} if (($emarking->type == EMARKING_TYPE_MARKER_TRAINING || $emarking->type == EMARKING_TYPE_PEER_REVIEW) && ($draft->teacher != $USER->id || $ownsubmission)) { if ($issupervisor || $ownsubmission || $draft->teacher != $USER->id && $usercangrade) { $readonly = true; } else { $item = array('context' => $context, 'objectid' => $draft->id); // Add to Moodle log so some auditing can be done. \mod_emarking\event\unauthorizedajax_attempted::create($item)->trigger(); emarking_json_error('Unauthorized access!'); } } // Validate grading capability and stop and log unauthorized access. if (!$usercangrade && !$ownsubmission && !has_capability('mod/emarking:submit', $context)) { $item = array('context' => $context, 'objectid' => $draft->id); // Add to Moodle log so some auditing can be done. \mod_emarking\event\unauthorizedajax_attempted::create($item)->trigger(); emarking_json_error('Unauthorized access!'); } // Ping action for fast validation of user logged in and communication with server. if ($action === 'ping') { include '../version.php'; // Start with a default Node JS path, and get the configuration one if any. $nodejspath = 'http://127.0.0.1:9091'; if (isset($CFG->emarking_nodejspath)) { $nodejspath = $CFG->emarking_nodejspath; } emarking_json_array(array('user' => $USER->id, 'student' => $userid, 'username' => $USER->firstname . ' ' . $USER->lastname, 'realUsername' => $USER->username, 'groupID' => $emarking->id, 'sesskey' => $USER->sesskey, 'adminemail' => $CFG->supportemail, 'cm' => $cm->id, 'studentanonymous' => $studentanonymous ? 'true' : 'false', 'markeranonymous' => $markeranonymous ? 'true' : 'false', 'readonly' => $readonly, 'supervisor' => $issupervisor, 'markingtype' => $emarking->type, 'totalTests' => $totaltest, 'inProgressTests' => $inprogesstest, 'publishedTests' => $publishtest, 'heartbeat' => $emarking->heartbeatenabled, 'linkrubric' => $linkrubric, 'collaborativefeatures' => $emarking->collaborativefeatures, 'coursemodule' => $cm->id, 'nodejspath' => $nodejspath, 'motives' => emarking_get_regrade_motives(), 'keywords' => $emarking->keywords, 'version' => $plugin->version)); } $url = new moodle_url('/mod/emarking/ajax/a.php', array('ids' => $ids, 'action' => $action, 'pageno' => $pageno)); // Switch according to action. switch ($action) {
/** * Checks the requesto for regrade permission and logs unauthorized access * * @param unknown $readonly * @param unknown $cm */ function emarking_check_add_regrade_permission($ownsubmission, $draft, $context) { // Checks and logs attempt if we are within an grading action. if (!$ownsubmission) { $item = array('context' => $context, 'objectid' => $draft->id); // Add to Moodle log so some auditing can be done. \mod_emarking\event\unauthorizedajax_attempted::create($item)->trigger(); emarking_json_error('Unauthorized access!'); } }