This change adds a function to the assign class to allow the permissions for a group submission
to be checked and updates all the submission plugins to call it.
return false;
}
+ /**
+ * Perform an access check to see if the current $USER can view this group submission.
+ *
+ * @param int $groupid
+ * @return bool
+ */
+ public function can_view_group_submission($groupid) {
+ global $USER;
+
+ if (!is_enrolled($this->get_course_context(), $USER->id)) {
+ return false;
+ }
+ if (has_capability('mod/assign:grade', $this->context)) {
+ return true;
+ }
+ $members = $this->get_submission_group_members($groupid, true);
+ foreach ($members as $member) {
+ if ($member->id == $USER->id) {
+ return true;
+ }
+ }
+ return false;
+ }
+
/**
* Perform an access check to see if the current $USER can view this users submission.
*
if ($assignment->get_instance()->id != $submission->assignment) {
throw new comment_exception('invalidcontext');
}
- if (!has_capability('mod/assign:grade', $context)) {
- if (!has_capability('mod/assign:submit', $context)) {
- return array('post' => false, 'view' => false);
- } else if ($assignment->get_instance()->teamsubmission) {
- $group = $assignment->get_submission_group($USER->id);
- $groupid = 0;
- if ($group) {
- $groupid = $group->id;
- }
- if ($groupid != $submission->groupid) {
- return array('post' => false, 'view' => false);
- }
- } else if ($submission->userid != $USER->id) {
- return array('post' => false, 'view' => false);
- }
+
+ if ($assignment->get_instance()->teamsubmission &&
+ !$assignment->can_view_group_submission($submission->groupid)) {
+ return array('post' => false, 'view' => false);
+ }
+
+ if (!$assignment->get_instance()->teamsubmission &&
+ !$assignment->can_view_submission($submission->userid)) {
+ return array('post' => false, 'view' => false);
}
return array('post' => true, 'view' => true);
$filearea,
$args,
$forcedownload) {
- global $USER, $DB;
+ global $DB, $CFG;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
$itemid = (int)array_shift($args);
$record = $DB->get_record('assign_submission',
array('id'=>$itemid),
- 'userid, assignment',
+ 'userid, assignment, groupid',
MUST_EXIST);
$userid = $record->userid;
+ $groupid = $record->groupid;
- if (!$assign = $DB->get_record('assign', array('id'=>$cm->instance))) {
+ require_once($CFG->dirroot . '/mod/assign/locallib.php');
+
+ $assign = new assign($context, $cm, $course);
+
+ if ($assign->get_instance()->id != $record->assignment) {
return false;
}
- if ($assign->id != $record->assignment) {
+ if ($assign->get_instance()->teamsubmission &&
+ !$assign->can_view_group_submission($groupid)) {
return false;
}
- // Check if this is the current users submission or the user has grading permission.
- if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) {
+ if (!$assign->get_instance()->teamsubmission &&
+ !$assign->can_view_submission($userid)) {
return false;
}
$fullpath = "/{$context->id}/assignsubmission_file/$filearea/$itemid/$relativepath";
$fs = get_file_storage();
- if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
+ if (!($file = $fs->get_file_by_hash(sha1($fullpath))) || $file->is_directory()) {
return false;
}
* @return bool false if file not found, does not return if found - just send the file
*/
function assignsubmission_onlinetext_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) {
- global $USER, $DB;
+ global $DB, $CFG;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
require_login($course, false, $cm);
$itemid = (int)array_shift($args);
- $record = $DB->get_record('assign_submission', array('id'=>$itemid), 'userid, assignment', MUST_EXIST);
+ $record = $DB->get_record('assign_submission',
+ array('id'=>$itemid),
+ 'userid, assignment, groupid',
+ MUST_EXIST);
$userid = $record->userid;
+ $groupid = $record->groupid;
- if (!$assign = $DB->get_record('assign', array('id'=>$cm->instance))) {
+ require_once($CFG->dirroot . '/mod/assign/locallib.php');
+
+ $assign = new assign($context, $cm, $course);
+
+ if ($assign->get_instance()->id != $record->assignment) {
return false;
}
- if ($assign->id != $record->assignment) {
+ if ($assign->get_instance()->teamsubmission &&
+ !$assign->can_view_group_submission($groupid)) {
return false;
}
- // Check is users submission or has grading permission.
- if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) {
+ if (!$assign->get_instance()->teamsubmission &&
+ !$assign->can_view_submission($userid)) {
return false;
}
$fullpath = "/{$context->id}/assignsubmission_onlinetext/$filearea/$itemid/$relativepath";
$fs = get_file_storage();
- if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
+ if (!($file = $fs->get_file_by_hash(sha1($fullpath))) || $file->is_directory()) {
return false;
}