Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
<?php // $Id$
/// This file allows to manage the default behave of the display formats
/// This file allows to manage the default behaviour of the display formats
require_once("../../config.php");
require_once("lib.php");
......
......@@ -27,7 +27,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You must be a teacher to use this page.");
}
......
......@@ -32,15 +32,7 @@
print_header();
if ($CFG->forcelogin) {
require_login();
}
require_course_login($course);
if (!$cm->visible and !isteacher($course->id)) {
notice(get_string("activityiscurrentlyhidden"));
}
require_course_login($course, true, $cm);
if (!isteacher($course->id) and !$glossary->allowprintview) {
notice(get_string('printviewnotallowed', 'glossary'));
......
......@@ -6,9 +6,6 @@
require_once("../../config.php");
require_once("lib.php");
if (isguest()) {
error("Guests are not allowed to rate entries.", $_SERVER["HTTP_REFERER"]);
}
require_variable($id); // The course these ratings are part of
......@@ -18,6 +15,10 @@
require_login($course->id);
if (isguest()) {
error("Guests are not allowed to rate entries.", $_SERVER["HTTP_REFERER"]);
}
if ($data = data_submitted("$CFG->wwwroot/mod/glossary/view.php")) { // form submitted
foreach ($data as $entry => $rating) {
......
......@@ -4,7 +4,7 @@
optional_variable($concept);
optional_variable($courseid,0);
optional_variable($eid,0);
optional_variable($eid,0); // glossary entry id
optional_variable($displayformat,-1);
if ($CFG->forcelogin) {
......@@ -16,15 +16,24 @@
$glossary = get_record('glossary','id',$entry->glossaryid);
$entry->glossaryname = $glossary->name;
$entries[] = $entry;
if (!$cm = get_coursemodule_from_instance("glossary", $glossary->id)) {
error("Could not determine which course module this belonged to!");
}
if (!$cm->visible and !isteacher($cm->course)) {
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
} else if ($concept) {
$entries = glossary_get_entries_search($concept, $courseid);
} else {
error('No valid entry specified');
}
if ($entries) {
foreach ($entries as $key => $entry) {
//$entries[$key]->footer = "<p align=\"right\">&raquo;&nbsp;<a onClick=\"if (window.opener) {window.opener.location.href='$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid'; return false;} else {openpopup('/mod/glossary/view.php?g=$entry->glossaryid', 'glossary', 'menubar=1,location=1,toolbar=1,scrollbars=1,directories=1,status=1,resizable=1', 0); return false;}\" href=\"$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid\" target=\"_blank\">$entry->glossaryname</a></p>"; // Could not get this to work satisfactorily in all cases - Martin
$entries[$key]->footer = "<p align=\"right\">&raquo;&nbsp;<a target=\"_blank\" href=\"$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid\">$entry->glossaryname</a></p>";
}
}
if (!empty($courseid)) {
$course = get_record("course", "id", $courseid);
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005011200;
$module->requires = 2004112300; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)
$release = "1.5 development"; // User-friendly version number
......
......@@ -12,7 +12,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error("Guests are not allowed to edit journals", $_SERVER["HTTP_REFERER"]);
......
......@@ -13,7 +13,7 @@
error("Course module is misconfigured");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -13,7 +13,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, true, $cm);
if (! $journal = get_record("journal", "id", $cm->instance)) {
error("Course module is incorrect");
......
......@@ -20,7 +20,7 @@
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Only the teacher can import questions!");
......
......@@ -39,7 +39,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
// set up some general variables
$usehtmleditor = can_use_html_editor();
......
......@@ -42,7 +42,7 @@
}
// make sure people are where they should be
require_login($course->id);
require_login($course->id, false);
if (!isteacheredit($course->id)) {
error("Must be teacher to view Reports");
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004091700; // Requires this Moodle version
$module->version = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)
?>
......@@ -22,7 +22,7 @@
error('Course module is incorrect');
}
require_login($course->id);
require_login($course->id, true, $cm);
/// Print the page header
......
......@@ -33,7 +33,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
/// Set number for next attempt:
......
......@@ -14,7 +14,7 @@
redirect("edit.php");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacheredit($course->id)) {
error("Only teachers authorized to edit the course '{$course->fullname}' can use this page!");
......
......@@ -50,7 +50,7 @@
error("This course doesn't exist");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacheredit($course->id)) {
error("You can't modify this course!");
......
......@@ -15,7 +15,7 @@
error("This category doesn't belong to a valid course!");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Only the teacher can export quiz questions!");
......@@ -67,7 +67,7 @@
/// Print upload form
if (!$categories = quiz_get_category_menu($course->id, true)) {
if (!$categories = quiz_get_category_menu($course->id, false)) {
error("No categories!");
}
......
......@@ -15,7 +15,7 @@
error("This category doesn't belong to a valid course!");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Only the teacher can import quiz questions!");
......@@ -82,7 +82,7 @@
/// Print upload form
if (!$categories = quiz_get_category_menu($course->id, true)) {
if (!$categories = quiz_get_category_menu($course->id, false)) {
error("No categories!");
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment