From dc3ca94c92aebbb615aadd60d0d569ab54aad9e1 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Tue, 7 Aug 2007 21:26:59 +0000
Subject: [PATCH] added group access checks in grade edit form

---
 grade/edit/tree/grade.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/grade/edit/tree/grade.php b/grade/edit/tree/grade.php
index d9f4a27254..cc70faee91 100644
--- a/grade/edit/tree/grade.php
+++ b/grade/edit/tree/grade.php
@@ -49,6 +49,22 @@ if (!$grade_item = grade_item::fetch(array('id'=>$itemid, 'courseid'=>$courseid)
     error('Can not find grade_item');
 }
 
+// now verify grading user has access to all groups or is member of the same group when separate groups used in course
+if (groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
+    if ($groups = user_group($COURSE->id, $userid)) {
+        $ok = false;
+        foreach ($groups as $group) {
+            if (groups_is_member($group->id, $USER->id)) {
+                $ok = true;
+            }
+        }
+        if (!$ok) {
+            error('Can not grade this user');
+        }
+    } else {
+        error('Can not grade this user');
+    }
+}
 
 $mform = new edit_grade_form(null, array('grade_item'=>$grade_item, 'gpr'=>$gpr));
 
-- 
2.39.5