mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 06:18:28 +01:00
adding more capability checks into grade edit form and grader - should be finished now; TODO: group access for teachers
This commit is contained in:
skodak
parent
1c537f4846
commit
27b1735bf9
@ -13,11 +13,11 @@ if (!$course = get_record('course', 'id', $courseid)) {
|
||||
print_error('nocourseid');
|
||||
}
|
||||
|
||||
// TODO: fix capabilities check
|
||||
// TODO: add proper check that grade is editable
|
||||
require_login($course);
|
||||
$context = get_context_instance(CONTEXT_COURSE, $course->id);
|
||||
if (!has_capability('moodle/grade:manage', $context)) {
|
||||
require_capability('moodle/grade:override', $context);
|
||||
}
|
||||
|
||||
// default return url
|
||||
$gpr = new grade_plugin_return();
|
||||
@ -82,7 +82,7 @@ if ($grade = get_record('grade_grades', 'itemid', $grade_item->id, 'userid', $us
|
||||
$mform->set_data($grade);
|
||||
|
||||
} else {
|
||||
$mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid));
|
||||
$mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid, 'locked'=>$grade_item->locked, 'locktime'=>$grade_item->locktime));
|
||||
}
|
||||
|
||||
if ($mform->is_cancelled()) {
|
||||
@ -97,6 +97,7 @@ if ($mform->is_cancelled()) {
|
||||
|
||||
$grade_grade = grade_grade::fetch(array('userid'=>$data->userid, 'itemid'=>$grade_item->id));
|
||||
|
||||
if (has_capability('moodle/grade:manage', $context) or has_capability('moodle/grade:hide', $context)) {
|
||||
if (empty($data->hidden)) {
|
||||
if (empty($data->hiddenuntil)) {
|
||||
$grade_grade->set_hidden(0);
|
||||
@ -106,22 +107,37 @@ if ($mform->is_cancelled()) {
|
||||
} else {
|
||||
$grade_grade->set_hidden(1);
|
||||
}
|
||||
}
|
||||
|
||||
if (has_capability('moodle/grade:override', $context)) {
|
||||
// ignore overridden flag when changing final grade
|
||||
if ($old_grade_grade->finalgrade == $grade_grade->finalgrade) {
|
||||
if ($grade_grade->set_overridden($data->overridden) and empty($data->overridden)) {
|
||||
$grade_item->force_regrading(); // force regrading only when clearing the flag
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (has_capability('moodle/grade:manage', $context)) {
|
||||
if ($grade_grade->set_excluded($data->excluded)) {
|
||||
$grade_item->force_regrading();
|
||||
}
|
||||
}
|
||||
|
||||
if (($old_grade_grade->locked or $old_grade_grade->locktime)
|
||||
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
|
||||
//ignore data
|
||||
|
||||
} else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
|
||||
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
|
||||
//ignore data
|
||||
|
||||
} else {
|
||||
$grade_grade->set_locked($data->locked);
|
||||
$grade_grade->set_locktime($data->locktime);
|
||||
}
|
||||
|
||||
redirect($returnurl);
|
||||
redirect($returnurl, 'x', 10);
|
||||
}
|
||||
|
||||
$strgrades = get_string('grades');
|
||||
|
||||
@ -80,18 +80,22 @@ class edit_grade_form extends moodleform {
|
||||
}
|
||||
|
||||
function definition_after_data() {
|
||||
global $CFG;
|
||||
global $CFG, $COURSE;
|
||||
|
||||
$context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
|
||||
|
||||
$mform =& $this->_form;
|
||||
$grade_item = $this->_customdata['grade_item'];
|
||||
|
||||
if ($userid = $mform->getElementValue('userid')) {
|
||||
$user = get_record('user', 'id', $userid);
|
||||
// fill in user name if user still exists
|
||||
$userid = $mform->getElementValue('userid');
|
||||
if ($user = get_record('user', 'id', $userid)) {
|
||||
$username = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$userid.'">'.fullname($user).'</a>';
|
||||
$user_el =& $mform->getElement('user');
|
||||
$user_el->setValue($username);
|
||||
}
|
||||
|
||||
// add activity name + link
|
||||
if ($grade_item->itemtype == 'mod') {
|
||||
$cm = get_coursemodule_from_instance($grade_item->itemmodule, $grade_item->iteminstance, $grade_item->courseid);
|
||||
$itemname = '<a href="'.$CFG->wwwroot.'/mod/'.$grade_item->itemmodule.'/view.php?id='.$cm->id.'">'.$grade_item->get_name().'</a>';
|
||||
@ -100,6 +104,33 @@ class edit_grade_form extends moodleform {
|
||||
}
|
||||
$itemname_el =& $mform->getElement('itemname');
|
||||
$itemname_el->setValue($itemname);
|
||||
|
||||
// access control - disable not allowed elements
|
||||
if (!has_capability('moodle/grade:manage', $context)) {
|
||||
$mform->hardFreeze('excluded');
|
||||
}
|
||||
|
||||
if (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:hide', $context)) {
|
||||
$mform->hardFreeze('hidden');
|
||||
$mform->hardFreeze('hiddenuntil');
|
||||
}
|
||||
|
||||
$old_grade_grade = new grade_grade(array('itemid'=>$grade_item->id, 'userid'=>$userid));
|
||||
if (empty($old_grade_grade->id)) {
|
||||
$old_grade_grade->locked = $grade_item->locked;
|
||||
$old_grade_grade->locktime = $grade_item->locktime;
|
||||
}
|
||||
|
||||
if (($old_grade_grade->locked or $old_grade_grade->locktime)
|
||||
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
|
||||
$mform->hardFreeze('locked');
|
||||
$mform->hardFreeze('locktime');
|
||||
|
||||
} else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
|
||||
and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
|
||||
$mform->hardFreeze('locked');
|
||||
$mform->hardFreeze('locktime');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -718,8 +718,12 @@ class grade_tree {
|
||||
global $CFG;
|
||||
|
||||
if (!has_capability('moodle/grade:manage', $this->context)) {
|
||||
if ($element['type'] == 'grade' and has_capability('moodle/grade:override', $this->context)) {
|
||||
// oki - let them override grade
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
static $stredit = null;
|
||||
if (is_null($stredit)) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user