From: Petr Skoda Date: Sun, 22 Nov 2009 10:35:20 +0000 (+0000) Subject: MDL-20928 fixed glossary entry access control X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e657980dfda5e64a569a03cfbb57aff890077efb;p=moodle.git MDL-20928 fixed glossary entry access control --- diff --git a/mod/glossary/showentry.php b/mod/glossary/showentry.php index 0e14cd75bb..e804fea6c7 100644 --- a/mod/glossary/showentry.php +++ b/mod/glossary/showentry.php @@ -1,7 +1,7 @@ wwwroot.'/mod/glossary/showentry.php'); -if ($concept !== '') { - $url->param('concept', $concept); -} -if ($courseid !== 0) { - $url->param('courseid', $courseid); -} -if ($eid !== 0) { - $url->param('eid', $eid); -} -if ($displayformat !== -1) { - $url->param('displayformat', $displayformat); -} +$url->param('concept', $concept); +$url->param('courseid', $courseid); +$url->param('eid', $eid); +$url->param('displayformat', $displayformat); $PAGE->set_url($url); if ($CFG->forcelogin) { @@ -28,42 +20,51 @@ if ($CFG->forcelogin) { } if ($eid) { - $entry = $DB->get_record("glossary_entries", array("id"=>$eid)); - $glossary = $DB->get_record('glossary', array('id'=>$entry->glossaryid)); - $entry->glossaryname = format_string($glossary->name,true); - if (!$cm = get_coursemodule_from_instance("glossary", $glossary->id)) { - print_error("invalidcoursemodule"); - } - if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $cm->id))) { - redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); - } + $entry = $DB->get_record('glossary_entries', array('id'=>$eid), '*', MUST_EXIST); + $glossary = $DB->get_record('glossary', 'id', array($entry->glossaryid), '*', MUST_EXIST); + $cm = get_coursemodule_from_instance('glossary', $glossary->id, 0, false, MUST_EXIST); + $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST); + require_course_login($course, true, $cm); + $entry->glossaryname = $glossary->name; $entry->cmid = $cm->id; $entry->courseid = $cm->course; - $entries[] = $entry; + $entries = array($entry); + } else if ($concept) { + $course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST); + require_course_login($course); $entries = glossary_get_entries_search($concept, $courseid); + } else { - print_error('invalidentry'); + error('No valid entry specified'); } if ($entries) { + $modinfo = get_fast_modinfo($course); foreach ($entries as $key => $entry) { + // make sure the entry is visible + if (empty($modinfo->cms[$entry->cmid]->uservisible)) { + unset($entries[$key]); + continue; + } + if (!$entry->approved and ($USER->id != $entry->userid)) { + $context = get_context_instance(CONTEXT_MODULE, $entry->cmid); + if (!has_capability('mod/glossary:approve', $context)) { + unset($entries[$key]); + continue; + } + } //$entries[$key]->footer = "

» glossaryid', 'glossary', 'menubar=1,location=1,toolbar=1,scrollbars=1,directories=1,status=1,resizable=1', 0); return false;}\" href=\"$CFG->wwwroot/mod/glossary/view.php?g=$entry->glossaryid\" target=\"_blank\">".format_string($entry->glossaryname,true)."

"; // Could not get this to work satisfactorily in all cases - Martin $entries[$key]->footer = "

» wwwroot/mod/glossary/view.php?g=$entry->glossaryid\">".format_string($entry->glossaryname,true)."

"; - add_to_log($entry->courseid, "glossary", "view entry", "showentry.php?eid=$entry->id", $entry->id, $entry->cmid); + add_to_log($entry->courseid, 'glossary', 'view entry', "showentry.php?eid=$entry->id", $entry->id, $entry->cmid); } } if (!empty($courseid)) { - $course = $DB->get_record("course", array("id"=>$courseid)); - if ($course->id != SITEID) { - require_login($courseid); - } - - $strglossaries = get_string("modulenameplural", "glossary"); - $strsearch = get_string("search"); + $strglossaries = get_string('modulenameplural', 'glossary'); + $strsearch = get_string('search'); - $CFG->framename = "newwindow"; + $CFG->framename = 'newwindow'; $PAGE->navbar->add($strglossaries); $PAGE->navbar->add($strsearch);