From: skodak <skodak>
Date: Thu, 1 Oct 2009 09:58:08 +0000 (+0000)
Subject: MDL-20385 better access control checks for frontpage activities; merged from MOODLE_1... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=9950c88ff9efce4a294d661d9ba928cbfcd4c7ec;p=moodle.git

MDL-20385 better access control checks for frontpage activities; merged from MOODLE_19_STABLE
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 013273660e..e281cad95c 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2368,9 +2368,18 @@ function require_course_login($courseorid, $autologinguest=true, $cm=null, $setw
 
     } else if ((is_object($courseorid) and $courseorid->id == SITEID)
           or (!is_object($courseorid) and $courseorid == SITEID)) {
-        //login for SITE not required
-        user_accesstime_log(SITEID);
-        return;
+              //login for SITE not required
+        if ($cm and empty($cm->visible)) {
+            // hidden activities are not accessible without login
+            require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
+        } else if ($cm and !empty($CFG->enablegroupings) and $cm->groupmembersonly) {
+            // not-logged-in users do not have any group membership
+            require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
+        } else {
+            //TODO: verify conditional activities here
+            user_accesstime_log(SITEID);
+            return;
+        }
 
     } else {
         // course login always required