MDL-12635 - Manual grading report does not check capabilites - also, only show the tabs for the reports people can access. Merged from MOODLE_19_STABLE.

2025-01-18 22:08:20 +01:00 · 2007-12-18 16:12:11 +00:00 · 2007-12-18 16:12:11 +00:00 · f4850b7e52
commit f4850b7e52
parent 30d61820c9
3 changed files with 22 additions and 6 deletions
--- a/lang/en_utf8/quiz_grading.php
+++ b/lang/en_utf8/quiz_grading.php
@ -4,5 +4,6 @@

 $string['essayonly'] = 'The following questions need to be graded manually';
 $string['grading'] = 'Manual grading';
+$string['gradingnotallowed'] = 'You do not have permission to manually grade responses in this quiz';

 ?>
--- a/mod/quiz/report/grading/report.php
+++ b/mod/quiz/report/grading/report.php
@ -34,6 +34,13 @@ class quiz_report extends quiz_default_report {

        $this->print_header_and_tabs($cm, $course, $quiz, $reportmode="grading");

+        // Check permissions
+        $context = get_context_instance(CONTEXT_MODULE, $cm->id);
+        if (!has_capability('mod/quiz:grade', $context)) {
+            notify(get_string('gradingnotallowed', 'quiz_grading'));
+            return true;
+        }
+
        if (!empty($questionid)) {
            if (! $question = get_record('question', 'id', $questionid)) {
                error("Question with id $questionid not found");
--- a/mod/quiz/tabs.php
+++ b/mod/quiz/tabs.php
@ -51,9 +51,15 @@ if ($currenttab == 'reports' and isset($mode)) {
    $inactive[] = 'reports';
    $activated[] = 'reports';

-    $allreports = get_list_of_plugins("mod/quiz/report");
-    $reportlist = array ('overview', 'regrade', 'grading', 'analysis');   // Standard reports we want to show first
+    // Standard reports we want to show first.
+    $reportlist = array ('overview', 'regrade', 'grading', 'analysis');
+    // Reports that are restricted by capability.
+    $reportrestrictions = array(
+        'regrade' => 'mod/quiz:grade',
+        'grading' => 'mod/quiz:grade'
+    );

+    $allreports = get_list_of_plugins("mod/quiz/report");
    foreach ($allreports as $report) {
        if (!in_array($report, $reportlist)) {
            $reportlist[] = $report;
@ -63,10 +69,12 @@ if ($currenttab == 'reports' and isset($mode)) {
    $row  = array();
    $currenttab = '';
    foreach ($reportlist as $report) {
-        $row[] = new tabobject($report, "$CFG->wwwroot/mod/quiz/report.php?q=$quiz->id&amp;mode=$report",
-                                get_string($report, 'quiz_'.$report));
-        if ($report == $mode) {
-            $currenttab = $report;
+        if (!isset($reportrestrictions[$report]) || has_capability($reportrestrictions[$report], $context)) {
+            $row[] = new tabobject($report, "$CFG->wwwroot/mod/quiz/report.php?q=$quiz->id&amp;mode=$report",
+                                    get_string($report, 'quiz_'.$report));
+            if ($report == $mode) {
+                $currenttab = $report;
+            }
        }
    }
    $tabs[] = $row;