mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-19 23:20:09 +01:00
Code Issues Projects Releases Wiki Activity

MDL-53210 mod_feedback: fixes in check feedback access

Browse Source 
1. show only uservisible feedbacks in block_feedback
2. nicer error message when user opens feedback on frontpage instead of from the mapped course
3. corrected cap check in view.php page before displaying link to complete.php
This commit is contained in:
Marina Glancy 2016-02-23 16:03:07 +08:00
parent 6ab07f97bf
commit 2a94a2f60f
3 changed files with 36 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mod/feedback/lang/en/feedback.php
View File

@ -38,6 +38,7 @@ $string['autonumbering_help'] = 'Enables or disables automated numbers for each
$string['average'] = 'Average';
$string['bold'] = 'Bold';
$string['cancel_moving'] = 'Cancel moving';
$string['cannotaccess'] = 'You can only access this feedback from a course';
$string['cannotmapfeedback'] = 'Database problem, unable to map feedback to course';
$string['cannotsavetempl'] = 'saving templates is not allowed';
$string['cannotunmap'] = 'Database problem, unable to unmap';

6
mod/feedback/lib.php
View File

@ -2815,7 +2815,11 @@ function feedback_get_feedbacks_from_sitecourse_map($courseid) {
}
}
return array_merge($feedbacks1, $feedbacks2);
$feedbacks = array_merge($feedbacks1, $feedbacks2);
$modinfo = get_fast_modinfo(SITEID);
return array_filter($feedbacks, function($f) use ($modinfo) {
return ($cm = $modinfo->get_cm($f->cmid)) && $cm->uservisible;
});
}

53
mod/feedback/view.php
View File

@ -49,11 +49,11 @@ if (has_capability('mod/feedback:complete', $context)) {
$feedback_complete_cap = true;
}
if (isset($CFG->feedback_allowfullanonymous)
AND $CFG->feedback_allowfullanonymous
if (!empty($CFG->feedback_allowfullanonymous)
AND $course->id == SITEID
AND (!$courseid OR $courseid == SITEID)
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES ) {
AND $feedback->anonymous == FEEDBACK_ANONYMOUS_YES
AND (!isloggedin() OR isguestuser())) {
// Guests are allowed to complete fully anonymous feedback without having 'mod/feedback:complete' capability.
$feedback_complete_cap = true;
}
@ -62,16 +62,6 @@ if ($course->id == SITEID AND !$courseid) {
$courseid = SITEID;
}
//check whether the feedback is mapped to the given courseid
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid'=>$feedback->id))) {
$params = array('feedbackid'=>$feedback->id, 'courseid'=>$courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
print_error('invalidcoursemodule');
}
}
}
if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
if ($course->id == SITEID) {
require_login($course, true);
@ -86,6 +76,32 @@ if ($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
}
}
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
// Check whether the feedback is mapped to the given courseid.
if ($course->id == SITEID AND !has_capability('mod/feedback:edititems', $context)) {
if ($DB->get_records('feedback_sitecourse_map', array('feedbackid' => $feedback->id))) {
$params = array('feedbackid' => $feedback->id, 'courseid' => $courseid);
if (!$DB->get_record('feedback_sitecourse_map', $params)) {
if ($courseid == SITEID) {
echo $OUTPUT->header();
echo $OUTPUT->notification(get_string('cannotaccess', 'mod_feedback'));
echo $OUTPUT->footer();
exit;
} else {
print_error('invalidcoursemodule');
}
}
}
}
//check whether the given courseid exists
if ($courseid AND $courseid != SITEID) {
if ($course2 = $DB->get_record('course', array('id'=>$courseid))) {
@ -113,15 +129,6 @@ $event->trigger();
/// Print the page header
$strfeedbacks = get_string("modulenameplural", "feedback");
$strfeedback = get_string("modulename", "feedback");
if ($course->id == SITEID) {
$PAGE->set_context($context);
$PAGE->set_cm($cm, $course); // set's up global $COURSE
$PAGE->set_pagelayout('incourse');
}
$PAGE->set_url('/mod/feedback/view.php', array('id'=>$cm->id, 'do_show'=>'view'));
$PAGE->set_title($feedback->name);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
//ishidden check.