moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-53210 mod_feedback: fixes in check feedback access

Browse source 
1. show only uservisible feedbacks in block_feedback
2. nicer error message when user opens feedback on frontpage instead of from the mapped course
3. corrected cap check in view.php page before displaying link to complete.php
This commit is contained in:
Marina Glancy 2016-02-23 16:03:07 +08:00
parent 6ab07f97bf
commit 2a94a2f60f
3 changed files with 36 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

53
mod/feedback/view.php
View file

@ -49,11 +49,11 @@ if (has_capability('mod/feedback:complete', $context)) {
$feedback_complete_cap = true;
}
if (isset($CFG->feedback_allowfullanonymous)
AND $CFG->feedback_allowfullanonymous
if (!empty($CFG->feedback_allowfullanonymous)
AND $course->id == SITEID
AND (!$courseid OR $courseid == SITEID)
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES ) {
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES
AND (!isloggedin() OR isguestuser())) {
// Guests are allowed to complete fully anonymous feedback without having 'mod/feedback:complete' capability.
$feedback_complete_cap = true;
}
@ -62,16 +62,6 @@ if ($course->id == SITEID AND !$courseid) {
$courseid = SITEID;
}
//check whether the feedback is mapped to the given courseid
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid'=>$feedback->id))) {
$params = array('feedbackid'=>$feedback->id, 'courseid'=>$courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
print_error('invalidcoursemodule');
}
}
}
if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
if ($course->id == SITEID) {
require_login($course, true);
@ -86,6 +76,32 @@ if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
}
}
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
// Check whether the feedback is mapped to the given courseid.
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid' => $feedback->id))) {
$params = array('feedbackid' => $feedback->id, 'courseid' => $courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
if ($courseid == SITEID) {
echo $OUTPUT->header();
echo $OUTPUT->notification(get_string('cannotaccess', 'mod_feedback'));
echo $OUTPUT->footer();
exit;
} else {
print_error('invalidcoursemodule');
}
}
}
}
//check whether the given courseid exists
if ($courseid AND $courseid != SITEID) {
if ($course2 = $DB->get_record('course', array('id'=>$courseid))) {
@ -113,15 +129,6 @@ $event->trigger();
/// Print the page header
$strfeedbacks = get_string("modulenameplural", "feedback");
$strfeedback = get_string("modulename", "feedback");
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course); // set's up global $COURSE
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
//ishidden check.