Prevent editing & deleting of files in submitted views

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

htdocs/artefact/file/form/elements/filebrowser.php

@@ -787,7 +787,7 @@ function pieform_element_filebrowser_update(Pieform $form, $element, $data) {
     $collide = !empty($data['collide']) ? $data['collide'] : 'fail';
 
     $artefact = artefact_instance_from_id($data['artefact']);
-    if (!$USER->can_edit_artefact($artefact)) {
+    if (!$USER->can_edit_artefact($artefact) || $artefact->get('locked')) {
         return array('error' => true, 'message' => get_string('noeditpermission', 'mahara'));
     }
 
@@ -840,7 +840,7 @@ function pieform_element_filebrowser_update(Pieform $form, $element, $data) {
 function pieform_element_filebrowser_delete(Pieform $form, $element, $artefact) {
     global $USER;
     $artefact = artefact_instance_from_id($artefact);
-    if (!$USER->can_edit_artefact($artefact)) {
+    if (!$USER->can_edit_artefact($artefact) || $artefact->get('locked')) {
         return array('error' => true, get_string('nodeletepermission', 'mahara'));
     }
     $parentfolder = $artefact->get('parent');

htdocs/artefact/file/lib.php

@@ -300,7 +300,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
         global $USER;
         $select = '
             SELECT
-                a.id, a.artefacttype, a.mtime, f.size, a.title, a.description,
+                a.id, a.artefacttype, a.mtime, f.size, a.title, a.description, a.locked,
                 COUNT(DISTINCT c.id) AS childcount, COUNT (DISTINCT aa.artefact) AS attachcount, COUNT(DISTINCT va.view) AS viewcount';
         $from = '
             FROM {artefact} a
@@ -325,7 +325,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
 
         $groupby = '
             GROUP BY
-                a.id, a.artefacttype, a.mtime, f.size, a.title, a.description';
+                a.id, a.artefacttype, a.mtime, f.size, a.title, a.description, a.locked';
 
         $phvals = array();
 

htdocs/artefact/file/theme/raw/form/filelist.tpl

@@ -53,7 +53,9 @@
     {/if}
     {if $editmeta}
     <td>
-      {if !$file->isparent}
+      {if $file->locked}
+        <span class="s dull">{str tag=Submitted section=view}</span>
+      {elseif !$file->isparent}
         {if !isset($file->can_edit) || $file->can_edit !== 0}<input type="submit" class="tag-edit submit" name="{$prefix}_edit[{$file->id}]" value="{str tag=edit}" />{/if}
       {/if}
     </td>
@@ -61,7 +63,9 @@
     <td class="right">
     {if $editable && !$file->isparent}
       {if $file->artefacttype == 'archive'}<a href="{$WWWROOT}artefact/file/extract.php?file={$file->id}">{str tag=Unzip section=artefact.file}</a>{/if}
-      {if !isset($file->can_edit) || $file->can_edit !== 0}<input type="submit" class="submit btn-edit s" name="{$prefix}_edit[{$file->id}]" value="{str tag=edit}" />
+      {if $file->locked}
+        <span class="s dull">{str tag=Submitted section=view}</span>
+      {elseif !isset($file->can_edit) || $file->can_edit !== 0}<input type="submit" class="submit btn-edit s" name="{$prefix}_edit[{$file->id}]" value="{str tag=edit}" />
       <input type="submit" class="submit btn-del s" name="{$prefix}_delete[{$file->id}]" value="{str tag=delete}" />{/if}
     {/if}
     {if $selectable && ($file->artefacttype != 'folder' || $selectfolders) && $publishable && !$file->isparent}

htdocs/lang/en.utf8/view.php

@@ -153,6 +153,7 @@ $string['viewinformationsaved'] = 'View information saved successfully';
 
 $string['canteditdontown'] = 'You can\'t edit this View because you don\'t own it';
 $string['canteditsubmitted'] = 'You can\'t edit this View because it has been submitted for assessment to "%s". You will have to wait until a tutor releases your view.';
+$string['Submitted'] = 'Submitted';
 $string['submittedforassessment'] = 'Submitted for assessment';
 
 $string['addtutors'] = 'Add Tutors';