From 59c265b3909a61f941fae25d1e201e12fb774aff Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sat, 28 Aug 2004 19:15:52 +0000 Subject: [PATCH] Now students cannot add/edit/delete entries if glossary->studentcanpost = 0 using manual URLs. Merged from MOODLE_14_STABLE --- mod/glossary/comment.php | 2 +- mod/glossary/deleteentry.php | 16 +++++++++++----- mod/glossary/edit.php | 4 ++++ mod/glossary/lib.php | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/mod/glossary/comment.php b/mod/glossary/comment.php index eef56e110d..2d91df2e4b 100644 --- a/mod/glossary/comment.php +++ b/mod/glossary/comment.php @@ -115,7 +115,7 @@ } } else { if (!$glossary->allowcomments && !isteacher($glossary->course)) { - error("You can't add/edit comments in this glossary!"); + error("You can't add/edit comments to this glossary!"); } if ( $action == "edit" ) { if (!isset($comment->timemodified)) { diff --git a/mod/glossary/deleteentry.php b/mod/glossary/deleteentry.php index 4cca03d52e..15a860554e 100644 --- a/mod/glossary/deleteentry.php +++ b/mod/glossary/deleteentry.php @@ -23,6 +23,10 @@ error("Course is misconfigured"); } + if (! $entry = get_record("glossary_entries","id", $entry)) { + error("Entry ID was incorrect"); + } + require_login($course->id); if (isguest()) { @@ -37,7 +41,6 @@ error("You are not allowed to edit or delete entries"); } - $entryfields = get_record("glossary_entries", "id", $entry); $strareyousuredelete = get_string("areyousuredelete","glossary"); print_header_simple("$glossary->name", "", @@ -45,11 +48,14 @@ "", "", true, update_module_button($cm->id, $course->id, $strglossary), navmenu($course, $cm)); - $entry = get_record("glossary_entries","id", $entry); - if (($entry->userid <> $USER->id) and !isteacher($course->id)) { + if (($entry->userid != $USER->id) and !isteacher($course->id)) { error("You can't delete other people's entries!"); } + $ineditperiod = ((time() - $entry->timecreated < $CFG->maxeditingtime) || $glossary->editalways); + if (!$ineditperiod and !isteacher($course->id)) { + error("You can't delete this. Time expired!"); + } /// If data submitted, then process and store. @@ -78,8 +84,8 @@ } else { // the operation has not been confirmed yet so ask the user to do so - notice_yesno("$entryfields->concept

$strareyousuredelete

", - "deleteentry.php?id=$cm->id&mode=delete&confirm=1&entry=".s($entry->concept)."&prevmode=$prevmode&hook=$hook", + notice_yesno("$entry->concept

$strareyousuredelete

", + "deleteentry.php?id=$cm->id&mode=delete&confirm=1&entry=".s($entry->id)."&prevmode=$prevmode&hook=$hook", "view.php?id=$cm->id&mode=$prevmode&hook=$hook"); } diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php index 55b3d31df5..39e48b1eb5 100644 --- a/mod/glossary/edit.php +++ b/mod/glossary/edit.php @@ -29,6 +29,10 @@ if ( isguest() ) { if (! $glossary = get_record("glossary", "id", $cm->instance)) { error("Course module is incorrect"); } + +if (!$glossary->studentcanpost && !isteacher($glossary->course)) { + error("You can't add/edit entries to this glossary!"); +} if ( $confirm ) { $form = data_submitted(); if ( !isset($form->usedynalink) ) { diff --git a/mod/glossary/lib.php b/mod/glossary/lib.php index 4b1b417b55..d676416931 100644 --- a/mod/glossary/lib.php +++ b/mod/glossary/lib.php @@ -690,7 +690,7 @@ function glossary_print_entry_icons($course, $cm, $glossary, $entry,$mode="",$ho $return .= " id&eid=$entry->id\"> "; } - if ($isteacher or $glossary->studentcanpost and $entry->userid == $USER->id) { + if ($isteacher or ($glossary->studentcanpost and $entry->userid == $USER->id)) { // only teachers can export entries so check it out if ($isteacher and !$ismainglossary and !$importedentry) { $mainglossary = get_record("glossary","mainglossary",1,"course",$course->id); -- 2.39.5