From 2900dfa79b834c8e7df8f7ae8704a86f66d9f25b Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Mon, 10 Aug 2020 17:13:50 -0500
Subject: [PATCH] Quiz: Dont allow start/continuesession is session read-only -
 refs BT#16791

---
 main/exercise/exercise_submit.php   | 15 +++++++++------
 main/exercise/overview.php          |  6 ++++++
 main/inc/lib/sessionmanager.lib.php | 12 ++++++++++++
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/main/exercise/exercise_submit.php b/main/exercise/exercise_submit.php
index 79fbfb73e6..fccc958f6c 100755
--- a/main/exercise/exercise_submit.php
+++ b/main/exercise/exercise_submit.php
@@ -880,11 +880,7 @@ $interbreadcrumb[] = [
 $interbreadcrumb[] = ['url' => '#', 'name' => $objExercise->selectTitle(true)];
 
 if (!in_array($origin, ['learnpath', 'embeddable', 'mobileapp'])) { //so we are not in learnpath tool
-    if (!api_is_allowed_to_session_edit()) {
-        Display::addFlash(
-            Display::return_message(get_lang('SessionIsReadOnly'), 'warning')
-        );
-    }
+    SessionManager::addFlashSessionReadOnly();
 
     Display::display_header(null, 'Exercises');
 } else {
@@ -928,6 +924,13 @@ if ($is_visible_return['value'] == false) {
     exit;
 }
 
+if (!api_is_allowed_to_session_edit()) {
+    if (!in_array($origin, ['learnpath', 'embeddable'])) {
+        Display::display_footer();
+    }
+    exit;
+}
+
 $exercise_timeover = false;
 $limit_time_exists = (!empty($objExercise->start_time) || !empty($objExercise->end_time)) ? true : false;
 
@@ -1330,7 +1333,7 @@ if (!empty($error)) {
                         $("#save_for_now_"+question_id).html(\''.
                             Display::return_icon('save.png', get_lang('Saved'), [], ICON_SIZE_SMALL).'\');
 
-                        // window.quizTimeEnding will be reset in exercise.class.php  
+                        // window.quizTimeEnding will be reset in exercise.class.php
                         if (window.quizTimeEnding) {
                             redirectExerciseToResult();
                         } else {
diff --git a/main/exercise/overview.php b/main/exercise/overview.php
index cfec2a542f..d0a23c62c3 100755
--- a/main/exercise/overview.php
+++ b/main/exercise/overview.php
@@ -72,6 +72,8 @@ if ($time_control) {
 }
 
 if (!in_array($origin, ['learnpath', 'embeddable', 'mobileapp'])) {
+    SessionManager::addFlashSessionReadOnly();
+
     Display::display_header();
 } else {
     $htmlHeadXtra[] = "
@@ -192,6 +194,10 @@ if ($visible_return['value'] == false) {
     }
 }
 
+if (!api_is_allowed_to_session_edit()) {
+    $exercise_url_button = null;
+}
+
 $attempts = Event::getExerciseResultsByUser(
     api_get_user_id(),
     $objExercise->id,
diff --git a/main/inc/lib/sessionmanager.lib.php b/main/inc/lib/sessionmanager.lib.php
index 71089637e7..1e91717d53 100755
--- a/main/inc/lib/sessionmanager.lib.php
+++ b/main/inc/lib/sessionmanager.lib.php
@@ -9674,4 +9674,16 @@ class SessionManager
             return -1;
         }
     }
+
+    /**
+     * Add a warning message when session is read-only mode.
+     */
+    public static function addFlashSessionReadOnly()
+    {
+        if (api_get_session_id() && !api_is_allowed_to_session_edit()) {
+            Display::addFlash(
+                Display::return_message(get_lang('SessionIsReadOnly'), 'warning')
+            );
+        }
+    }
 }