Commit fc57b81a authored by Nigel McNie's avatar Nigel McNie
Browse files

Prevent people from editing views that have been submitted for assessment. Whoops!

This used to work, but for some reason the code for it has disappeared. The links to edit and delete a view have disappeared from the 'My Views' page, but you could still visit the pages directly. Now that has been locked down.
parent f705276e
......@@ -144,6 +144,7 @@ $string['viewinformationsaved'] = 'View information saved successfully';
$string['canteditdontown'] = 'You can\'t edit this View because you don\'t own it';
$string['canteditdontownfeedback'] = 'You can\'t edit this feedback because you don\'t own it';
$string['canteditsubmitted'] = 'You can\'t edit this View because it has been submitted for assessment to group "%s". You will have to wait until a tutor releases your view.';
$string['feedbackchangedtoprivate'] = 'Feedback changed to private';
$string['addtutors'] = 'Add Tutors';
......
......@@ -33,6 +33,12 @@ $view = new View(param_integer('id'));
$change = param_boolean('change', false);
$action = param_alphanumext('action', '');
// If the view has been submitted to a group, disallow editing
$submittedto = $view->get('submittedto');
if ($submittedto) {
throw new AccessDeniedException(get_string('canteditsubmitted', 'view', get_field('group', 'name', 'id', $submittedto)));
}
// we actually ned to process stuff
if ($change) {
try {
......
......@@ -34,6 +34,12 @@ require('view.php');
$view = new View(param_integer('id'));
// If the view has been submitted to a group, disallow editing
$submittedto = $view->get('submittedto');
if ($submittedto) {
throw new AccessDeniedException(get_string('canteditsubmitted', 'view', get_field('group', 'name', 'id', $submittedto)));
}
$new = param_boolean('new');
if ($new) {
......
......@@ -45,6 +45,12 @@ else {
if ($view->get('owner') != $USER->get('id')) {
throw new AccessDeniedException(get_string('canteditdontown', 'view'));
}
// If the view has been submitted to a group, disallow editing
$submittedto = $view->get('submittedto');
if ($submittedto) {
throw new AccessDeniedException(get_string('canteditsubmitted', 'view', get_field('group', 'name', 'id', $submittedto)));
}
}
if ($new || empty($id)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment