Admin: Add setting 'disable_clean_exercise_results_for_teachers'

See BT#17196

main/exercise/exercise.class.php

@@ -8443,6 +8443,9 @@ class Exercise
         $sessionId = 0,
         $returnData = false
     ) {
+        $allowDelete = Exercise::allowAction('delete');
+        $allowClean = Exercise::allowAction('clean_results');
+
         $TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
         $TBL_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
         $TBL_EXERCISE_QUESTION = Database::get_course_table(TABLE_QUIZ_TEST_QUESTION);
@@ -8906,7 +8909,9 @@ class Exercise
                             );
 
                             // Clean exercise
-                            if ($locked == false) {
+                            $clean = '';
+                            if (true === $allowClean) {
+                                if (false == $locked) {
                                     $clean = Display::url(
                                         Display::return_icon(
                                             'clean.png',
@@ -8916,8 +8921,15 @@ class Exercise
                                         ),
                                         '',
                                         [
-                                        'onclick' => "javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('AreYouSureToDeleteResults'), ENT_QUOTES, $charset))." ".addslashes($row['title'])."?"."')) return false;",
-                                        'href' => 'exercise.php?'.api_get_cidreq().'&choice=clean_results&sec_token='.$token.'&exerciseId='.$row['id'],
+                                            'onclick' => "javascript:if(!confirm('".addslashes(
+                                                    api_htmlentities(
+                                                        get_lang('AreYouSureToDeleteResults'),
+                                                        ENT_QUOTES,
+                                                        $charset
+                                                    )
+                                                )." ".addslashes($row['title'])."?"."')) return false;",
+                                            'href' => 'exercise.php?'.api_get_cidreq(
+                                                ).'&choice=clean_results&sec_token='.$token.'&exerciseId='.$row['id'],
                                         ]
                                     );
                                 } else {
@@ -8928,10 +8940,8 @@ class Exercise
                                         ICON_SIZE_SMALL
                                     );
                                 }
-
-                            if ($limitTeacherAccess && !api_is_platform_admin()) {
-                                $clean = '';
                             }
+
                             $actions .= $clean;
                             // Visible / invisible
                             // Check if this exercise was added in a LP
@@ -10439,4 +10449,43 @@ class Exercise
 
         return $group;
     }
+
+    public static function allowAction($action)
+    {
+        if (api_is_platform_admin()) {
+            return true;
+        }
+
+        $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access');
+        $disableClean = api_get_configuration_value('disable_clean_exercise_results_for_teachers');
+
+        switch ($action) {
+            case 'delete':
+                if (api_is_allowed_to_edit(null, true)) {
+                    if ($limitTeacherAccess) {
+                        return false;
+                    }
+
+                    return true;
+                }
+                break;
+            case 'clean_results':
+                if (api_is_allowed_to_edit(null, true)) {
+                    if ($limitTeacherAccess) {
+                        return false;
+                    }
+
+                    if ($disableClean) {
+                        return false;
+                    }
+
+                    return true;
+                }
+
+                break;
+        }
+
+
+        return false;
+    }
 }

main/exercise/exercise.php

@@ -24,6 +24,9 @@ api_protect_course_script(true);
 
 $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access');
 
+$allowDelete = Exercise::allowAction('delete');
+$allowClean = Exercise::allowAction('clean_results');
+
 $check = Security::get_existing_token('get');
 
 $currentUrl = api_get_self().'?'.api_get_cidreq();
@@ -94,7 +97,7 @@ if ($is_allowedToEdit) {
     switch ($action) {
         case 'clean_all_test':
             if ($check) {
-                if ($limitTeacherAccess && !api_is_platform_admin()) {
+                if (false === $allowClean) {
                     api_not_allowed(true);
                 }
 
@@ -207,7 +210,9 @@ if (!empty($action) && $is_allowedToEdit) {
 
             switch ($action) {
                 case 'delete':
+                    if ($allowDelete) {
                         $objExerciseTmp->delete();
+                    }
                     break;
                 case 'visible':
                     if ($limitTeacherAccess && !api_is_platform_admin()) {
@@ -303,10 +308,12 @@ if ($is_allowedToEdit) {
                         break;
                     case 'delete':
                         // deletes an exercise
+                        if ($allowDelete) {
                             $result = $objExerciseTmp->delete();
                             if ($result) {
                                 Display::addFlash(Display::return_message(get_lang('ExerciseDeleted'), 'confirmation'));
                             }
+                        }
                         break;
                     case 'enable':
                         if ($limitTeacherAccess && !api_is_platform_admin()) {
@@ -375,7 +382,7 @@ if ($is_allowedToEdit) {
 
                         break;
                     case 'clean_results':
-                        if ($limitTeacherAccess && !api_is_platform_admin()) {
+                        if (false === $allowClean) {
                             // Teacher change exercise
                             break;
                         }
@@ -549,7 +556,7 @@ if ($is_allowedToEdit && $origin !== 'learnpath') {
         Display::return_icon('import_excel.png', get_lang('ImportExcelQuiz'), '', ICON_SIZE_MEDIUM).'</a>';
 
     $cleanAll = null;
-    if (api_is_platform_admin() || false === $limitTeacherAccess) {
+    if ($allowClean) {
         $cleanAll = Display::url(
             Display::return_icon(
                 'clean_all.png',

main/exercise/exercise_report.php

@@ -30,6 +30,7 @@ if (api_is_student_boss() && !empty($filter_user)) {
 }
 
 $limitTeacherAccess = api_get_configuration_value('limit_exercise_teacher_access');
+$allowClean = Exercise::allowAction('clean_results');
 
 if ($limitTeacherAccess && !api_is_platform_admin()) {
     api_not_allowed(true);
@@ -326,7 +327,9 @@ if ($is_allowedToEdit && $origin != 'learnpath') {
             Display::return_icon('reload.png', get_lang('RecalculateResults'), [], ICON_SIZE_MEDIUM),
             api_get_path(WEB_CODE_PATH).'exercise/recalculate_all.php?'.api_get_cidreq()."&exercise=$exercise_id"
         );
+
         // clean result before a selected date icon
+        if ($allowClean) {
             $actions .= Display::url(
                 Display::return_icon(
                     'clean_before_date.png',
@@ -358,6 +361,7 @@ if ($is_allowedToEdit && $origin != 'learnpath') {
                 ['style' => 'display:none', 'id' => 'datepicker_span']
             );
         }
+    }
 } else {
     $actions .= '<a href="exercise.php">'.
         Display::return_icon(
@@ -434,7 +438,7 @@ if (($is_allowedToEdit || $is_tutor || api_is_coach()) &&
 ) {
     // ask for the date
     $check = Security::check_token('get');
-    if ($check) {
+    if ($check && $allowClean) {
         $objExerciseTmp = new Exercise();
         if ($objExerciseTmp->read($exercise_id)) {
             $count = $objExerciseTmp->cleanResults(

main/install/configuration.dist.php

@@ -1529,6 +1529,9 @@ $_configuration['auth_password_links'] = [
 // ALTER TABLE track_e_attempt_recording ADD COLUMN answer longtext default '' AFTER question_id;
 //$_configuration['quiz_answer_extra_recording'] = false;
 
+// Disable clean results for teachers
+// $_configuration['disable_clean_exercise_results_for_teachers'] = true;
+
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email