Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
......@@ -39,7 +39,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
$strexercises = get_string("modulenameplural", "exercise");
$strexercise = get_string("modulename", "exercise");
......
......@@ -20,7 +20,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
$strexercises = get_string("modulenameplural", "exercise");
$strexercise = get_string("modulename", "exercise");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004091700; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -34,7 +34,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
// ...log activity...
add_to_log($course->id, "exercise", "view", "view.php?id=$cm->id", $exercise->id, $cm->id);
......
......@@ -21,13 +21,11 @@
error("Course ID is incorrect - discussion is faulty");
}
if ($CFG->forcelogin) {
require_login();
if (! $cm = get_coursemodule_from_instance("forum", $discussion->forum, $course->id)) {
error("Course Module ID was incorrect");
}
if ($course->category) {
require_login($course->id);
}
require_course_login($course, false, $cm);
if (!empty($move)) {
if (!isteacher($course->id)) {
......
......@@ -16,13 +16,7 @@
}
}
if ($CFG->forcelogin) {
require_login();
}
if ($course->category) {
require_login($course->id);
}
require_course_login($course->id);
$currentgroup = get_current_group($course->id);
......
......@@ -2551,10 +2551,10 @@ function forum_print_latest_discussions($forum_id=0, $forum_numdiscussions=5,
if (! $course = get_record("course", "id", $forum->course)) {
error("Could not find the course this forum belongs to!");
}
if ($course->category) {
require_login($course->id);
if (! $cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
error("Course Module ID was incorrect");
}
require_course_login($course, true, $cm);
} else {
if (! $course = get_record("course", "category", 0)) {
......
......@@ -454,7 +454,9 @@
// $course, $forum are defined. $discussion is for edit and reply only.
require_login($course->id);
$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id);
require_login($course->id, false, $cm);
if ($post->discussion) {
......@@ -487,8 +489,6 @@
$navmiddle = "<a href=\"../forum/index.php?id=$course->id\">$strforums</a> -> <a href=\"view.php?f=$forum->id\">$forum->name</a>";
$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id);
if (empty($discussion->name)) {
$discussion->name = $forum->name;
}
......
......@@ -24,9 +24,7 @@
error("Course id is incorrect.");
}
if ($course->category or $CFG->forcelogin) {
require_login($course->id);
}
require_course_login($course);
add_to_log($course->id, "forum", "search", "search.php?id=$course->id&amp;search=".urlencode($search), $search);
......
......@@ -9,10 +9,6 @@
optional_variable($force); // Force everyone to be subscribed to this forum?
optional_variable($user);
if (isguest()) {
error("Guests are not allowed to subscribe to forums.", $_SERVER["HTTP_REFERER"]);
}
if (! $forum = get_record("forum", "id", $id)) {
error("Forum ID was incorrect");
}
......@@ -21,6 +17,16 @@
error("Forum doesn't belong to a course!");
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (groupmode($course, $cm) and !isteacheredit($course->id)) { // Make sure user is allowed
if (! mygroupid($course->id)) {
error("Sorry, but you must be a group member to subscribe.");
}
}
} else {
$cm->id = NULL;
}
if ($user) {
if (!isteacher($course->id)) {
error("Only teachers can subscribe/unsubscribe other people!");
......@@ -32,10 +38,10 @@
$user = $USER;
}
if ($course->category) {
require_login($forum->course);
} else {
require_login();
require_course_login($course, false, $cm);
if (isguest()) {
error("Guests are not allowed to subscribe to forums.", $_SERVER["HTTP_REFERER"]);
}
if ($forum->type == "teacher") {
......@@ -44,16 +50,6 @@
}
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (groupmode($course, $cm) and !isteacheredit($course->id)) { // Make sure user is allowed
if (! mygroupid($course->id)) {
error("Sorry, but you must be a group member to subscribe.");
}
}
} else {
$cm->id = NULL;
}
$returnto = forum_go_back_to("index.php?id=$course->id");
if ($force and isteacher($course->id)) {
......
......@@ -20,7 +20,7 @@
$cm->id = 0;
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("This page is for teachers only");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005011500;
$module->requires = 2004091700; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -54,13 +54,8 @@
$buttontext = forum_print_search_form($course, $search, true, "plain");
}
if ($CFG->forcelogin) {
require_login();
}
require_course_login($course, true, $cm);
if ($course->category) {
require_login($course->id);
}
$navigation = "<a href=\"index.php?id=$course->id\">$strforums</a> ->";
if ($forum->type == "teacher") {
......
......@@ -21,7 +21,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
......
......@@ -38,10 +38,8 @@
}
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
notice(get_string("activityiscurrentlyhidden"));
}
require_login($course->id, false, $cm);
if (isguest()) {
error("Guests are not allowed to post comments", $_SERVER["HTTP_REFERER"]);
}
......
......@@ -26,10 +26,7 @@
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
notice(get_string("activityiscurrentlyhidden"));
}
require_login($course->id, false, $cm);
add_to_log($course->id, "glossary", "view", "view.php?id=$cm->id", "$glossary->id",$cm->id);
......
......@@ -28,7 +28,7 @@
error("Entry ID was incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error("Guests are not allowed to edit or delete entries", $_SERVER["HTTP_REFERER"]);
......
......@@ -20,7 +20,7 @@ if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if ( isguest() ) {
error("Guests are not allowed to edit glossaries", $_SERVER["HTTP_REFERER"]);
......
......@@ -42,7 +42,7 @@
}
}
require_login($course->id);
require_login($course->id, false);
if ( !isteacher($course->id) ) {
error("You must be a teacher to use this page.");
......
......@@ -21,7 +21,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment