[WWcvs] webwork2: accept display of edited problems even if they are from a

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Log Message:
-----------
accept display of edited problems even if they are from a gateway test, 
but only if we have permission. fixed bug #868.

Modified Files:
--------------
    webwork2/lib/WeBWorK/ContentGenerator:
        Problem.pm

Revision Data
-------------
Index: Problem.pm
===================================================================
RCS file: /webwork/cvs/system/webwork2/lib/WeBWorK/ContentGenerator/Problem.pm,v
retrieving revision 1.189
retrieving revision 1.190
diff -Llib/WeBWorK/ContentGenerator/Problem.pm -Llib/WeBWorK/ContentGenerator/Problem.pm -u -r1.189 -r1.190

--- lib/WeBWorK/ContentGenerator/Problem.pm
+++ lib/WeBWorK/ContentGenerator/Problem.pm
@@ -390,6 +390,7 @@
 	my $userName = $r->param('user');
 	my $effectiveUserName = $r->param('effectiveUser');
 	my $key = $r->param('key');
+	my $editMode = $r->param("editMode");
 	
 	my $user = $db->getUser($userName); # checked
 	die "record for user $userName (real user) does not exist."
@@ -407,10 +408,11 @@
 # gateway check here: we want to be sure that someone isn't trying to take 
 # a GatewayQuiz through the regular problem/homework mechanism, thereby 
 # circumventing the versioning, time limits, etc.
-	die('Invalid access attempt: the Problem ContentGenerator was called ' .
-	    'for a GatewayQuiz assignment.') 
-	    if ( defined($set) && defined( $set->assignment_type() ) && 
-		 $set->assignment_type() =~ /gateway/ );
+	if (defined $set and defined $set->assignment_type and $set->assignment_type() =~ /gateway/) {
+		unless ($editMode eq "temporaryFile" and $authz->hasPermissions($userName, "modify_student_data")) {
+			die('Invalid access attempt: the Problem ContentGenerator was called for a GatewayQuiz assignment.'	);
+		}
+	}
 	
 	# Database fix (in case of undefined published values)
 	# this is only necessary because some people keep holding to ww1.9 which did not have a published field
@@ -428,8 +430,6 @@
 	# obtain the merged problem for $effectiveUser
 	my $problem = $db->getMergedProblem($effectiveUserName, $setName, $problemNumber); # checked
 
-	my $editMode = $r->param("editMode");
-
 	if ($authz->hasPermissions($userName, "modify_problem_sets")) {
 		# professors are allowed to fabricate sets and problems not
 		# assigned to them (or anyone). this allows them to use the


