From 39f3856e8a56358d263faa56ebd6b2c067ff76bf Mon Sep 17 00:00:00 2001 From: Denis Manente Date: Tue, 13 Oct 2020 19:38:52 +0200 Subject: [PATCH] fix #275, allow a user to see his own question, even when hidden --- classes/question/bank/sq_hidden_column.php | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/classes/question/bank/sq_hidden_column.php b/classes/question/bank/sq_hidden_column.php index b18c7561..e91ed17b 100644 --- a/classes/question/bank/sq_hidden_column.php +++ b/classes/question/bank/sq_hidden_column.php @@ -37,6 +37,17 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class sq_hidden_column extends action_column_base { + /** @var int */ + protected $currentuserid; + + /** + * Initialise Parameters for join + */ + protected function init() { + global $USER; + $this->currentuserid = $USER->id; + } + /** * Column name * @@ -89,11 +100,16 @@ protected function display_content($question, $rowclasses) { * @return array 'table_alias' => 'JOIN clause' */ public function get_extra_joins() { - $andhidden = "AND sqh.hidden = 0"; + $hidden = "sqh.hidden = 0"; + $mine = "q.createdby = $this->currentuserid"; + + // Without permission, a user can only see non-hidden question or its their own. + $sqlextra = "AND ($hidden OR $mine)"; if (has_capability('mod/studentquiz:previewothers', $this->qbank->get_most_specific_context())) { - $andhidden = ""; + $sqlextra = ""; } - return array('sqh' => "JOIN {studentquiz_question} sqh ON sqh.questionid = q.id $andhidden"); + + return array('sqh' => "JOIN {studentquiz_question} sqh ON sqh.questionid = q.id $sqlextra"); } /**