From: skodak <skodak>
Date: Mon, 27 Apr 2009 08:47:31 +0000 (+0000)
Subject: MDL-18984 gradebook csv import group access control implemented
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=1dc9f2e29104224bf36655c33e34384308c1c900;p=moodle.git

MDL-18984 gradebook csv import group access control implemented
---

diff --git a/grade/import/csv/index.php b/grade/import/csv/index.php
index edfcd43f7d..808d689005 100755
--- a/grade/import/csv/index.php
+++ b/grade/import/csv/index.php
@@ -43,6 +43,9 @@ $context = get_context_instance(CONTEXT_COURSE, $id);
 require_capability('moodle/grade:import', $context);
 require_capability('gradeimport/csv:view', $context);
 
+$separatemode = (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context));
+$currentgroup = groups_get_course_group($course);
+
 // sort out delimiter
 if (isset($CFG->CSV_DELIMITER)) {
     $csv_delimiter = '\\' . $CFG->CSV_DELIMITER;
@@ -421,6 +424,14 @@ if ($formdata = $mform->get_data()) {
                 break;
             }
 
+            if ($separatemode and !groups_is_member($currentgroup, $studentid)) {
+                // not allowed to import into this group, abort
+                $status = false;
+                import_cleanup($importcode);
+                notify('user not member of current group, can not update!');
+                break;
+            }
+
             // insert results of this students into buffer
             if ($status and !empty($newgrades)) {
 
@@ -482,6 +493,9 @@ if ($formdata = $mform->get_data()) {
     }
 
 } else {
+    groups_print_course_menu($course, 'index.php?id='.$id);
+    echo '<div class="clearer"></div>';
+
     // display the standard upload file form
     $mform->display();
 }
diff --git a/grade/import/grade_import_form.php b/grade/import/grade_import_form.php
index ee0d9ce450..2d73a45bdb 100755
--- a/grade/import/grade_import_form.php
+++ b/grade/import/grade_import_form.php
@@ -27,6 +27,8 @@ require_once($CFG->libdir.'/gradelib.php');
 
 class grade_import_form extends moodleform {
     function definition (){
+        global $COURSE;
+
         $mform =& $this->_form;
 
         if (isset($this->_customdata)) {  // hardcoding plugin names here is hacky
@@ -63,6 +65,8 @@ class grade_import_form extends moodleform {
         $options = array('10'=>10, '20'=>20, '100'=>100, '1000'=>1000, '100000'=>100000);
         $mform->addElement('select', 'previewrows', get_string('rowpreviewnum', 'grades'), $options); // TODO: localize
         $mform->setType('previewrows', PARAM_INT);
+        $mform->addElement('hidden', 'groupid', groups_get_course_group($COURSE));
+        $mform->setType('groupid', PARAM_INT);
         $this->add_action_buttons(false, get_string('uploadgrades', 'grades'));
     }
 }
@@ -70,7 +74,7 @@ class grade_import_form extends moodleform {
 class grade_import_mapping_form extends moodleform {
 
     function definition () {
-        global $CFG;
+        global $CFG, $COURSE;
         $mform =& $this->_form;
 
         // this is an array of headers
@@ -129,6 +133,8 @@ class grade_import_mapping_form extends moodleform {
         $mform->setType('separator', PARAM_ALPHA);
         $mform->addElement('hidden', 'separator', 'comma');
         $mform->setType('verbosescales', PARAM_INT);
+        $mform->addElement('hidden', 'groupid', groups_get_course_group($COURSE));
+        $mform->setType('groupid', PARAM_INT);
         $this->add_action_buttons(false, get_string('uploadgrades', 'grades'));
 
     }