From 14d701d67eb6427593a5fe9e2eef38ed03593c3c Mon Sep 17 00:00:00 2001 From: tjhunt Date: Wed, 13 Aug 2008 07:05:42 +0000 Subject: [PATCH] MDL-15819 - Review the RISK_XXX flags on all quiz and question capabilites. --- lib/db/access.php | 12 +++++------- mod/quiz/db/access.php | 17 ++++++----------- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/lib/db/access.php b/lib/db/access.php index c894b9237b..c4c5c938a5 100644 --- a/lib/db/access.php +++ b/lib/db/access.php @@ -1,4 +1,4 @@ - array( - + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( @@ -907,7 +907,7 @@ $moodle_capabilities = array( //new in moodle 1.9 'moodle/question:add' => array( - 'riskbitmask' => RISK_SPAM, + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( @@ -917,7 +917,7 @@ $moodle_capabilities = array( 'clonepermissionsfrom' => 'moodle/question:manage' ), 'moodle/question:editmine' => array( - 'riskbitmask' => RISK_SPAM, + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( @@ -927,7 +927,7 @@ $moodle_capabilities = array( 'clonepermissionsfrom' => 'moodle/question:manage' ), 'moodle/question:editall' => array( - 'riskbitmask' => RISK_SPAM, + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( @@ -994,9 +994,7 @@ $moodle_capabilities = array( // Configure the installed question types. 'moodle/question:config' => array( - 'riskbitmask' => RISK_CONFIG, - 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( diff --git a/mod/quiz/db/access.php b/mod/quiz/db/access.php index 4b9a20728a..9d5adbb816 100644 --- a/mod/quiz/db/access.php +++ b/mod/quiz/db/access.php @@ -1,4 +1,4 @@ - array( - 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -23,7 +22,6 @@ $mod_quiz_capabilities = array( // Ability to do the quiz as a 'student'. 'mod/quiz:attempt' => array( - 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -33,7 +31,7 @@ $mod_quiz_capabilities = array( // Edit the quiz settings, add and remove questions. 'mod/quiz:manage' => array( - + 'riskbitmask' => RISK_SPAM, 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -44,7 +42,6 @@ $mod_quiz_capabilities = array( // Preview the quiz. 'mod/quiz:preview' => array( - 'captype' => 'write', // Only just a write. 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -56,7 +53,7 @@ $mod_quiz_capabilities = array( // Manually grade and comment on student attempts at a question, and regrade quizzes. 'mod/quiz:grade' => array( - + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -68,7 +65,7 @@ $mod_quiz_capabilities = array( // View the quiz reports. 'mod/quiz:viewreports' => array( - + 'riskbitmask' => RISK_PERSONAL, 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -80,7 +77,7 @@ $mod_quiz_capabilities = array( // Delete attempts using the overview report. 'mod/quiz:deleteattempts' => array( - + 'riskbitmask' => RISK_DATALOSS, 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -89,6 +86,7 @@ $mod_quiz_capabilities = array( ) ), + // Do not have the time limit imposed. Used for accessibility legislation compliance. 'mod/quiz:ignoretimelimits' => array( 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, @@ -97,7 +95,6 @@ $mod_quiz_capabilities = array( // Receive email confirmation of own quiz submission 'mod/quiz:emailconfirmsubmission' => array( - 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array() @@ -105,11 +102,9 @@ $mod_quiz_capabilities = array( // Receive email notification of other peoples quiz submissions 'mod/quiz:emailnotifysubmission' => array( - 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array() ) ); - ?> -- 2.39.5