Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-6477

Convert lesson to use new roles framework - patch attached

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.7
    • Component/s: Lesson
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE

      Description

      Could you please review/test the attached patch.

      thanks

        Gliffy Diagrams

          Activity

          Hide
          bushido Mark Nielsen added a comment -

          I made some changes to the patched code but I don't know how to create a patch from the CVS like the one that you made. Also, when I applied the patch, it placed access.php in mod/lesson instead of mod/lesson/db. I might have done something wrong though.

          Also, while I was reviewing the code, I found a tremendous flaw. The essay editing interface never checks the role of the user. This means that when any user goes into a lesson and adds "&action=essayview" to the URL, then s/he can start grading essay questions. This problem goes all the way back to Moodle 1.5.3.

          I have a patch for fixing the problem. This is what the diff looks like off of MOODLE_16_STABLE:

          Index: view.php
          ===================================================================
          RCS file: /cvsroot/moodle/moodle/mod/lesson/view.php,v
          retrieving revision 1.91.2.5
          diff -u -r1.91.2.5 view.php
          — view.php 10 Aug 2006 15:30:57 -0000 1.91.2.5
          +++ view.php 7 Sep 2006 21:34:29 -0000
          @@ -28,6 +28,17 @@

          require_login($course->id, false, $cm);

          + switch ($action) {
          + case 'essayview':
          + case 'essaygrade':
          + case 'updategrade':
          + case 'emailessay':
          + if (!isteacheredit($course->id))

          { + error('You must be a teacher with editing rights to view this page'); + }

          + break;
          + }
          +
          /// Print the page header

          if ($course->category) {

          Let me know if I should commit it or if any other action on my part is necessary.

          Show
          bushido Mark Nielsen added a comment - I made some changes to the patched code but I don't know how to create a patch from the CVS like the one that you made. Also, when I applied the patch, it placed access.php in mod/lesson instead of mod/lesson/db. I might have done something wrong though. Also, while I was reviewing the code, I found a tremendous flaw. The essay editing interface never checks the role of the user. This means that when any user goes into a lesson and adds "&action=essayview" to the URL, then s/he can start grading essay questions. This problem goes all the way back to Moodle 1.5.3. I have a patch for fixing the problem. This is what the diff looks like off of MOODLE_16_STABLE: Index: view.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/lesson/view.php,v retrieving revision 1.91.2.5 diff -u -r1.91.2.5 view.php — view.php 10 Aug 2006 15:30:57 -0000 1.91.2.5 +++ view.php 7 Sep 2006 21:34:29 -0000 @@ -28,6 +28,17 @@ require_login($course->id, false, $cm); + switch ($action) { + case 'essayview': + case 'essaygrade': + case 'updategrade': + case 'emailessay': + if (!isteacheredit($course->id)) { + error('You must be a teacher with editing rights to view this page'); + } + break; + } + /// Print the page header if ($course->category) { Let me know if I should commit it or if any other action on my part is necessary.
          Hide
          skodak Petr Skoda added a comment -

          Hi!

          thanks for the review. Please commit all changes into CVS. If you want to make any changes in 1.6.1+ please hurry, the 1.6.2 release is going to be tagged tomorrow morning.

          I do not know what might be the problem with creation of access.php, the correct placement is db. I am using phpeclipse IDE to create the patches, what cvs client and editor are you using?

          Show
          skodak Petr Skoda added a comment - Hi! thanks for the review. Please commit all changes into CVS. If you want to make any changes in 1.6.1+ please hurry, the 1.6.2 release is going to be tagged tomorrow morning. I do not know what might be the problem with creation of access.php, the correct placement is db. I am using phpeclipse IDE to create the patches, what cvs client and editor are you using?
          Hide
          skodak Petr Skoda added a comment -

          ... in fact it is today - friday morning GMT I guess

          Show
          skodak Petr Skoda added a comment - ... in fact it is today - friday morning GMT I guess
          Hide
          bushido Mark Nielsen added a comment -

          > ... in fact it is today - friday morning GMT I guess

          Just added it to MOODLE_16_STABLE. Am I too late?

          I use the Mac OS X Terminal with command line for CVS and TextMate for my editor.

          Show
          bushido Mark Nielsen added a comment - > ... in fact it is today - friday morning GMT I guess Just added it to MOODLE_16_STABLE. Am I too late? I use the Mac OS X Terminal with command line for CVS and TextMate for my editor.
          Hide
          bushido Mark Nielsen added a comment -

          Commited the roles code into HEAD.

          Show
          bushido Mark Nielsen added a comment - Commited the roles code into HEAD.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                7/Nov/06