Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
......@@ -22,7 +22,7 @@
error('Course ID is incorrect');
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error('Only teachers can use this page!');
......@@ -122,7 +122,7 @@
print_heading_with_help($strcreatemultiple, 'createmultiple', 'quiz');
if (!$categories = quiz_get_category_menu($course->id, true)) {
if (!$categories = quiz_get_category_menu($course->id, false)) {
error('No categories!');
}
......@@ -144,7 +144,7 @@
print_string('category', 'quiz');
echo ':</td><td>';
// choose_from_menu($categories, "category", "$category->id", "");
quiz_category_select_menu($course->id, true, true, $category->id );
quiz_category_select_menu($course->id, false, true, $category->id );
echo '</tr>';
echo '<tr><td align="right">';
......
......@@ -50,7 +50,7 @@
error("Could not find question type: '$qtype'");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacheredit($course->id)) {
error("You can't modify these questions!");
......@@ -130,7 +130,7 @@
arsort($gradeoptions, SORT_NUMERIC);
arsort($gradeoptionsfull, SORT_NUMERIC);
if (!$categories = quiz_get_category_menu($course->id, true)) {
if (!$categories = quiz_get_category_menu($course->id, false)) {
error("No categories!");
}
......
......@@ -17,7 +17,7 @@
error("This category doesn't belong to a valid course!");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacheredit($course->id)) {
error("Only the teacher can import quiz questions!");
......
......@@ -35,7 +35,7 @@
}
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You are not allowed to use this script");
......
......@@ -40,7 +40,7 @@
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
if (!$quiz->review) {
......
......@@ -5,8 +5,8 @@
// This fragment is called by moodle_needs_upgrading() and /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005021400; // The (date) version of this module
$module->requires = 2005010100; // Requires this Moodle version
$module->version = 2005021600; // The (date) version of this module
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0; // How often should cron check this module (seconds)?
?>
......@@ -37,7 +37,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
// if no questions have been set up yet redirect to edit.php
if (!$quiz->questions and isteacheredit($course->id)) {
......
......@@ -7,10 +7,6 @@
require_variable($id); // Course Module ID
require_variable($url); // url to fetch
if (!empty($CFG->forcelogin)) {
require_login();
}
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
......@@ -19,9 +15,7 @@
error("Course is misconfigured");
}
if ($course->category) {
require_login($course->id);
}
require_course_login($course, true, $cm);
if (! $resource = get_record("resource", "id", $cm->instance)) {
error("Resource ID was incorrect");
......
......@@ -83,7 +83,7 @@ function resource_base($cmid=0) {
error("Course is misconfigured");
}
require_course_login($this->course);
require_course_login($this->course, true, $this->cm);
if (! $this->resource = get_record("resource", "id", $this->cm->instance)) {
error("Resource ID was incorrect");
......@@ -93,7 +93,6 @@ function resource_base($cmid=0) {
$this->strresources = get_string("modulenameplural", "resource");
if ($this->course->category) {
require_login($this->course->id);
$this->navigation = "<a target=\"{$CFG->framename}\" href=\"$CFG->wwwroot/course/view.php?id={$this->course->id}\">{$this->course->shortname}</a> -> ".
"<a target=\"{$CFG->framename}\" href=\"index.php?id={$this->course->id}\">$this->strresources</a> ->";
} else {
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004110200; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;
?>
......@@ -30,7 +30,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!empty($_POST['scoid'])) {
//echo 'scoid: '.$_POST['scoid']."\n";
if (!empty($_POST['cmi_core_lesson_location'])) {
......
......@@ -8,12 +8,7 @@
error("Course ID is incorrect");
}
if ($course->category) {
require_login($course->id);
$navigation = "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> ->";
} else {
$navigation = '';
}
require_course_login($course);
add_to_log($course->id, "scorm", "view all", "index.php?id=$course->id", "");
......@@ -25,7 +20,7 @@
$strsummary = get_string("summary");
$strlastmodified = get_string("lastmodified");
print_header("$course->shortname: $strscorms", "$course->fullname", "$navigation $strscorms",
print_header_simple("$strscorms", "", "$navigation $strscorms",
"", "", true, "", navmenu($course));
if ($course->format == "weeks" or $course->format == "topics") {
......
......@@ -35,7 +35,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
$strscorms = get_string("modulenameplural", "scorm");
......
......@@ -32,7 +32,7 @@
}
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You are not allowed to use this script");
......
......@@ -32,7 +32,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
if ( $scoes_user = get_records_select("scorm_sco_users","userid = ".$USER->id." AND scormid = ".$scorm->id,"scoid ASC") ) {
//
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The (date) version of this module
$module->requires = 2004110200; // The version of Moodle that is required
$module->version = 2005021600; // The (date) version of this module
$module->requires = 2005021600; // The version of Moodle that is required
$module->cron = 0; // How often should cron check this module (seconds)?
?>
......@@ -34,7 +34,7 @@
}
}
require_login($course->id);
require_login($course->id, false, $cm);
$strscorms = get_string("modulenameplural", "scorm");
......
......@@ -8,7 +8,7 @@
error("This course doesn't exist");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("You can't modify this course!");
......
......@@ -16,7 +16,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Sorry, only teachers can see this.");
......
......@@ -17,7 +17,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
$groupmode = groupmode($course, $cm); // Groups are being used
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment