chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check access when rendering hotspot answers BT#14222

Browse Source
pull/2495/head
jmontoyaa 8 years ago
parent 862e2c42b8
commit 8a1e9cdf04
6 changed files with 46 additions and 31 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/exercise/exercise.class.php
  2. 2
      main/exercise/exercise_result.php
  3. 9
      main/exercise/exercise_show.php
  4. 43
      main/exercise/hotspot_answers.as.php
  5. 2
      main/inc/lib/exercise.lib.php
  6. 16
      main/inc/lib/javascript/hotspot/js/hotspot.js

5
main/exercise/exercise.class.php
Unescape View File

@ -5483,7 +5483,6 @@ class Exercise
if ($answerType == HOT_SPOT || $answerType == HOT_SPOT_ORDER) {
// We made an extra table for the answers
if ($show_result) {
// if ($origin != 'learnpath') {
echo '</table></td></tr>';
echo "
<tr>
@ -5494,7 +5493,8 @@ class Exercise
$(document).on('ready', function () {
new HotspotQuestion({
questionId: $questionId,
exerciseId: $exeId,
exerciseId: {$this->id},
exeId: $exeId,
selector: '#hotspot-solution-$questionId',
for: 'solution',
relPath: '$relPath'
@ -5504,7 +5504,6 @@ class Exercise
</td>
</tr>
";
// }
}
} elseif ($answerType == ANNOTATION) {
if ($show_result) {

2
main/exercise/exercise_result.php
Unescape View File

@ -40,7 +40,7 @@ if (empty($remind_list)) {
$remind_list = isset($_REQUEST['remind_list']) ? $_REQUEST['remind_list'] : null;
}
$exe_id = isset($_REQUEST['exe_id']) ? intval($_REQUEST['exe_id']) : 0;
$exe_id = isset($_REQUEST['exe_id']) ? (int) $_REQUEST['exe_id'] : 0;
if (empty($objExercise)) {
// Redirect to the exercise overview

9
main/exercise/exercise_show.php
Unescape View File

@ -82,7 +82,6 @@ if (empty($objExercise)) {
$objExercise = Session::read('objExercise');
}
$exeId = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$courseInfo = api_get_course_info();
@ -462,7 +461,8 @@ foreach ($questionList as $questionId) {
$(document).on('ready', function () {
new HotspotQuestion({
questionId: $questionId,
exerciseId: $id,
exerciseId: {$objExercise->id},
exeId: $id,
selector: '#hotspot-solution-$questionId-$id',
for: 'solution',
relPath: '$relPath'
@ -630,7 +630,8 @@ foreach ($questionList as $questionId) {
$(document).on('ready', function () {
new HotspotQuestion({
questionId: $questionId,
exerciseId: $id,
exerciseId: {$objExercise->id},
exeId: $id,
selector: '#hotspot-solution',
for: 'solution',
relPath: '$relPath'
@ -1110,7 +1111,7 @@ if ($origin != 'learnpath') {
'action' => 'view',
'lp_id' => $learnpath_id,
'lp_item_id' => $learnpath_item_id,
'exeId' => $exeId,
'exeId' => $id,
'fb_type' => $feedback_type,
]);
$href = ($lp_mode == 'fullscreen')

