From: stronk7 Date: Sun, 9 May 2004 18:59:36 +0000 (+0000) Subject: Added some consistency with the show/hide feature in Moodle. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=c0f778a2693351185a008b0ad7e6c4d57fbacfd8;p=moodle.git Added some consistency with the show/hide feature in Moodle. Now if the course is hidden or the activity is hidden, only teachers cand download the feed. --- diff --git a/rss/file.php b/rss/file.php index e295dfced2..39135a0b85 100644 --- a/rss/file.php +++ b/rss/file.php @@ -4,7 +4,7 @@ // course: the course id // user: the user id // name: the name of the module (forum...) - // id: the id of the module (forumid...) + // id: the id (instance) of the module (forumid...) //If the course has a password or it doesn't //allow guest access then the user field is //required to see that the user is enrolled @@ -45,16 +45,34 @@ } $courseid = (integer)$args[0]; + $userid = (integer)$args[1]; + $modulename = $args[2]; + $instance = (integer)$args[3]; + if (! $course = get_record("course", "id", $courseid)) { $error = true; } + //Get course_module to check it's visible + if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) { + $error = true; + } + $cmvisible = $cm->visible; + + $isstudent = isstudent($courseid,$userid); + $isteacher = isteacher($courseid,$userid); + //Check for "security" if !course->guest or course->password if (!$course->guest || $course->password) { - $allowed = (isstudent($course->id,$args[1]) || isteacher($course->id,$args[1])); + $allowed = ($isstudent || $isteacher); + } + + //Check for "security" if the course is hidden or the activity is hidden + if ($allowed && (!$course->visible || !$cmvisible)) { + $allowed = $isteacher; } - $pathname = $CFG->dataroot."/rss/".$args[2]."/".$args[3].".xml"; + $pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml"; $filename = $args[$numargs-1]; //If the file exists and its allowed for me, download it!