search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-30697 fix incorrect capability for role assign button
[moodle.git] / question / question.php
blob896a3d1739b966b77c3165982a3fae4c105efce2
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * Page for editing questions.
19 *
20 * @package moodlecore
21 * @subpackage questionbank
22 * @copyright 1999 onwards Martin Dougiamas {@link http://moodle.com}
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 */
25
26
27 require_once(dirname(__FILE__) . '/../config.php');
28 require_once(dirname(__FILE__) . '/editlib.php');
29 require_once($CFG->libdir . '/filelib.php');
30 require_once($CFG->libdir . '/formslib.php');
31
32 // Read URL parameters telling us which question to edit.
33 $id = optional_param('id', 0, PARAM_INT); // question id
34 $qtype = optional_param('qtype', '', PARAM_FILE);
35 $categoryid = optional_param('category', 0, PARAM_INT);
36 $cmid = optional_param('cmid', 0, PARAM_INT);
37 $courseid = optional_param('courseid', 0, PARAM_INT);
38 $wizardnow = optional_param('wizardnow', '', PARAM_ALPHA);
39 $movecontext = optional_param('movecontext', 0, PARAM_BOOL); // Switch to make
40 // question uneditable - form is displayed to edit category only
41 $originalreturnurl = optional_param('returnurl', 0, PARAM_LOCALURL);
42 $appendqnumstring = optional_param('appendqnumstring', '', PARAM_ALPHA);
43 $inpopup = optional_param('inpopup', 0, PARAM_BOOL);
44 $scrollpos = optional_param('scrollpos', 0, PARAM_INT);
45
46 $url = new moodle_url('/question/question.php');
47 if ($id !== 0) {
48 $url->param('id', $id);
49 }
50 if ($qtype !== '') {
51 $url->param('qtype', $qtype);
52 }
53 if ($categoryid !== 0) {
54 $url->param('category', $categoryid);
55 }
56 if ($cmid !== 0) {
57 $url->param('cmid', $cmid);
58 }
59 if ($courseid !== 0) {
60 $url->param('courseid', $courseid);
61 }
62 if ($wizardnow !== '') {
63 $url->param('wizardnow', $wizardnow);
64 }
65 if ($movecontext !== 0) {
66 $url->param('movecontext', $movecontext);
67 }
68 if ($originalreturnurl !== 0) {
69 $url->param('returnurl', $originalreturnurl);
70 }
71 if ($appendqnumstring !== '') {
72 $url->param('appendqnumstring', $appendqnumstring);
73 }
74 if ($inpopup !== 0) {
75 $url->param('inpopup', $inpopup);
76 }
77 if ($scrollpos) {
78 $url->param('scrollpos', $scrollpos);
79 }
80 $PAGE->set_url($url);
81
82 if ($originalreturnurl) {
83 if (strpos($originalreturnurl, '/') !== 0) {
84 throw new coding_exception("returnurl must be a local URL starting with '/'. $originalreturnurl was given.");
85 }
86 $returnurl = new moodle_url($originalreturnurl);
87 } else if ($cmid) {
88 $returnurl = new moodle_url('/question/edit.php', array('cmid' => $cmid));
89 } else {
90 $returnurl = new moodle_url('/question/edit.php', array('courseid' => $courseid));
91 }
92 if ($scrollpos) {
93 $returnurl->param('scrollpos', $scrollpos);
94 }
95
96 if ($movecontext && !$id){
97 print_error('questiondoesnotexist', 'question', $returnurl);
98 }
99
100 if ($cmid){
101 list($module, $cm) = get_module_from_cmid($cmid);
102 require_login($cm->course, false, $cm);
103 $thiscontext = get_context_instance(CONTEXT_MODULE, $cmid);
104 } elseif ($courseid) {
105 require_login($courseid, false);
106 $thiscontext = get_context_instance(CONTEXT_COURSE, $courseid);
107 $module = null;
108 $cm = null;
109 } else {
110 print_error('missingcourseorcmid', 'question');
111 }
112 $contexts = new question_edit_contexts($thiscontext);
113 $PAGE->set_pagelayout('admin');
114
115 if (optional_param('addcancel', false, PARAM_BOOL)) {
116 redirect($returnurl);
117 }
118
119 if ($id) {
120 if (!$question = $DB->get_record('question', array('id' => $id))) {
121 print_error('questiondoesnotexist', 'question', $returnurl);
122 }
123 get_question_options($question, true);
124
125 } else if ($categoryid && $qtype) { // only for creating new questions
126 $question = new stdClass();
127 $question->category = $categoryid;
128 $question->qtype = $qtype;
129
130 // Check that users are allowed to create this question type at the moment.
