Commit a6a9a12d authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic
Browse files

Bug 1758769: Tutor role creates group views outside group edit window

outside the group edit window, a tutor can:
- edit the blocks of group views
- edit access and secret urls
- create new group views
- delete a group view
- submit personal views to the group
- add new/edit topics in forum
- edit posts in forum
- create forlders and add files to a group

behatnotneeded

Change-Id: I9d554e2e0069794cad297f9ef2da8c78b2e9b200
parent 48149058
......@@ -183,14 +183,19 @@ function group_role_can_edit_views($group, $role) {
* the window.
* @param object $group the group to check
* @param bool $admin_always whether the admin should be OK regardless of time
* @param bool $tutor_always whether the tutor should be OK regardless of time
*/
function group_within_edit_window($group, $admin_always=true) {
function group_within_edit_window($group, $admin_always=true, $tutor_always=true) {
if (is_numeric($group)) {
$group = get_group_by_id($group, true);
}
if ($admin_always && group_user_access($group->id) == 'admin') {
return true;
return true;
}
if ($tutor_always && group_user_access($group->id) == 'tutor') {
return true;
}
$start = !empty($group->editwindowstart) ? strtotime($group->editwindowstart) : null;
......
......@@ -29,7 +29,7 @@ $group = get_record_sql(
array($USER->get('id'), $groupid)
);
if (!$group || !group_within_edit_window($group)) {
if (!$group || !group_within_edit_window($groupid)) {
throw new AccessDeniedException(get_string('cantsubmittogroup', 'view'));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment