From 488b13baba3dfe3adf05fceb85b5c1c74e465a3a Mon Sep 17 00:00:00 2001
From: agrabs <agrabs>
Date: Sun, 22 Jun 2008 18:02:54 +0000
Subject: [PATCH] MDL-14779 Show analysis to students setting in Feedback
 module does not provide enough contol over who see feedback

---
 mod/feedback/analysis.php       |  2 +-
 mod/feedback/complete.php       | 21 ++++++++++++++++-----
 mod/feedback/complete_guest.php |  6 ++++++
 mod/feedback/db/access.php      | 14 ++++++++++++++
 mod/feedback/lib.php            |  2 ++
 mod/feedback/version.php        |  2 +-
 mod/feedback/view.php           |  2 +-
 7 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/mod/feedback/analysis.php b/mod/feedback/analysis.php
index 74155c243b..849dde239e 100644
--- a/mod/feedback/analysis.php
+++ b/mod/feedback/analysis.php
@@ -53,7 +53,7 @@
 
     require_login($course->id, true, $cm);
 
-    if( !( (intval($feedback->publish_stats) == 1) || $capabilities->viewreports)) {
+    if( !( ((intval($feedback->publish_stats) == 1) AND $capabilities->viewanalysepage) || $capabilities->viewreports)) {
         error(get_string('error'));
     }
 
diff --git a/mod/feedback/complete.php b/mod/feedback/complete.php
index 8abb270fa6..6cccb2b82a 100644
--- a/mod/feedback/complete.php
+++ b/mod/feedback/complete.php
@@ -79,11 +79,15 @@
         $courseid = SITEID;
     }
         
-    if($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
+    // if($feedback->anonymous != FEEDBACK_ANONYMOUS_YES) {
         require_login($course->id, true, $cm);
-    } else {
-        require_course_login($course, true, $cm);
-    }
+        if(isguestuser()) {
+            error(get_string('guestsno'), $CFG->wwwroot);
+            exit;
+        }
+    // } else {
+        // require_course_login($course, true, $cm);
+    // }
     
     if($courseid AND $courseid != SITEID) {
         $course2 = $DB->get_record('course', array('id'=>$courseid));
@@ -250,6 +254,14 @@
         ///////////////////////////////////////////////////////////////////////////
         ///////////////////////////////////////////////////////////////////////////
         print_heading(format_text($feedback->name));
+    
+        if( (intval($feedback->publish_stats) == 1) AND ( $capabilities->viewanalysepage) AND !( $capabilities->viewreports) ) {
+            if($multiple_count = $DB->count_records('feedback_tracking', array('userid'=>$USER->id, 'feedback'=>$feedback->id))) {
+                echo '<div align="center"><a href="'.htmlspecialchars('analysis.php?id=' . $id . '&courseid='.$courseid).'">';
+                echo get_string('completed_feedbacks', 'feedback').'</a>';
+                echo '</div>';
+            }
+        }
         
         if(isset($savereturn) && $savereturn == 'saved') {
             if($feedback->page_after_submit) {
@@ -267,7 +279,6 @@
                 }
             }
             if($feedback->site_after_submit) {
-var_dump($feedback->site_after_submit);
                 print_continue(feedback_encode_target_url($feedback->site_after_submit));
             }else {
                 if($courseid) {
diff --git a/mod/feedback/complete_guest.php b/mod/feedback/complete_guest.php
index 3e3caf9f73..712fb76520 100644
--- a/mod/feedback/complete_guest.php
+++ b/mod/feedback/complete_guest.php
@@ -226,6 +226,12 @@
         ///////////////////////////////////////////////////////////////////////////
         print_heading(format_text($feedback->name));
         
