Course-context permissions are not checked for graphs in globlal reports

[marcelorhmaia]

Global reports are intended to be accessed from any course.
A parameter is appended in the report URL for that purpose (&courseid=MY_COURSE_ID).
In such cases, course-context permissions are checked to allow users to view the reports.

However, graphs in those reports are not displayed if the user has the required permissions in the course context only.

How to reproduce:

1. Create a global report with a graph.
2. Let C be your test course, and U be your test user. Set the roles for U in such a way that it does not have the required permissions to view the report in the system context but does have them in C's context.
3. Access the report from C as U.

Fix:

• In configurable_reports/components/plot/*/plugin.class.php:

Append the courseid parameter in the URL returned by function execute: .'&courseid='.$this->report->courseid

• In configurable_reports/components/plot/*/graph.php:

Add the lines marked below:

(...)

$id = required_param('id', PARAM_ALPHANUM);
$reportid = required_param('reportid', PARAM_INT);
+++ $courseid = optional_param('courseid', null, PARAM_INT);

if (!$report = $DB->get_record('block_configurable_reports', array('id' => $reportid))) {
    print_error('reportdoesnotexists');
}

+++ if (!$courseid || !$report->global) {
    $courseid = $report->courseid;
+++ }

(...)