MDL-65956 mod_assign: Add proper capability checks and error handling

moodle · Nov 25, 2019 · 49953fd · 49953fd
1 parent 52eb2da
commit 49953fd
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/mod/assign/gradingbatchoperationsform.php b/mod/assign/gradingbatchoperationsform.php
@@ -50,7 +50,7 @@ public function definition() {
         if ($instance['submissiondrafts']) {
             $options['reverttodraft'] = get_string('reverttodraft', 'assign');
         }
-        if (has_capability('mod/assign:grade', $instance['context'])) {
+        if (has_capability('mod/assign:editothersubmission', $instance['context'])) {
             $options['removesubmission'] = get_string('removesubmission', 'assign');
         }
         if ($instance['duedate'] && has_capability('mod/assign:grantextension', $instance['context'])) {

diff --git a/mod/assign/lang/en/assign.php b/mod/assign/lang/en/assign.php
@@ -597,6 +597,7 @@
 $string['useridlistnotcached'] = 'The grade changes were NOT saved, as it was not possible to determine which submission they were for.';
 $string['useroverrides'] = 'User overrides';
 $string['useroverridesdeleted'] = 'User overrides deleted';
+$string['usersubmissioncannotberemoved'] = 'The submission of {$a} cannot be removed.';
 $string['usersnone'] = 'No students have access to this assignment.';
 $string['userswhoneedtosubmit'] = 'Users who need to submit: {$a}';
 $string['usergrade'] = 'User grade';

diff --git a/mod/assign/locallib.php b/mod/assign/locallib.php
@@ -176,6 +176,9 @@ class assign {
      */
     private $mostrecentteamsubmission = null;
 
+    /** @var array Array of error messages encountered during the execution of assignment related operations. */
+    private $errors = array();
+
     /**
      * Constructor for the base assign class.
      *
@@ -311,6 +314,24 @@ public function set_course(stdClass $course) {
         $this->course = $course;
     }
 
+    /**
+     * Set error message.
+     *
+     * @param string $message The error message
+     */
+    protected function set_error_message(string $message) {
+        $this->errors[] = $message;
+    }
+
+    /**
+     * Get error messages.
+     *
+     * @return array The array of error messages
+     */
+    protected function get_error_messages(): array {
+        return $this->errors;
+    }
+
     /**
      * Get list of feedback plugins installed.
      *
@@ -594,7 +615,14 @@ public function view($action='', $args = array()) {
         // Now show the right view page.
         if ($action == 'redirect') {
             $nextpageurl = new moodle_url('/mod/assign/view.php', $nextpageparams);
-            redirect($nextpageurl);
+            $messages = '';
+            $messagetype = \core\output\notification::NOTIFY_INFO;
+            $errors = $this->get_error_messages();
+            if (!empty($errors)) {
+                $messages = html_writer::alist($errors, ['class' => 'mb-1 mt-1']);
+                $messagetype = \core\output\notification::NOTIFY_ERROR;
+            }
+            redirect($nextpageurl, $messages, null, $messagetype);
             return;
         } else if ($action == 'savegradingresult') {
             $message = get_string('gradingchangessaved', 'assign');
@@ -7882,7 +7910,10 @@ public function remove_submission($userid) {
         global $USER;
 
         if (!$this->can_edit_submission($userid, $USER->id)) {
-            print_error('nopermission');
+            $user = core_user::get_user($userid);
+            $message = get_string('usersubmissioncannotberemoved', 'assign', fullname($user));
+            $this->set_error_message($message);
+            return false;
         }
 
         if ($this->get_instance()->teamsubmission) {