Commit ec81373f authored by gustav_delius's avatar gustav_delius

In order to ensure that when a teacher hides a resource or an activity that...

In order to ensure that when a teacher hides a resource or an activity that students really can't get at it, even if they know the direct links to its pages, I have given an optional third argument $cm to the functions  require_login() and require_course_login(). Pages showing information about a particular course module now pass the course module object in this third argument. The login functions will then test if either the course module is visible or the user is a teacher. If neither is the case then the user is redirected to the course homepage after being shown a message "Sorry, this activity is currently hidden".

(While I was at it I also turned the autologinguests off for most module pages, except on the index.php pages and the view.php pages for those modules that allow guests)
parent 25ecf09a
......@@ -899,11 +899,19 @@ function sesskey() {
}
/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are "logged in" or allowed to be in a particular course.
* If not, then it redirects them to the site login or course enrolment.
* $autologinguest determines whether visitors should automatically be
* logged in as guests provide {@link $CFG}->autologinguests is set to 1
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the coursemodule is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* @uses $CFG
* @uses $SESSION
......@@ -911,11 +919,11 @@ function sesskey() {
* @uses $FULLME
* @uses SITEID
* @uses $MoodleSession
* @param int $courseid The course in question
* @param boolean $autologinguest ?
* @todo Finish documenting this function
* @param int $courseid id of the course
* @param boolean $autologinguest
* @param $cm course module object
*/
function require_login($courseid=0, $autologinguest=true) {
function require_login($courseid=0, $autologinguest=true, $cm=null) {
global $CFG, $SESSION, $USER, $FULLME, $MoodleSession;
......@@ -988,8 +996,11 @@ function require_login($courseid=0, $autologinguest=true) {
// Next, check if the user can be in a particular course
if ($courseid) {
if ($courseid == SITEID) {
return; // Anyone can be in the site course
if ($courseid == SITEID) { // Anyone can be in the site course
if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
}
if (!empty($USER->student[$courseid]) or !empty($USER->teacher[$courseid]) or !empty($USER->admin)) {
if (isset($USER->realuser)) { // Make sure the REAL person can also access this course
......@@ -998,6 +1009,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
}
if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; // user is a member of this course.
}
if (! $course = get_record('course', 'id', $courseid)) {
......@@ -1014,6 +1028,9 @@ function require_login($courseid=0, $autologinguest=true) {
notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
break;
case 1: // Guests allowed
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
case 2: // Guests allowed with key (drop through)
break;
......@@ -1036,6 +1053,9 @@ function require_login($courseid=0, $autologinguest=true) {
}
$guest_name = fullname($USER, true);
add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&$USER->id$", "$realname -> $guest_name");
if (isset($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
}
......@@ -1055,13 +1075,13 @@ function require_login($courseid=0, $autologinguest=true) {
* @param int $courseid The course in question
* @param boolean $autologinguest Allow autologin guests if that is wanted
*/
function require_course_login($course, $autologinguest=true) {
function require_course_login($course, $autologinguest=true, $cm=null) {
global $CFG;
if ($CFG->forcelogin) {
require_login();
}
if ($course->category) {
require_login($course->id, $autologinguest);
require_login($course->id, $autologinguest, $cm);
}
}
......
......@@ -4,7 +4,7 @@
require_once("lib.php");
require_variable($id); // Assignment
optional_variable($sort, "timemodified");
optional_variable($sort, "timemodified");
optional_variable($dir, "DESC");
optional_variable($timenow, 0);
......@@ -21,7 +21,7 @@
error("Course Module ID was incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
......@@ -33,8 +33,8 @@
$strsaveallfeedback = get_string("saveallfeedback", "assignment");
print_header_simple($assignment->name, "",
"<a href=\"index.php?id=$course->id\">$strassignments</a> ->
<a href=\"view.php?a=$assignment->id\">$assignment->name</a> -> $strsubmissions",
"<a href=\"index.php?id=$course->id\">$strassignments</a> ->
<a href=\"view.php?a=$assignment->id\">$assignment->name</a> -> $strsubmissions",
"", "", true, update_module_button($cm->id, $course->id, $strassignment), navmenu($course, $cm));
/// Check to see if groups are being used in this assignment
......@@ -84,13 +84,13 @@
/// If data is being submitted, then process it
if ($data = data_submitted()) {
$feedback = array();
// Peel out all the data from variable names.
foreach ($data as $key => $val) {
if (!in_array($key, array("id", "timenow"))) {
$type = substr($key,0,1);
$num = substr($key,1);
$num = substr($key,1);
$feedback[$num][$type] = $val;
}
}
......@@ -111,7 +111,7 @@
// Make sure that we aren't overwriting any recent feedback from other teachers. (see bug #324)
if ($timewas < $submission->timemarked && (!empty($submission->grade)) && (!empty($submission->comment))) {
notify(get_string("failedupdatefeedback", "assignment", fullname($users[$submission->userid]))
. "<br />" . get_string("grade") . ": $newsubmission->grade"
. "<br />" . get_string("grade") . ": $newsubmission->grade"
. "<br />" . get_string("feedback", "assignment") . ": $newsubmission->comment\n");
} else { //print out old feedback and grade
if (empty($submission->timemodified)) { // eg for offline assignments
......@@ -174,7 +174,7 @@
echo "<input type=\"submit\" value=\"$strsaveallfeedback\" />";
echo "</center>";
}
$grades = make_grades_menu($assignment->grade);
foreach ($submissions as $submission) {
......@@ -190,7 +190,7 @@
echo "</center>";
echo "</form>";
}
print_footer($course);
?>
......@@ -17,15 +17,15 @@
error("Course Module ID was incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
$strassignments = get_string("modulenameplural", "assignment");
$strassignment = get_string("modulename", "assignment");
$strupload = get_string("upload");
print_header_simple("$assignment->name : $strupload", "",
"<a href=index.php?id=$course->id>$strassignments</a> ->
<a href=\"view.php?a=$assignment->id\">$assignment->name</a> -> $strupload",
"<a href=index.php?id=$course->id>$strassignments</a> ->
<a href=\"view.php?a=$assignment->id\">$assignment->name</a> -> $strupload",
"", "", true);
if ($submission = get_record("assignment_submissions", "assignment", $assignment->id, "userid", $USER->id)) {
......@@ -62,7 +62,7 @@
} else {
notify(get_string("uploadnotregistered", "assignment", $newfile_name) );
}
}
}
}
// upload class will take care of printing out errors.
......
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2005010500;
$module->requires = 2004091700; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 60;
?>
......@@ -14,7 +14,7 @@
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
if (! $assignment = get_record("assignment", "id", $cm->instance)) {
error("Course module is incorrect");
}
......@@ -31,7 +31,7 @@
}
}
require_course_login($course);
require_course_login($course, true, $cm);
add_to_log($course->id, "assignment", "view", "view.php?id=$cm->id", $assignment->id, $cm->id);
......@@ -39,7 +39,7 @@
$strassignment = get_string("modulename", "assignment");
print_header_simple($assignment->name, "",
"<a href=\"index.php?id=$course->id\">$strassignments</a> -> $assignment->name",
"<a href=\"index.php?id=$course->id\">$strassignments</a> -> $assignment->name",
"", "", true, update_module_button($cm->id, $course->id, $strassignment), navmenu($course, $cm));
if (isteacher($course->id)) {
......@@ -115,9 +115,9 @@
} else {
print_heading(get_string("notsubmittedyet","assignment"));
}
echo '<hr size="1" noshade="noshade" />';
if ($submission and $submission->timemarked) {
print_heading(get_string("submissionfeedback", "assignment").":", "center");
if (isset($scalegrades)) {
......@@ -136,7 +136,7 @@
}
}
}
print_footer($course);
?>
......@@ -17,7 +17,7 @@ if (isset($_POST["course"])) {
$mod = (object)$_POST;
}
if (isset($cancel)) {
if (isset($cancel)) {
if (!empty($SESSION->returnpage)) {
$return = $SESSION->returnpage;
unset($SESSION->returnpage);
......@@ -40,30 +40,30 @@ if (isset($_POST["course"])) {
/* // set the information for the new instances
$attendance->dynsection = !empty($attendance->dynsection) ? 1 : 0;
$attendance->day = make_timestamp($attendance->theyear,
$attendance->themonth, $attendance->theday);
$attendance->day = make_timestamp($attendance->theyear,
$attendance->themonth, $attendance->theday);
$attendance->name=userdate($attendance->day, get_string("strftimedate"));
if ($attendance->notes) {
$attendance->name = $attendance->name . " - " . $attendance->notes;
}
if ($attendance->notes) {
$attendance->name = $attendance->name . " - " . $attendance->notes;
}
*/
$curdate = make_timestamp($mod->startyear, $mod->startmonth, $mod->startday);
$stopdate = make_timestamp($mod->endyear, $mod->endmonth, $mod->endday);
$enddate = $curdate + $mod->numsections * 604800;
$enddate = $curdate + $mod->numsections * 604800;
if ($curdate > $stopdate) {
error(get_string("endbeforestart", "attendance"));
}
error(get_string("endbeforestart", "attendance"));
}
if ($enddate < $curdate) {
error(get_string("startafterend", "attendance"));
}
error(get_string("startafterend", "attendance"));
}
if ($stopdate > $enddate) {
// if stop date is after end of course, just move it to end of course
$stopdate = $enddate;
}
$stopdate = $enddate;
}
while ($curdate <= $stopdate) {
$mod->day = $curdate;
$mod->name=userdate($mod->day, get_string("strftimedate"));
if (isset($mod->notes)) {$mod->name = $mod->name . " - " . $mod->notes;}
if (isset($mod->notes)) {$mod->name = $mod->name . " - " . $mod->notes;}
switch(userdate($curdate, "%u")) {
case 1: if (!empty($mod->mon)) {attendance_add_module($mod);}break;
case 2: if (!empty($mod->tue)) {attendance_add_module($mod);}break;
......@@ -75,7 +75,7 @@ if (isset($_POST["course"])) {
} // switch
$curdate = $curdate + 86400; // add one day to the date
} // while for days
if (!empty($SESSION->returnpage)) {
$return = $SESSION->returnpage;
unset($SESSION->returnpage);
......@@ -84,13 +84,13 @@ if (isset($_POST["course"])) {
redirect("index.php?id=$mod->course");
}
exit;
} else {
/// -----------------------------------------------------------------------------------
/// ------------------ SECTION FOR MAKING THE FORM TO BE POSTED -----------------------
/// -----------------------------------------------------------------------------------
/// @include_once("$CFG->dirroot/mod/attendance/lib.php");
/// @include_once("$CFG->dirroot/mod/attendance/lib.php");
/// error_reporting(E_ALL);
require_variable($id);
......@@ -132,8 +132,8 @@ if (isset($_POST["course"])) {
if ($course->category) {
print_header("$course->shortname: $streditinga", "$course->fullname",
"<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ->
<a href=\"$CFG->wwwroot/mod/$module->name/index.php?id=$course->id\">$strmodulenameplural</a> ->
"<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ->
<a href=\"$CFG->wwwroot/mod/$module->name/index.php?id=$course->id\">$strmodulenameplural</a> ->
$streditinga", "form.name", "", false);
} else {
print_header("$course->shortname: $streditinga", "$course->fullname",
......@@ -148,7 +148,7 @@ if (isset($_POST["course"])) {
print_heading_with_help($pageheading, "mods", $module->name, $icon);
print_simple_box_start('center');
/// Print the main part of the page
// adaptation of mod code to view code needs this:
......@@ -255,7 +255,7 @@ for ($i=2;$i<=24;$i++){ $opt[$i] = $i; } ?>
for ($i=0;$i<=100;$i++){ $opt2[$i] = $i; } ?>
<tr valign=top>
<td align=right><p><b><?php print_string("maxgradevalue", "attendance") ?>:</b></p></td>
<td colspan="3" align="left"><?php choose_from_menu($opt2, "maxgrade", $form->maxgrade, "0","","0");
<td colspan="3" align="left"><?php choose_from_menu($opt2, "maxgrade", $form->maxgrade, "0","","0");
