adding more capability checks into grade edit form and grader - should be finished...

diff --git a/grade/edit/tree/grade.php b/grade/edit/tree/grade.php
index 63a885878e38e647ebca07d88108f37427b840d4..d9f4a272542c74f4c5367975463f3d0374d2342b 100644 (file)
--- a/grade/edit/tree/grade.php
+++ b/grade/edit/tree/grade.php
@@ -13,11 +13,11 @@ if (!$course = get_record('course', 'id', $courseid)) {
     print_error('nocourseid');
 }
 
-// TODO: fix capabilities check
-// TODO: add proper check that grade is editable
 require_login($course);
 $context = get_context_instance(CONTEXT_COURSE, $course->id);
-require_capability('moodle/grade:override', $context);
+if (!has_capability('moodle/grade:manage', $context)) {
+    require_capability('moodle/grade:override', $context);
+}
 
 // default return url
 $gpr = new grade_plugin_return();
@@ -82,7 +82,7 @@ if ($grade = get_record('grade_grades', 'itemid', $grade_item->id, 'userid', $us
     $mform->set_data($grade);
 
 } else {
-    $mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid));
+    $mform->set_data(array('itemid'=>$itemid, 'userid'=>$userid, 'locked'=>$grade_item->locked, 'locktime'=>$grade_item->locktime));
 }
 
 if ($mform->is_cancelled()) {
@@ -97,31 +97,47 @@ if ($mform->is_cancelled()) {
 
     $grade_grade = grade_grade::fetch(array('userid'=>$data->userid, 'itemid'=>$grade_item->id));
 
-    if (empty($data->hidden)) {
-        if (empty($data->hiddenuntil)) {
-            $grade_grade->set_hidden(0);
+    if (has_capability('moodle/grade:manage', $context) or has_capability('moodle/grade:hide', $context)) {
+        if (empty($data->hidden)) {
+            if (empty($data->hiddenuntil)) {
+                $grade_grade->set_hidden(0);
+            } else {
+                $grade_grade->set_hidden($data->hiddenuntil);
+            }
         } else {
-            $grade_grade->set_hidden($data->hiddenuntil);
+            $grade_grade->set_hidden(1);
         }
-    } else {
-        $grade_grade->set_hidden(1);
     }
 
-    // ignore overridden flag when changing final grade
-    if ($old_grade_grade->finalgrade == $grade_grade->finalgrade) {
-        if ($grade_grade->set_overridden($data->overridden) and empty($data->overridden)) {
-            $grade_item->force_regrading(); // force regrading only when clearing the flag
+    if (has_capability('moodle/grade:override', $context)) {
+        // ignore overridden flag when changing final grade
+        if ($old_grade_grade->finalgrade == $grade_grade->finalgrade) {
+            if ($grade_grade->set_overridden($data->overridden) and empty($data->overridden)) {
+                $grade_item->force_regrading(); // force regrading only when clearing the flag
+            }
         }
     }
 
-    if ($grade_grade->set_excluded($data->excluded)) {
-        $grade_item->force_regrading();
+    if (has_capability('moodle/grade:manage', $context)) {
+        if ($grade_grade->set_excluded($data->excluded)) {
+            $grade_item->force_regrading();
+        }
     }
 
-    $grade_grade->set_locked($data->locked);
-    $grade_grade->set_locktime($data->locktime);
+    if (($old_grade_grade->locked or $old_grade_grade->locktime)
+      and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
+        //ignore data
 
-    redirect($returnurl);
+    } else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
+      and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
+        //ignore data
+
+    } else {
+        $grade_grade->set_locked($data->locked);
+        $grade_grade->set_locktime($data->locktime);
+      }
+
+    redirect($returnurl, 'x', 10);
 }
 
 $strgrades       = get_string('grades');

diff --git a/grade/edit/tree/grade_form.php b/grade/edit/tree/grade_form.php
index faec98924ea5288352a922b051e0635558a4cc70..da5f03f99ed662e1d927b944fe75198ceb9e7a0b 100755 (executable)
--- a/grade/edit/tree/grade_form.php
+++ b/grade/edit/tree/grade_form.php
@@ -80,18 +80,22 @@ class edit_grade_form extends moodleform {
     }
 
     function definition_after_data() {
-        global $CFG;
+        global $CFG, $COURSE;
+
+        $context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
 
         $mform =& $this->_form;
         $grade_item = $this->_customdata['grade_item'];
 
-        if ($userid = $mform->getElementValue('userid')) {
-            $user = get_record('user', 'id', $userid);
+        // fill in user name if user still exists
+        $userid = $mform->getElementValue('userid');
+        if ($user = get_record('user', 'id', $userid)) {
             $username = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$userid.'">'.fullname($user).'</a>';
             $user_el =& $mform->getElement('user');
             $user_el->setValue($username);
         }
 
+        // add activity name + link
         if ($grade_item->itemtype == 'mod') {
             $cm = get_coursemodule_from_instance($grade_item->itemmodule, $grade_item->iteminstance, $grade_item->courseid);
             $itemname = '<a href="'.$CFG->wwwroot.'/mod/'.$grade_item->itemmodule.'/view.php?id='.$cm->id.'">'.$grade_item->get_name().'</a>';
@@ -100,6 +104,33 @@ class edit_grade_form extends moodleform {
         }
         $itemname_el =& $mform->getElement('itemname');
         $itemname_el->setValue($itemname);
+
+        // access control - disable not allowed elements
+        if (!has_capability('moodle/grade:manage', $context)) {
+            $mform->hardFreeze('excluded');
+        }
+
+        if (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:hide', $context)) {
+            $mform->hardFreeze('hidden');
+            $mform->hardFreeze('hiddenuntil');
+        }
+
+        $old_grade_grade = new grade_grade(array('itemid'=>$grade_item->id, 'userid'=>$userid));
+        if (empty($old_grade_grade->id)) {
+            $old_grade_grade->locked = $grade_item->locked;
+            $old_grade_grade->locktime = $grade_item->locktime;
+        }
+
+        if (($old_grade_grade->locked or $old_grade_grade->locktime)
+          and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:unlock', $context))) {
+            $mform->hardFreeze('locked');
+            $mform->hardFreeze('locktime');
+
+        } else if ((!$old_grade_grade->locked and !$old_grade_grade->locktime)
+          and (!has_capability('moodle/grade:manage', $context) and !has_capability('moodle/grade:lock', $context))) {
+            $mform->hardFreeze('locked');
+            $mform->hardFreeze('locktime');
+        }
     }
 }
 

diff --git a/grade/lib.php b/grade/lib.php
index 54c2281221a1caae5f83de97812c4d60f48d8887..7712f6cde9f1e9831c3267b28817cbb81e852ffb 100644 (file)
--- a/grade/lib.php
+++ b/grade/lib.php
@@ -718,7 +718,11 @@ class grade_tree {
         global $CFG;
 
         if (!has_capability('moodle/grade:manage', $this->context)) {
-            return '';
+            if ($element['type'] == 'grade' and has_capability('moodle/grade:override', $this->context)) {
+                // oki - let them override grade
+            } else {
+                return '';
+            }
         }
 
         static $stredit = null;