fixed bug when student can post in a forum from a group see BT#3549

skala
Julio Montoya 13 years ago
parent e3baa0df50
commit 03615ff146
  1. 4
      main/forum/reply.php
  2. 9
      main/forum/viewforum.php

@ -76,10 +76,10 @@ $current_forum_category = get_forumcategory_information(Security::remove_XSS($cu
// The only exception is the course manager // The only exception is the course manager
// I have split this is several pieces for clarity. // I have split this is several pieces for clarity.
//if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0) OR ($current_forum_category['locked'] <> 0 OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0))) { //if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0) OR ($current_forum_category['locked'] <> 0 OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0))) {
if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0))) { if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
api_not_allowed(); api_not_allowed();
} }
if (!api_is_allowed_to_edit(false, true) AND ($current_forum_category['locked'] <> 0 OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) { if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
api_not_allowed(); api_not_allowed();
} }
if (!$_user['user_id'] AND $current_forum['allow_anonymous'] == 0) { if (!$_user['user_id'] AND $current_forum['allow_anonymous'] == 0) {

@ -66,6 +66,7 @@ $userinf = api_get_user_info($userid);
$group_id = api_get_group_id(); $group_id = api_get_group_id();
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$current_forum = get_forum_information($my_forum); // Note: This has to be validated that it is an existing forum. $current_forum = get_forum_information($my_forum); // Note: This has to be validated that it is an existing forum.
@ -76,7 +77,8 @@ if (empty($current_forum)) {
$current_forum_category = get_forumcategory_information($current_forum['forum_category']); $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
if ($group_id) {
if (!empty($group_id)) {
//Group info & group category info //Group info & group category info
$group_properties = GroupManager::get_group_properties($group_id); $group_properties = GroupManager::get_group_properties($group_id);
//$group_cat_info = GroupManager::get_category(GroupManager::get_category_from_group($group_id)); //$group_cat_info = GroupManager::get_category(GroupManager::get_category_from_group($group_id));
@ -84,7 +86,6 @@ if ($group_id) {
//User has access in the group? //User has access in the group?
$user_has_access_in_group = GroupManager::user_has_access($userid, $group_id, GROUP_TOOL_FORUM); $user_has_access_in_group = GroupManager::user_has_access($userid, $group_id, GROUP_TOOL_FORUM);
//User is a tutor in the group? the function GroupManager::user_has_access already contains the is_tutor_of_group() //User is a tutor in the group? the function GroupManager::user_has_access already contains the is_tutor_of_group()
//$is_tutor_group = GroupManager::is_tutor_of_group($userid, $group_id); //$is_tutor_group = GroupManager::is_tutor_of_group($userid, $group_id);
// //
@ -96,14 +97,14 @@ if ($group_id) {
//Course //Course
if (!api_is_allowed_to_edit(false, true) AND //is a student if (!api_is_allowed_to_edit(false, true) AND //is a student
($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0 OR !$user_has_access_in_group) (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0 OR !$user_has_access_in_group)
) { ) {
api_not_allowed(); api_not_allowed();
} }
} else { } else {
//Course //Course
if (!api_is_allowed_to_edit(false, true) AND //is a student if (!api_is_allowed_to_edit(false, true) AND //is a student
($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0) //forum category or forum visibility is false (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0) //forum category or forum visibility is false
) { ) {
api_not_allowed(); api_not_allowed();
} }

Loading…
Cancel
Save