Browse Source

Fixed bug with access non-editing teachers to sessions of groups to which they are not belong.

MOODLE_23_STABLE
Artem Andreev 13 years ago
parent
commit
4bfd542b97
  1. 1
      lang/en/attforblock.php
  2. 1
      lang/ru/attforblock.php
  3. 29
      locallib.php
  4. 5
      take.php

1
lang/en/attforblock.php

@ -51,6 +51,7 @@ $string['calmonths'] = 'January,February,March,April,May,June,July,August,Septem
$string['calshow'] = 'Choose date';
$string['caltoday'] = 'Today';
$string['calweekdays'] = 'Su,Mo,Tu,We,Th,Fr,Sa';
$string['cannottakeforgroup'] = 'You can\'t take attendance for group "{$a}"' ;
$string['changeattendance'] = 'Change attendance';
$string['changeduration'] = 'Change duration';
$string['changesession'] = 'Change session';

1
lang/ru/attforblock.php

@ -38,6 +38,7 @@ $string['calmonths'] = 'Январь,Февраль,Март,Апрель,Май
$string['calshow'] = 'Выбрать дату';
$string['caltoday'] = 'Сегодня';
$string['calweekdays'] = 'Вс,Пн,Вт,Ср,Чт,Пт,Сб';
$string['cannottakeforgroup'] = 'Вы не можете отмечать посещаемость для группы "{$a}"' ;
$string['changeattendance'] = 'Изменить посещаемость';
$string['changeduration'] = 'Изменить продолжительность';
$string['changesession'] = 'Изменить занятие';

29
locallib.php

@ -40,9 +40,11 @@ class attforblock_permissions {
private $canbelisted;
private $canaccessallgroups;
private $cm;
private $context;
public function __construct($context) {
public function __construct($cm, $context) {
$this->cm = $cm;
$this->context = $context;
}
@ -75,6 +77,20 @@ class attforblock_permissions {
return $this->cantake;
}
public function can_take_session($groupid) {
if (!$this->can_take()) {
return false;
}
if ($groupid == attforblock::SESSION_COMMON
|| $this->can_access_all_groups()
|| array_key_exists($groupid, groups_get_activity_allowed_groups($this->cm))) {
return true;
}
return false;
}
public function can_change() {
if (is_null($this->canchange))
$this->canchange = has_capability('mod/attforblock:changeattendances', $this->context);
@ -257,8 +273,6 @@ class att_page_with_filter_controls {
} else {
$this->sesstype = $SESSION->attsessiontype[$this->cm->course];
}
if (is_null($this->sesstype)) $this->calc_sessgroupslist();
} elseif ($this->selectortype == self::SELECTOR_GROUP) {
if ($group == 0) {
$SESSION->attsessiontype[$this->cm->course] = self::SESSTYPE_ALL;
@ -273,7 +287,12 @@ class att_page_with_filter_controls {
}
}
$this->calc_sessgroupslist();
if (is_null($this->sessgroupslist)) $this->calc_sessgroupslist();
// for example, we set SESSTYPE_ALL but user can access only to limited set of groups
if (!array_key_exists($this->sesstype, $this->sessgroupslist)){
reset($this->sessgroupslist);
$this->sesstype = key($this->sessgroupslist);
}
}
private function calc_sessgroupslist() {
@ -540,7 +559,7 @@ class attforblock {
$this->pageparams = $pageparams;
$this->perm = new attforblock_permissions($this->context);
$this->perm = new attforblock_permissions($this->cm, $this->context);
}
public function get_group_mode() {

5
take.php

@ -37,6 +37,11 @@ require_login($course, true, $cm);
$pageparams->init($course->id);
$att = new attforblock($att, $cm, $course, $PAGE->context, $pageparams);
if (!$att->perm->can_take_session($pageparams->grouptype)) {
$group = groups_get_group($pageparams->grouptype);
throw new moodle_exception('cannottakeforgroup', 'attforblock', '', $group->name);
}
if ($formdata = data_submitted()) {
$att->take_from_form_data($formdata);
}

Loading…
Cancel
Save