From ff1dc0465b3acd6aef62c5b621fbbd94a3dfac02 Mon Sep 17 00:00:00 2001 From: moodler Date: Fri, 7 Apr 2006 14:54:52 +0000 Subject: [PATCH] Merged fixes for forum_user_can_view_post from stable --- mod/forum/discuss.php | 5 ++--- mod/forum/lib.php | 42 ++++++++++++++---------------------------- 2 files changed, 16 insertions(+), 31 deletions(-) diff --git a/mod/forum/discuss.php b/mod/forum/discuss.php index 9061b61734..d0b83b259a 100644 --- a/mod/forum/discuss.php +++ b/mod/forum/discuss.php @@ -103,9 +103,8 @@ $navtail = format_string($discussion->name); } - //check if user can view this post - if (!forum_user_can_view_post($parent,$course)){ - error('You do not have permissions to view this post'); + if (!forum_user_can_view_post($parent, $course, $cm, $forum, $discussion)) { + error('You do not have permissions to view this post', "$CFG->wwwroot/mod/forum/view.php?f=$forum->id"); } if (! $post = forum_get_post_full($parent)) { diff --git a/mod/forum/lib.php b/mod/forum/lib.php index 96ef8c57a5..e46fa095da 100644 --- a/mod/forum/lib.php +++ b/mod/forum/lib.php @@ -2742,7 +2742,7 @@ function forum_user_can_post($forum, $user=NULL) { } //checks to see if a user can view a particular post -function forum_user_can_view_post($post, $course, $user=NULL){ +function forum_user_can_view_post($post, $course, $cm, $forum, $discussion, $user=NULL){ global $CFG, $USER; @@ -2750,43 +2750,29 @@ function forum_user_can_view_post($post, $course, $user=NULL){ $user = $USER; } - $SQL = 'SELECT f.id, f.type, fd.course, fd.groupid FROM '. - $CFG->prefix.'forum_posts fp, '. - $CFG->prefix.'forum_discussions fd, '. - $CFG->prefix.'forum f - WHERE fp.id = '.$post.' - AND fp.discussion = fd.id - AND fd.forum = f.id'; - - $forumcourse = get_record_sql($SQL); - if (isteacheredit($forumcourse->course)){ - return true; //if is editting teacher, you can see all post for this course + if (isteacheredit($course->id)) { + return true; } - if ($forumcourse->type == 'teacher'){ //teacher type forum - return isteacher($forumcourse->course); + if ($forum->type == 'teacher'){ //teacher type forum + return isteacher($course->id); } - //first of all, the user must be in this course - if (!(isstudent($forumcourse->course) or - isteacher($forumcourse->course) or +/// Make sure the user is allowed in the course + if (!(isstudent($course->id) or + isteacher($course->id) or ($course->id == SITEID && !$CFG->forcelogin) or (isguest() && $course->guest) )){ return false; } - if (! $cm = get_coursemodule_from_instance('forum', $forumcourse->id, $forumcourse->course)) { - return false; - } - - //if a group is specified, and the forum is in SPG mode - if (($forumcourse->groupid != -1) and ($cm->groupmode == SEPARATEGROUPS)){ - //check membership - return ismember($forumcourse->groupid); - } - else { //if visiblegorups or no groups, - return true; +/// If it's a grouped discussion, make sure the user is a member + if ($discussion->groupid > 0) { + if ($cm->groupmode == SEPARATEGROUPS) { + return ismember($discussion->groupid); + } } + return true; } function forum_user_can_see_discussion($forum,$discussion,$user=NULL) { -- 2.39.5