43
main/exercise/hotspot_answers.as.php
Unescape View File

@ -15,20 +15,39 @@ require_once __DIR__.'/../inc/global.inc.php';
api_protect_course_script();
if (!api_is_allowed_to_edit(null, true)) {
api_not_allowed(true);
}
// Set vars
$questionId = isset($_GET['modifyAnswers']) ? (int) $_GET['modifyAnswers'] : 0;
$exerciseId = isset($_GET['exerciseId']) ? (int) $_GET['exerciseId'] : 0;
$exeId = isset($_GET['exeId']) ? (int) $_GET['exeId'] : 0;
$userId = api_get_user_id();
$courseId = api_get_course_int_id();
$objExercise = new Exercise($courseId);
// Check if student has access to the hotspot answers
if (!api_is_allowed_to_edit(null, true)) {
if (empty($exeId)) {
api_not_allowed();
}
$trackExerciseInfo = $objExercise->get_stat_track_exercise_info_by_exe_id($exeId);
if (empty($trackExerciseInfo)) {
api_not_allowed();
}
// Different exercise
if ($exerciseId != $trackExerciseInfo['exe_exo_id']) {
api_not_allowed();
}
// Different user
if ($trackExerciseInfo['exe_user_id'] != $userId) {
api_not_allowed();
}
}
$objQuestion = Question::read($questionId, $courseId);
$objExercise = new Exercise($courseId);
$objExercise->read($exerciseId);
if (empty($objQuestion) || empty($objQuestion)) {
if (empty($objQuestion) || empty($objExercise)) {
exit;
}
@ -68,7 +87,6 @@ $data['courseCode'] = $_course['path'];
$data['hotspots'] = [];
$showTotalScoreAndUserChoicesInLastAttempt = true;
if ($objExercise->selectResultsDisabled() == RESULT_DISABLE_SHOW_SCORE_ATTEMPT_SHOW_ANSWERS_LAST_ATTEMPT) {
$showOnlyScore = true;
$showResults = true;
@ -76,7 +94,7 @@ if ($objExercise->selectResultsDisabled() == RESULT_DISABLE_SHOW_SCORE_ATTEMPT_S
$attempts = Event::getExerciseResultsByUser(
api_get_user_id(),
$objExercise->id,
api_get_course_int_id(),
$courseId,
api_get_session_id(),
$trackExerciseInfo['orig_lp_id'],
$trackExerciseInfo['orig_lp_item_id'],
@ -111,13 +129,13 @@ if (!$hideExpectedAnswer) {
if ($objQuestion->selectType() == HOT_SPOT_DELINEATION) {
$qb
->where($qb->expr()->eq('a.cId', $courseId))
->andWhere($qb->expr()->eq('a.questionId', intval($questionId)))
->andWhere($qb->expr()->eq('a.questionId', $questionId))
->andWhere($qb->expr()->neq('a.hotspotType', 'noerror'))
->orderBy('a.id', 'ASC');
} else {
$qb
->where($qb->expr()->eq('a.cId', $courseId))
->andWhere($qb->expr()->eq('a.questionId', intval($questionId)))
->andWhere($qb->expr()->eq('a.questionId', $questionId))
->orderBy('a.position', 'ASC');
}
@ -146,7 +164,6 @@ if (!$hideExpectedAnswer) {
$hotSpot['type'] = 'delineation';
break;
}
$hotSpot['coord'] = $hotSpotAnswer->getHotspotCoordinates();
$data['hotspots'][] = $hotSpot;
}
@ -160,7 +177,7 @@ $rs = $em
[
'hotspotQuestionId' => $questionId,
'cId' => $courseId,
'hotspotExeId' => $exerciseId,
'hotspotExeId' => $exeId,
],
['hotspotAnswerId' => 'ASC']
);

2
main/inc/lib/exercise.lib.php
Unescape View File

@ -1187,7 +1187,6 @@ HTML;
</ul>
</div>
';
if ($freeze) {
$relPath = api_get_path(WEB_CODE_PATH);
echo "
@ -1203,6 +1202,7 @@ HTML;
new ".($answerType == HOT_SPOT ? "HotspotQuestion" : "DelineationQuestion")."({
questionId: $questionId,
exerciseId: $exerciseId,
exeId: 0,
selector: '#hotspot-preview-$questionId',
for: 'preview',
relPath: '$relPath'

16
main/inc/lib/javascript/hotspot/js/hotspot.js
Unescape View File

@ -1154,7 +1154,8 @@ window.HotspotQuestion = (function () {
case 'preview':
xhrQuestion = $.getJSON(config.relPath + 'exercise/hotspot_answers.as.php?' + _p.web_cid_query, {
modifyAnswers: parseInt(config.questionId),
exerciseId: parseInt(config.exerciseId)
exerciseId: parseInt(config.exerciseId),
exeId: parseInt(config.exeId)
});
break;
}
@ -1164,13 +1165,11 @@ window.HotspotQuestion = (function () {
case 'admin':
startHotspotsAdmin(questionInfo);
break;
case 'user':
startHotspotsUser(questionInfo);
break;
case 'solution':
//no break
// no break
case 'preview':
startHotspotsSolution(questionInfo);
break;
@ -1777,11 +1776,12 @@ window.DelineationQuestion = (function () {
});
break;
case 'solution':
//no break
// no break
case 'preview':
xhrQuestion = $.getJSON(config.relPath + 'exercise/hotspot_answers.as.php?' + _p.web_cid_query, {
modifyAnswers: parseInt(config.questionId),
exerciseId: parseInt(config.exerciseId)
exerciseId: parseInt(config.exerciseId),
exeId: parseInt(config.exeId)
});
break;
}
@ -1791,13 +1791,11 @@ window.DelineationQuestion = (function () {
case 'admin':
startAdminSvg(questionInfo);
break;
case 'user':
startUserSvg(questionInfo);
break;
case 'solution':
//no break
// no break
case 'preview':
startPreviewSvg(questionInfo);
break;

Write Preview
Loading…
Cancel
Save