Log Message:
-----------
accept display of edited problems even if they are from a gateway test,
but only if we have permission. fixed bug #868.
Modified Files:
--------------
webwork2/lib/WeBWorK/ContentGenerator:
Problem.pm
Revision Data
-------------
Index: Problem.pm
===================================================================
RCS file: /webwork/cvs/system/webwork2/lib/WeBWorK/ContentGenerator/Problem.pm,v
retrieving revision 1.189
retrieving revision 1.190
diff -Llib/WeBWorK/ContentGenerator/Problem.pm -Llib/WeBWorK/ContentGenerator/Problem.pm -u -r1.189 -r1.190
--- lib/WeBWorK/ContentGenerator/Problem.pm
+++ lib/WeBWorK/ContentGenerator/Problem.pm
@@ -390,6 +390,7 @@
my $userName = $r->param('user');
my $effectiveUserName = $r->param('effectiveUser');
my $key = $r->param('key');
+ my $editMode = $r->param("editMode");
my $user = $db->getUser($userName); # checked
die "record for user $userName (real user) does not exist."
@@ -407,10 +408,11 @@
# gateway check here: we want to be sure that someone isn't trying to take
# a GatewayQuiz through the regular problem/homework mechanism, thereby
# circumventing the versioning, time limits, etc.
- die('Invalid access attempt: the Problem ContentGenerator was called ' .
- 'for a GatewayQuiz assignment.')
- if ( defined($set) && defined( $set->assignment_type() ) &&
- $set->assignment_type() =~ /gateway/ );
+ if (defined $set and defined $set->assignment_type and $set->assignment_type() =~ /gateway/) {
+ unless ($editMode eq "temporaryFile" and $authz->hasPermissions($userName, "modify_student_data")) {
+ die('Invalid access attempt: the Problem ContentGenerator was called for a GatewayQuiz assignment.' );
+ }
+ }
# Database fix (in case of undefined published values)
# this is only necessary because some people keep holding to ww1.9 which did not have a published field
@@ -428,8 +430,6 @@
# obtain the merged problem for $effectiveUser
my $problem = $db->getMergedProblem($effectiveUserName, $setName, $problemNumber); # checked
- my $editMode = $r->param("editMode");
-
if ($authz->hasPermissions($userName, "modify_problem_sets")) {
# professors are allowed to fabricate sets and problems not
# assigned to them (or anyone). this allows them to use the
|