131 if (!question_bank::qtype_enabled($qtype)) {
132 print_error('cannotenable', 'question', $returnurl, $qtype);
133 }
134
135 } else if ($categoryid) {
136 // Category, but no qtype. They probably came from the addquestion.php
137 // script without choosing a question type. Send them back.
138 $addurl = new moodle_url('/question/addquestion.php', $url->params());
139 $addurl->param('validationerror', 1);
140 redirect($addurl);
141
142 } else {
143 print_error('notenoughdatatoeditaquestion', 'question', $returnurl);
144 }
145
146 $qtypeobj = question_bank::get_qtype($question->qtype);
147
148 // Validate the question category.
149 if (!$category = $DB->get_record('question_categories', array('id' => $question->category))) {
150 print_error('categorydoesnotexist', 'question', $returnurl);
151 }
152
153 // Check permissions
154 $question->formoptions = new stdClass();
155
156 $categorycontext = get_context_instance_by_id($category->contextid);
157 $addpermission = has_capability('moodle/question:add', $categorycontext);
158
159 if ($id) {
160 $canview = question_has_capability_on($question, 'view');
161 if ($movecontext){
162 $question->formoptions->canedit = false;
163 $question->formoptions->canmove = (question_has_capability_on($question, 'move') && $contexts->have_cap('moodle/question:add'));
164 $question->formoptions->cansaveasnew = false;
165 $question->formoptions->repeatelements = false;
166 $question->formoptions->movecontext = true;
167 $formeditable = true;
168 question_require_capability_on($question, 'view');
169 } else {
170 $question->formoptions->canedit = question_has_capability_on($question, 'edit');
171 $question->formoptions->canmove = (question_has_capability_on($question, 'move') && $addpermission);
172 $question->formoptions->cansaveasnew = (($canview ||question_has_capability_on($question, 'edit')) && $addpermission);
173 $question->formoptions->repeatelements = ($question->formoptions->canedit || $question->formoptions->cansaveasnew);
174 $formeditable = $question->formoptions->canedit || $question->formoptions->cansaveasnew || $question->formoptions->canmove;
175 $question->formoptions->movecontext = false;
176 if (!$formeditable){
177 question_require_capability_on($question, 'view');
178 }
179 }
180
181 } else { // creating a new question
182 require_capability('moodle/question:add', $categorycontext);
183 $formeditable = true;
184 $question->formoptions->canedit = question_has_capability_on($question, 'edit');
185 $question->formoptions->canmove = (question_has_capability_on($question, 'move') && $addpermission);
186 $question->formoptions->repeatelements = true;
187 $question->formoptions->movecontext = false;
188 }
189
190 // Validate the question type.
191 $PAGE->set_pagetype('question-type-' . $question->qtype);
192
193 // Create the question editing form.
194 if ($wizardnow !== '' && !$movecontext){
195 $mform = $qtypeobj->next_wizard_form('question.php', $question, $wizardnow, $formeditable);
196 } else {
197 $mform = $qtypeobj->create_editing_form('question.php', $question, $category, $contexts, $formeditable);
198 }
199 $toform = fullclone($question); // send the question object and a few more parameters to the form
200 $toform->category = "$category->id,$category->contextid";
201 $toform->scrollpos = $scrollpos;
202 if ($formeditable && $id){
203 $toform->categorymoveto = $toform->category;
204 }
205
206 $toform->appendqnumstring = $appendqnumstring;
207 $toform->returnurl = $originalreturnurl;
208 $toform->movecontext = $movecontext;
209 if ($cm !== null){
210 $toform->cmid = $cm->id;
211 $toform->courseid = $cm->course;
212 } else {
213 $toform->courseid = $COURSE->id;
214 }
215
216 $toform->inpopup = $inpopup;
217
218 $mform->set_data($toform);
219
220 if ($mform->is_cancelled()) {
221 if ($inpopup) {
222 close_window();
223 } else {
224 redirect($returnurl);
225 }
226
227 } else if ($fromform = $mform->get_data()) {
228 /// If we are saving as a copy, break the connection to the old question.
229 if (!empty($fromform->makecopy)) {
230 $question->id = 0;
231 $question->hidden = 0; // Copies should not be hidden
232 }
233
234 /// Process the combination of usecurrentcat, categorymoveto and category form
235 /// fields, so the save_question method only has to consider $fromform->category
236 if (!empty($fromform->usecurrentcat)) {
237 // $fromform->category is the right category to save in.
