Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
...@@ -899,11 +899,19 @@ function sesskey() { ...@@ -899,11 +899,19 @@ function sesskey() {
} }
/** /**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally * This function checks that the current user is logged in, and optionally
* whether they are "logged in" or allowed to be in a particular course. * whether they are allowed to be in a particular course and view a particular
* If not, then it redirects them to the site login or course enrolment. * course module.
* $autologinguest determines whether visitors should automatically be * If they are not logged in, then it redirects them to the site login unless
* logged in as guests provide {@link $CFG}->autologinguests is set to 1 * $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the coursemodule is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
* *
* @uses $CFG * @uses $CFG
* @uses $SESSION * @uses $SESSION
...@@ -911,11 +919,11 @@ function sesskey() { ...@@ -911,11 +919,11 @@ function sesskey() {
* @uses $FULLME * @uses $FULLME
* @uses SITEID * @uses SITEID
* @uses $MoodleSession * @uses $MoodleSession
* @param int $courseid The course in question * @param int $courseid id of the course
* @param boolean $autologinguest ? * @param boolean $autologinguest
* @todo Finish documenting this function * @param $cm course module object
*/ */
function require_login($courseid=0, $autologinguest=true) { function require_login($courseid=0, $autologinguest=true, $cm=null) {
global $CFG, $SESSION, $USER, $FULLME, $MoodleSession; global $CFG, $SESSION, $USER, $FULLME, $MoodleSession;
...@@ -988,8 +996,11 @@ function require_login($courseid=0, $autologinguest=true) { ...@@ -988,8 +996,11 @@ function require_login($courseid=0, $autologinguest=true) {
// Next, check if the user can be in a particular course // Next, check if the user can be in a particular course
if ($courseid) { if ($courseid) {
if ($courseid == SITEID) { if ($courseid == SITEID) { // Anyone can be in the site course
return; // Anyone can be in the site course if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
} }
if (!empty($USER->student[$courseid]) or !empty($USER->teacher[$courseid]) or !empty($USER->admin)) { if (!empty($USER->student[$courseid]) or !empty($USER->teacher[$courseid]) or !empty($USER->admin)) {
if (isset($USER->realuser)) { // Make sure the REAL person can also access this course if (isset($USER->realuser)) { // Make sure the REAL person can also access this course
...@@ -998,6 +1009,9 @@ function require_login($courseid=0, $autologinguest=true) { ...@@ -998,6 +1009,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
} }
} }
if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; // user is a member of this course. return; // user is a member of this course.
} }
if (! $course = get_record('course', 'id', $courseid)) { if (! $course = get_record('course', 'id', $courseid)) {
...@@ -1014,6 +1028,9 @@ function require_login($courseid=0, $autologinguest=true) { ...@@ -1014,6 +1028,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php"); notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
break; break;
case 1: // Guests allowed case 1: // Guests allowed
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; return;
case 2: // Guests allowed with key (drop through) case 2: // Guests allowed with key (drop through)
break; break;
...@@ -1036,6 +1053,9 @@ function require_login($courseid=0, $autologinguest=true) { ...@@ -1036,6 +1053,9 @@ function require_login($courseid=0, $autologinguest=true) {
} }
$guest_name = fullname($USER, true); $guest_name = fullname($USER, true);
add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&$USER->id$", "$realname -> $guest_name"); add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&$USER->id$", "$realname -> $guest_name");
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; return;
} }
...@@ -1055,13 +1075,13 @@ function require_login($courseid=0, $autologinguest=true) { ...@@ -1055,13 +1075,13 @@ function require_login($courseid=0, $autologinguest=true) {
* @param int $courseid The course in question * @param int $courseid The course in question
* @param boolean $autologinguest Allow autologin guests if that is wanted * @param boolean $autologinguest Allow autologin guests if that is wanted
*/ */
function require_course_login($course, $autologinguest=true) { function require_course_login($course, $autologinguest=true, $cm=null) {
global $CFG; global $CFG;
if ($CFG->forcelogin) { if ($CFG->forcelogin) {
require_login(); require_login();
} }
if ($course->category) { if ($course->category) {
require_login($course->id, $autologinguest); require_login($course->id, $autologinguest, $cm);
} }
} }
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
error("Course Module ID was incorrect"); error("Course Module ID was incorrect");
} }
require_login($course->id); require_login($course->id, false, $cm);
if (!isteacher($course->id)) { if (!isteacher($course->id)) {
error("Only teachers can look at this page"); error("Only teachers can look at this page");
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
error("Course Module ID was incorrect"); error("Course Module ID was incorrect");
} }
require_login($course->id); require_login($course->id, false, $cm);
$strassignments = get_string("modulenameplural", "assignment"); $strassignments = get_string("modulenameplural", "assignment");
$strassignment = get_string("modulename", "assignment"); $strassignment = get_string("modulename", "assignment");
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php // This fragment is called by /admin/index.php
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
$module->version = 2005010500; $module->version = 2005021600;
$module->requires = 2004091700; // Requires this Moodle version $module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60; $module->cron = 60;
