In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden". (While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)

In order to ensure that when a teacher hides a resource or an activity that...
In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden". (While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
ec81373f · gustav_delius · 25ecf09a · ec81373f · ec81373f · ec81373f
Commit ec81373f authored Feb 16, 2005 by gustav_delius
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -899,11 +899,19 @@ function sesskey() {
 }

 /**
+ * This function checks that the current user is logged in and has the
+ * required privileges
+ *
 * This function checks that the current user is logged in, and optionally
- * whether they are "logged in" or allowed to be in a particular course.
- * If not, then it redirects them to the site login or course enrolment.
- * $autologinguest determines whether visitors should automatically be
- * logged in as guests provide {@link $CFG}->autologinguests is set to 1
+ * whether they are allowed to be in a particular course and view a particular
+ * course module.
+ * If they are not logged in, then it redirects them to the site login unless
+ * $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which 
+ * case they are automatically logged in as guests.
+ * If $courseid is given and the user is not enrolled in that course then the
+ * user is redirected to the course enrolment page.
+ * If $cm is given and the coursemodule is hidden and the user is not a teacher
+ * in the course then the user is redirected to the course home page.
 *
 * @uses $CFG
 * @uses $SESSION
@@ -911,11 +919,11 @@ function sesskey() {
 * @uses $FULLME
 * @uses SITEID
 * @uses $MoodleSession
- * @param int $courseid The course in question
- * @param boolean $autologinguest ?
- * @todo Finish documenting this function
+ * @param int $courseid id of the course
+ * @param boolean $autologinguest 
+ * @param $cm course module object
 */
-function require_login($courseid=0, $autologinguest=true) {
+function require_login($courseid=0, $autologinguest=true, $cm=null) {

    global $CFG, $SESSION, $USER, $FULLME, $MoodleSession;

@@ -988,8 +996,11 @@ function require_login($courseid=0, $autologinguest=true) {

    // Next, check if the user can be in a particular course
    if ($courseid) {
-        if ($courseid == SITEID) {
-            return;   // Anyone can be in the site course
+        if ($courseid == SITEID) { // Anyone can be in the site course
+            if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page
+                redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
+            }
+            return;   
        }
        if (!empty($USER->student[$courseid]) or !empty($USER->teacher[$courseid]) or !empty($USER->admin)) {
            if (isset($USER->realuser)) {   // Make sure the REAL person can also access this course
@@ -998,6 +1009,9 @@ function require_login($courseid=0, $autologinguest=true) {
                    notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
                }
            }
+            if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page
+                redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
+            }
            return;   // user is a member of this course.
        }
        if (! $course = get_record('course', 'id', $courseid)) {
@@ -1014,6 +1028,9 @@ function require_login($courseid=0, $autologinguest=true) {
                    notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
                    break;
                case 1: // Guests allowed
+                    if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
+                        redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
+                    }
                    return;
                case 2: // Guests allowed with key (drop through)
                    break;
@@ -1036,6 +1053,9 @@ function require_login($courseid=0, $autologinguest=true) {
            }
            $guest_name = fullname($USER, true);
            add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&$USER->id$", "$realname -> $guest_name");
+            if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
+                redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
+            }
            return;
        }

@@ -1055,13 +1075,13 @@ function require_login($courseid=0, $autologinguest=true) {
 * @param int $courseid The course in question
 * @param boolean $autologinguest Allow autologin guests if that is wanted
 */
-function require_course_login($course, $autologinguest=true) {
+function require_course_login($course, $autologinguest=true, $cm=null) {
    global $CFG;
    if ($CFG->forcelogin) {
        require_login();
    }
    if ($course->category) {
-        require_login($course->id, $autologinguest);
+        require_login($course->id, $autologinguest, $cm);
    }
 }


--- a/mod/assignment/submissions.php
+++ b/mod/assignment/submissions.php
@@ -21,7 +21,7 @@
        error("Course Module ID was incorrect");
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    if (!isteacher($course->id)) {
        error("Only teachers can look at this page");

--- a/mod/assignment/upload.php
+++ b/mod/assignment/upload.php
@@ -17,7 +17,7 @@
        error("Course Module ID was incorrect");
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    $strassignments = get_string("modulenameplural", "assignment");
    $strassignment  = get_string("modulename", "assignment");

--- a/mod/assignment/version.php
+++ b/mod/assignment/version.php
@@ -5,8 +5,8 @@
 //  This fragment is called by /admin/index.php
 ////////////////////////////////////////////////////////////////////////////////

-$module->version  = 2005010500;
-$module->requires = 2004091700;  // Requires this Moodle version
+$module->version  = 2005021600;
+$module->requires = 2005021600;  // Requires this Moodle version
 $module->cron     = 60;

 ?>
--- a/mod/assignment/view.php
+++ b/mod/assignment/view.php
@@ -31,7 +31,7 @@
        }
    }

-    require_course_login($course);
+    require_course_login($course, true, $cm);

    add_to_log($course->id, "assignment", "view", "view.php?id=$cm->id", $assignment->id, $cm->id);


