moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-08 10:26:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-37710 Assign: Fix pluginfile permission checks for student viewing their own team submission.

Browse source 
This change adds a function to the assign class to allow the permissions for a group submission
to be checked and updates all the submission plugins to call it.
This commit is contained in:
Damyon Wiese 2013-01-29 16:07:08 +08:00
parent cbb26eb0ec
commit 3e1b63f1c8
4 changed files with 62 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

23
mod/assign/submission/onlinetext/lib.php
View file

@ -35,7 +35,7 @@ defined('MOODLE_INTERNAL') || die();
* @return bool false if file not found, does not return if found - just send the file
*/
function assignsubmission_onlinetext_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) {
global $USER, $DB;
global $DB, $CFG;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
@ -43,19 +43,28 @@ function assignsubmission_onlinetext_pluginfile($course, $cm, context $context,
require_login($course, false, $cm);
$itemid = (int)array_shift($args);
$record = $DB->get_record('assign_submission', array('id'=>$itemid), 'userid, assignment', MUST_EXIST);
$record = $DB->get_record('assign_submission',
array('id'=>$itemid),
'userid, assignment, groupid',
MUST_EXIST);
$userid = $record->userid;
$groupid = $record->groupid;
if (!$assign = $DB->get_record('assign', array('id'=>$cm->instance))) {
require_once($CFG->dirroot . '/mod/assign/locallib.php');
$assign = new assign($context, $cm, $course);
if ($assign->get_instance()->id != $record->assignment) {
return false;
}
if ($assign->id != $record->assignment) {
if ($assign->get_instance()->teamsubmission &&
!$assign->can_view_group_submission($groupid)) {
return false;
}
// Check is users submission or has grading permission.
if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) {
if (!$assign->get_instance()->teamsubmission &&
!$assign->can_view_submission($userid)) {
return false;
}
@ -64,7 +73,7 @@ function assignsubmission_onlinetext_pluginfile($course, $cm, context $context,
$fullpath = "/{$context->id}/assignsubmission_onlinetext/$filearea/$itemid/$relativepath";
$fs = get_file_storage();
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) || $file->is_directory()) {
return false;
}