Browse files

MDL-37244 Assignment: Submission comments plugin does not implement c…

…omments callbacks.

This allows anyone to view or modify anyone elses submission comments.
  • Loading branch information...
1 parent 77a7ed6 commit 7e57119342f2cf64af28e036bd5279f5cbde5ec3 @damyon damyon committed with danpoltawski Dec 20, 2012
Showing with 66 additions and 0 deletions.
  1. +66 −0 mod/assign/submission/comments/lib.php
View
66 mod/assign/submission/comments/lib.php
@@ -31,6 +31,39 @@
* @return bool
*/
function assignsubmission_comments_comment_validate(stdClass $options) {
+ global $USER, $CFG, $DB;
+
+ if ($options->commentarea != 'submission_comments' &&
+ $options->commentarea != 'submission_comments_upgrade') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ if (!$submission = $DB->get_record('assign_submission', array('id'=>$options->itemid))) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ $context = $options->context;
+
+ require_once($CFG->dirroot . '/mod/assign/locallib.php');
+ $assignment = new assign($context, null, null);
+
+ if ($assignment->get_instance()->id != $submission->assignment) {
+ throw new comment_exception('invalidcontext');
+ }
+ if (!has_capability('mod/assign:grade', $context)) {
+ if (!has_capability('mod/assign:submit', $context)) {
+ throw new comment_exception('nopermissiontocomment');
+ } else if ($assignment->get_instance()->teamsubmission) {
+ $group = $assignment->get_submission_group($USER->id);
+ $groupid = 0;
+ if ($group) {
+ $groupid = $group->id;
+ }
+ if ($groupid != $submission->groupid) {
+ throw new comment_exception('nopermissiontocomment');
+ }
+ } else if ($submission->userid != $USER->id) {
+ throw new comment_exception('nopermissiontocomment');
+ }
+ }
return true;
}
@@ -42,6 +75,39 @@ function assignsubmission_comments_comment_validate(stdClass $options) {
* @return array
*/
function assignsubmission_comments_comment_permissions(stdClass $options) {
+ global $USER, $CFG, $DB;
+
+ if ($options->commentarea != 'submission_comments' &&
+ $options->commentarea != 'submission_comments_upgrade') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ if (!$submission = $DB->get_record('assign_submission', array('id'=>$options->itemid))) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ $context = $options->context;
+
+ require_once($CFG->dirroot . '/mod/assign/locallib.php');
+ $assignment = new assign($context, null, null);
+
+ if ($assignment->get_instance()->id != $submission->assignment) {
+ throw new comment_exception('invalidcontext');
+ }
+ if (!has_capability('mod/assign:grade', $context)) {
+ if (!has_capability('mod/assign:submit', $context)) {
+ return array('post' => false, 'view' => false);
+ } else if ($assignment->get_instance()->teamsubmission) {
+ $group = $assignment->get_submission_group($USER->id);
+ $groupid = 0;
+ if ($group) {
+ $groupid = $group->id;
+ }
+ if ($groupid != $submission->groupid) {
+ return array('post' => false, 'view' => false);
+ }
+ } else if ($submission->userid != $USER->id) {
+ return array('post' => false, 'view' => false);
+ }
+ }
return array('post' => true, 'view' => true);
}

0 comments on commit 7e57119

Please sign in to comment.