moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-31811 Add/Correct checks on activity read-only periods

Browse source
This commit is contained in:
Andrew Robert Nicols 2012-02-28 17:15:28 +00:00 committed by Sam Hemelryk
parent 0c1e3a753b
commit aacacde221
2 changed files with 38 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

48
mod/data/edit.php
View file

@ -93,8 +93,23 @@ if (has_capability('mod/data:managetemplates', $context)) {
} }
} }
if ($rid) { // So do you have access? if ($rid) {
if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) { // When editing an existing record, we require the session key
require_sesskey();
}
// Get Group information for permission testing and record creation
$currentgroup = groups_get_activity_group($cm);
$groupmode = groups_get_activity_groupmode($cm);
if (!has_capability('mod/data:manageentries', $context)) {
if ($rid) {
// User is editing an existing record
if (!data_isowner($rid) || data_in_readonly_period($data)) {
print_error('noaccess','data');
}
} else if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
// User is trying to create a new record
print_error('noaccess','data'); print_error('noaccess','data');
} }
} }
@ -136,20 +151,6 @@ if ($rid) {
$PAGE->set_title($data->name); $PAGE->set_title($data->name);
$PAGE->set_heading($course->fullname); $PAGE->set_heading($course->fullname);
/// Check to see if groups are being used here
$currentgroup = groups_get_activity_group($cm);
$groupmode = groups_get_activity_groupmode($cm);
if ($currentgroup) {
$groupselect = " AND groupid = '$currentgroup'";
$groupparam = "&groupid=$currentgroup";
} else {
$groupselect = "";
$groupparam = "";
$currentgroup = 0;
}
/// Process incoming data for adding/updating records /// Process incoming data for adding/updating records
if ($datarecord = data_submitted() and confirm_sesskey()) { if ($datarecord = data_submitted() and confirm_sesskey()) {
@ -189,21 +190,6 @@ if ($datarecord = data_submitted() and confirm_sesskey()) {
redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&rid='.$rid); redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&rid='.$rid);
} else { /// Add some new records } else { /// Add some new records
if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
print_error('cannotadd', 'data');
}
/// Check if maximum number of entry as specified by this database is reached
/// Of course, you can't be stopped if you are an editting teacher! =)
if (data_atmaxentries($data) and !has_capability('mod/data:manageentries',$context)){
echo $OUTPUT->header();
echo $OUTPUT->notification(get_string('atmaxentry','data'));
echo $OUTPUT->footer();
exit;
}
///Empty form checking - you can't submit an empty form! ///Empty form checking - you can't submit an empty form!
$emptyform = true; // assume the worst $emptyform = true; // assume the worst

27
mod/data/lib.php
View file

@ -1250,6 +1250,9 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
return; return;
} }
// Check whether this activity is read-only at present
$readonly = data_in_readonly_period($data);
foreach ($records as $record) { // Might be just one for the single template foreach ($records as $record) { // Might be just one for the single template
// Replacing tags // Replacing tags
@ -1265,7 +1268,7 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
// Replacing special tags (##Edit##, ##Delete##, ##More##) // Replacing special tags (##Edit##, ##Delete##, ##More##)
$patterns[]='##edit##'; $patterns[]='##edit##';
$patterns[]='##delete##'; $patterns[]='##delete##';
if (has_capability('mod/data:manageentries', $context) or data_isowner($record->id)) { if (has_capability('mod/data:manageentries', $context) || (!$readonly && data_isowner($record->id))) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d=' $replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
.$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$OUTPUT->pix_url('t/edit') . '" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>'; .$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$OUTPUT->pix_url('t/edit') . '" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>';
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d=' $replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
@ -2079,11 +2082,8 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
} else if (data_atmaxentries($data)) { } else if (data_atmaxentries($data)) {
return false; return false;
} } else if (data_in_readonly_period($data)) {
// Check whether we're in a read-only period
//if in the view only time window
$now = time();
if ($now>$data->timeviewfrom && $now<$data->timeviewto) {
return false; return false;
} }
@ -2103,6 +2103,21 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
} }
} }
/**
* Check whether the specified database activity is currently in a read-only period
*
* @param object $data
* @return bool returns true if the time fields in $data indicate a read-only period; false otherwise
*/
function data_in_readonly_period($data) {
$now = time();
if (!$data->timeviewfrom && !$data->timeviewto) {
return false;
} else if (($data->timeviewfrom && $now < $data->timeviewfrom) || ($data->timeviewto && $now > $data->timeviewto)) {
return false;
}
return true;
}
/** /**
* @return bool * @return bool