MDL-53210 mod_feedback: fixes in check feedback access

1. show only uservisible feedbacks in block_feedback
2. nicer error message when user opens feedback on frontpage instead of from the mapped course
3. corrected cap check in view.php page before displaying link to complete.php
This commit is contained in:
Marina Glancy 2016-02-23 16:03:07 +08:00
parent 6ab07f97bf
commit 2a94a2f60f
3 changed files with 36 additions and 24 deletions

View File

@ -38,6 +38,7 @@ $string['autonumbering_help'] = 'Enables or disables automated numbers for each
$string['average'] = 'Average';
$string['bold'] = 'Bold';
$string['cancel_moving'] = 'Cancel moving';
$string['cannotaccess'] = 'You can only access this feedback from a course';
$string['cannotmapfeedback'] = 'Database problem, unable to map feedback to course';
$string['cannotsavetempl'] = 'saving templates is not allowed';
$string['cannotunmap'] = 'Database problem, unable to unmap';

View File

@ -2815,7 +2815,11 @@ function feedback_get_feedbacks_from_sitecourse_map($courseid) {
}
}
return array_merge($feedbacks1, $feedbacks2);
$feedbacks = array_merge($feedbacks1, $feedbacks2);
$modinfo = get_fast_modinfo(SITEID);
return array_filter($feedbacks, function($f) use ($modinfo) {
return ($cm = $modinfo->get_cm($f->cmid)) && $cm->uservisible;
});
}

View File

@ -49,11 +49,11 @@ if (has_capability('mod/feedback:complete', $context)) {
$feedback_complete_cap = true;
}
if (isset($CFG->feedback_allowfullanonymous)
AND $CFG->feedback_allowfullanonymous
if (!empty($CFG->feedback_allowfullanonymous)
AND $course->id == SITEID
AND (!$courseid OR $courseid == SITEID)
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES ) {
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES
AND (!isloggedin() OR isguestuser())) {
// Guests are allowed to complete fully anonymous feedback without having 'mod/feedback:complete' capability.
$feedback_complete_cap = true;
}
@ -62,16 +62,6 @@ if ($course->id == SITEID AND !$courseid) {
$courseid = SITEID;
}
//check whether the feedback is mapped to the given courseid
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid'=>$feedback->id))) {
$params = array('feedbackid'=>$feedback->id, 'courseid'=>$courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
print_error('invalidcoursemodule');
}
}
}
if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
if ($course->id == SITEID) {
require_login($course, true);
@ -86,6 +76,32 @@ if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
}
}
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
// Check whether the feedback is mapped to the given courseid.
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid' => $feedback->id))) {
$params = array('feedbackid' => $feedback->id, 'courseid' => $courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
if ($courseid == SITEID) {
echo $OUTPUT->header();
echo $OUTPUT->notification(get_string('cannotaccess', 'mod_feedback'));
echo $OUTPUT->footer();
exit;
} else {
print_error('invalidcoursemodule');
}
}
}
}
//check whether the given courseid exists
if ($courseid AND $courseid != SITEID) {
if ($course2 = $DB->get_record('course', array('id'=>$courseid))) {
@ -113,15 +129,6 @@ $event->trigger();
/// Print the page header
$strfeedbacks = get_string("modulenameplural", "feedback");
$strfeedback = get_string("modulename", "feedback");
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course); // set's up global $COURSE
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
//ishidden check.