Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-20928 fixed glossary entry access control

  • Loading branch information...
commit 8c392d185540f86b5b26b1542445a944102ba1cc 1 parent 9330cd0
@skodak skodak authored
Showing with 30 additions and 11 deletions.
  1. +30 −11 mod/glossary/showentry.php
View
41 mod/glossary/showentry.php
@@ -12,26 +12,50 @@
}
if ($eid) {
- $entry = get_record("glossary_entries", "id", $eid);
- $glossary = get_record('glossary','id',$entry->glossaryid);
- $entry->glossaryname = format_string($glossary->name,true);
+ if (!$entry = get_record("glossary_entries", "id", $eid)) {
+ error('Invalid entry id');
+ }
+ if (!$glossary = get_record('glossary','id',$entry->glossaryid)) {
+ error('Invalid glossary id');
+ }
if (!$cm = get_coursemodule_from_instance("glossary", $glossary->id)) {
error("Could not determine which course module this belonged to!");
}
- if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $cm->id))) {
- redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
+ if (!$course = get_record("course", "id", $cm->course)) {
+ error('Invalid course id');
}
+ require_course_login($course, true, $cm);
+ $entry->glossaryname = $glossary->name;
$entry->cmid = $cm->id;
$entry->courseid = $cm->course;
- $entries[] = $entry;
+ $entries = array($entry);
+
} else if ($concept) {
+ if (!$course = get_record("course", "id", $courseid)) {
+ error('Invalid course id');
+ }
+ require_course_login($course);
$entries = glossary_get_entries_search($concept, $courseid);
+
} else {
error('No valid entry specified');
}
if ($entries) {
+ $modinfo = get_fast_modinfo($course);
foreach ($entries as $key => $entry) {
+ // make sure the entry is visible
+ if (empty($modinfo->cms[$entry->cmid]->uservisible)) {
+ unset($entries[$key]);
+ continue;
+ }
+ if (!$entry->approved and ($USER->id != $entry->userid)) {
+ $context = get_context_instance(CONTEXT_MODULE, $entry->cmid);
+ if (!has_capability('mod/glossary:approve', $context)) {
+ unset($entries[$key]);
+ continue;
+ }
+ }
//$entries[$key]->footer = "<p align=\"right\">&raquo;&nbsp;<a onClick=\"if (window.opener) {window.opener.location.href='$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid'; return false;} else {openpopup('/mod/glossary/view.php?g=$entry->glossaryid', 'glossary', 'menubar=1,location=1,toolbar=1,scrollbars=1,directories=1,status=1,resizable=1', 0); return false;}\" href=\"$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid\" target=\"_blank\">".format_string($entry->glossaryname,true)."</a></p>"; // Could not get this to work satisfactorily in all cases - Martin
$entries[$key]->footer = "<p style=\"text-align:right\">&raquo;&nbsp;<a href=\"$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid\">".format_string($entry->glossaryname,true)."</a></p>";
add_to_log($entry->courseid, "glossary", "view entry", "showentry.php?eid=$entry->id", $entry->id, $entry->cmid);
@@ -39,11 +63,6 @@
}
if (!empty($courseid)) {
- $course = get_record("course", "id", $courseid);
- if ($course->id != SITEID) {
- require_login($courseid);
- }
-
$strglossaries = get_string("modulenameplural", "glossary");
$strsearch = get_string("search");
Please sign in to comment.
Something went wrong with that request. Please try again.