mirror of
https://github.com/moodle/moodle.git
synced 2025-03-18 14:40:06 +01:00
MDL-53210 mod_feedback: fixes in check feedback access
1. show only uservisible feedbacks in block_feedback 2. nicer error message when user opens feedback on frontpage instead of from the mapped course 3. corrected cap check in view.php page before displaying link to complete.php
This commit is contained in:
parent
6ab07f97bf
commit
2a94a2f60f
@ -38,6 +38,7 @@ $string['autonumbering_help'] = 'Enables or disables automated numbers for each
|
||||
$string['average'] = 'Average';
|
||||
$string['bold'] = 'Bold';
|
||||
$string['cancel_moving'] = 'Cancel moving';
|
||||
$string['cannotaccess'] = 'You can only access this feedback from a course';
|
||||
$string['cannotmapfeedback'] = 'Database problem, unable to map feedback to course';
|
||||
$string['cannotsavetempl'] = 'saving templates is not allowed';
|
||||
$string['cannotunmap'] = 'Database problem, unable to unmap';
|
||||
|
@ -2815,7 +2815,11 @@ function feedback_get_feedbacks_from_sitecourse_map($courseid) {
|
||||
}
|
||||
}
|
||||
|
||||
return array_merge($feedbacks1, $feedbacks2);
|
||||
$feedbacks = array_merge($feedbacks1, $feedbacks2);
|
||||
$modinfo = get_fast_modinfo(SITEID);
|
||||
return array_filter($feedbacks, function($f) use ($modinfo) {
|
||||
return ($cm = $modinfo->get_cm($f->cmid)) && $cm->uservisible;
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
|
@ -49,11 +49,11 @@ if (has_capability('mod/feedback:complete', $context)) {
|
||||
$feedback_complete_cap = true;
|
||||
}
|
||||
|
||||
if (isset($CFG->feedback_allowfullanonymous)
|
||||
AND $CFG->feedback_allowfullanonymous
|
||||
if (!empty($CFG->feedback_allowfullanonymous)
|
||||
AND $course->id == SITEID
|
||||
AND (!$courseid OR $courseid == SITEID)
|
||||
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES ) {
|
||||
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES
|
||||
AND (!isloggedin() OR isguestuser())) {
|
||||
// Guests are allowed to complete fully anonymous feedback without having 'mod/feedback:complete' capability.
|
||||
$feedback_complete_cap = true;
|
||||
}
|
||||
|
||||
@ -62,16 +62,6 @@ if ($course->id == SITEID AND !$courseid) {
|
||||
$courseid = SITEID;
|
||||
}
|
||||
|
||||
//check whether the feedback is mapped to the given courseid
|
||||
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
|
||||
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid'=>$feedback->id))) {
|
||||
$params = array('feedbackid'=>$feedback->id, 'courseid'=>$courseid);
|
||||
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
|
||||
print_error('invalidcoursemodule');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
|
||||
if ($course->id == SITEID) {
|
||||
require_login($course, true);
|
||||
@ -86,6 +76,32 @@ if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
$PAGE->set_context($context);
|
||||
$PAGE->set_cm($cm, $course);
|
||||
$PAGE->set_pagelayout('incourse');
|
||||
}
|
||||
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
|
||||
$PAGE->set_title($feedback->name);
|
||||
$PAGE->set_heading($course->fullname);
|
||||
|
||||
// Check whether the feedback is mapped to the given courseid.
|
||||
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
|
||||
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid' => $feedback->id))) {
|
||||
$params = array('feedbackid' => $feedback->id, 'courseid' => $courseid);
|
||||
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
|
||||
if ($courseid == SITEID) {
|
||||
echo $OUTPUT->header();
|
||||
echo $OUTPUT->notification(get_string('cannotaccess', 'mod_feedback'));
|
||||
echo $OUTPUT->footer();
|
||||
exit;
|
||||
} else {
|
||||
print_error('invalidcoursemodule');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//check whether the given courseid exists
|
||||
if ($courseid AND $courseid != SITEID) {
|
||||
if ($course2 = $DB->get_record('course', array('id'=>$courseid))) {
|
||||
@ -113,15 +129,6 @@ $event->trigger();
|
||||
/// Print the page header
|
||||
$strfeedbacks = get_string("modulenameplural", "feedback");
|
||||
$strfeedback = get_string("modulename", "feedback");
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
$PAGE->set_context($context);
|
||||
$PAGE->set_cm($cm, $course); // set's up global $COURSE
|
||||
$PAGE->set_pagelayout('incourse');
|
||||
}
|
||||
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
|
||||
$PAGE->set_title($feedback->name);
|
||||
$PAGE->set_heading($course->fullname);
|
||||
echo $OUTPUT->header();
|
||||
|
||||
//ishidden check.
|
||||
|
Loading…
x
Reference in New Issue
Block a user