Permalink
Browse files

MDL-31811 Add/Correct checks on activity read-only periods

  • Loading branch information...
1 parent 5bbf3cb commit e8027a40cd16f50402a6c13f3bfd3128639a797c @andrewnicols andrewnicols committed Feb 28, 2012
Showing with 38 additions and 37 deletions.
  1. +17 −31 mod/data/edit.php
  2. +21 −6 mod/data/lib.php
View
48 mod/data/edit.php
@@ -93,8 +93,23 @@
}
}
-if ($rid) { // So do you have access?
- if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) {
+if ($rid) {
+ // When editing an existing record, we require the session key
+ require_sesskey();
+}
+
+// Get Group information for permission testing and record creation
+$currentgroup = groups_get_activity_group($cm);
+$groupmode = groups_get_activity_groupmode($cm);
+
+if (!has_capability('mod/data:manageentries', $context)) {
+ if ($rid) {
+ // User is editing an existing record
+ if (!data_isowner($rid) || data_in_readonly_period($data)) {
+ print_error('noaccess','data');
+ }
+ } else if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
+ // User is trying to create a new record
print_error('noaccess','data');
}
}
@@ -136,20 +151,6 @@
$PAGE->set_title($data->name);
$PAGE->set_heading($course->fullname);
-/// Check to see if groups are being used here
-$currentgroup = groups_get_activity_group($cm);
-$groupmode = groups_get_activity_groupmode($cm);
-
-if ($currentgroup) {
- $groupselect = " AND groupid = '$currentgroup'";
- $groupparam = "&groupid=$currentgroup";
-} else {
- $groupselect = "";
- $groupparam = "";
- $currentgroup = 0;
-}
-
-
/// Process incoming data for adding/updating records
if ($datarecord = data_submitted() and confirm_sesskey()) {
@@ -189,21 +190,6 @@
redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&rid='.$rid);
} else { /// Add some new records
-
- if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
- print_error('cannotadd', 'data');
- }
-
- /// Check if maximum number of entry as specified by this database is reached
- /// Of course, you can't be stopped if you are an editting teacher! =)
-
- if (data_atmaxentries($data) and !has_capability('mod/data:manageentries',$context)){
- echo $OUTPUT->header();
- echo $OUTPUT->notification(get_string('atmaxentry','data'));
- echo $OUTPUT->footer();
- exit;
- }
-
///Empty form checking - you can't submit an empty form!
$emptyform = true; // assume the worst
View
27 mod/data/lib.php
@@ -1249,6 +1249,9 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
return;
}
+ // Check whether this activity is read-only at present
+ $readonly = data_in_readonly_period($data);
+
foreach ($records as $record) { // Might be just one for the single template
// Replacing tags
@@ -1264,7 +1267,7 @@ function data_print_template($template, $records, $data, $search='', $page=0, $r
// Replacing special tags (##Edit##, ##Delete##, ##More##)
$patterns[]='##edit##';
$patterns[]='##delete##';
- if (has_capability('mod/data:manageentries', $context) or data_isowner($record->id)) {
+ if (has_capability('mod/data:manageentries', $context) || (!$readonly && data_isowner($record->id))) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
.$data->id.'&amp;rid='.$record->id.'&amp;sesskey='.sesskey().'"><img src="'.$OUTPUT->pix_url('t/edit') . '" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>';
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
@@ -2078,11 +2081,8 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
} else if (data_atmaxentries($data)) {
return false;
- }
-
- //if in the view only time window
- $now = time();
- if ($now>$data->timeviewfrom && $now<$data->timeviewto) {
+ } else if (data_in_readonly_period($data)) {
+ // Check whether we're in a read-only period
return false;
}
@@ -2102,6 +2102,21 @@ function data_user_can_add_entry($data, $currentgroup, $groupmode, $context = nu
}
}
+/**
+ * Check whether the specified database activity is currently in a read-only period
+ *
+ * @param object $data
+ * @return bool returns true if the time fields in $data indicate a read-only period; false otherwise
+ */
+function data_in_readonly_period($data) {
+ $now = time();
+ if (!$data->timeviewfrom && !$data->timeviewto) {
+ return false;
+ } else if (($data->timeviewfrom && $now < $data->timeviewfrom) || ($data->timeviewto && $now > $data->timeviewto)) {
+ return false;
+ }
+ return true;
+}
/**
* @return bool

0 comments on commit e8027a4

Please sign in to comment.