@@ -47,17 +47,22 @@ sub putUserProblem {
4747 my $userProblem = $db -> getUserProblem($params -> {user_id }, $params -> {set_id }, $params -> {problem_id });
4848 if (!$userProblem ) { return { text => ' User problem not found.' }; }
4949
50- for (
51- ' source_file' , ' value' , ' max_attempts' , ' showMeAnother' ,
52- ' showMeAnotherCount' , ' prPeriod' , ' prCount' , ' problem_seed' ,
53- ' status' , ' attempted' , ' last_answer' , ' num_correct' ,
54- ' num_incorrect' , ' att_to_open_children' , ' counts_parent_grade' , ' sub_status' ,
55- ' flags'
56- )
57- {
58- $userProblem -> {$_ } = $params -> {$_ } if defined ($params -> {$_ });
50+ if ($self -> c-> authz-> hasPermissions($self -> authen-> {user_id }, ' modify_student_data' )) {
51+ for (
52+ ' source_file' , ' value' , ' max_attempts' , ' showMeAnother' ,
53+ ' showMeAnotherCount' , ' prPeriod' , ' prCount' , ' problem_seed' ,
54+ ' attempted' , ' last_answer' , ' num_correct' , ' num_incorrect' ,
55+ ' att_to_open_children' , ' counts_parent_grade' , ' sub_status' , ' flags'
56+ )
57+ {
58+ $userProblem -> {$_ } = $params -> {$_ } if defined $params -> {$_ };
59+ }
5960 }
6061
62+ # The status is the only thing that users with the problem_grader permission can change.
63+ # This method can not be called without the problem_grader permission.
64+ $userProblem -> {status } = $params -> {status } if defined $params -> {status };
65+
6166 # Remove the needs_grading flag if the mark_graded parameter is set.
6267 $userProblem -> {flags } =~ s / :needs_grading$// if $params -> {mark_graded };
6368
@@ -81,17 +86,22 @@ sub putProblemVersion {
8186 $db -> getProblemVersion($params -> {user_id }, $params -> {set_id }, $params -> {version_id }, $params -> {problem_id });
8287 if (!$problemVersion ) { return { text => ' Problem version not found.' }; }
8388
84- for (
85- ' source_file' , ' value' , ' max_attempts' , ' showMeAnother' ,
86- ' showMeAnotherCount' , ' prPeriod' , ' prCount' , ' problem_seed' ,
87- ' status' , ' attempted' , ' last_answer' , ' num_correct' ,
88- ' num_incorrect' , ' att_to_open_children' , ' counts_parent_grade' , ' sub_status' ,
89- ' flags'
90- )
91- {
92- $problemVersion -> {$_ } = $params -> {$_ } if defined ($params -> {$_ });
89+ if ($self -> c-> authz-> hasPermissions($self -> authen-> {user_id }, ' modify_student_data' )) {
90+ for (
91+ ' source_file' , ' value' , ' max_attempts' , ' showMeAnother' ,
92+ ' showMeAnotherCount' , ' prPeriod' , ' prCount' , ' problem_seed' ,
93+ ' attempted' , ' last_answer' , ' num_correct' , ' num_incorrect' ,
94+ ' att_to_open_children' , ' counts_parent_grade' , ' sub_status' , ' flags'
95+ )
96+ {
97+ $problemVersion -> {$_ } = $params -> {$_ } if defined ($params -> {$_ });
98+ }
9399 }
94100
101+ # The status is the only thing that users with the problem_grader permission can change.
102+ # This method can not be called without the problem_grader permission.
103+ $problemVersion -> {status } = $params -> {status } if defined $params -> {status };
104+
95105 # Remove the needs_grading flag if the mark_graded parameter is set.
96106 $problemVersion -> {flags } =~ s / :needs_grading$// if $params -> {mark_graded };
97107
@@ -116,14 +126,20 @@ sub putPastAnswer {
116126
117127 $pastAnswer -> {user_id } = $params -> {user_id } if $params -> {user_id };
118128
119- for (
120- ' set_id' , ' problem_id' , ' source_file' , ' timestamp' ,
121- ' scores' , ' answer_string' , ' comment_string' , ' problem_seed'
122- )
123- {
124- $pastAnswer -> {$_ } = $params -> {$_ } if defined ($params -> {$_ });
129+ if ($self -> c-> authz-> hasPermissions($self -> authen-> {user_id }, ' modify_student_data' )) {
130+ for (
131+ ' set_id' , ' problem_id' , ' source_file' , ' timestamp' ,
132+ ' scores' , ' answer_string' , ' comment_string' , ' problem_seed'
133+ )
134+ {
135+ $pastAnswer -> {$_ } = $params -> {$_ } if defined ($params -> {$_ });
136+ }
125137 }
126138
139+ # The comment_string is the only thing that users with the problem_grader permission can change.
140+ # This method can not be called without the problem_grader permission.
141+ $pastAnswer -> {comment_string } = $params -> {comment_string } if defined $params -> {comment_string };
142+
127143 eval { $db -> putPastAnswer($pastAnswer ) };
128144 if ($@ ) { return { text => " putPastAnswer $@ " }; }
129145
0 commit comments