From a1d0b3eb81967b242793b83966236c80eb1cafdc Mon Sep 17 00:00:00 2001 From: mark-nielsen Date: Mon, 15 May 2006 19:14:22 +0000 Subject: [PATCH] [BugFix] Bug 5505 - function lesson_print_tree now checks for teacher editing priv before printing editing icons. Had to change arguments for this function as well which is the edit in view.php. lesson.php how checks for teacher editing priv for all actions except for continue. This is just in case the user hacks the URL. --- mod/lesson/lesson.php | 7 +++++++ mod/lesson/locallib.php | 31 ++++++++++++++++--------------- mod/lesson/view.php | 2 +- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/mod/lesson/lesson.php b/mod/lesson/lesson.php index 5b7e4c1ca8..dac80ef47a 100644 --- a/mod/lesson/lesson.php +++ b/mod/lesson/lesson.php @@ -40,6 +40,13 @@ require_login($course->id); + if ($action != 'continue') { + // All pages except for continue.php require teacher editing privs + if (!isteacheredit($lesson->course)) { + error('You must be a teacher with editing privileges to access this page.'); + } + } + // set up some general variables $usehtmleditor = can_use_html_editor(); diff --git a/mod/lesson/locallib.php b/mod/lesson/locallib.php index e7dfb4c683..ae80f14530 100644 --- a/mod/lesson/locallib.php +++ b/mod/lesson/locallib.php @@ -1132,18 +1132,18 @@ function lesson_print_tree_link_menu($page, $id, $showpages=false) { * next to the links. * * @uses $USER + * @uses $CFG * @param int $pageid Page id of the first page of the lesson. - * @param int $lessonid Id of the lesson. + * @param object $lesson Object of the current lesson. * @param int $cmid The course module id of the lesson. * @param string $pixpath Path to the pictures. - * @todo $pageid does not need to be passed. Can be found in the function. $pixpath is just - * $CFG->pixpath. So $CFG should be declaired globally and be used instead of passed. + * @todo $pageid does not need to be passed. Can be found in the function. * This function is only called once. It should be removed and the code inside it moved to view.php */ -function lesson_print_tree($pageid, $lessonid, $cmid, $pixpath) { - global $USER; +function lesson_print_tree($pageid, $lesson, $cmid) { + global $USER, $CFG; - if(!$pages = get_records_select("lesson_pages", "lessonid = $lessonid")) { + if(!$pages = get_records_select("lesson_pages", "lessonid = $lesson->id")) { error("Error: could not find lesson pages"); } echo ""; @@ -1154,7 +1154,7 @@ function lesson_print_tree($pageid, $lessonid, $cmid, $pixpath) { } else { $output = "id."\">".format_string($pages[$pageid]->title,true)."\n"; - if($answers = get_records_select("lesson_answers", "lessonid = $lessonid and pageid = $pageid")) { + if($answers = get_records_select("lesson_answers", "lessonid = $lesson->id and pageid = $pageid")) { $output .= "Jumps to: "; $end = end($answers); foreach ($answers as $answer) { @@ -1185,15 +1185,16 @@ function lesson_print_tree($pageid, $lessonid, $cmid, $pixpath) { } echo $output; - if (count($pages) > 1) { - echo "id."\">\n". - "\"move\"\n"; + if (isteacheredit($lesson->course)) { + if (count($pages) > 1) { + echo "id."\">\n". + "pixpath/t/move.gif\" hspace=\"2\" height=11 width=11 alt=\"move\" border=0>\n"; + } + echo "id."\">\n". + "pixpath/t/edit.gif\" hspace=\"2\" height=11 width=11 alt=\"edit\" border=0>\n". + "sesskey."&action=confirmdelete&pageid=".$pages[$pageid]->id."\">\n". + "pixpath/t/delete.gif\" hspace=\"2\" height=11 width=11 alt=\"delete\" border=0>\n"; } - echo "id."\">\n". - "\"edit\"\n". - "sesskey."&action=confirmdelete&pageid=".$pages[$pageid]->id."\">\n". - "\"delete\"\n"; - echo ""; $pageid = $pages[$pageid]->nextpageid; } diff --git a/mod/lesson/view.php b/mod/lesson/view.php index b7e2755a74..df244a495c 100644 --- a/mod/lesson/view.php +++ b/mod/lesson/view.php @@ -1288,7 +1288,7 @@ if($collapsed and !$display) { echo "
\n"; echo "
\n"; - lesson_print_tree($page->id, $lesson->id, $cm->id, $CFG->pixpath); + lesson_print_tree($page->id, $lesson, $cm->id); echo "
\n"; echo "\n"; } else { -- 2.39.5