Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-6477

Convert lesson to use new roles framework - patch attached

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.7
    • Component/s: Lesson
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE

      Description

      Could you please review/test the attached patch.

      thanks

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            bushido Mark Nielsen added a comment -

            I made some changes to the patched code but I don't know how to create a patch from the CVS like the one that you made. Also, when I applied the patch, it placed access.php in mod/lesson instead of mod/lesson/db. I might have done something wrong though.

            Also, while I was reviewing the code, I found a tremendous flaw. The essay editing interface never checks the role of the user. This means that when any user goes into a lesson and adds "&action=essayview" to the URL, then s/he can start grading essay questions. This problem goes all the way back to Moodle 1.5.3.

            I have a patch for fixing the problem. This is what the diff looks like off of MOODLE_16_STABLE:

            Index: view.php
            ===================================================================
            RCS file: /cvsroot/moodle/moodle/mod/lesson/view.php,v
            retrieving revision 1.91.2.5
            diff -u -r1.91.2.5 view.php
            — view.php 10 Aug 2006 15:30:57 -0000 1.91.2.5
            +++ view.php 7 Sep 2006 21:34:29 -0000
            @@ -28,6 +28,17 @@

            require_login($course->id, false, $cm);

            + switch ($action) {
            + case 'essayview':
            + case 'essaygrade':
            + case 'updategrade':
            + case 'emailessay':
            + if (!isteacheredit($course->id))

            { + error('You must be a teacher with editing rights to view this page'); + }

            + break;
            + }
            +
            /// Print the page header

            if ($course->category) {

            Let me know if I should commit it or if any other action on my part is necessary.

            Show
            bushido Mark Nielsen added a comment - I made some changes to the patched code but I don't know how to create a patch from the CVS like the one that you made. Also, when I applied the patch, it placed access.php in mod/lesson instead of mod/lesson/db. I might have done something wrong though. Also, while I was reviewing the code, I found a tremendous flaw. The essay editing interface never checks the role of the user. This means that when any user goes into a lesson and adds "&action=essayview" to the URL, then s/he can start grading essay questions. This problem goes all the way back to Moodle 1.5.3. I have a patch for fixing the problem. This is what the diff looks like off of MOODLE_16_STABLE: Index: view.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/lesson/view.php,v retrieving revision 1.91.2.5 diff -u -r1.91.2.5 view.php — view.php 10 Aug 2006 15:30:57 -0000 1.91.2.5 +++ view.php 7 Sep 2006 21:34:29 -0000 @@ -28,6 +28,17 @@ require_login($course->id, false, $cm); + switch ($action) { + case 'essayview': + case 'essaygrade': + case 'updategrade': + case 'emailessay': + if (!isteacheredit($course->id)) { + error('You must be a teacher with editing rights to view this page'); + } + break; + } + /// Print the page header if ($course->category) { Let me know if I should commit it or if any other action on my part is necessary.
            Hide
            skodak Petr Skoda added a comment -

            Hi!

            thanks for the review. Please commit all changes into CVS. If you want to make any changes in 1.6.1+ please hurry, the 1.6.2 release is going to be tagged tomorrow morning.

            I do not know what might be the problem with creation of access.php, the correct placement is db. I am using phpeclipse IDE to create the patches, what cvs client and editor are you using?

            Show
            skodak Petr Skoda added a comment - Hi! thanks for the review. Please commit all changes into CVS. If you want to make any changes in 1.6.1+ please hurry, the 1.6.2 release is going to be tagged tomorrow morning. I do not know what might be the problem with creation of access.php, the correct placement is db. I am using phpeclipse IDE to create the patches, what cvs client and editor are you using?
            Hide
            skodak Petr Skoda added a comment -

            ... in fact it is today - friday morning GMT I guess

            Show
            skodak Petr Skoda added a comment - ... in fact it is today - friday morning GMT I guess
            Hide
            bushido Mark Nielsen added a comment -

            > ... in fact it is today - friday morning GMT I guess

            Just added it to MOODLE_16_STABLE. Am I too late?

            I use the Mac OS X Terminal with command line for CVS and TextMate for my editor.

            Show
            bushido Mark Nielsen added a comment - > ... in fact it is today - friday morning GMT I guess Just added it to MOODLE_16_STABLE. Am I too late? I use the Mac OS X Terminal with command line for CVS and TextMate for my editor.
            Hide
            bushido Mark Nielsen added a comment -

            Commited the roles code into HEAD.

            Show
            bushido Mark Nielsen added a comment - Commited the roles code into HEAD.

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  7/Nov/06