Commit ec81373f authored by gustav_delius's avatar gustav_delius
Browse files

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
......@@ -899,11 +899,19 @@ function sesskey() {
}
/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are "logged in" or allowed to be in a particular course.
* If not, then it redirects them to the site login or course enrolment.
* $autologinguest determines whether visitors should automatically be
* logged in as guests provide {@link $CFG}->autologinguests is set to 1
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the coursemodule is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* @uses $CFG
* @uses $SESSION
......@@ -911,11 +919,11 @@ function sesskey() {
* @uses $FULLME
* @uses SITEID
* @uses $MoodleSession
* @param int $courseid The course in question
* @param boolean $autologinguest ?
* @todo Finish documenting this function
* @param int $courseid id of the course
* @param boolean $autologinguest
* @param $cm course module object
*/
function require_login($courseid=0, $autologinguest=true) {
function require_login($courseid=0, $autologinguest=true, $cm=null) {
global $CFG, $SESSION, $USER, $FULLME, $MoodleSession;
......@@ -988,8 +996,11 @@ function require_login($courseid=0, $autologinguest=true) {
// Next, check if the user can be in a particular course
if ($courseid) {
if ($courseid == SITEID) {
return; // Anyone can be in the site course
if ($courseid == SITEID) { // Anyone can be in the site course
if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
}
if (!empty($USER->student[$courseid]) or !empty($USER->teacher[$courseid]) or !empty($USER->admin)) {
if (isset($USER->realuser)) { // Make sure the REAL person can also access this course
......@@ -998,6 +1009,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
}
if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; // user is a member of this course.
}
if (! $course = get_record('course', 'id', $courseid)) {
......@@ -1014,6 +1028,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
break;
case 1: // Guests allowed
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
case 2: // Guests allowed with key (drop through)
break;
......@@ -1036,6 +1053,9 @@ function require_login($courseid=0, $autologinguest=true) {
}
$guest_name = fullname($USER, true);
add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&$USER->id$", "$realname -> $guest_name");
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
}
......@@ -1055,13 +1075,13 @@ function require_login($courseid=0, $autologinguest=true) {
* @param int $courseid The course in question
* @param boolean $autologinguest Allow autologin guests if that is wanted
*/
function require_course_login($course, $autologinguest=true) {
function require_course_login($course, $autologinguest=true, $cm=null) {
global $CFG;
if ($CFG->forcelogin) {
require_login();
}
if ($course->category) {
require_login($course->id, $autologinguest);
require_login($course->id, $autologinguest, $cm);
}
}
......
......@@ -21,7 +21,7 @@
error("Course Module ID was incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
......
......@@ -17,7 +17,7 @@
error("Course Module ID was incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
$strassignments = get_string("modulenameplural", "assignment");
$strassignment = get_string("modulename", "assignment");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005010500;
$module->requires = 2004091700; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -31,7 +31,7 @@
}
}
require_course_login($course);
require_course_login($course, true, $cm);
add_to_log($course->id, "assignment", "view", "view.php?id=$cm->id", $assignment->id, $cm->id);
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 3600; // Period for cron to check this module (secs)
?>
......@@ -28,7 +28,7 @@
}
}
require_login($course->id);
require_login($course->id, true, $cm);
add_to_log($course->id, "attendance", "view", "view.php?id=$cm->id", $attendance->id, $cm->id);
......
......@@ -18,7 +18,7 @@
error('Course Module ID was incorrect');
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error('Guest does not have access to chat rooms');
......
......@@ -18,7 +18,7 @@
error('Course Module ID was incorrect');
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error('Guest does not have access to chat rooms');
......
......@@ -21,7 +21,7 @@
error('Course is misconfigured');
}
require_login($course->id);
require_login($course->id, false, $cm);
$isteacher = isteacher($course->id);
$isteacheredit = isteacheredit($course->id);
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005020300; // The (date) version of this module
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600; // The (date) version of this module
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 300; // How often should cron check this module (seconds)?
?>
......@@ -41,12 +41,7 @@
}
}
require_course_login($course);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string("activityiscurrentlyhidden"));
}
require_course_login($course, true, $cm);
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
......
......@@ -13,7 +13,7 @@
error("Course module is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;
?>
......@@ -13,7 +13,7 @@
error("Course is misconfigured");
}
require_course_login($course);
require_course_login($course, false, $cm);
if (!$choice = choice_get_choice($cm->instance)) {
error("Course module is incorrect");
......
......@@ -32,7 +32,7 @@
error("Course module dialogue is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
// set up some general variables
$usehtmleditor = can_use_html_editor();
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111000;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -18,7 +18,7 @@
error("Course module is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
add_to_log($course->id, "dialogue", "view", "view.php?id=$cm->id", $dialogue->id, $cm->id);
......
......@@ -49,7 +49,7 @@
exercise_add_custom_scales($exercise);
require_login($course->id);
require_login($course->id, false, $cm);
$strexercises = get_string("modulenameplural", "exercise");
$strexercise = get_string("modulename", "exercise");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment