From 2a9cb2f57e406dc98195638f8b5fc86fbad4bc47 Mon Sep 17 00:00:00 2001 From: Andrew Nicols Date: Mon, 3 Nov 2014 10:42:13 +0800 Subject: [PATCH] MDL-48029 mod_forum: Check for subscription before enrolling --- mod/forum/discuss.php | 4 +++- mod/forum/lang/en/forum.php | 1 + mod/forum/lib.php | 6 ++++-- mod/forum/subscribe_ajax.php | 6 ++++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/mod/forum/discuss.php b/mod/forum/discuss.php index 000f445..f2ab11b 100644 --- a/mod/forum/discuss.php +++ b/mod/forum/discuss.php @@ -238,7 +238,9 @@ echo $OUTPUT->heading(format_string($forum->name), 2); echo $OUTPUT->heading(format_string($discussion->name), 3, 'discussionname'); - if ((!isguestuser() && isloggedin()) && has_capability('mod/forum:viewdiscussion', $modcontext)) { + // is_guest should be used here as this also checks whether the user is a guest in the current course. + // Guests and visitors cannot subscribe - only enrolled users. + if ((!is_guest($modcontext, $USER) && isloggedin()) && has_capability('mod/forum:viewdiscussion', $modcontext)) { // Discussion subscription. if (\mod_forum\subscriptions::is_subscribable($forum)) { echo html_writer::div( diff --git a/mod/forum/lang/en/forum.php b/mod/forum/lang/en/forum.php index e8192f1..f3ac084 100644 --- a/mod/forum/lang/en/forum.php +++ b/mod/forum/lang/en/forum.php @@ -331,6 +331,7 @@ $string['nodiscussions'] = 'There are no discussion topics yet in this forum'; $string['nodiscussionsstartedby'] = '{$a} has not started any discussions'; $string['nodiscussionsstartedbyyou'] = 'You haven\'t started any discussions yet'; $string['noguestpost'] = 'Sorry, guests are not allowed to post.'; +$string['noguestsubscribe'] = 'Sorry, guests are not allowed to subscribe.'; $string['noguesttracking'] = 'Sorry, guests are not allowed to set tracking options.'; $string['nomorepostscontaining'] = 'No more posts containing \'{$a}\' were found'; $string['nonews'] = 'No news has been posted yet'; diff --git a/mod/forum/lib.php b/mod/forum/lib.php index 3788ac5..9257f70 100644 --- a/mod/forum/lib.php +++ b/mod/forum/lib.php @@ -3755,7 +3755,9 @@ function forum_print_discussion_header(&$post, $forum, $group=-1, $datestring="" userdate($usedate, $datestring).''; echo "\n"; - if ((!isguestuser() && isloggedin()) && has_capability('mod/forum:viewdiscussion', $modcontext)) { + // is_guest should be used here as this also checks whether the user is a guest in the current course. + // Guests and visitors cannot subscribe - only enrolled users. + if ((!is_guest($modcontext, $USER) && isloggedin()) && has_capability('mod/forum:viewdiscussion', $modcontext)) { // Discussion subscription. if (\mod_forum\subscriptions::is_subscribable($forum)) { echo ''; @@ -5380,7 +5382,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $ } } echo ''.get_string('lastpost', 'forum').''; - if (has_capability('mod/forum:viewdiscussion', $context)) { + if ((!is_guest($context, $USER) && isloggedin()) && has_capability('mod/forum:viewdiscussion', $context)) { if (\mod_forum\subscriptions::is_subscribable($forum)) { echo ' '; } diff --git a/mod/forum/subscribe_ajax.php b/mod/forum/subscribe_ajax.php index 666abb1..fe7b43e 100644 --- a/mod/forum/subscribe_ajax.php +++ b/mod/forum/subscribe_ajax.php @@ -42,6 +42,12 @@ require_capability('mod/forum:viewdiscussion', $context); $return = new stdClass(); +if (is_guest($context, $USER)) { + // is_guest should be used here as this also checks whether the user is a guest in the current course. + // Guests and visitors cannot subscribe - only enrolled users. + throw new moodle_exception('noguestsubscribe', 'mod_forum'); +} + if (!\mod_forum\subscriptions::is_subscribable($forum)) { // Nothing to do. We won't actually output any content here though. echo json_encode($return); -- 2.1.2