--- a/mod/attendance/add.php
+++ b/mod/attendance/add.php
--- a/mod/attendance/version.php
+++ b/mod/attendance/version.php
@@ -5,8 +5,8 @@
 ///  This fragment is called by moodle_needs_upgrading() and /admin/index.php
 /////////////////////////////////////////////////////////////////////////////////

-$module->version  = 2004111200;  // The current module version (Date: YYYYMMDDXX)
-$module->requires = 2004052505;  // Requires this Moodle version
+$module->version  = 2005021600;  // The current module version (Date: YYYYMMDDXX)
+$module->requires = 2005021600;  // Requires this Moodle version
 $module->cron     = 3600;        // Period for cron to check this module (secs)

 ?>
--- a/mod/attendance/view.php
+++ b/mod/attendance/view.php
@@ -28,7 +28,7 @@
        }
    }

-    require_login($course->id);
+    require_login($course->id, true, $cm);

    add_to_log($course->id, "attendance", "view", "view.php?id=$cm->id", $attendance->id, $cm->id);


--- a/mod/chat/gui_header_js/index.php
+++ b/mod/chat/gui_header_js/index.php
@@ -18,7 +18,7 @@
        error('Course Module ID was incorrect');
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    if (isguest()) {
        error('Guest does not have access to chat rooms');

--- a/mod/chat/gui_sockets/index.php
+++ b/mod/chat/gui_sockets/index.php
@@ -18,7 +18,7 @@
        error('Course Module ID was incorrect');
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    if (isguest()) {
        error('Guest does not have access to chat rooms');

--- a/mod/chat/report.php
+++ b/mod/chat/report.php
@@ -21,7 +21,7 @@
        error('Course is misconfigured');
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    $isteacher     = isteacher($course->id);
    $isteacheredit = isteacheredit($course->id);

--- a/mod/chat/version.php
+++ b/mod/chat/version.php
@@ -5,8 +5,8 @@
 ///  This fragment is called by moodle_needs_upgrading() and /admin/index.php
 /////////////////////////////////////////////////////////////////////////////////

-$module->version  = 2005020300;   // The (date) version of this module
-$module->requires = 2004052505;  // Requires this Moodle version
+$module->version  = 2005021600;   // The (date) version of this module
+$module->requires = 2005021600;  // Requires this Moodle version
 $module->cron     = 300;          // How often should cron check this module (seconds)?

 ?>
--- a/mod/chat/view.php
+++ b/mod/chat/view.php
@@ -41,12 +41,7 @@
        }
    }

-    require_course_login($course);
-
-    if (!$cm->visible and !isteacher($course->id)) {
-        print_header();
-        notice(get_string("activityiscurrentlyhidden"));
-    }
+    require_course_login($course, true, $cm);

    add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);


--- a/mod/choice/report.php
+++ b/mod/choice/report.php
@@ -13,7 +13,7 @@
        error("Course module is misconfigured");
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    if (!isteacher($course->id)) {
        error("Only teachers can look at this page");

--- a/mod/choice/version.php
+++ b/mod/choice/version.php
@@ -5,8 +5,8 @@
 //  This fragment is called by /admin/index.php
 ////////////////////////////////////////////////////////////////////////////////

-$module->version  = 2004111200;
-$module->requires = 2004052505;  // Requires this Moodle version
+$module->version  = 2005021600;
+$module->requires = 2005021600;  // Requires this Moodle version
 $module->cron     = 0;

 ?>
--- a/mod/choice/view.php
+++ b/mod/choice/view.php
@@ -13,7 +13,7 @@
        error("Course is misconfigured");
    }

-    require_course_login($course);
+    require_course_login($course, false, $cm);

    if (!$choice = choice_get_choice($cm->instance)) {
        error("Course module is incorrect");

--- a/mod/dialogue/dialogues.php
+++ b/mod/dialogue/dialogues.php
@@ -32,7 +32,7 @@
        error("Course module dialogue is incorrect");
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    // set up some general variables
    $usehtmleditor = can_use_html_editor();

--- a/mod/dialogue/version.php
+++ b/mod/dialogue/version.php
@@ -5,8 +5,8 @@
 //  This fragment is called by /admin/index.php
 ////////////////////////////////////////////////////////////////////////////////

-$module->version  = 2004111000;
-$module->requires = 2004052505;  // Requires this Moodle version
+$module->version  = 2005021600;
+$module->requires = 2005021600;  // Requires this Moodle version
 $module->cron     = 60;

 ?>
--- a/mod/dialogue/view.php
+++ b/mod/dialogue/view.php
@@ -18,7 +18,7 @@
        error("Course module is incorrect");
    }

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    add_to_log($course->id, "dialogue", "view", "view.php?id=$cm->id", $dialogue->id, $cm->id);


--- a/mod/exercise/assessments.php
+++ b/mod/exercise/assessments.php
@@ -49,7 +49,7 @@

    exercise_add_custom_scales($exercise);

-    require_login($course->id);
+    require_login($course->id, false, $cm);

    $strexercises = get_string("modulenameplural", "exercise");
    $strexercise  = get_string("modulename", "exercise");