Fixed bug with access non-editing teachers to sessions of groups to which they are not belong.

lang/en/attforblock.php

@@ -51,6 +51,7 @@ $string['calmonths'] = 'January,February,March,April,May,June,July,August,Septem
 $string['calshow'] = 'Choose date';
 $string['caltoday'] = 'Today';
 $string['calweekdays'] = 'Su,Mo,Tu,We,Th,Fr,Sa';
+$string['cannottakeforgroup'] = 'You can\'t take attendance for group "{$a}"' ;
 $string['changeattendance'] = 'Change attendance';
 $string['changeduration'] = 'Change duration';
 $string['changesession'] = 'Change session';

lang/ru/attforblock.php

@@ -38,6 +38,7 @@ $string['calmonths'] = 'Январь,Февраль,Март,Апрель,Май
 $string['calshow'] = 'Выбрать дату';
 $string['caltoday'] = 'Сегодня';
 $string['calweekdays'] = 'Вс,Пн,Вт,Ср,Чт,Пт,Сб';
+$string['cannottakeforgroup'] = 'Вы не можете отмечать посещаемость для группы "{$a}"' ;
 $string['changeattendance'] = 'Изменить посещаемость';
 $string['changeduration'] = 'Изменить продолжительность';
 $string['changesession'] = 'Изменить занятие';

locallib.php

@@ -40,9 +40,11 @@ class attforblock_permissions {
     private $canbelisted;
     private $canaccessallgroups;
 
+    private $cm;
     private $context;
 
-    public function __construct($context) {
+    public function __construct($cm, $context) {
+        $this->cm = $cm;
         $this->context = $context;
     }
 
@@ -75,6 +77,20 @@ class attforblock_permissions {
         return $this->cantake;
     }
 
+    public function can_take_session($groupid) {
+        if (!$this->can_take()) {
+            return false;
+        }
+
+        if ($groupid == attforblock::SESSION_COMMON
+            || $this->can_access_all_groups()
+            || array_key_exists($groupid, groups_get_activity_allowed_groups($this->cm))) {
+            return true;
+        }
+
+        return false;
+    }
+
     public function can_change() {
         if (is_null($this->canchange))
             $this->canchange = has_capability('mod/attforblock:changeattendances', $this->context);
@@ -257,8 +273,6 @@ class att_page_with_filter_controls {
             } else {
                 $this->sesstype = $SESSION->attsessiontype[$this->cm->course];
             }
-
-            if (is_null($this->sesstype)) $this->calc_sessgroupslist();
         } elseif ($this->selectortype == self::SELECTOR_GROUP) {
             if ($group == 0) {
                 $SESSION->attsessiontype[$this->cm->course] = self::SESSTYPE_ALL;
@@ -273,7 +287,12 @@ class att_page_with_filter_controls {
             }
         }
 
-        $this->calc_sessgroupslist();
+        if (is_null($this->sessgroupslist)) $this->calc_sessgroupslist();
+        // for example, we set SESSTYPE_ALL but user can access only to limited set of groups
+        if (!array_key_exists($this->sesstype, $this->sessgroupslist)){
+            reset($this->sessgroupslist);
+            $this->sesstype = key($this->sessgroupslist);
+        }
     }
     
     private function calc_sessgroupslist() {
@@ -540,7 +559,7 @@ class attforblock {
 
         $this->pageparams = $pageparams;
 
-        $this->perm = new attforblock_permissions($this->context);
+        $this->perm = new attforblock_permissions($this->cm, $this->context);
     }
 
     public function get_group_mode() {

take.php

@@ -37,6 +37,11 @@ require_login($course, true, $cm);
 $pageparams->init($course->id);
 $att = new attforblock($att, $cm, $course, $PAGE->context, $pageparams);
 
+if (!$att->perm->can_take_session($pageparams->grouptype)) {
+    $group = groups_get_group($pageparams->grouptype);
+    throw new moodle_exception('cannottakeforgroup', 'attforblock', '', $group->name);
+}
+
 if ($formdata = data_submitted()) {
     $att->take_from_form_data($formdata);
 }