b/htdocs/lib/group.php index 6df4f52..ffedebe 100644 --- a/htdocs/lib/group.php +++ b/htdocs/lib/group.php @@ -106,7 +106,14 @@ function group_can_change_role($groupid, $userid, $role) { return false; } - // Maybe one day more checks will be needed - they go here + // admin role permissions check + if ($role == 'admin') { + $group = group_current_group(); + $user = new User(); + $user->find_by_id($userid); + safe_require('grouptype', $group->grouptype); + return in_array($group->jointype, call_static_method('GroupType' . $group->grouptype, 'user_allowed_join_types', $user)); + } return true; } -- 1.5.6.5