Commit 97b20a88 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Fix view submissions & feedback for non-tutor roles

parent 375e174c
......@@ -226,5 +226,6 @@ $string['Search'] = 'Search';
$string['noartefactstochoosefrom'] = 'Sorry, no artefacts to choose from';
$string['access'] = 'Access';
$string['noaccesstoview'] = 'You do not have permission to access this view';
?>
......@@ -493,4 +493,19 @@ function group_get_grouptypes() {
return $grouptypes;
}
function can_assess_submitted_views($userid, $groupid) {
return get_field_sql('
SELECT
r.see_submitted_views
FROM
{group_member} m
INNER JOIN {group} g ON (m.group = g.id AND g.deleted = 0)
INNER JOIN {grouptype_roles} r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?', array($userid, $groupid));
}
?>
......@@ -1331,19 +1331,13 @@ function can_view_view($view_id, $user_id=null) {
return true;
}
if ($view_record['submittedto'] && get_field_sql('
SELECT
r.see_submitted_views
FROM
group_member m
INNER JOIN group g ON (m.group = g.id AND g.deleted = 0)
INNER JOIN grouptype_roles r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?', array($user_id, $view_record['submittedto']))) {
if ($view_record['submittedto']) {
require_once(get_config('docroot') . 'lib/group.php');
if (can_assess_submitted_views($user_id, $view_record['submittedto'])) {
//log_debug('Yes - View is submitted for assesment to a group you are a tutor in');
return true;
}
}
// check public
if (
......
......@@ -30,15 +30,13 @@ define('JSON', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
json_headers();
$view = param_integer('view');
$artefact = param_integer('artefact', null);
$limit = param_integer('limit', 5);
$offset = param_integer('offset', 0);
if (!can_view_view($view)) {
throw new AccessDeniedException();
json_reply('local', get_string('noaccesstoview', 'view'));
}
$userid = $USER->get('id');
......
......@@ -37,12 +37,10 @@ $group = get_record_sql(
'SELECT g.id, g.name
FROM {group_member} u
INNER JOIN {group} g ON (u.group = g.id AND g.deleted = 0)
INNER JOIN {group_member} t ON t.group = g.id
INNER JOIN {grouptype} gt ON gt.name = g.grouptype
WHERE u.member = ?
AND t.tutor = 1
AND t.member != u.member
AND g.id = ?
GROUP BY g.id, g.name',
AND gt.submittableto = 1',
array($USER->get('id'), $groupid)
);
......
......@@ -62,7 +62,7 @@ if (!$group) {
$tutorfilefeedbackformrow = '';
$submittedgroup = (int)$view->get('submittedto');
if ($submittedgroup && (user_can_access_group($submittedgroup) & GROUP_MEMBERSHIP_TUTOR)) {
if ($submittedgroup && can_assess_submitted_views($USER->get('id'), $submittedgroup)) {
// The user is a tutor of the group that this view has
// been submitted to, and is entitled to upload an additional
// file when submitting feedback.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment