mirror of
https://github.com/moodle/moodle.git
synced 2025-08-05 00:46:50 +02:00
MDL-31811 Add/Correct checks on activity read-only periods
This commit is contained in:
Andrew Robert Nicols
Sam Hemelryk
parent
0c1e3a753b
commit
aacacde221
2 changed files with 38 additions and 37 deletions
|
|
@ -93,8 +93,23 @@ if (has_capability('mod/data:managetemplates', $context)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($rid) { // So do you have access?
|
||||
if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) {
|
||||
if ($rid) {
|
||||
// When editing an existing record, we require the session key
|
||||
require_sesskey();
|
||||
}
|
||||
|
||||
// Get Group information for permission testing and record creation
|
||||
$currentgroup = groups_get_activity_group($cm);
|
||||
$groupmode = groups_get_activity_groupmode($cm);
|
||||
|
||||
if (!has_capability('mod/data:manageentries', $context)) {
|
||||
if ($rid) {
|
||||
// User is editing an existing record
|
||||
if (!data_isowner($rid) || data_in_readonly_period($data)) {
|
||||
print_error('noaccess','data');
|
||||
}
|
||||
} else if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
|
||||
// User is trying to create a new record
|
||||
print_error('noaccess','data');
|
||||
}
|
||||
}
|
||||
|
|
@ -136,20 +151,6 @@ if ($rid) {
|
|||
$PAGE->set_title($data->name);
|
||||
$PAGE->set_heading($course->fullname);
|
||||
|
||||
/// Check to see if groups are being used here
|
||||
$currentgroup = groups_get_activity_group($cm);
|
||||
$groupmode = groups_get_activity_groupmode($cm);
|
||||
|
||||
if ($currentgroup) {
|
||||
$groupselect = " AND groupid = '$currentgroup'";
|
||||
$groupparam = "&groupid=$currentgroup";
|
||||
} else {
|
||||
$groupselect = "";
|
||||
$groupparam = "";
|
||||
$currentgroup = 0;
|
||||
}
|
||||
|
||||
|
||||
/// Process incoming data for adding/updating records
|
||||
|
||||
if ($datarecord = data_submitted() and confirm_sesskey()) {
|
||||
|
|
@ -189,21 +190,6 @@ if ($datarecord = data_submitted() and confirm_sesskey()) {
|
|||
redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&rid='.$rid);
|
||||
|
||||
} else { /// Add some new records
|
||||
|
||||
if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
|
||||
print_error('cannotadd', 'data');
|
||||
}
|
||||
|
||||
/// Check if maximum number of entry as specified by this database is reached
|
||||
/// Of course, you can't be stopped if you are an editting teacher! =)
|
||||
|
||||
if (data_atmaxentries($data) and !has_capability('mod/data:manageentries',$context)){
|
||||
echo $OUTPUT->header();
|
||||
echo $OUTPUT->notification(get_string('atmaxentry','data'));
|
||||
echo $OUTPUT->footer();
|
||||
exit;
|
||||
}
|
||||
|
||||
///Empty form checking - you can't submit an empty form!
|
||||
|
||||
$emptyform = true; // assume the worst
|
||||
|
|
|
|||
|
|
@ -1250,6 +1250,9 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
|
|||
return;
|
||||
}
|
||||
|
||||
// Check whether this activity is read-only at present
|
||||
$readonly = data_in_readonly_period($data);
|
||||
|
||||
foreach ($records as $record) { // Might be just one for the single template
|
||||
|
||||
// Replacing tags
|
||||
|
|
@ -1265,7 +1268,7 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
|
|||
// Replacing special tags (##Edit##, ##Delete##, ##More##)
|
||||
$patterns[]='##edit##';
|
||||
$patterns[]='##delete##';
|
||||
if (has_capability('mod/data:manageentries', $context) or data_isowner($record->id)) {
|
||||
if (has_capability('mod/data:manageentries', $context) || (!$readonly && data_isowner($record->id))) {
|
||||
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
|
||||
.$data->id.'&rid='.$record->id.'&sesskey='.sesskey().'"><img src="'.$OUTPUT->pix_url('t/edit') . '" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>';
|
||||
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
|
||||
|
|
@ -2079,11 +2082,8 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
|
|||
|
||||
} else if (data_atmaxentries($data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
//if in the view only time window
|
||||
$now = time();
|
||||
if ($now>$data->timeviewfrom && $now<$data->timeviewto) {
|
||||
} else if (data_in_readonly_period($data)) {
|
||||
// Check whether we're in a read-only period
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -2103,6 +2103,21 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether the specified database activity is currently in a read-only period
|
||||
*
|
||||
* @param object $data
|
||||
* @return bool returns true if the time fields in $data indicate a read-only period; false otherwise
|
||||
*/
|
||||
function data_in_readonly_period($data) {
|
||||
$now = time();
|
||||
if (!$data->timeviewfrom && !$data->timeviewto) {
|
||||
return false;
|
||||
} else if (($data->timeviewfrom && $now < $data->timeviewfrom) || ($data->timeviewto && $now > $data->timeviewto)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue