diff --git a/main/exercise/exercise.class.php b/main/exercise/exercise.class.php index 7dd5d3843d..88733086e6 100755 --- a/main/exercise/exercise.class.php +++ b/main/exercise/exercise.class.php @@ -8443,6 +8443,9 @@ class Exercise $sessionId = 0, $returnData = false ) { + $allowDelete = Exercise::allowAction('delete'); + $allowClean = Exercise::allowAction('clean_results'); + $TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT); $TBL_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); $TBL_EXERCISE_QUESTION = Database::get_course_table(TABLE_QUIZ_TEST_QUESTION); @@ -8906,32 +8909,39 @@ class Exercise ); // Clean exercise - if ($locked == false) { - $clean = Display::url( - Display::return_icon( - 'clean.png', - get_lang('CleanStudentResults'), + $clean = ''; + if (true === $allowClean) { + if (false == $locked) { + $clean = Display::url( + Display::return_icon( + 'clean.png', + get_lang('CleanStudentResults'), + '', + ICON_SIZE_SMALL + ), + '', + [ + 'onclick' => "javascript:if(!confirm('".addslashes( + api_htmlentities( + get_lang('AreYouSureToDeleteResults'), + ENT_QUOTES, + $charset + ) + )." ".addslashes($row['title'])."?"."')) return false;", + 'href' => 'exercise.php?'.api_get_cidreq( + ).'&choice=clean_results&sec_token='.$token.'&exerciseId='.$row['id'], + ] + ); + } else { + $clean = Display::return_icon( + 'clean_na.png', + get_lang('ResourceLockedByGradebook'), '', ICON_SIZE_SMALL - ), - '', - [ - 'onclick' => "javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('AreYouSureToDeleteResults'), ENT_QUOTES, $charset))." ".addslashes($row['title'])."?"."')) return false;", - 'href' => 'exercise.php?'.api_get_cidreq().'&choice=clean_results&sec_token='.$token.'&exerciseId='.$row['id'], - ] - ); - } else { - $clean = Display::return_icon( - 'clean_na.png', - get_lang('ResourceLockedByGradebook'), - '', - ICON_SIZE_SMALL - ); + ); + } } - if ($limitTeacherAccess && !api_is_platform_admin()) { - $clean = ''; - } $actions .= $clean; // Visible / invisible // Check if this exercise was added in a LP @@ -10439,4 +10449,43 @@ class Exercise return $group; } + + public static function allowAction($action) + { + if (api_is_platform_admin()) { + return true; + } + + $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access'); + $disableClean = api_get_configuration_value('disable_clean_exercise_results_for_teachers'); + + switch ($action) { + case 'delete': + if (api_is_allowed_to_edit(null, true)) { + if ($limitTeacherAccess) { + return false; + } + + return true; + } + break; + case 'clean_results': + if (api_is_allowed_to_edit(null, true)) { + if ($limitTeacherAccess) { + return false; + } + + if ($disableClean) { + return false; + } + + return true; + } + + break; + } + + + return false; + } } diff --git a/main/exercise/exercise.php b/main/exercise/exercise.php index 0a4bd6b997..ef83262e3d 100644 --- a/main/exercise/exercise.php +++ b/main/exercise/exercise.php @@ -24,6 +24,9 @@ api_protect_course_script(true); $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access'); +$allowDelete = Exercise::allowAction('delete'); +$allowClean = Exercise::allowAction('clean_results'); + $check = Security::get_existing_token('get'); $currentUrl = api_get_self().'?'.api_get_cidreq(); @@ -94,7 +97,7 @@ if ($is_allowedToEdit) { switch ($action) { case 'clean_all_test': if ($check) { - if ($limitTeacherAccess && !api_is_platform_admin()) { + if (false === $allowClean) { api_not_allowed(true); } @@ -207,7 +210,9 @@ if (!empty($action) && $is_allowedToEdit) { switch ($action) { case 'delete': - $objExerciseTmp->delete(); + if ($allowDelete) { + $objExerciseTmp->delete(); + } break; case 'visible': if ($limitTeacherAccess && !api_is_platform_admin()) { @@ -303,9 +308,11 @@ if ($is_allowedToEdit) { break; case 'delete': // deletes an exercise - $result = $objExerciseTmp->delete(); - if ($result) { - Display::addFlash(Display::return_message(get_lang('ExerciseDeleted'), 'confirmation')); + if ($allowDelete) { + $result = $objExerciseTmp->delete(); + if ($result) { + Display::addFlash(Display::return_message(get_lang('ExerciseDeleted'), 'confirmation')); + } } break; case 'enable': @@ -375,7 +382,7 @@ if ($is_allowedToEdit) { break; case 'clean_results': - if ($limitTeacherAccess && !api_is_platform_admin()) { + if (false === $allowClean) { // Teacher change exercise break; } @@ -549,7 +556,7 @@ if ($is_allowedToEdit && $origin !== 'learnpath') { Display::return_icon('import_excel.png', get_lang('ImportExcelQuiz'), '', ICON_SIZE_MEDIUM).''; $cleanAll = null; - if (api_is_platform_admin() || false === $limitTeacherAccess) { + if ($allowClean) { $cleanAll = Display::url( Display::return_icon( 'clean_all.png', diff --git a/main/exercise/exercise_report.php b/main/exercise/exercise_report.php index 96fb48b4f4..b50fa5cb8a 100755 --- a/main/exercise/exercise_report.php +++ b/main/exercise/exercise_report.php @@ -30,6 +30,7 @@ if (api_is_student_boss() && !empty($filter_user)) { } $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access'); +$allowClean = Exercise::allowAction('clean_results'); if ($limitTeacherAccess && !api_is_platform_admin()) { api_not_allowed(true); @@ -326,37 +327,40 @@ if ($is_allowedToEdit && $origin != 'learnpath') { Display::return_icon('reload.png', get_lang('RecalculateResults'), [], ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH).'exercise/recalculate_all.php?'.api_get_cidreq()."&exercise=$exercise_id" ); + // clean result before a selected date icon - $actions .= Display::url( - Display::return_icon( - 'clean_before_date.png', - get_lang('CleanStudentsResultsBeforeDate'), - '', - ICON_SIZE_MEDIUM - ), - '#', - ['onclick' => 'javascript:display_date_picker()'] - ); - // clean result before a selected date datepicker popup - $actions .= Display::span( - Display::input( - 'input', - 'datepicker_start', - get_lang('SelectADateOnTheCalendar'), - [ - 'onmouseover' => 'datepicker_input_mouseover()', - 'id' => 'datepicker_start', - 'onchange' => 'datepicker_input_changed()', - 'readonly' => 'readonly', - ] - ). - Display::button( - 'delete', - get_lang('Delete'), - ['onclick' => 'submit_datepicker()'] - ), - ['style' => 'display:none', 'id' => 'datepicker_span'] - ); + if ($allowClean) { + $actions .= Display::url( + Display::return_icon( + 'clean_before_date.png', + get_lang('CleanStudentsResultsBeforeDate'), + '', + ICON_SIZE_MEDIUM + ), + '#', + ['onclick' => 'javascript:display_date_picker()'] + ); + // clean result before a selected date datepicker popup + $actions .= Display::span( + Display::input( + 'input', + 'datepicker_start', + get_lang('SelectADateOnTheCalendar'), + [ + 'onmouseover' => 'datepicker_input_mouseover()', + 'id' => 'datepicker_start', + 'onchange' => 'datepicker_input_changed()', + 'readonly' => 'readonly', + ] + ). + Display::button( + 'delete', + get_lang('Delete'), + ['onclick' => 'submit_datepicker()'] + ), + ['style' => 'display:none', 'id' => 'datepicker_span'] + ); + } } } else { $actions .= ''. @@ -434,7 +438,7 @@ if (($is_allowedToEdit || $is_tutor || api_is_coach()) && ) { // ask for the date $check = Security::check_token('get'); - if ($check) { + if ($check && $allowClean) { $objExerciseTmp = new Exercise(); if ($objExerciseTmp->read($exercise_id)) { $count = $objExerciseTmp->cleanResults( diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php index 76a641a45c..ff3a865cf6 100755 --- a/main/install/configuration.dist.php +++ b/main/install/configuration.dist.php @@ -1529,6 +1529,9 @@ $_configuration['auth_password_links'] = [ // ALTER TABLE track_e_attempt_recording ADD COLUMN answer longtext default '' AFTER question_id; //$_configuration['quiz_answer_extra_recording'] = false; +// Disable clean results for teachers +// $_configuration['disable_clean_exercise_results_for_teachers'] = true; + // KEEP THIS AT THE END // -------- Custom DB changes // Add user activation by confirmation email