Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
......@@ -17,7 +17,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false);
if (!isteacher($course->id)) {
error("Sorry, only teachers can see this.");
......
......@@ -24,7 +24,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (! $survey = get_record("survey", "id", $cm->instance)) {
error("Survey ID was incorrect");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;
?>
......@@ -13,7 +13,7 @@
error("Course is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (! $survey = get_record("survey", "id", $cm->instance)) {
error("Survey ID was incorrect");
......
<?PHP // $Id$
/// Extended by Michael Schneider
/// This page prints a particular instance of wiki
require_once("../../config.php");
require_once("lib.php");
require_login($course->id);
optional_variable($id); // Course Module ID, or
optional_variable($a); // wiki ID
optional_variable($page, false); // Pagename
optional_variable($confirm, "");
optional_variable($action,""); // Admin Action
......@@ -44,6 +39,8 @@
}
}
require_login($course->id, false, $cm);
/// Build the ewsiki script constant
$ewbase = 'view.php?id='.$id;
if (isset($userid) && $userid!=0) $ewbase .= '&amp;userid='.$userid;
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004112400; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004110200; // The current module version (Date: YYYYMMDDXX)
$module->version = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->cron = 0; // Period for cron to check this module (secs)
?>
......@@ -44,9 +44,7 @@
$_REQUEST["id"] = $id;
}
if ($course->category or !empty($CFG->forcelogin)) {
require_login($course->id);
}
require_course_login($course, true, $cm);
/// Add the course module 'groupmode' to the wiki object, for easy access.
$wiki->groupmode = $cm->groupmode;
......
......@@ -25,11 +25,7 @@
$redirect = urlencode($_SERVER["HTTP_REFERER"].'#sid='.$submission->id);
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string('activityiscurrentlyhidden'), $CFG->wwwroot.'/course/view.php?id='.$course->id);
}
require_login($course->id, false, $cm);
$strworkshops = get_string("modulenameplural", "workshop");
$strworkshop = get_string("modulename", "workshop");
......
......@@ -55,11 +55,7 @@
error("Course is misconfigured");
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string('activityiscurrentlyhidden'), $CFG->wwwroot.'/course/view.php?id='.$course->id);
}
require_login($course->id, false, $cm);
$navigation = "";
if ($course->category) {
......
......@@ -10,7 +10,7 @@
error("Course ID is incorrect");
}
require_login($course->id);
require_course_login($course);
add_to_log($course->id, "workshop", "view all", "index.php?id=$course->id", "");
$strworkshops = get_string("modulenameplural", "workshop");
......
......@@ -36,11 +36,7 @@
error("Course module is incorrect");
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string('activityiscurrentlyhidden'), $CFG->wwwroot.'/course/view.php?id='.$course->id);
}
require_login($course->id, false, $cm);
$strworkshops = get_string("modulenameplural", "workshop");
$strworkshop = get_string("modulename", "workshop");
......
......@@ -17,11 +17,7 @@
error("Course module is incorrect");
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string('activityiscurrentlyhidden'), $CFG->wwwroot.'/course/view.php?id='.$course->id);
}
require_login($course->id, false, $cm);
$strworkshops = get_string('modulenameplural', 'workshop');
$strworkshop = get_string('modulename', 'workshop');
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004120902;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -35,7 +35,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
$strworkshops = get_string("modulenameplural", "workshop");
$strworkshop = get_string("modulename", "workshop");
......
......@@ -28,11 +28,7 @@
$redirect = urlencode($_SERVER["HTTP_REFERER"].'#sid='.$submission->id);
}
require_login($course->id);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string('activityiscurrentlyhidden'), $CFG->wwwroot.'/course/view.php?id='.$course->id);
}
require_login($course->id, false, $cm);
$strworkshops = get_string("modulenameplural", "workshop");
$strworkshop = get_string("modulename", "workshop");
......
......@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
$version = 2005021600; // YYYYMMDD = date of first major branch release 1.4
$version = 2005021601; // YYYYMMDD = date
// XY = increments within a single day
$release = '1.5 UNSTABLE DEVELOPMENT'; // Human-friendly version name
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment