Commit 97b20a88 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Fix view submissions & feedback for non-tutor roles

parent 375e174c
...@@ -226,5 +226,6 @@ $string['Search'] = 'Search'; ...@@ -226,5 +226,6 @@ $string['Search'] = 'Search';
$string['noartefactstochoosefrom'] = 'Sorry, no artefacts to choose from'; $string['noartefactstochoosefrom'] = 'Sorry, no artefacts to choose from';
$string['access'] = 'Access'; $string['access'] = 'Access';
$string['noaccesstoview'] = 'You do not have permission to access this view';
?> ?>
...@@ -493,4 +493,19 @@ function group_get_grouptypes() { ...@@ -493,4 +493,19 @@ function group_get_grouptypes() {
return $grouptypes; return $grouptypes;
} }
function can_assess_submitted_views($userid, $groupid) {
return get_field_sql('
SELECT
r.see_submitted_views
FROM
{group_member} m
INNER JOIN {group} g ON (m.group = g.id AND g.deleted = 0)
INNER JOIN {grouptype_roles} r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?', array($userid, $groupid));
}
?> ?>
...@@ -1331,18 +1331,12 @@ function can_view_view($view_id, $user_id=null) { ...@@ -1331,18 +1331,12 @@ function can_view_view($view_id, $user_id=null) {
return true; return true;
} }
if ($view_record['submittedto'] && get_field_sql(' if ($view_record['submittedto']) {
SELECT require_once(get_config('docroot') . 'lib/group.php');
r.see_submitted_views if (can_assess_submitted_views($user_id, $view_record['submittedto'])) {
FROM //log_debug('Yes - View is submitted for assesment to a group you are a tutor in');
group_member m return true;
INNER JOIN group g ON (m.group = g.id AND g.deleted = 0) }
INNER JOIN grouptype_roles r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?', array($user_id, $view_record['submittedto']))) {
//log_debug('Yes - View is submitted for assesment to a group you are a tutor in');
return true;
} }
// check public // check public
......
...@@ -30,15 +30,13 @@ define('JSON', 1); ...@@ -30,15 +30,13 @@ define('JSON', 1);
require(dirname(dirname(__FILE__)) . '/init.php'); require(dirname(dirname(__FILE__)) . '/init.php');
json_headers();
$view = param_integer('view'); $view = param_integer('view');
$artefact = param_integer('artefact', null); $artefact = param_integer('artefact', null);
$limit = param_integer('limit', 5); $limit = param_integer('limit', 5);
$offset = param_integer('offset', 0); $offset = param_integer('offset', 0);
if (!can_view_view($view)) { if (!can_view_view($view)) {
throw new AccessDeniedException(); json_reply('local', get_string('noaccesstoview', 'view'));
} }
$userid = $USER->get('id'); $userid = $USER->get('id');
......
...@@ -37,12 +37,10 @@ $group = get_record_sql( ...@@ -37,12 +37,10 @@ $group = get_record_sql(
'SELECT g.id, g.name 'SELECT g.id, g.name
FROM {group_member} u FROM {group_member} u
INNER JOIN {group} g ON (u.group = g.id AND g.deleted = 0) INNER JOIN {group} g ON (u.group = g.id AND g.deleted = 0)
INNER JOIN {group_member} t ON t.group = g.id INNER JOIN {grouptype} gt ON gt.name = g.grouptype
WHERE u.member = ? WHERE u.member = ?
AND t.tutor = 1
AND t.member != u.member
AND g.id = ? AND g.id = ?
GROUP BY g.id, g.name', AND gt.submittableto = 1',
array($USER->get('id'), $groupid) array($USER->get('id'), $groupid)
); );
......
...@@ -62,7 +62,7 @@ if (!$group) { ...@@ -62,7 +62,7 @@ if (!$group) {
$tutorfilefeedbackformrow = ''; $tutorfilefeedbackformrow = '';
$submittedgroup = (int)$view->get('submittedto'); $submittedgroup = (int)$view->get('submittedto');
if ($submittedgroup && (user_can_access_group($submittedgroup) & GROUP_MEMBERSHIP_TUTOR)) { if ($submittedgroup && can_assess_submitted_views($USER->get('id'), $submittedgroup)) {
// The user is a tutor of the group that this view has // The user is a tutor of the group that this view has
// been submitted to, and is entitled to upload an additional // been submitted to, and is entitled to upload an additional
// file when submitting feedback. // file when submitting feedback.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment