Disallow editing and deletion of submitted collections (bug #786389)

This patch stops a user from accessing collection/edit.php, collection/views.php, and collection/delete.php when the collection is submitted. Change-Id: Idb3073711a00f617859ffcd02741d177a66ec4fe Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Disallow editing and deletion of submitted collections (bug #786389)
This patch stops a user from accessing collection/edit.php, collection/views.php, and collection/delete.php when the collection is submitted. Change-Id: Idb3073711a00f617859ffcd02741d177a66ec4fe Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
a9eef1b4 · Richard Mansfield · 2ad6469a · a9eef1b4 · a9eef1b4 · a9eef1b4
Commit a9eef1b4 authored Jun 12, 2012 by Richard Mansfield
--- a/htdocs/collection/delete.php
+++ b/htdocs/collection/delete.php
@@ -44,6 +44,12 @@ if (!$USER->can_edit_collection($collection)) {
    $SESSION->add_error_msg(get_string('cantdeletecollection', 'collection'));
    redirect('/collection/');
 }
+
+if ($collection->is_submitted()) {
+    $submitinfo = $collection->submitted_to();
+    throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
+}
+
 $form = pieform(array(
    'name' => 'deletecollection',
    'renderer' => 'div',

--- a/htdocs/collection/edit.php
+++ b/htdocs/collection/edit.php
@@ -44,6 +44,10 @@ if (!$USER->can_edit_collection($collection)) {
    $SESSION->add_error_msg(get_string('canteditdontown', 'collection'));
    redirect('/collection/');
 }
+if ($collection->is_submitted()) {
+    $submitinfo = $collection->submitted_to();
+    throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
+}

 // if not a new collection
 if (!$new) {

--- a/htdocs/collection/views.php
+++ b/htdocs/collection/views.php
@@ -47,6 +47,10 @@ if (!$USER->can_edit_collection($collection)) {
    $SESSION->add_error_msg(get_string('canteditdontown', 'collection'));
    redirect('/collection/');
 }
+if ($collection->is_submitted()) {
+    $submitinfo = $collection->submitted_to();
+    throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
+}

 define('TITLE', $collection->get('name') . ': ' . get_string('editviews', 'collection'));


--- a/htdocs/lang/en.utf8/collection.php
+++ b/htdocs/lang/en.utf8/collection.php
@@ -42,6 +42,7 @@ $string['addviewstocollection'] = 'Add pages to collection';
 $string['back'] = 'Back';
 $string['cantdeletecollection'] = 'You cannot delete this collection.';
 $string['canteditdontown'] = 'You cannot edit this collection because you do not own it.';
+$string['canteditsubmitted'] = 'You can\'t edit this collection because it has been submitted for assessment to %s. You will have to wait until a tutor releases it.';
 $string['collection'] = 'collection';
 $string['Collection'] = 'Collection';
 $string['collections'] = 'Collections';