+        if( (intval($feedback->publish_stats) == 1) AND ( $capabilities->viewanalysepage) AND !( $capabilities->viewreports) ) {
+            echo '<div align="center"><a href="'.htmlspecialchars('analysis.php?id=' . $id . '&courseid='.$courseid).'">';
+            echo get_string('completed_feedbacks', 'feedback').'</a>';
+            echo '</div>';
+        }
+        
         if(isset($savereturn) && $savereturn == 'saved') {
             if($feedback->page_after_submit) {
                 // print_simple_box_start('center', '75%');
diff --git a/mod/feedback/db/access.php b/mod/feedback/db/access.php
index 74a399bf75..ccf5d2806a 100644
--- a/mod/feedback/db/access.php
+++ b/mod/feedback/db/access.php
@@ -61,6 +61,20 @@ $mod_feedback_capabilities = array(
         )
     ),
     
+    'mod/feedback:viewanalysepage' => array(
+
+        'riskbitmask' => RISK_PERSONAL,
+
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'legacy' => array(
+            'user' => CAP_ALLOW,
+            'student' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+    
     'mod/feedback:deletesubmissions' => array(
 
         'captype' => 'write',
diff --git a/mod/feedback/lib.php b/mod/feedback/lib.php
index ac03492735..3a3e190517 100644
--- a/mod/feedback/lib.php
+++ b/mod/feedback/lib.php
@@ -404,6 +404,7 @@ function feedback_load_capabilities($cmid) {
     $cb = new object;
     $cb->view = has_capability('mod/feedback:view', $context, NULL, false);
     $cb->complete = has_capability('mod/feedback:complete', $context, NULL, false);
+    $cb->viewanalysepage = has_capability('mod/feedback:viewanalysepage', $context, NULL, false);
     $cb->deletesubmissions = has_capability('mod/feedback:deletesubmissions', $context, NULL, false);
     $cb->mapcourse = has_capability('mod/feedback:mapcourse', $context, NULL, false);
     $cb->edititems = has_capability('mod/feedback:edititems', $context, NULL, false);
@@ -437,6 +438,7 @@ function feedback_load_course_capabilities($courseid) {
     $ccb = new object;
     $ccb->view = has_capability('mod/feedback:view', $context, NULL, false);
     $ccb->complete = has_capability('mod/feedback:complete', $context, NULL, false);
+    $ccb->viewanalysepage = has_capability('mod/feedback:viewanalysepage', $context, NULL, false);
     $ccb->deletesubmissions = has_capability('mod/feedback:deletesubmissions', $context, NULL, false);
     $ccb->mapcourse = has_capability('mod/feedback:mapcourse', $context, NULL, false);
     $ccb->edititems = has_capability('mod/feedback:edititems', $context, NULL, false);
diff --git a/mod/feedback/version.php b/mod/feedback/version.php
index e27f44ba56..e85427a113 100644
--- a/mod/feedback/version.php
+++ b/mod/feedback/version.php
@@ -10,7 +10,7 @@
 */
 
    
-    $module->version = 2008052207; // The current module version (Date: YYYYMMDDXX)
+    $module->version = 2008052208; // The current module version (Date: YYYYMMDDXX)
     $module->requires = 2007101503;  // Requires this Moodle version
     $feedback_version_intern = 1; //this version is used for restore older backups
     $module->cron = 0; // Period for cron to check this module (secs)
diff --git a/mod/feedback/view.php b/mod/feedback/view.php
index 762dc167b2..2680b2f01e 100644
--- a/mod/feedback/view.php
+++ b/mod/feedback/view.php
@@ -95,7 +95,7 @@
         print_box_end();
     }
     
-    if( (intval($feedback->publish_stats) == 1) AND !( $capabilities->viewreports) ) {
+    if( (intval($feedback->publish_stats) == 1) AND ( $capabilities->viewanalysepage) AND !( $capabilities->viewreports) ) {
         if($multiple_count = $DB->count_records('feedback_tracking', array('userid'=>$USER->id, 'feedback'=>$feedback->id))) {
             echo '<div align="center"><a href="'.htmlspecialchars('analysis.php?id=' . $id . '&courseid='.$courseid).'">';
             echo get_string('completed_feedbacks', 'feedback').'</a>';
-- 
2.39.5