adding more capability checks into grade edit form and grader - should be finished now; TODO: group access for teachers

This commit is contained in:
skodak 2007-08-07 20:33:09 +00:00
parent 1c537f4846
commit 27b1735bf9
3 changed files with 80 additions and 29 deletions

View File

@ -13,11 +13,11 @@ if (!$course = get_record('course', 'id', $courseid)) {
print_error('nocourseid');
}
// TODO: fix capabilities check
// TODO: add proper check that grade is editable
require_login($course);
$context = get_context_instance(CONTEXT_COURSE, $course->id);
require_capability('moodle/grade:override', $context);
if (!has_capability('moodle/grade:manage', $context)) {
require_capability('moodle/grade:override', $context);
}
// default return url
$gpr = new grade_plugin_return();
@ -82,7 +82,7 @@ if ($grade = get_record('grade_grades', 'itemid', $grade_item->id, 'userid', $us
$mform->set_data($grade);
} else {
$mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid));
$mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid, 'locked'=>$grade_item->locked, 'locktime'=>$grade_item->locktime));
}
if ($mform->is_cancelled()) {
@ -97,31 +97,47 @@ if ($mform->is_cancelled()) {
$grade_grade = grade_grade::fetch(array('userid'=>$data->userid, 'itemid'=>$grade_item->id));
if (empty($data->hidden)) {
if (empty($data->hiddenuntil)) {
$grade_grade->set_hidden(0);
if (has_capability('moodle/grade:manage', $context) or has_capability('moodle/grade:hide', $context)) {
if (empty($data->hidden)) {
if (empty($data->hiddenuntil)) {
$grade_grade->set_hidden(0);
} else {
$grade_grade->set_hidden($data->hiddenuntil);
}
} else {
$grade_grade->set_hidden($data->hiddenuntil);
$grade_grade->set_hidden(1);
}
}
if (has_capability('moodle/grade:override', $context)) {
// ignore overridden flag when changing final grade
if ($old_grade_grade->finalgrade == $grade_grade->finalgrade) {
if ($grade_grade->set_overridden($data->overridden) and empty($data->overridden)) {
$grade_item->force_regrading(); // force regrading only when clearing the flag
}
}
}
if (has_capability('moodle/grade:manage', $context)) {
if ($grade_grade->set_excluded($data->excluded)) {
$grade_item->force_regrading();
}
}
if (($old_grade_grade->locked or $old_grade_grade->locktime)
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
//ignore data
} else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
//ignore data
} else {
$grade_grade->set_hidden(1);
}
$grade_grade->set_locked($data->locked);
$grade_grade->set_locktime($data->locktime);
}
// ignore overridden flag when changing final grade
if ($old_grade_grade->finalgrade == $grade_grade->finalgrade) {
if ($grade_grade->set_overridden($data->overridden) and empty($data->overridden)) {
$grade_item->force_regrading(); // force regrading only when clearing the flag
}
}
if ($grade_grade->set_excluded($data->excluded)) {
$grade_item->force_regrading();
}
$grade_grade->set_locked($data->locked);
$grade_grade->set_locktime($data->locktime);
redirect($returnurl);
redirect($returnurl, 'x', 10);
}
$strgrades = get_string('grades');

View File

@ -80,18 +80,22 @@ class edit_grade_form extends moodleform {
}
function definition_after_data() {
global $CFG;
global $CFG, $COURSE;
$context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
$mform =& $this->_form;
$grade_item = $this->_customdata['grade_item'];
if ($userid = $mform->getElementValue('userid')) {
$user = get_record('user', 'id', $userid);
// fill in user name if user still exists
$userid = $mform->getElementValue('userid');
if ($user = get_record('user', 'id', $userid)) {
$username = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$userid.'">'.fullname($user).'</a>';
$user_el =& $mform->getElement('user');
$user_el->setValue($username);
}
// add activity name + link
if ($grade_item->itemtype == 'mod') {
$cm = get_coursemodule_from_instance($grade_item->itemmodule, $grade_item->iteminstance, $grade_item->courseid);
$itemname = '<a href="'.$CFG->wwwroot.'/mod/'.$grade_item->itemmodule.'/view.php?id='.$cm->id.'">'.$grade_item->get_name().'</a>';
@ -100,6 +104,33 @@ class edit_grade_form extends moodleform {
}
$itemname_el =& $mform->getElement('itemname');
$itemname_el->setValue($itemname);
// access control - disable not allowed elements
if (!has_capability('moodle/grade:manage', $context)) {
$mform->hardFreeze('excluded');
}
if (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:hide', $context)) {
$mform->hardFreeze('hidden');
$mform->hardFreeze('hiddenuntil');
}
$old_grade_grade = new grade_grade(array('itemid'=>$grade_item->id, 'userid'=>$userid));
if (empty($old_grade_grade->id)) {
$old_grade_grade->locked = $grade_item->locked;
$old_grade_grade->locktime = $grade_item->locktime;
}
if (($old_grade_grade->locked or $old_grade_grade->locktime)
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
$mform->hardFreeze('locked');
$mform->hardFreeze('locktime');
} else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
$mform->hardFreeze('locked');
$mform->hardFreeze('locktime');
}
}
}

View File

@ -718,7 +718,11 @@ class grade_tree {
global $CFG;
if (!has_capability('moodle/grade:manage', $this->context)) {
return '';
if ($element['type'] == 'grade' and has_capability('moodle/grade:override', $this->context)) {
// oki - let them override grade
} else {
return '';
}
}
static $stredit = null;