From 4bfd542b971bb91cd4e41ad619619361892b5755 Mon Sep 17 00:00:00 2001 From: Artem Andreev Date: Fri, 7 Sep 2012 15:54:42 +0400 Subject: [PATCH] Fixed bug with access non-editing teachers to sessions of groups to which they are not belong. --- lang/en/attforblock.php | 1 + lang/ru/attforblock.php | 1 + locallib.php | 29 ++++++++++++++++++++++++----- take.php | 5 +++++ 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/lang/en/attforblock.php b/lang/en/attforblock.php index af512ee..706c634 100644 --- a/lang/en/attforblock.php +++ b/lang/en/attforblock.php @@ -51,6 +51,7 @@ $string['calmonths'] = 'January,February,March,April,May,June,July,August,Septem $string['calshow'] = 'Choose date'; $string['caltoday'] = 'Today'; $string['calweekdays'] = 'Su,Mo,Tu,We,Th,Fr,Sa'; +$string['cannottakeforgroup'] = 'You can\'t take attendance for group "{$a}"' ; $string['changeattendance'] = 'Change attendance'; $string['changeduration'] = 'Change duration'; $string['changesession'] = 'Change session'; diff --git a/lang/ru/attforblock.php b/lang/ru/attforblock.php index b7d142a..0790485 100644 --- a/lang/ru/attforblock.php +++ b/lang/ru/attforblock.php @@ -38,6 +38,7 @@ $string['calmonths'] = 'Январь,Февраль,Март,Апрель,Май $string['calshow'] = 'Выбрать дату'; $string['caltoday'] = 'Сегодня'; $string['calweekdays'] = 'Вс,Пн,Вт,Ср,Чт,Пт,Сб'; +$string['cannottakeforgroup'] = 'Вы не можете отмечать посещаемость для группы "{$a}"' ; $string['changeattendance'] = 'Изменить посещаемость'; $string['changeduration'] = 'Изменить продолжительность'; $string['changesession'] = 'Изменить занятие'; diff --git a/locallib.php b/locallib.php index a1b5d99..5ba1339 100644 --- a/locallib.php +++ b/locallib.php @@ -40,9 +40,11 @@ class attforblock_permissions { private $canbelisted; private $canaccessallgroups; + private $cm; private $context; - public function __construct($context) { + public function __construct($cm, $context) { + $this->cm = $cm; $this->context = $context; } @@ -75,6 +77,20 @@ class attforblock_permissions { return $this->cantake; } + public function can_take_session($groupid) { + if (!$this->can_take()) { + return false; + } + + if ($groupid == attforblock::SESSION_COMMON + || $this->can_access_all_groups() + || array_key_exists($groupid, groups_get_activity_allowed_groups($this->cm))) { + return true; + } + + return false; + } + public function can_change() { if (is_null($this->canchange)) $this->canchange = has_capability('mod/attforblock:changeattendances', $this->context); @@ -257,8 +273,6 @@ class att_page_with_filter_controls { } else { $this->sesstype = $SESSION->attsessiontype[$this->cm->course]; } - - if (is_null($this->sesstype)) $this->calc_sessgroupslist(); } elseif ($this->selectortype == self::SELECTOR_GROUP) { if ($group == 0) { $SESSION->attsessiontype[$this->cm->course] = self::SESSTYPE_ALL; @@ -273,7 +287,12 @@ class att_page_with_filter_controls { } } - $this->calc_sessgroupslist(); + if (is_null($this->sessgroupslist)) $this->calc_sessgroupslist(); + // for example, we set SESSTYPE_ALL but user can access only to limited set of groups + if (!array_key_exists($this->sesstype, $this->sessgroupslist)){ + reset($this->sessgroupslist); + $this->sesstype = key($this->sessgroupslist); + } } private function calc_sessgroupslist() { @@ -540,7 +559,7 @@ class attforblock { $this->pageparams = $pageparams; - $this->perm = new attforblock_permissions($this->context); + $this->perm = new attforblock_permissions($this->cm, $this->context); } public function get_group_mode() { diff --git a/take.php b/take.php index ef945d1..4f74e14 100644 --- a/take.php +++ b/take.php @@ -37,6 +37,11 @@ require_login($course, true, $cm); $pageparams->init($course->id); $att = new attforblock($att, $cm, $course, $PAGE->context, $pageparams); +if (!$att->perm->can_take_session($pageparams->grouptype)) { + $group = groups_get_group($pageparams->grouptype); + throw new moodle_exception('cannottakeforgroup', 'attforblock', '', $group->name); +} + if ($formdata = data_submitted()) { $att->take_from_form_data($formdata); }