238 } else {
239 if (!empty($fromform->categorymoveto)) {
240 $fromform->category = $fromform->categorymoveto;
241 } else {
242 // $fromform->category is the right category to save in.
243 }
244 }
245
246 /// If we are moving a question, check we have permission to move it from
247 /// whence it came. (Where we are moving to is validated by the form.)
248 list($newcatid) = explode(',', $fromform->category);
249 if (!empty($question->id) && $newcatid != $question->category) {
250 question_require_capability_on($question, 'move');
251 }
252
253 // Ensure we redirect back to the category the question is being saved into.
254 $returnurl->param('category', $fromform->category);
255
256 if ($movecontext) {
257 // We are just moving the question to a different context.
258 list($tocatid, $tocontextid) = explode(',', $fromform->categorymoveto);
259 require_capability('moodle/question:add', get_context_instance_by_id($tocontextid));
260 question_move_questions_to_category(array($question->id), $tocatid);
261
262 } else {
263 // We are acutally saving the question.
264 $question = $qtypeobj->save_question($question, $fromform);
265 if (!empty($CFG->usetags) && isset($fromform->tags)) {
266 // A wizardpage from multipe pages questiontype like calculated may not
267 // allow editing the question tags, hence the isset($fromform->tags) test.
268 require_once($CFG->dirroot.'/tag/lib.php');
269 tag_set('question', $question->id, $fromform->tags);
270 }
271 }
272
273 if (($qtypeobj->finished_edit_wizard($fromform)) || $movecontext) {
274 if ($inpopup) {
275 echo $OUTPUT->notification(get_string('changessaved'), '');
276 close_window(3);
277 } else {
278 $returnurl->param('lastchanged', $question->id);
279 if ($appendqnumstring) {
280 $returnurl->param($appendqnumstring, $question->id);
281 $returnurl->param('sesskey', sesskey());
282 $returnurl->param('cmid', $cmid);
283 }
284 redirect($returnurl);
285 }
286
287 } else {
288 $nexturlparams = array(
289 'returnurl' => $originalreturnurl,
290 'appendqnumstring' => $appendqnumstring,
291 'scrollpos' => $scrollpos);
292 if (isset($fromform->nextpageparam) && is_array($fromform->nextpageparam)){
293 //useful for passing data to the next page which is not saved in the database.
294 $nexturlparams += $fromform->nextpageparam;
295 }
296 $nexturlparams['id'] = $question->id;
297 $nexturlparams['wizardnow'] = $fromform->wizard;
298 $nexturl = new moodle_url('/question/question.php', $nexturlparams);
299 if ($cmid){
300 $nexturl->param('cmid', $cmid);
301 } else {
302 $nexturl->param('courseid', $COURSE->id);
303 }
304 redirect($nexturl);
305 }
306
307 } else {
308 $streditingquestion = $qtypeobj->get_heading();
309 $PAGE->set_title($streditingquestion);
310 $PAGE->set_heading($COURSE->fullname);
311 if ($cm !== null) {
312 $strmodule = get_string('modulename', $cm->modname);
313 $streditingmodule = get_string('editinga', 'moodle', $strmodule);
314 $PAGE->navbar->add(get_string('modulenameplural', $cm->modname), new moodle_url('/mod/'.$cm->modname.'/index.php', array('id'=>$cm->course)));
315 $PAGE->navbar->add(format_string($module->name), new moodle_url('/mod/'.$cm->modname.'/view.php', array('id'=>$cm->id)));
316 if (stripos($returnurl, "$CFG->wwwroot/mod/{$cm->modname}/view.php")!== 0){
317 //don't need this link if returnurl returns to view.php
318 $PAGE->navbar->add($streditingmodule, $returnurl);
319 }
320 $PAGE->navbar->add($streditingquestion);
321 echo $OUTPUT->header();
322
323 } else {
324 $strediting = '<a href="edit.php?courseid='.$COURSE->id.'">'.get_string('editquestions', 'question').'</a> -> '.$streditingquestion;
325 $PAGE->navbar->add(get_string('editquestions', 'question'), $returnurl);
326 $PAGE->navbar->add($streditingquestion);
327 echo $OUTPUT->header();
328 }
329
330 // Display a heading, question editing form and possibly some extra content needed for
331 // for this question type.
332 $qtypeobj->display_question_editing_page($mform, $question, $wizardnow);
333 echo $OUTPUT->footer();
334 }
Read-only mirror of the Moodle CVS