MDL-59248 mod_workshop: Fix permissions checks
authorJuan Leyva <juanleyvadelgado@gmail.com>
Wed, 4 Oct 2017 14:37:00 +0000 (16:37 +0200)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Wed, 4 Oct 2017 18:15:14 +0000 (20:15 +0200)
mod/workshop/classes/external.php
mod/workshop/tests/external_test.php

index e79bef4..56bf244 100644 (file)
@@ -1230,8 +1230,8 @@ class mod_workshop_external extends external_api {
         $submission = $DB->get_record('workshop_submissions', array('id' => $assessment->submissionid), '*', MUST_EXIST);
         list($workshop, $course, $cm, $context) = self::validate_workshop($submission->workshopid);
 
-        // Check we can edit the assessment (so we can get the form data).
-        $workshop->check_edit_assessment($assessment, $submission);
+        // Check we can view the assessment (so we can get the form data).
+        $workshop->check_view_assessment($assessment, $submission);
 
         $cansetassessmentweight = has_capability('mod/workshop:allocate', $context);
         $pending = $workshop->get_pending_assessments_by_reviewer($assessment->reviewerid, $assessment->id);
index fa43ebc..f259963 100644 (file)
@@ -1329,9 +1329,11 @@ class mod_workshop_external_testcase extends externallib_advanced_testcase {
 
         // Switch to assessment phase.
         $DB->set_field('workshop', 'phase', workshop::PHASE_ASSESSMENT, array('id' => $this->workshop->id));
+        // Teachers need to be able to view assessments.
         $this->setUser($this->teacher);
-        $this->setExpectedException('moodle_exception');
-        mod_workshop_external::get_assessment_form_definition($assessmentid);   // Teachers can't add/edit assessments.
+        $result = mod_workshop_external::get_assessment_form_definition($assessmentid);
+        $result = external_api::clean_returnvalue(mod_workshop_external::get_assessment_form_definition_returns(), $result);
+        $this->assertEquals(4, $result['dimenssionscount']);
     }
 
     /**
@@ -1345,9 +1347,11 @@ class mod_workshop_external_testcase extends externallib_advanced_testcase {
 
         $workshop = new workshop($this->workshop, $this->cm, $this->course);
         $submission = $workshop->get_submission_by_id($submissionid);
-        $assessmentid = $workshop->add_allocation($submission, $this->student->id);
+        $assessmentid = $workshop->add_allocation($submission, $this->anotherstudentg1->id);
 
+        $DB->set_field('workshop', 'phase', workshop::PHASE_EVALUATION, array('id' => $this->workshop->id));
         $this->setUser($this->student);
+        // Since we are not reviewers we can't see the assessment until the workshop is closed.
         $this->setExpectedException('moodle_exception');
         mod_workshop_external::get_assessment_form_definition($assessmentid);
     }