MDL-59195 assignsubmission_comments: fix permission checks
[moodle.git] / mod / assign / submission / comments / lib.php
CommitLineData
a084ac0d 1<?php
bbd0e548
DW
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * This file contains the moodle hooks for the submission comments plugin
19 *
20 * @package assignsubmission_comments
21 * @copyright 2012 NetSpot {@link http://www.netspot.com.au}
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24defined('MOODLE_INTERNAL') || die();
25
26/**
27 *
28 * Callback method for data validation---- required method for AJAXmoodle based comment API
29 *
30 * @param stdClass $options
31 * @return bool
32 */
33function assignsubmission_comments_comment_validate(stdClass $options) {
e00b5c45
DW
34 global $USER, $CFG, $DB;
35
36 if ($options->commentarea != 'submission_comments' &&
37 $options->commentarea != 'submission_comments_upgrade') {
38 throw new comment_exception('invalidcommentarea');
39 }
40 if (!$submission = $DB->get_record('assign_submission', array('id'=>$options->itemid))) {
41 throw new comment_exception('invalidcommentitemid');
42 }
43 $context = $options->context;
44
45 require_once($CFG->dirroot . '/mod/assign/locallib.php');
46 $assignment = new assign($context, null, null);
47
48 if ($assignment->get_instance()->id != $submission->assignment) {
49 throw new comment_exception('invalidcontext');
50 }
bbd0e548
DW
51
52 return true;
53}
54
55/**
56 * Permission control method for submission plugin ---- required method for AJAXmoodle based comment API
57 *
58 * @param stdClass $options
59 * @return array
60 */
61function assignsubmission_comments_comment_permissions(stdClass $options) {
e00b5c45
DW
62 global $USER, $CFG, $DB;
63
64 if ($options->commentarea != 'submission_comments' &&
65 $options->commentarea != 'submission_comments_upgrade') {
66 throw new comment_exception('invalidcommentarea');
67 }
68 if (!$submission = $DB->get_record('assign_submission', array('id'=>$options->itemid))) {
69 throw new comment_exception('invalidcommentitemid');
70 }
71 $context = $options->context;
72
73 require_once($CFG->dirroot . '/mod/assign/locallib.php');
74 $assignment = new assign($context, null, null);
75
76 if ($assignment->get_instance()->id != $submission->assignment) {
77 throw new comment_exception('invalidcontext');
78 }
3e1b63f1
DW
79
80 if ($assignment->get_instance()->teamsubmission &&
81 !$assignment->can_view_group_submission($submission->groupid)) {
82 return array('post' => false, 'view' => false);
83 }
84
85 if (!$assignment->get_instance()->teamsubmission &&
86 !$assignment->can_view_submission($submission->userid)) {
87 return array('post' => false, 'view' => false);
e00b5c45 88 }
bbd0e548
DW
89
90 return array('post' => true, 'view' => true);
91}
92
03995800
SC
93/**
94 * Callback called by comment::get_comments() and comment::add(). Gives an opportunity to enforce blind-marking.
95 *
96 * @param array $comments
97 * @param stdClass $options
98 * @return array
99 * @throws comment_exception
100 */
101function assignsubmission_comments_comment_display($comments, $options) {
29e2fecb 102 global $CFG, $DB, $USER;
03995800
SC
103
104 if ($options->commentarea != 'submission_comments' &&
105 $options->commentarea != 'submission_comments_upgrade') {
106 throw new comment_exception('invalidcommentarea');
107 }
108 if (!$submission = $DB->get_record('assign_submission', array('id'=>$options->itemid))) {
109 throw new comment_exception('invalidcommentitemid');
110 }
111 $context = $options->context;
112 $cm = $options->cm;
113 $course = $options->courseid;
114
115 require_once($CFG->dirroot . '/mod/assign/locallib.php');
116 $assignment = new assign($context, $cm, $course);
117
118 if ($assignment->get_instance()->id != $submission->assignment) {
119 throw new comment_exception('invalidcontext');
120 }
121
122 if ($assignment->is_blind_marking() && !empty($comments)) {
123 // Blind marking is being used, may need to map unique anonymous ids to the comments.
124 $usermappings = array();
03995800
SC
125 $guestuser = guest_user();
126
c802d23d
AG
127 // Check group users first.
128 $userinteam = false;
129 if ($assignment->get_instance()->teamsubmission && has_capability('mod/assign:submit', $context)) {
130 $assignment->set_course(get_course($course));
131 $userinteam = $assignment->can_edit_group_submission($submission->groupid);
132 }
133
03995800 134 foreach ($comments as $comment) {
c802d23d
AG
135
136 if (has_capability('mod/assign:viewblinddetails', $context) && $USER->id != $comment->userid) {
29e2fecb 137 $anonid = $assignment->get_uniqueid_for_user($comment->userid);
c802d23d
AG
138 // Show participant information and the user's full name to users with the view blind details capability.
139 $a = new stdClass();
140 $a->participantnumber = $anonid;
141 $a->participantfullname = $comment->fullname;
142 $comment->fullname = get_string('blindmarkingviewfullname', 'assignsubmission_comments', $a);
143 } else if ($USER->id == $comment->userid || $submission->userid == $USER->id || $userinteam) { //@codingStandardsIgnoreLine
144 // Do not anonymize the user details for this comment.
145 } else {
146 // Anonymize the comments.
147 if (empty($usermappings[$comment->userid])) {
148 $anonid = $assignment->get_uniqueid_for_user($comment->userid);
149 // The blind-marking information for this commenter has not been generated; do so now.
150 $commenter = new stdClass();
151 $commenter->firstname = get_string('blindmarkingname', 'assignsubmission_comments', $anonid);
152 $commenter->lastname = '';
153 $commenter->firstnamephonetic = '';
154 $commenter->lastnamephonetic = '';
155 $commenter->middlename = '';
156 $commenter->alternatename = '';
157 $commenter->picture = 0;
158 $commenter->id = $guestuser->id;
159 $commenter->email = $guestuser->email;
160 $commenter->imagealt = $guestuser->imagealt;
161
162 // Temporarily store blind-marking information for use in later comments if necessary.
163 $usermappings[$comment->userid] = new stdClass();
164 $usermappings[$comment->userid]->fullname = fullname($commenter);
165 $usermappings[$comment->userid]->avatar = $assignment->get_renderer()->user_picture($commenter,
166 array('size' => 18, 'link' => false));
167 }
168
169 // Set blind-marking information for this comment.
170 $comment->fullname = $usermappings[$comment->userid]->fullname;
171 $comment->avatar = $usermappings[$comment->userid]->avatar;
172 $comment->profileurl = null;
03995800
SC
173 }
174 }
175 }
176
177 return $comments;
178}
179
bbd0e548
DW
180/**
181 * Callback to force the userid for all comments to be the userid of the submission and NOT the global $USER->id. This
182 * is required by the upgrade code. Note the comment area is used to identify upgrades.
183 *
184 * @param stdClass $comment
185 * @param stdClass $param
186 */
187function assignsubmission_comments_comment_add(stdClass $comment, stdClass $param) {
188
189 global $DB;
190 if ($comment->commentarea == 'submission_comments_upgrade') {
191 $submissionid = $comment->itemid;
192 $submission = $DB->get_record('assign_submission', array('id' => $submissionid));
193
194 $comment->userid = $submission->userid;
195 $comment->commentarea = 'submission_comments';
196 }
197}
198