mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 05:58:34 +01:00
Code Issues Projects Releases Wiki Activity

MDL-27387 rating: prevent the submission of ratings outside of the range allowed by the current scale

Browse Source
This commit is contained in:
Andrew Davis (andyjdavis) 2011-05-09 16:34:58 +08:00
parent 439ae873af
commit 6ac149dce3
3 changed files with 90 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
mod/data/lib.php
View File

@ -1378,11 +1378,14 @@ function data_rating_permissions($options) {
function data_rating_validate($params) {
global $DB, $USER;
if (!array_key_exists('itemid', $params) || !array_key_exists('context', $params) || !array_key_exists('rateduserid', $params)) {
if (!array_key_exists('itemid', $params)
|| !array_key_exists('context', $params)
|| !array_key_exists('rateduserid', $params)
|| !array_key_exists('scaleid', $params)) {
throw new rating_exception('missingparameter');
}
$datasql = "SELECT d.id as did, d.course, r.userid as userid, d.approval, r.approved, r.timecreated, d.assesstimestart, d.assesstimefinish, r.groupid
$datasql = "SELECT d.id as did, d.scale, d.course, r.userid as userid, d.approval, r.approved, r.timecreated, d.assesstimestart, d.assesstimefinish, r.groupid
FROM {data_records} r
JOIN {data} d ON r.dataid = d.id
WHERE r.id = :itemid";
@ -1392,16 +1395,40 @@ function data_rating_validate($params) {
throw new rating_exception('invaliditemid');
}
if ($info->scale != $params['scaleid']) {
//the scale being submitted doesnt match the one in the database
throw new rating_exception('invalidscaleid');
}
if ($info->userid == $USER->id) {
//user is attempting to rate their own glossary entry
throw new rating_exception('nopermissiontorate');
}
if ($params['rateduserid'] != $info->userid) {
if ($info->userid != $params['rateduserid']) {
//supplied user ID doesnt match the user ID from the database
throw new rating_exception('invaliduserid');
}
//check that the submitted rating is valid for the scale
if ($params['rating'] < 0) {
throw new rating_exception('invalidnum');
} else if ($info->scale < 0) {
//its a custom scale
$scalerecord = $DB->get_record('scale', array('id' => -$options->scaleid));
if ($scalerecord) {
$scalearray = explode(',', $scalerecord->scale);
if ($params['rating'] > count($scalearray)) {
throw new rating_exception('invalidnum');
}
} else {
throw new rating_exception('invalidscaleid');
}
} else if ($params['rating'] > $info->scale) {
//if its numeric and submitted rating is above maximum
throw new rating_exception('invalidnum');
}
if ($info->approval && !$info->approved) {
//database requires approval but this item isnt approved
throw new rating_exception('nopermissiontorate');

33
mod/forum/lib.php
View File

@ -3470,11 +3470,14 @@ function forum_rating_permissions($contextid) {
function forum_rating_validate($params) {
global $DB, $USER;
if (!array_key_exists('itemid', $params) || !array_key_exists('context', $params) || !array_key_exists('rateduserid', $params)) {
if (!array_key_exists('itemid', $params)
|| !array_key_exists('context', $params)
|| !array_key_exists('rateduserid', $params)
|| !array_key_exists('scaleid', $params)) {
throw new rating_exception('missingparameter');
}
$forumsql = "SELECT f.id as fid, f.course, d.id as did, p.userid as userid, p.created, f.assesstimestart, f.assesstimefinish, d.groupid
$forumsql = "SELECT f.id as fid, f.course, f.scale, d.id as did, p.userid as userid, p.created, f.assesstimestart, f.assesstimefinish, d.groupid
FROM {forum_posts} p
JOIN {forum_discussions} d ON p.discussion = d.id
JOIN {forum} f ON d.forum = f.id
@ -3485,16 +3488,40 @@ function forum_rating_validate($params) {
throw new rating_exception('invaliditemid');
}
if ($info->scale != $params['scaleid']) {
//the scale being submitted doesnt match the one in the database
throw new rating_exception('invalidscaleid');
}
if ($info->userid == $USER->id) {
//user is attempting to rate their own post
throw new rating_exception('nopermissiontorate');
}
if ($params['rateduserid'] != $info->userid) {
if ($info->userid != $params['rateduserid']) {
//supplied user ID doesnt match the user ID from the database
throw new rating_exception('invaliduserid');
}
//check that the submitted rating is valid for the scale
if ($params['rating'] < 0) {
throw new rating_exception('invalidnum');
} else if ($info->scale < 0) {
//its a custom scale
$scalerecord = $DB->get_record('scale', array('id' => -$options->scaleid));
if ($scalerecord) {
$scalearray = explode(',', $scalerecord->scale);
if ($params['rating'] > count($scalearray)) {
throw new rating_exception('invalidnum');
}
} else {
throw new rating_exception('invalidscaleid');
}
} else if ($params['rating'] > $info->scale) {
//if its numeric and submitted rating is above maximum
throw new rating_exception('invalidnum');
}
//check the item we're rating was created in the assessable time window
if (!empty($info->assesstimestart) && !empty($info->assesstimefinish)) {
if ($info->timecreated < $info->assesstimestart || $info->timecreated > $info->assesstimefinish) {

33
mod/glossary/lib.php
View File

@ -484,11 +484,14 @@ function glossary_rating_permissions($options) {
function glossary_rating_validate($params) {
global $DB, $USER;
if (!array_key_exists('itemid', $params) || !array_key_exists('context', $params) || !array_key_exists('rateduserid', $params)) {
if (!array_key_exists('itemid', $params)
|| !array_key_exists('context', $params)
|| !array_key_exists('rateduserid', $params)
|| !array_key_exists('scaleid', $params)) {
throw new rating_exception('missingparameter');
}
$glossarysql = "SELECT g.id as gid, e.userid as userid, e.approved, e.timecreated, g.assesstimestart, g.assesstimefinish
$glossarysql = "SELECT g.id as gid, g.scale, e.userid as userid, e.approved, e.timecreated, g.assesstimestart, g.assesstimefinish
FROM {glossary_entries} e
JOIN {glossary} g ON e.glossaryid = g.id
WHERE e.id = :itemid";
@ -498,16 +501,40 @@ function glossary_rating_validate($params) {
throw new rating_exception('invaliditemid');
}
if ($info->scale != $params['scaleid']) {
//the scale being submitted doesnt match the one in the database
throw new rating_exception('invalidscaleid');
}
if ($info->userid == $USER->id) {
//user is attempting to rate their own glossary entry
throw new rating_exception('nopermissiontorate');
}
if ($params['rateduserid'] != $info->userid) {
if ($info->userid != $params['rateduserid']) {
//supplied user ID doesnt match the user ID from the database
throw new rating_exception('invaliduserid');
}
//check that the submitted rating is valid for the scale
if ($params['rating'] < 0) {
throw new rating_exception('invalidnum');
} else if ($info->scale < 0) {
//its a custom scale
$scalerecord = $DB->get_record('scale', array('id' => -$options->scaleid));
if ($scalerecord) {
$scalearray = explode(',', $scalerecord->scale);
if ($params['rating'] > count($scalearray)) {
throw new rating_exception('invalidnum');
}
} else {
throw new rating_exception('invalidscaleid');
}
} else if ($params['rating'] > $info->scale) {
//if its numeric and submitted rating is above maximum
throw new rating_exception('invalidnum');
}
if (!$info->approved) {
//item isnt approved
throw new rating_exception('nopermissiontorate');