Permalink
Browse files

Fixed bug with access non-editing teachers to sessions of groups to w…

…hich they are not belong.
  • Loading branch information...
1 parent 5f7db06 commit 4bfd542b971bb91cd4e41ad619619361892b5755 @andreev-artem andreev-artem committed Sep 7, 2012
Showing with 31 additions and 5 deletions.
  1. +1 −0 lang/en/attforblock.php
  2. +1 −0 lang/ru/attforblock.php
  3. +24 −5 locallib.php
  4. +5 −0 take.php
View
@@ -51,6 +51,7 @@
$string['calshow'] = 'Choose date';
$string['caltoday'] = 'Today';
$string['calweekdays'] = 'Su,Mo,Tu,We,Th,Fr,Sa';
+$string['cannottakeforgroup'] = 'You can\'t take attendance for group "{$a}"' ;
$string['changeattendance'] = 'Change attendance';
$string['changeduration'] = 'Change duration';
$string['changesession'] = 'Change session';
View
@@ -38,6 +38,7 @@
$string['calshow'] = 'Выбрать дату';
$string['caltoday'] = 'Сегодня';
$string['calweekdays'] = 'Вс,Пн,Вт,Ср,Чт,Пт,Сб';
+$string['cannottakeforgroup'] = 'Вы не можете отмечать посещаемость для группы "{$a}"' ;
$string['changeattendance'] = 'Изменить посещаемость';
$string['changeduration'] = 'Изменить продолжительность';
$string['changesession'] = 'Изменить занятие';
View
@@ -40,9 +40,11 @@ class attforblock_permissions {
private $canbelisted;
private $canaccessallgroups;
+ private $cm;
private $context;
- public function __construct($context) {
+ public function __construct($cm, $context) {
+ $this->cm = $cm;
$this->context = $context;
}
@@ -75,6 +77,20 @@ public function can_take() {
return $this->cantake;
}
+ public function can_take_session($groupid) {
+ if (!$this->can_take()) {
+ return false;
+ }
+
+ if ($groupid == attforblock::SESSION_COMMON
+ || $this->can_access_all_groups()
+ || array_key_exists($groupid, groups_get_activity_allowed_groups($this->cm))) {
+ return true;
+ }
+
+ return false;
+ }
+
public function can_change() {
if (is_null($this->canchange))
$this->canchange = has_capability('mod/attforblock:changeattendances', $this->context);
@@ -257,8 +273,6 @@ private function calc_sessgroupslist_sesstype() {
} else {
$this->sesstype = $SESSION->attsessiontype[$this->cm->course];
}
-
- if (is_null($this->sesstype)) $this->calc_sessgroupslist();
} elseif ($this->selectortype == self::SELECTOR_GROUP) {
if ($group == 0) {
$SESSION->attsessiontype[$this->cm->course] = self::SESSTYPE_ALL;
@@ -273,7 +287,12 @@ private function calc_sessgroupslist_sesstype() {
}
}
- $this->calc_sessgroupslist();
+ if (is_null($this->sessgroupslist)) $this->calc_sessgroupslist();
+ // for example, we set SESSTYPE_ALL but user can access only to limited set of groups
+ if (!array_key_exists($this->sesstype, $this->sessgroupslist)){
+ reset($this->sessgroupslist);
+ $this->sesstype = key($this->sessgroupslist);
+ }
}
private function calc_sessgroupslist() {
@@ -540,7 +559,7 @@ public function __construct(stdclass $dbrecord, stdclass $cm, stdclass $course,
$this->pageparams = $pageparams;
- $this->perm = new attforblock_permissions($this->context);
+ $this->perm = new attforblock_permissions($this->cm, $this->context);
}
public function get_group_mode() {
View
@@ -37,6 +37,11 @@
$pageparams->init($course->id);
$att = new attforblock($att, $cm, $course, $PAGE->context, $pageparams);
+if (!$att->perm->can_take_session($pageparams->grouptype)) {
+ $group = groups_get_group($pageparams->grouptype);
+ throw new moodle_exception('cannottakeforgroup', 'attforblock', '', $group->name);
+}
+
if ($formdata = data_submitted()) {
$att->take_from_form_data($formdata);
}

0 comments on commit 4bfd542

Please sign in to comment.