Changeset 025352e in iPeer


Ignore:
Timestamp:
2013-01-03T16:08:42-08:00 (6 years ago)
Author:
Compass <pan.luo@…>
Branches:
3.1.x, dev, hotfix, master, pagodabox, ticket463
Children:
b55ce54
Parents:
4141a27
Message:

Fix #452, invalid id passed to action for simple eval

Location:
app
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • app/controllers/evaluations_controller.php

    r4141a27 r025352e  
    13301330        }
    13311331
    1332         $tok = strtok($param, ';');
    1333         $eventId = $tok;
    1334         $groupId =  strtok(';');
    1335         $evaluateeId =  strtok(';');
    1336         $groupEventId = strtok(';');
    1337         $releaseStatus = strtok(';');
    1338 
    1339         $courseId = $this->Event->getCourseByEventId($eventId);
    1340 
    1341         $course = $this->Course->getAccessibleCourseById($courseId, User::get('id'), User::getCourseFilterPermission());
    1342         if (!$course) {
    1343             $this->Session->setFlash(__('Error: Course does not exist or you do not have permission to view this course.', true));
    1344             $this->redirect('index');
    1345         }
    1346 
    13471332        $this->autoRender = false;
    13481333        if ($param !=null) {
     
    13531338        }
    13541339
    1355         $this->Event->id = $eventId;
    1356         $event = $this->Event->read();
    1357 
     1340        // Check whether the event exists or user has permission to access it
     1341        if (!($event = $this->Event->getAccessibleEventById($eventId, User::get('id'), User::getCourseFilterPermission(), array()))) {
     1342            $this->Session->setFlash(__('Error: That event does not exist or you dont have access to it', true));
     1343            $this->redirect('index');
     1344            return;
     1345        }
    13581346
    13591347        switch ($event['Event']['event_template_type_id']) {
  • app/views/evaluations/view_simple_evaluation_results.ctp

    r4141a27 r025352e  
    291291    $user = $row['User'];
    292292    echo '<h3>Evaluator: '.$user['full_name'].'</h3>';
    293     $headers = array(__('Evaluatee', true), __('Comment', true),
    294         __('Released', true));
     293    $headers = array(
     294        __('Evaluatee', true),
     295        __('Comment', true),
     296        __('Released', true)
     297    );
    295298    echo "<table class='standardtable'>";
    296299    echo $html->tableHeaders($headers);
    297300    $comments = array();
    298301    $i = 0;
    299     foreach($evalResult[$user['id']] AS $row ) {
     302    foreach ($evalResult[$user['id']] as $row) {
    300303        // We need to skip self-evaluation results
    301304        if (($groupMembersNoTutors[$i]['User']['id']==$user['id']) && (!$event['Event']['self_eval'])) {
     
    307310        echo '<tr>';
    308311        if (isset($evalMark)) {
    309             echo '<td>'.$evaluatee['full_name'].'</td>';
     312            echo '<td width="15%">'.$evaluatee['full_name'].'</td>';
    310313            echo '<td>';
    311314            echo (isset($evalMark['comment']))? $evalMark['comment'] : __('No Comments', true);
    312315            echo '</td>' ;
    313             if ($evalMark['release_status'] == 1) { // made explicit comparison with 1
    314                 echo '<td>' . '<input type="checkbox" name="release' .  $evalMark['evaluator']  . '[]" value="' . $evalMark['evaluatee'] . '" checked />';
    315             } else {
    316                 echo '<td>' . '<input type="checkbox" name="release' .  $evalMark['evaluator']  . '[]" value="' . $evalMark['evaluatee'] . '" />';
    317             }
     316            $checked = $evalMark['release_status'] == 1 ? 'checked' : '';
     317            // made explicit comparison with 1
     318            echo '<td width="5%">' . '<input type="checkbox" name="release' .  $evalMark['evaluator']  . '[]" value="' . $evalMark['evaluatee'] . '" '.$checked.'/>';
    318319            echo '<input type="hidden" name="evaluator_ids[]" value="' .  $evalMark['evaluator']  . '" /></td>';
    319320        } else {
     
    328329<input type="hidden" name="event_id" value="<?php echo $event['Event']['id']?>" />
    329330<input type="hidden" name="group_id" value="<?php echo $event['Group']['id']?>" />
    330 <input type="hidden" name="course_id" value="<?php echo $event['Event']['course_id']?>" />
    331331<input type="hidden" name="group_event_id" value="<?php echo $event['GroupEvent']['id']?>" />
    332332<input type="submit" name="submit" value="<?php __('Save Changes')?>" />
Note: See TracChangeset for help on using the changeset viewer.