Permalink
Browse files

fix for Moodle 1.8 and 1.9 to allow students to access hidden hotpots…

… which form part of a hotpot chain - see http://moodle.org/mod/forum/discuss.php?d=91861. In Moodle 1.8 and later the "require_login" function (lib/moodlelib.php)  is stricter than in earlier versions of Moodle and checks a module's visibility and groupings access. From Moodle 2.0 on, this HotPot module does not need this fix.
  • Loading branch information...
1 parent f06680b commit f01e8f7c241133b14c77bd031f930fe15a2e2963 gbateson committed Mar 6, 2008
Showing with 51 additions and 10 deletions.
  1. +6 −1 mod/hotpot/attempt.php
  2. +6 −1 mod/hotpot/grade.php
  3. +25 −4 mod/hotpot/lib.php
  4. +6 −1 mod/hotpot/report.php
  5. +7 −2 mod/hotpot/review.php
  6. +1 −1 mod/hotpot/view.php
View
@@ -22,11 +22,16 @@
}
// make sure this user is enrolled in this course
- require_login($course, true, $cm);
+ require_login($course);
$next_url = "$CFG->wwwroot/course/view.php?id=$course->id";
$time = time();
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"), $next_url);
+ }
+
// update attempt record fields using incoming data
$attempt->score = optional_param('mark', NULL, PARAM_INT);
$attempt->status = optional_param('status', NULL, PARAM_INT);
View
@@ -16,7 +16,12 @@
error("Course is misconfigured");
}
- require_login($course->id, false, $cm);
+ require_login($course->id, false);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_MODULE, $cm->id))) {
redirect('report.php?id='.$cm->id);
View
@@ -430,14 +430,35 @@ function hotpot_get_chain(&$cm) {
return $found ? $chain : false;
}
function hotpot_is_visible(&$cm) {
+ global $CFG, $COURSE;
+
+ // check grouping
+ $modulecontext = get_context_instance(CONTEXT_MODULE, $cm->id);
+ if (empty($CFG->enablegroupings) || empty($cm->groupmembersonly) || has_capability('moodle/site:accessallgroups', $modulecontext)) {
+ // groupings not applicable
+ } else if (!isguestuser() && groups_has_membership($cm)) {
+ // user is in one of the groups in the allowed grouping
+ } else {
+ // user is not in the required grouping and does not have sufficiently privileges to view this hotpot activity
+ return false;
+ }
+
+ // check if user can view hidden activities
+ if (isset($COURSE->context)) {
+ $coursecontext = &$COURSE->context;
+ } else {
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $cm->course);
+ }
+ if (has_capability('moodle/course:viewhiddenactivities', $coursecontext)) {
+ return true; // user can view hidden activities
+ }
+
if (!isset($cm->sectionvisible)) {
- if ($section = get_record('course_sections', 'id', $cm->section)) {
- $cm->sectionvisible = $section->visible;
- } else {
+ if (! $section = get_record('course_sections', 'id', $cm->section)) {
error('Course module record contains invalid section');
}
+ $cm->sectionvisible = $section->visible;
}
-
if (empty($cm->sectionvisible)) {
$visible = HOTPOT_NO;
} else {
View
@@ -38,7 +38,12 @@
// set homeurl of couse (for error messages)
$course_homeurl = "$CFG->wwwroot/course/view.php?id=$course->id";
- require_login($course, true, $cm);
+ require_login($course);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
// get report mode
if (has_capability('mod/hotpot:viewreport',$modulecontext)) {
View
@@ -32,8 +32,13 @@
error("Attempt ID was incorrect");
}
- require_login($course, true, $cm);
-
+ require_login($course);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
+
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/hotpot:viewreport',$context)) {
if (!$hotpot->review) {
View
@@ -34,7 +34,7 @@
}
}
- require_login($course, true, $cm);
+ require_login($course);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
}
// set nextpage (for error messages)

0 comments on commit f01e8f7

Please sign in to comment.