helpbutton("maxgrade", get_string("maxgradevalue","attendance"), "attendance");
?></td>
</tr>
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 3600; // Period for cron to check this module (secs)
?>
......@@ -9,7 +9,7 @@
if ($id) {
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
}
if (! $course = get_record("course", "id", $cm->course)) {
error("Course is misconfigured");
}
......@@ -28,7 +28,7 @@
}
}
require_login($course->id);
require_login($course->id, true, $cm);
add_to_log($course->id, "attendance", "view", "view.php?id=$cm->id", $attendance->id, $cm->id);
......@@ -39,8 +39,8 @@
$strteacheredit = get_string("teacheredit", "attendance");
print_header_simple($attendance->name, "",
"<a href=index.php?id=$course->id>$strattendances</a> -> $attendance->name",
"", "", true, update_module_button($cm->id, $course->id, $strattendance),
"<a href=index.php?id=$course->id>$strattendances</a> -> $attendance->name",
"", "", true, update_module_button($cm->id, $course->id, $strattendance),
navmenu($course, $cm));
/// Print the main part of the page
......@@ -66,9 +66,9 @@
}
} else {
$sroll = array(); //just to set default value
}
}
// get the list of attendance records for all hours of the given day and
// get the list of attendance records for all hours of the given day and
// put it in the array for use in the attendance table
$strviewall = get_string("viewall", "attendance");
$strviewweek = get_string("viewweek", "attendance");
......@@ -119,8 +119,8 @@
$i=0;
$A = get_string("absentshort","attendance");
$T = get_string("tardyshort","attendance");
$P = get_string("presentshort","attendance");
$P = get_string("presentshort","attendance");
if ($students) foreach ($students as $student) {
echo "<tr><td align=\"left\" nowrap class=\"generaltablecell\" style=\"border-top: 1px solid;\">".$student->lastname."</td>\n";
......@@ -142,8 +142,8 @@
}
/// ending for the table
echo "</table></td></tr></table>\n";
/// print the miscellaneous settings information before the attendance roll
echo "<center><table align=\"center\" width=\"80\" class=\"generalbox\"".
"border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>".
......
......@@ -18,7 +18,7 @@
error('Course Module ID was incorrect');
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error('Guest does not have access to chat rooms');
......
......@@ -18,7 +18,7 @@
error('Course Module ID was incorrect');
}
require_login($course->id);
require_login($course->id, false, $cm);
if (isguest()) {
error('Guest does not have access to chat rooms');
......
......@@ -21,7 +21,7 @@
error('Course is misconfigured');
}
require_login($course->id);
require_login($course->id, false, $cm);
$isteacher = isteacher($course->id);
$isteacheredit = isteacheredit($course->id);
......
......@@ -5,8 +5,8 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
$module->version = 2005020300; // The (date) version of this module
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600; // The (date) version of this module
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 300; // How often should cron check this module (seconds)?
?>
......@@ -41,12 +41,7 @@
}
}
require_course_login($course);
if (!$cm->visible and !isteacher($course->id)) {
print_header();
notice(get_string("activityiscurrentlyhidden"));
}
require_course_login($course, true, $cm);
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
......@@ -59,7 +54,7 @@
blocks_execute_url_action($PAGE, $pageblocks);
$pageblocks = blocks_get_by_page($PAGE);
}
$blocks_preferred_width = bounded_number(180, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]), 210);
......
