diff --git a/mod/quiz/attemptlib.php b/mod/quiz/attemptlib.php index 105213ee7e9..5060db3472d 100644 --- a/mod/quiz/attemptlib.php +++ b/mod/quiz/attemptlib.php @@ -788,16 +788,13 @@ class quiz_attempt { } /** - * Is this a student dealing with their own attempt/teacher previewing, - * or someone with 'mod/quiz:viewreports' reviewing someone elses attempt. + * Is this someone dealing with their own attempt or preview? * - * @return bool whether this situation should be treated as someone looking at their own - * attempt. The distinction normally only matters when an attempt is being reviewed. + * @return bool true => own attempt/preview. false => reviewing someone elses. */ public function is_own_attempt() { global $USER; - return $this->attempt->userid == $USER->id && - (!$this->is_preview_user() || $this->attempt->preview); + return $this->attempt->userid == $USER->id; } /** @@ -805,7 +802,7 @@ class quiz_attempt { */ public function is_own_preview() { global $USER; - return $this->attempt->userid == $USER->id && + return $this->is_own_attempt() && $this->is_preview_user() && $this->attempt->preview; } @@ -961,6 +958,11 @@ class quiz_attempt { if (is_null($this->reviewoptions)) { $this->reviewoptions = quiz_get_review_options($this->get_quiz(), $this->attempt, $this->quizobj->get_context()); + if ($this->is_own_preview()) { + // It should always be possible for a teacher to review their + // own preview irrespective of the review options settings. + $this->reviewoptions->attempt = true; + } } return $this->reviewoptions; @@ -1569,7 +1571,19 @@ class quiz_attempt { */ public function check_file_access($slot, $reviewing, $contextid, $component, $filearea, $args, $forcedownload) { - return $this->quba->check_file_access($slot, $this->get_display_options($reviewing), + $options = $this->get_display_options($reviewing); + + // Check permissions - warning there is similar code in review.php and + // reviewquestion.php. If you change on, change them all. + if ($reviewing && $this->is_own_attempt() && !$options->attempt) { + return false; + } + + if ($reviewing && !$this->is_own_attempt() && !$this->is_review_allowed()) { + return false; + } + + return $this->quba->check_file_access($slot, $options, $component, $filearea, $args, $forcedownload); } diff --git a/mod/quiz/review.php b/mod/quiz/review.php index b9237998bcf..eebab6b5460 100644 --- a/mod/quiz/review.php +++ b/mod/quiz/review.php @@ -61,7 +61,8 @@ $accessmanager->setup_attempt_page($PAGE); $options = $attemptobj->get_display_options(true); -// Check permissions. +// Check permissions - warning there is similar code in reviewquestion.php and +// quiz_attempt::check_file_access. If you change on, change them all. if ($attemptobj->is_own_attempt()) { if (!$attemptobj->is_finished()) { redirect($attemptobj->attempt_url(null, $page)); @@ -91,7 +92,7 @@ if ($options->flags == question_display_options::EDITABLE && optional_param('sav } // Work out appropriate title and whether blocks should be shown. -if ($attemptobj->is_preview_user() && $attemptobj->is_own_attempt()) { +if ($attemptobj->is_own_preview()) { $strreviewtitle = get_string('reviewofpreview', 'quiz'); navigation_node::override_active_url($attemptobj->start_attempt_url()); diff --git a/mod/quiz/reviewquestion.php b/mod/quiz/reviewquestion.php index 0420768aec2..e7bcf91f275 100644 --- a/mod/quiz/reviewquestion.php +++ b/mod/quiz/reviewquestion.php @@ -52,7 +52,8 @@ $PAGE->set_pagelayout('popup'); $PAGE->set_heading($attemptobj->get_course()->fullname); $output = $PAGE->get_renderer('mod_quiz'); -// Check permissions. +// Check permissions - warning there is similar code in review.php and +// quiz_attempt::check_file_access. If you change on, change them all. if ($attemptobj->is_own_attempt()) { if (!$attemptobj->is_finished()) { echo $output->review_question_not_allowed(get_string('cannotreviewopen', 'quiz'));