Commit a9eef1b4 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Disallow editing and deletion of submitted collections (bug #786389)



This patch stops a user from accessing collection/edit.php,
collection/views.php, and collection/delete.php when the collection is
submitted.

Change-Id: Idb3073711a00f617859ffcd02741d177a66ec4fe
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 2ad6469a
......@@ -44,6 +44,12 @@ if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('cantdeletecollection', 'collection'));
redirect('/collection/');
}
if ($collection->is_submitted()) {
$submitinfo = $collection->submitted_to();
throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
}
$form = pieform(array(
'name' => 'deletecollection',
'renderer' => 'div',
......
......@@ -44,6 +44,10 @@ if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown', 'collection'));
redirect('/collection/');
}
if ($collection->is_submitted()) {
$submitinfo = $collection->submitted_to();
throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
}
// if not a new collection
if (!$new) {
......
......@@ -47,6 +47,10 @@ if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown', 'collection'));
redirect('/collection/');
}
if ($collection->is_submitted()) {
$submitinfo = $collection->submitted_to();
throw new AccessDeniedException(get_string('canteditsubmitted', 'collection', $submitinfo->name));
}
define('TITLE', $collection->get('name') . ': ' . get_string('editviews', 'collection'));
......
......@@ -42,6 +42,7 @@ $string['addviewstocollection'] = 'Add pages to collection';
$string['back'] = 'Back';
$string['cantdeletecollection'] = 'You cannot delete this collection.';
$string['canteditdontown'] = 'You cannot edit this collection because you do not own it.';
$string['canteditsubmitted'] = 'You can\'t edit this collection because it has been submitted for assessment to %s. You will have to wait until a tutor releases it.';
$string['collection'] = 'collection';
$string['Collection'] = 'Collection';
$string['collections'] = 'Collections';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment