Improvement/59 Make board work with context freezing (#61)

* Issue 59: Separate post and view capabilities

This is so that when a context is frozen users will still be able to see the contents of the board, but not be able to edit anything.

* Issue 59: Only delete comments when new ones can be posted

This is to stop users being able to delete comments in a frozen context

* #59 Version bump

classes/board.php

@@ -610,7 +610,7 @@ public static function require_capability_for_note($id) {
 
         $context = static::context_for_column($note->columnid);
         if ($context) {
-            require_capability('mod/board:view', $context);
+            require_capability('mod/board:post', $context);
 
             if ($USER->id != $note->userid) {
                 require_capability('mod/board:manageboard', $context);
@@ -751,7 +751,7 @@ public static function board_add_note(int $columnid, int $ownerid, string $headi
 
         $context = static::context_for_column($columnid);
         if ($context) {
-            require_capability('mod/board:view', $context);
+            require_capability('mod/board:post', $context);
         }
 
         $heading = empty($heading) ? null : mb_substr($heading, 0, static::LENGTH_HEADING);
@@ -1189,7 +1189,7 @@ public static function board_can_rate_note(int $noteid): array {
         }
 
         $context = static::context_for_board($board->id);
-        if (!has_capability('mod/board:view', $context)) {
+        if (!has_capability('mod/board:post', $context)) {
             return $result;
         }
 
@@ -1339,10 +1339,17 @@ public static function board_is_editor($boardid) {
      * a particular board.
      *
      * @param int $boardid
-     * @return void
+     * @return boolean
      */
     public static function board_users_can_edit($boardid) {
         global $DB;
+
+        $context = static::context_for_board($boardid);
+        if (!has_capability('mod/board:post', $context)) {
+            // The user is not allowed to post via capabilities.
+            return false;
+        }
+
         return $DB->get_field('board', 'userscanedit', ['id' => $boardid], IGNORE_MISSING);
     }
 
@@ -1510,7 +1517,8 @@ public static function can_view_user($boardid, $userid): bool {
     public static function can_post(int $boardid, int $userid, int $ownerid): bool {
         global $USER;
 
-        if ($userid == $ownerid) {
+        $context = static::context_for_board($boardid);
+        if ($userid == $ownerid && has_capability('mod/board:post', $context)) {
             return true;
         }
         $board = static::get_board($boardid);

classes/comment.php

@@ -149,11 +149,11 @@ public static function can_create($context) {
     public function can_delete() {
         global $USER;
 
-        if ($this->userid == $USER->id) {
+        $context = $this->get_context();
+        if ($this->userid == $USER->id && has_capability('mod/board:postcomment', $context)) {
             return true;
         }
 
-        $context = $this->get_context();
         if (has_capability('mod/board:deleteallcomments', $context)) {
             return true;
         }

db/access.php

@@ -26,7 +26,7 @@
 
 $capabilities = array(
     'mod/board:view' => array(
-        'captype' => 'write',
+        'captype' => 'read',
         'contextlevel' => CONTEXT_MODULE,
         'archetypes' => array(
             'student' => CAP_ALLOW,
@@ -35,6 +35,18 @@
             'manager' => CAP_ALLOW,
         )
     ),
+    'mod/board:post' => array(
+        'riskbitmask' => RISK_SPAM,
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_MODULE,
+        'archetypes' => array(
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'manager' => CAP_ALLOW,
+        ),
+        'clonepermissionsfrom' => 'mod/board:view',
+    ),
     'mod/board:addinstance' => array(
         'riskbitmask' => RISK_XSS,
 

external.php

@@ -709,7 +709,7 @@ public static function get_comments($noteid) {
             $comment->id = $note->id;
             $comment->noteid = $note->noteid;
             $comment->content = $note->content;
-            $comment->candelete = ($note->userid === $USER->id || $candeleteall) ? true : false;
+            $comment->candelete = (($canpost && $note->userid === $USER->id) || $candeleteall) ? true : false;
             $comment->date = userdate($note->timecreated);
             $comments[] = $comment;
         }

lang/en/board.php

@@ -31,7 +31,8 @@
 $string['board:addinstance'] = 'Add a new board resource';
 $string['board:deleteallcomments'] = 'View and delete all comments on posts';
 $string['board:postcomment'] = 'Create and view comments on posts';
-$string['board:view'] = 'View board content and manage own posts.';
+$string['board:view'] = 'View board content.';
+$string['board:post'] = 'Manage own posts and potentially rate posts.';
 $string['board:manageboard'] = 'Manage columns and manage all posts.';
 $string['pluginadministration'] = 'Board module administration';
 $string['hideheaders'] = 'Hide column headers from students';

version.php

@@ -25,7 +25,7 @@
 defined('MOODLE_INTERNAL') || die;
 
 $plugin->component = 'mod_board'; // Full name of the plugin (used for diagnostics).
-$plugin->version   = 2022040112; // The current module version Use 2022.04.01 as base for 4.00.
+$plugin->version   = 2022040113; // The current module version Use 2022.04.01 as base for 4.00.
 $plugin->requires  = 2022041900; // Moodle 4.00 and up.
 $plugin->release = '1.401.03 (Build 2022040112)';
 $plugin->maturity  = MATURITY_STABLE;