From 5b36bcba00b84fd06b89fae6b2f280df84f47a30 Mon Sep 17 00:00:00 2001 From: skodak Date: Mon, 27 Apr 2009 08:51:22 +0000 Subject: [PATCH] MDL-18985 improved group access control in gradebook exports --- grade/export/ods/export.php | 5 +++++ grade/export/txt/export.php | 5 +++++ grade/export/xls/export.php | 5 +++++ grade/export/xml/export.php | 5 +++++ lang/en_utf8/grades.php | 1 + 5 files changed, 21 insertions(+) diff --git a/grade/export/ods/export.php b/grade/export/ods/export.php index 1a170f1885..372fc108c2 100755 --- a/grade/export/ods/export.php +++ b/grade/export/ods/export.php @@ -45,6 +45,11 @@ $context = get_context_instance(CONTEXT_COURSE, $id); require_capability('moodle/grade:export', $context); require_capability('gradeexport/ods:view', $context); +if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { + if (!groups_is_member($groupid, $USER->id)) { + print_error('cannotaccessgroup', 'grades'); + } +} // print all the exported data here $export = new grade_export_ods($course, $groupid, $itemids, $export_feedback, $updatedgradesonly, $displaytype, $decimalpoints); diff --git a/grade/export/txt/export.php b/grade/export/txt/export.php index dad8713d7d..1f630d8d4e 100755 --- a/grade/export/txt/export.php +++ b/grade/export/txt/export.php @@ -46,6 +46,11 @@ $context = get_context_instance(CONTEXT_COURSE, $id); require_capability('moodle/grade:export', $context); require_capability('gradeexport/txt:view', $context); +if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { + if (!groups_is_member($groupid, $USER->id)) { + print_error('cannotaccessgroup', 'grades'); + } +} // print all the exported data here $export = new grade_export_txt($course, $groupid, $itemids, $export_feedback, $updatedgradesonly, $displaytype, $decimalpoints, $separator); diff --git a/grade/export/xls/export.php b/grade/export/xls/export.php index 86f03daa4d..c9b07b131b 100755 --- a/grade/export/xls/export.php +++ b/grade/export/xls/export.php @@ -45,6 +45,11 @@ $context = get_context_instance(CONTEXT_COURSE, $id); require_capability('moodle/grade:export', $context); require_capability('gradeexport/xls:view', $context); +if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { + if (!groups_is_member($groupid, $USER->id)) { + print_error('cannotaccessgroup', 'grades'); + } +} // print all the exported data here $export = new grade_export_xls($course, $groupid, $itemids, $export_feedback, $updatedgradesonly, $displaytype, $decimalpoints); diff --git a/grade/export/xml/export.php b/grade/export/xml/export.php index 4f54cce807..751c0941d2 100755 --- a/grade/export/xml/export.php +++ b/grade/export/xml/export.php @@ -45,6 +45,11 @@ $context = get_context_instance(CONTEXT_COURSE, $id); require_capability('moodle/grade:export', $context); require_capability('gradeexport/xml:view', $context); +if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { + if (!groups_is_member($groupid, $USER->id)) { + print_error('cannotaccessgroup', 'grades'); + } +} // print all the exported data here $export = new grade_export_xml($course, $groupid, $itemids, $export_feedback, $updatedgradesonly, $displaytype, $decimalpoints); diff --git a/lang/en_utf8/grades.php b/lang/en_utf8/grades.php index 61ab1b85c4..b3207d5e1c 100644 --- a/lang/en_utf8/grades.php +++ b/lang/en_utf8/grades.php @@ -62,6 +62,7 @@ $string['calculationadd'] = 'Add calculation'; $string['calculationedit'] = 'Edit calculation'; $string['calculationview'] = 'View calculation'; $string['calculationsaved'] = 'Calculation saved'; +$string['cannotaccessgroup'] = 'Can not access grades of selected group, sorry.'; $string['categories'] = 'Categories'; $string['categoriesanditems'] = 'Categories and items'; $string['categoriesedit'] = 'Edit categories and items'; -- 2.39.5