......@@ -13,7 +13,7 @@
error("Course module is misconfigured");
}
require_login($course->id);
require_login($course->id, false, $cm);
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
......@@ -62,7 +62,7 @@
$timenow = time();
foreach ($choice->answer as $key => $answer) {
foreach ($choice->answer as $key => $answer) {
$useranswer[$key] = array();
}
foreach ($users as $user) {
......@@ -73,7 +73,7 @@
}
$useranswer[(int)$answer->answer][] = $user;
}
foreach ($choice->answer as $key => $answer) {
foreach ($choice->answer as $key => $answer) {
if (!$choice->answer[$key]) {
unset($useranswer[$key]); // Throw away any data that doesn't apply
}
......@@ -111,6 +111,6 @@
print_footer($course);
?>
......@@ -5,8 +5,8 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
$module->version = 2004111200;
$module->requires = 2004052505; // Requires this Moodle version
$module->version = 2005021600;
$module->requires = 2005021600; // Requires this Moodle version
$module->cron = 0;
?>
......@@ -13,7 +13,7 @@
error("Course is misconfigured");
}
require_course_login($course);
require_course_login($course, false, $cm);
if (!$choice = choice_get_choice($cm->instance)) {
error("Course module is incorrect");
......@@ -89,16 +89,16 @@
// print the form
if ($choice->timeopen > time() ) {
print_simple_box(get_string("notopenyet", "choice", userdate($choice->timeopen)), "center");
print_footer();
exit;
}
if ( (!$current or $choice->allowupdate) and ($choice->timeclose >= time() or $choice->timeclose == 0) ) {
if ( (!$current or $choice->allowupdate) and ($choice->timeclose >= time() or $choice->timeclose == 0) ) {
// They haven't made their choice yet or updates allowed and choice is open
echo "<form name=\"form\" method=\"post\" action=\"view.php\">";
echo "<table cellpadding=\"20\" cellspacing=\"20\" align=\"center\"><tr>";
......@@ -110,7 +110,7 @@
echo "</td>";
}
}
echo "</tr></table>";
echo "<center>";
echo "<input type=\"hidden\" name=\"id\" value=\"$cm->id\" />";
......@@ -124,14 +124,14 @@
}
// print the results
if ( $choice->release == CHOICE_RELEASE_ALWAYS or
( $choice->release == CHOICE_RELEASE_AFTER_ANSWER and $current ) or
( $choice->release == CHOICE_RELEASE_AFTER_CLOSE and $choice->timeclose <= time() ) ) {
print_heading(get_string("responses", "choice"));
if ($currentgroup) {
......@@ -156,7 +156,7 @@
$timenow = time();
foreach ($choice->answer as $key => $answer) {
foreach ($choice->answer as $key => $answer) {
$useranswer[$key] = array();
}
foreach ($users as $user) {
......@@ -167,7 +167,7 @@
$useranswer[0][] = $user;
}
}
foreach ($choice->answer as $key => $answer) {
foreach ($choice->answer as $key => $answer) {
if (!$choice->answer[$key]) {
unset($useranswer[$key]); // Throw away any data that doesn't apply
}
......@@ -195,7 +195,7 @@
echo "</th>";
}
echo "</tr><tr>";
foreach ($useranswer as $key => $answer) {
if ($key) {
echo "<td class=\"col$key\" width=\"$tablewidth%\" valign=\"top\" nowrap=\"nowrap\">";
......@@ -204,7 +204,7 @@
} else {
continue;
}
echo "<table width=\"100%\">";
foreach ($answer as $user) {
echo "<tr><td width=\"10\" nowrap=\"nowrap\">";
......@@ -214,7 +214,7 @@
echo "</td></tr>";
}
echo "</table>";
echo "</td>";
}
echo "</tr></table>";
......@@ -277,7 +277,7 @@
break;
}
}
print_footer($course);
......
......@@ -11,7 +11,7 @@
printdialogue
showdialogues
updatesubject
************************************************/
require_once("../../config.php");
......@@ -32,18 +32,18 @@
error("Course module dialogue is incorrect");
}
require_login($course->id);
require_login($course->id, false, $cm);
// set up some general variables
$usehtmleditor = can_use_html_editor();
$strdialogues = get_string("modulenameplural", "dialogue");
$strdialogue = get_string("modulename", "dialogue");
// ... print the header and...
print_header_simple("$dialogue->name", "",
"<a href=\"index.php?id=$course->id\">$strdialogues</a> ->
<a hre=\"view.php?id=$cm->id\">$dialogue->name</a>",
"<a href=\"index.php?id=$course->id\">$strdialogues</a> ->
<a hre=\"view.php?id=$cm->id\">$dialogue->name</a>",
"", "", true);
......@@ -79,8 +79,8 @@
add_to_log($course->id, "dialogue", "closed", "view.php?id=$cm->id", "$conversationid");
redirect("view.php?id=$cm->id&amp;pane=$pane", get_string("dialogueclosed", "dialogue"));
}
/****************** confirm close ************************************/
elseif ($action == 'confirmclose' ) {
......@@ -101,11 +101,11 @@
}
}
$pane = $_GET['pane'];