?> ?>
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
} }
} }
require_course_login($course); require_course_login($course, true, $cm);
add_to_log($course->id, "assignment", "view", "view.php?id=$cm->id", $assignment->id, $cm->id); add_to_log($course->id, "assignment", "view", "view.php?id=$cm->id", $assignment->id, $cm->id);
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php /// This fragment is called by moodle_needs_upgrading() and /admin/index.php
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX) $module->version = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004052505; // Requires this Moodle version $module->requires = 2005021600; // Requires this Moodle version
$module->cron = 3600; // Period for cron to check this module (secs) $module->cron = 3600; // Period for cron to check this module (secs)
?> ?>
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
} }
} }
require_login($course->id); require_login($course->id, true, $cm);
add_to_log($course->id, "attendance", "view", "view.php?id=$cm->id", $attendance->id, $cm->id); add_to_log($course->id, "attendance", "view", "view.php?id=$cm->id", $attendance->id, $cm->id);
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
error('Course Module ID was incorrect'); error('Course Module ID was incorrect');
} }
require_login($course->id); require_login($course->id, false, $cm);
if (isguest()) { if (isguest()) {
error('Guest does not have access to chat rooms'); error('Guest does not have access to chat rooms');
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
error('Course Module ID was incorrect'); error('Course Module ID was incorrect');
} }
require_login($course->id); require_login($course->id, false, $cm);
if (isguest()) { if (isguest()) {
error('Guest does not have access to chat rooms'); error('Guest does not have access to chat rooms');
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
error('Course is misconfigured'); error('Course is misconfigured');
} }
require_login($course->id); require_login($course->id, false, $cm);
$isteacher = isteacher($course->id); $isteacher = isteacher($course->id);
$isteacheredit = isteacheredit($course->id); $isteacheredit = isteacheredit($course->id);
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php /// This fragment is called by moodle_needs_upgrading() and /admin/index.php
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////
$module->version = 2005020300; // The (date) version of this module $module->version = 2005021600; // The (date) version of this module
$module->requires = 2004052505; // Requires this Moodle version $module->requires = 2005021600; // Requires this Moodle version
$module->cron = 300; // How often should cron check this module (seconds)? $module->cron = 300; // How often should cron check this module (seconds)?
?> ?>
...@@ -41,12 +41,7 @@ ...@@ -41,12 +41,7 @@
} }
} }
require_course_login($course); require_course_login($course, true, $cm);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string("activityiscurrentlyhidden"));
}
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id); add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
error("Course module is misconfigured"); error("Course module is misconfigured");
} }
require_login($course->id); require_login($course->id, false, $cm);
if (!isteacher($course->id)) { if (!isteacher($course->id)) {
error("Only teachers can look at this page"); error("Only teachers can look at this page");
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php // This fragment is called by /admin/index.php
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; $module->version = 2005021600;
$module->requires = 2004052505; // Requires this Moodle version $module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0; $module->cron = 0;
?> ?>
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
error("Course is misconfigured"); error("Course is misconfigured");
} }
require_course_login($course); require_course_login($course, false, $cm);
if (!$choice = choice_get_choice($cm->instance)) { if (!$choice = choice_get_choice($cm->instance)) {
error("Course module is incorrect"); error("Course module is incorrect");
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
error("Course module dialogue is incorrect"); error("Course module dialogue is incorrect");
} }
require_login($course->id); require_login($course->id, false, $cm);
// set up some general variables // set up some general variables
$usehtmleditor = can_use_html_editor(); $usehtmleditor = can_use_html_editor();
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php // This fragment is called by /admin/index.php
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111000; $module->version = 2005021600;
$module->requires = 2004052505; // Requires this Moodle version $module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60; $module->cron = 60;
?> ?>
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
error("Course module is incorrect"); error("Course module is incorrect");
} }
require_login($course->id); require_login($course->id, false, $cm);
add_to_log($course->id, "dialogue", "view", "view.php?id=$cm->id", $dialogue->id, $cm->id); add_to_log($course->id, "dialogue", "view", "view.php?id=$cm->id", $dialogue->id, $cm->id);
......
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
exercise_add_custom_scales($exercise); exercise_add_custom_scales($exercise);
require_login($course->id); require_login($course->id, false, $cm);
$strexercises = get_string("modulenameplural", "exercise"); $strexercises = get_string("modulenameplural", "exercise");
$strexercise = get_string("modulename", "exercise"); $strexercise = get_string("modulename", "exercise");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment