From 9950c88ff9efce4a294d661d9ba928cbfcd4c7ec Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Thu, 1 Oct 2009 09:58:08 +0000
Subject: [PATCH] MDL-20385 better access control checks for frontpage
 activities; merged from MOODLE_19_STABLE

---
 lib/moodlelib.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 013273660e..e281cad95c 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2368,9 +2368,18 @@ function require_course_login($courseorid, $autologinguest=true, $cm=null, $setw
 
     } else if ((is_object($courseorid) and $courseorid->id == SITEID)
           or (!is_object($courseorid) and $courseorid == SITEID)) {
-        //login for SITE not required
-        user_accesstime_log(SITEID);
-        return;
+              //login for SITE not required
+        if ($cm and empty($cm->visible)) {
+            // hidden activities are not accessible without login
+            require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
+        } else if ($cm and !empty($CFG->enablegroupings) and $cm->groupmembersonly) {
+            // not-logged-in users do not have any group membership
+            require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
+        } else {
+            //TODO: verify conditional activities here
+            user_accesstime_log(SITEID);
+            return;
+        }
 
     } else {
         // course login always required
-- 
2.39.5