merged fix for bug #4431

2025-02-13 12:34:28 +01:00 · 2005-12-20 05:22:59 +00:00 · 2005-12-20 05:22:59 +00:00 · 073286f06f
commit 073286f06f
parent 6bff3c2747
2 changed files with 66 additions and 0 deletions
--- a/mod/forum/discuss.php
+++ b/mod/forum/discuss.php
@ -102,6 +102,11 @@
        $parent = $discussion->firstpost;
        $navtail = format_string($discussion->name);
    }
+    
+    //check if user can view this post
+    if (!forum_user_can_view_post($parent)){
+        error ('you can not view this post');
+    }

    if (! $post = forum_get_post_full($parent)) {
        error("Discussion no longer exists", "$CFG->wwwroot/mod/forum/view.php?f=$forum->id");
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@ -2656,6 +2656,50 @@ function forum_user_can_post($forum, $user=NULL) {
    }
 }

+//checks to see if a user can view a particular post
+function forum_user_can_view_post($post, $user=NULL){
+
+    global $CFG, $USER;
+
+    if (!$user){
+        $user = $USER;
+    }
+
+    $SQL = 'SELECT f.id, f.type, fd.course, fd.groupid FROM '.
+           $CFG->prefix.'forum_posts fp, '.
+           $CFG->prefix.'forum_discussions fd, '.
+           $CFG->prefix.'forum f
+           WHERE fp.id = '.$post.'
+           AND fp.discussion = fd.id
+           AND fd.forum = f.id';
+           
+    $forumcourse = get_record_sql($SQL);
+    if (isteacheredit($forumcourse->course)){
+        return true;    //if is editting teacher, you can see all post for this course
+    }
+
+    if ($forumcourse->type == 'teacher'){    //teacher type forum
+        return isteacher($forumcourse->course);
+    }
+
+    //first of all, the user must be in this course
+    if (!(isstudent($forumcourse->course) or isteacher($forumcourse->course))){
+        return false;
+    }
+
+    if (! $cm = get_coursemodule_from_instance('forum', $forumcourse->id, $forumcourse->course)) {
+        return false;
+    }
+
+    //if a group is specified, and the forum is in SPG mode
+    if (($forumcourse->groupid != -1) and ($cm->groupmode == SEPARATEGROUPS)){
+        //check membership
+        return ismember($forumcourse->groupid);
+    }
+    else {    //if visiblegorups or no groups,
+        return true;
+    }
+}

 /**
 * Prints the discussion view screen for a forum.
@ -3717,4 +3761,21 @@ function forum_get_separate_modules($courseid) {

 }

+///this function returns all the separate forum ids, given a courseid
+//@ param int $courseid
+//@ return array
+function forum_get_separate_modules($courseid) {
+
+    global $CFG,$db;
+    $forummodule = get_record("modules", "name", "forum");
+
+    $sql = 'SELECT f.id, f.id FROM '.$CFG->prefix.'forum f, '.$CFG->prefix.'course_modules cm WHERE
+           f.id = cm.instance AND cm.module ='.$forummodule->id.' AND cm.visible = 1 AND cm.course = '.$courseid.'
+           AND cm.groupmode ='.SEPARATEGROUPS;
+           
+    return get_records_sql($sql);
+
+}
+
+  
 ?>