mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 17:02:03 +02:00
Code Issues Projects Releases Wiki Activity

MDL-72012 mod_h5pactivity: respect user access when getting report.

Browse Source
This commit is contained in:
Paul Holden 2022-01-17 21:15:38 +00:00 committed by Jun Pataleta
parent 5e3707417d
commit 0393514612
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mod/h5pactivity/classes/local/manager.php
View File

@ -451,7 +451,9 @@ class manager {
* @return report|null available report (or null if no report available)
*/
public function get_report(int $userid = null, int $attemptid = null, $currentgroup = false): ?report {
global $USER;
global $USER, $CFG;
require_once("{$CFG->dirroot}/user/lib.php");
// If tracking is disabled, no reports are available.
if (!$this->instance->enabletracking) {
@ -470,6 +472,14 @@ class manager {
if ($this->can_view_all_attempts()) {
$user = core_user::get_user($userid);
// Ensure user can view the attempt of specific userid, respecting access checks.
if ($user && $user->id != $USER->id) {
$course = get_course($this->coursemodule->course);
if ($this->coursemodule->effectivegroupmode == SEPARATEGROUPS && !user_can_view_profile($user, $course)) {
return null;
}
}
} else if ($this->can_view_own_attempts()) {
$user = core_user::get_user($USER->id);
if ($userid && $user->id != $userid) {