SCORM MDL-25850 - check for viewscores cap before adding score to toc

diff --git a/mod/scorm/datamodels/aicclib.php b/mod/scorm/datamodels/aicclib.php
index b2f55a8..0badfef 100644 (file)
--- a/mod/scorm/datamodels/aicclib.php
+++ b/mod/scorm/datamodels/aicclib.php
@@ -330,7 +330,7 @@ function scorm_parse_aicc($scorm) {
     return true;
 }
 
-function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
+function scorm_get_toc($user,$scorm,$cmid,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
     global $CFG, $DB, $PAGE, $OUTPUT;
 
     $modestr = '';
@@ -464,7 +464,7 @@ function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',
                                 $scoid = $sco->id;
                             }
                         }
-                        if ($usertrack->score_raw != '') {
+                        if ($usertrack->score_raw != '' && has_capability('mod/scorm:viewscores', get_context_instance(CONTEXT_MODULE,$cmid))) {
                             $score = '('.get_string('score','scorm').': '.$usertrack->score_raw.')';
                         }
                         $strsuspended = get_string('suspended','scorm');

diff --git a/mod/scorm/datamodels/scorm_12lib.php b/mod/scorm/datamodels/scorm_12lib.php
index b8ac6f2..4319dca 100644 (file)
--- a/mod/scorm/datamodels/scorm_12lib.php
+++ b/mod/scorm/datamodels/scorm_12lib.php
@@ -106,7 +106,7 @@ function scorm_eval_prerequisites($prerequisites, $usertracks) {
     return eval('return '.implode($stack).';');
 }
 
-function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
+function scorm_get_toc($user,$scorm,$cmid,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
     global $CFG, $DB, $PAGE, $OUTPUT;
 
     $modestr = '';
@@ -239,7 +239,7 @@ function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',
                                 $scoid = $sco->id;
                             }
                         }
-                        if ($usertrack->score_raw != '') {
+                        if ($usertrack->score_raw != '' && has_capability('mod/scorm:viewscores', get_context_instance(CONTEXT_MODULE,$cmid))) {
                             $score = '('.get_string('score','scorm').': '.$usertrack->score_raw.')';
                         }
                         $strsuspended = get_string('suspended','scorm');

diff --git a/mod/scorm/datamodels/scorm_13lib.php b/mod/scorm/datamodels/scorm_13lib.php
index 496d541..3630285 100644 (file)
--- a/mod/scorm/datamodels/scorm_13lib.php
+++ b/mod/scorm/datamodels/scorm_13lib.php
@@ -1,6 +1,6 @@
 <?php
 
-function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
+function scorm_get_toc($user,$scorm,$cmid,$toclink=TOCJSLINK,$currentorg='',$scoid='',$mode='normal',$attempt='',$play=false, $tocheader=false) {
     global $CFG, $DB, $PAGE, $OUTPUT;
 
     $modestr = '';
@@ -132,7 +132,7 @@ function scorm_get_toc($user,$scorm,$toclink=TOCJSLINK,$currentorg='',$scoid='',
                                 $scoid = $sco->id;
                             }
                         }
-                        if ($usertrack->score_raw != '') {
+                        if ($usertrack->score_raw != '' && has_capability('mod/scorm:viewscores', get_context_instance(CONTEXT_MODULE,$cmid))) {
                             $score = '('.get_string('score','scorm').':&nbsp;'.$usertrack->score_raw.')';
                         }
                         $strsuspended = get_string('suspended','scorm');

diff --git a/mod/scorm/locallib.php b/mod/scorm/locallib.php
index a426eea..f56005a 100755 (executable)
--- a/mod/scorm/locallib.php
+++ b/mod/scorm/locallib.php
@@ -749,7 +749,7 @@ function scorm_view_display ($user, $scorm, $action, $cm) {
     }
     require_once($CFG->dirroot.'/mod/scorm/datamodels/'.$scorm->version.'lib.php');
 
-    $result = scorm_get_toc($user,$scorm,TOCFULLURL,$orgidentifier);
+    $result = scorm_get_toc($user,$scorm,$cm->id,TOCFULLURL,$orgidentifier);
     $incomplete = $result->incomplete;
 
     // do we want the TOC to be displayed?

diff --git a/mod/scorm/player.php b/mod/scorm/player.php
index e7b97c7..ef16ea9 100755 (executable)
--- a/mod/scorm/player.php
+++ b/mod/scorm/player.php
@@ -106,7 +106,7 @@
     }
     $attemptstr = '&attempt=' . $attempt;
 
-    $result = scorm_get_toc($USER, $scorm, TOCJSLINK, $currentorg, $scoid, $mode, $attempt, true, true);
+    $result = scorm_get_toc($USER, $scorm, $cm->id, TOCJSLINK, $currentorg, $scoid, $mode, $attempt, true, true);
     $sco = $result->sco;
 
     if (($mode == 'browse') && ($scorm->hidebrowse == 1)) {

diff --git a/mod/scorm/prereqs.php b/mod/scorm/prereqs.php
index 3c84e6e..be5c0ca 100644 (file)
--- a/mod/scorm/prereqs.php
+++ b/mod/scorm/prereqs.php
@@ -52,7 +52,7 @@
         $result = true;
         $request = null;
         if (has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE,$cm->id))) {
-            $result = scorm_get_toc($USER,$scorm,TOCJSLINK,$currentorg,$scoid,$mode,$attempt,true, false);
+            $result = scorm_get_toc($USER,$scorm,$cm->id,TOCJSLINK,$currentorg,$scoid,$mode,$attempt,true, false);
             echo $result->toc;
         }
     }