Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fix for Moodle 1.8 and 1.9 to allow students to access hidden hotpots…

… which form part of a hotpot chain - see http://moodle.org/mod/forum/discuss.php?d=91861. In Moodle 1.8 and later the "require_login" function (lib/moodlelib.php)  is stricter than in earlier versions of Moodle and checks a module's visibility and groupings access. From Moodle 2.0 on, this HotPot module does not need this fix.
  • Loading branch information...
commit f01e8f7c241133b14c77bd031f930fe15a2e2963 1 parent f06680b
gbateson authored
7 mod/hotpot/attempt.php
View
@@ -22,11 +22,16 @@
}
// make sure this user is enrolled in this course
- require_login($course, true, $cm);
+ require_login($course);
$next_url = "$CFG->wwwroot/course/view.php?id=$course->id";
$time = time();
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"), $next_url);
+ }
+
// update attempt record fields using incoming data
$attempt->score = optional_param('mark', NULL, PARAM_INT);
$attempt->status = optional_param('status', NULL, PARAM_INT);
7 mod/hotpot/grade.php
View
@@ -16,7 +16,12 @@
error("Course is misconfigured");
}
- require_login($course->id, false, $cm);
+ require_login($course->id, false);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_MODULE, $cm->id))) {
redirect('report.php?id='.$cm->id);
29 mod/hotpot/lib.php
View
@@ -430,14 +430,35 @@ function hotpot_get_chain(&$cm) {
return $found ? $chain : false;
}
function hotpot_is_visible(&$cm) {
+ global $CFG, $COURSE;
+
+ // check grouping
+ $modulecontext = get_context_instance(CONTEXT_MODULE, $cm->id);
+ if (empty($CFG->enablegroupings) || empty($cm->groupmembersonly) || has_capability('moodle/site:accessallgroups', $modulecontext)) {
+ // groupings not applicable
+ } else if (!isguestuser() && groups_has_membership($cm)) {
+ // user is in one of the groups in the allowed grouping
+ } else {
+ // user is not in the required grouping and does not have sufficiently privileges to view this hotpot activity
+ return false;
+ }
+
+ // check if user can view hidden activities
+ if (isset($COURSE->context)) {
+ $coursecontext = &$COURSE->context;
+ } else {
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $cm->course);
+ }
+ if (has_capability('moodle/course:viewhiddenactivities', $coursecontext)) {
+ return true; // user can view hidden activities
+ }
+
if (!isset($cm->sectionvisible)) {
- if ($section = get_record('course_sections', 'id', $cm->section)) {
- $cm->sectionvisible = $section->visible;
- } else {
+ if (! $section = get_record('course_sections', 'id', $cm->section)) {
error('Course module record contains invalid section');
}
+ $cm->sectionvisible = $section->visible;
}
-
if (empty($cm->sectionvisible)) {
$visible = HOTPOT_NO;
} else {
7 mod/hotpot/report.php
View
@@ -38,7 +38,12 @@
// set homeurl of couse (for error messages)
$course_homeurl = "$CFG->wwwroot/course/view.php?id=$course->id";
- require_login($course, true, $cm);
+ require_login($course);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
// get report mode
if (has_capability('mod/hotpot:viewreport',$modulecontext)) {
9 mod/hotpot/review.php
View
@@ -32,8 +32,13 @@
error("Attempt ID was incorrect");
}
- require_login($course, true, $cm);
-
+ require_login($course);
+
+ // check user can access this hotpot activity
+ if (!hotpot_is_visible($cm)) {
+ error(get_string("activityiscurrentlyhidden"));
+ }
+
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!has_capability('mod/hotpot:viewreport',$context)) {
if (!$hotpot->review) {
2  mod/hotpot/view.php
View
@@ -34,7 +34,7 @@
}
}
- require_login($course, true, $cm);
+ require_login($course);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
}
// set nextpage (for error messages)
Please sign in to comment.
Something went wrong with that request. Please try again.