From 39f3856e8a56358d263faa56ebd6b2c067ff76bf Mon Sep 17 00:00:00 2001 From: Denis Manente Date: Tue, 13 Oct 2020 19:38:52 +0200 Subject: [PATCH 1/2] fix #275, allow a user to see his own question, even when hidden --- classes/question/bank/sq_hidden_column.php | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/classes/question/bank/sq_hidden_column.php b/classes/question/bank/sq_hidden_column.php index b18c7561..e91ed17b 100644 --- a/classes/question/bank/sq_hidden_column.php +++ b/classes/question/bank/sq_hidden_column.php @@ -37,6 +37,17 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class sq_hidden_column extends action_column_base { + /** @var int */ + protected $currentuserid; + + /** + * Initialise Parameters for join + */ + protected function init() { + global $USER; + $this->currentuserid = $USER->id; + } + /** * Column name * @@ -89,11 +100,16 @@ protected function display_content($question, $rowclasses) { * @return array 'table_alias' => 'JOIN clause' */ public function get_extra_joins() { - $andhidden = "AND sqh.hidden = 0"; + $hidden = "sqh.hidden = 0"; + $mine = "q.createdby = $this->currentuserid"; + + // Without permission, a user can only see non-hidden question or its their own. + $sqlextra = "AND ($hidden OR $mine)"; if (has_capability('mod/studentquiz:previewothers', $this->qbank->get_most_specific_context())) { - $andhidden = ""; + $sqlextra = ""; } - return array('sqh' => "JOIN {studentquiz_question} sqh ON sqh.questionid = q.id $andhidden"); + + return array('sqh' => "JOIN {studentquiz_question} sqh ON sqh.questionid = q.id $sqlextra"); } /** From e39e6c2b08333d21382553074dcdaff7eaa0abe4 Mon Sep 17 00:00:00 2001 From: Denis Manente Date: Wed, 14 Oct 2020 14:49:45 +0200 Subject: [PATCH 2/2] reduce custom assignments in extra joins by using a joined current select with static values --- classes/question/bank/attempts_column.php | 18 +++--------------- .../question/bank/difficulty_level_column.php | 18 +++--------------- classes/question/bank/rate_column.php | 14 +++----------- classes/question/bank/sq_hidden_column.php | 13 +------------ .../question/bank/studentquiz_bank_view.php | 7 +++++++ classes/question/bank/tag_column.php | 4 +--- 6 files changed, 18 insertions(+), 56 deletions(-) diff --git a/classes/question/bank/attempts_column.php b/classes/question/bank/attempts_column.php index 52e06635..b3327030 100644 --- a/classes/question/bank/attempts_column.php +++ b/classes/question/bank/attempts_column.php @@ -47,19 +47,7 @@ class attempts_column extends \core_question\bank\column_base { * Initialise Parameters for join */ protected function init() { - - global $DB, $USER, $PAGE; - $this->currentuserid = $USER->id; - // Build context, categoryid and cmid here for use later. - $context = $this->qbank->get_most_specific_context(); - $this->categoryid = question_get_default_category($context->id)->id; - $cmid = $context->instanceid; - // TODO: Get StudentQuiz id from infrastructure instead of DB! - // TODO: Exception handling lookup fails somehow. - $sq = $DB->get_record('studentquiz', array('coursemodule' => $cmid)); - $this->studentquizid = $sq->id; - $this->studentquiz = $sq; - // TODO: Sanitize! + global $PAGE; $this->renderer = $PAGE->get_renderer('mod_studentquiz'); } @@ -95,8 +83,8 @@ protected function display_content($question, $rowclasses) { */ public function get_extra_joins() { return array('sp' => "LEFT JOIN {studentquiz_progress} sp ON sp.questionid = q.id - AND sp.userid = " . $this->currentuserid . " - AND sp.studentquizid = " . $this->studentquizid); + AND sp.userid = current.userid + AND sp.studentquizid = current.studentquizid"); } /** diff --git a/classes/question/bank/difficulty_level_column.php b/classes/question/bank/difficulty_level_column.php index 00983c29..9f48e58f 100644 --- a/classes/question/bank/difficulty_level_column.php +++ b/classes/question/bank/difficulty_level_column.php @@ -41,22 +41,11 @@ class difficulty_level_column extends \core_question\bank\column_base { */ protected $renderer; - /** @var \stdClass */ - protected $studentquiz; - /** * Initialise Parameters for join */ protected function init() { - global $DB, $USER, $PAGE; - $this->currentuserid = $USER->id; - $cmid = $this->qbank->get_most_specific_context()->instanceid; - // TODO: Get StudentQuiz id from infrastructure instead of DB! - // TODO: Exception handling lookup fails somehow. - $sq = $DB->get_record('studentquiz', array('coursemodule' => $cmid)); - $this->studentquizid = $sq->id; - $this->studentquiz = $sq; - // TODO: Sanitize! + global $PAGE; $this->renderer = $PAGE->get_renderer('mod_studentquiz'); } @@ -84,11 +73,10 @@ public function get_extra_joins() { return array('dl' => "LEFT JOIN ( SELECT ROUND(1 - AVG(CAST(correctattempts AS DECIMAL) / CAST(attempts AS DECIMAL)), 2) AS difficultylevel, - questionid + questionid, studentquizid FROM {studentquiz_progress} - WHERE studentquizid = " . $this->studentquizid . " GROUP BY questionid - ) dl ON dl.questionid = q.id"); + ) dl ON dl.questionid = q.id AND dl.studentquizid = current.studentquizid"); } /** diff --git a/classes/question/bank/rate_column.php b/classes/question/bank/rate_column.php index 3fa252f0..b5b0f838 100644 --- a/classes/question/bank/rate_column.php +++ b/classes/question/bank/rate_column.php @@ -44,14 +44,7 @@ class rate_column extends \core_question\bank\column_base { * Initialise Parameters for join */ protected function init() { - global $DB, $USER, $PAGE; - $this->currentuserid = $USER->id; - $cmid = $this->qbank->get_most_specific_context()->instanceid; - // TODO: Get StudentQuiz id from infrastructure instead of DB! - // TODO: Exception handling lookup fails somehow. - $sq = $DB->get_record('studentquiz', array('coursemodule' => $cmid)); - $this->studentquizid = $sq->id; - // TODO: Sanitize! + global $PAGE; $this->renderer = $PAGE->get_renderer('mod_studentquiz'); } @@ -93,11 +86,10 @@ public function get_extra_joins() { GROUP BY questionid ) vo ON vo.questionid = q.id", 'myrate' => "LEFT JOIN ( - SELECT rate AS myrate, q.id AS questionid + SELECT rate AS myrate, q.id AS questionid, rate.userid FROM {question} q LEFT JOIN {studentquiz_rate} rate ON q.id = rate.questionid - AND rate.userid = " . $this->currentuserid . " - ) myrate ON myrate.questionid = q.id"); + ) myrate ON myrate.questionid = q.id AND myrate.userid = current.userid"); } /** diff --git a/classes/question/bank/sq_hidden_column.php b/classes/question/bank/sq_hidden_column.php index e91ed17b..dbdc2004 100644 --- a/classes/question/bank/sq_hidden_column.php +++ b/classes/question/bank/sq_hidden_column.php @@ -37,17 +37,6 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class sq_hidden_column extends action_column_base { - /** @var int */ - protected $currentuserid; - - /** - * Initialise Parameters for join - */ - protected function init() { - global $USER; - $this->currentuserid = $USER->id; - } - /** * Column name * @@ -101,7 +90,7 @@ protected function display_content($question, $rowclasses) { */ public function get_extra_joins() { $hidden = "sqh.hidden = 0"; - $mine = "q.createdby = $this->currentuserid"; + $mine = "q.createdby = current.userid"; // Without permission, a user can only see non-hidden question or its their own. $sqlextra = "AND ($hidden OR $mine)"; diff --git a/classes/question/bank/studentquiz_bank_view.php b/classes/question/bank/studentquiz_bank_view.php index 10b55bd7..3a4ccda6 100755 --- a/classes/question/bank/studentquiz_bank_view.php +++ b/classes/question/bank/studentquiz_bank_view.php @@ -450,6 +450,13 @@ protected function build_query() { $joins = array(); $fields = array('q.hidden', 'q.category', 'q.timecreated', 'q.createdby'); $tests = array('q.parent = 0', 'q.hidden = 0'); + + // Additional fields for inside comparisons, so columns don't introduce the same variables again. This variant + // is chosen since we can't use sql variables multiple times in queries, but this way we can compare against + // these variables in any wished way multiple times. Usage example: q.createdby = current.userid, if you want + // to know the questions created by the current user + $joins["current"] = "JOIN (SELECT {$this->userid} as userid, {$this->studentquiz->id} as studentquizid) current"; + foreach ($this->requiredcolumns as $column) { $extrajoins = $column->get_extra_joins(); foreach ($extrajoins as $prefix => $join) { diff --git a/classes/question/bank/tag_column.php b/classes/question/bank/tag_column.php index 6f12f941..016eb434 100644 --- a/classes/question/bank/tag_column.php +++ b/classes/question/bank/tag_column.php @@ -51,9 +51,7 @@ class tag_column extends \core_question\bank\column_base { * Initialise Parameters for join */ protected function init() { - - global $DB, $PAGE; - + global $PAGE; // Build context and categoryid here for use later. $context = $this->qbank->get_most_specific_context(); $this->categoryid = question_get_default_category($context->id)->id;