Issue #2487756 by captainack, djdevin: Quiz creators cannot view results for own quizzes

Author: devin

includes/QuizResultAnswerController.class.inc

@@ -65,7 +65,9 @@ class QuizResultAnswerController extends EntityAPIController {
       $class = 'q-waiting';
     }
 
-    if ($instance->canReview('score') || quiz_access_to_score()) {
+    $quiz_result = quiz_result_load($entity->result_id);
+
+    if ($instance->canReview('score') || quiz_access_to_score($quiz_result)) {
       $out['score']['#title'] = '';
       $out['score']['#markup'] = theme('quiz_question_score', array('score' => $score, 'max_score' => $instance->getMaxScore(), 'class' => $class));
     }
@@ -79,7 +81,6 @@ class QuizResultAnswerController extends EntityAPIController {
     if ($instance->canReview('question_feedback')) {
       if ($properties = entity_load('quiz_question', FALSE, array('nid' => $instance->quizQuestion->node->nid, 'vid' => $instance->quizQuestion->node->vid))) {
         $quiz_question = reset($properties);
-        $quiz_result = quiz_result_load($entity->result_id);
         $account = user_load($quiz_result->uid);
         $token_types = array(
           'global' => NULL,

question_types/quiz_question/quiz_question.core.inc

@@ -718,7 +718,10 @@ abstract class QuizQuestionResponse {
       '#type' => 'value',
       '#value' => $this->display_number,
     );
-    if (quiz_access_to_score()) {
+
+    $quiz_result = quiz_result_load($this->result_id);
+
+    if (quiz_access_to_score($quiz_result)) {
 
       if ($submit = $this->getReportFormSubmit()) {
         $form['score'] = $this->getReportFormScore();

quiz.info

@@ -29,6 +29,7 @@ files[] = includes/QuizResultMetadataController.class.inc
 files[] = includes/views/handlers/quiz_views_handler_filter_quiz_question.inc
 files[] = includes/views/handlers/quiz_views_handler_filter_quiz_question_type.inc
 files[] = includes/views/handlers/quiz_views_handler_field_quiz_question_result_answer.inc
+files[] = tests/QuizAccessTestCase.test
 files[] = tests/QuizCreationTestCase.test
 files[] = tests/QuizFeedbackTestCase.test
 files[] = tests/QuizGradingTestCase.test

quiz.module

@@ -240,7 +240,7 @@ function quiz_access_my_result($result_id) {
   if ($quiz_result = quiz_result_load($result_id)) {
     $node = node_load($quiz_result->nid, $quiz_result->vid);
 
-    if (quiz_access_to_score($node->uid) || ($quiz_result->time_end > 0 && $quiz_result->uid == $user->uid)) {
+    if (quiz_access_to_score($quiz_result) || ($quiz_result->time_end > 0 && $quiz_result->uid == $user->uid)) {
       return TRUE;
     }
   }
@@ -254,18 +254,17 @@ function quiz_access_my_result($result_id) {
  * @param $quiz_creator
  *   uid of the quiz creator.
  */
-function quiz_access_to_score($quiz_creator = NULL) {
+function quiz_access_to_score(QuizResult $quiz_result) {
   global $user;
-  if ($quiz_creator == NULL && ($quiz = quiz_get_quiz_from_menu())) {
-    $quiz_creator = $quiz->uid;
-  }
-  if (user_access('score any quiz')) {
+  $quiz = node_load($quiz_result->nid);
+
+  if (user_access('score own quiz') && $quiz->uid == $user->uid) {
     return TRUE;
   }
-  if (user_access('score own quiz') && $user->uid == $quiz_creator) {
+  if (user_access('score any quiz')) {
     return TRUE;
   }
-  if (user_access('score taken quiz answer')) {
+  if (user_access('score taken quiz answer') && $quiz_result->uid == $user->uid) {
     return TRUE;
   }
 }
@@ -3067,22 +3066,6 @@ function _quiz_get_quiz_name() {
   return t(variable_get('quiz_name', 'Quiz'));
 }
 
-/**
- * Retrieves the quiz node from the menu router.
- *
- * @return
- *   Quiz node, if found, or FALSE if quiz node can't be retrieved from the menu
- *   router.
- */
-function quiz_get_quiz_from_menu() {
-  if ($to_return = menu_get_object('quiz_type_access', 4)) {
-    return $to_return;
-  }
-  //TODO: FIX it. This seems to return NULL in feedback page.
-  $node = menu_get_object();
-  return (is_object($node) && $node->type == 'quiz') ? $node : FALSE;
-}
-
 /**
  * Finds out if a quiz has been answered or not.
  *

tests/QuizAccessTestCase.test

@@ -0,0 +1,85 @@
+<?php
+
+/**
+ * @file
+ * Unit tests for the quiz question Module.
+ */
+
+/**
+ * Test aspects of quiz access and permissions.
+ */
+class QuizAccessTestCase extends QuizTestCase {
+
+  function setUp($modules = array(), $admin_permissions = array(), $user_permissions = array()) {
+    $modules[] = 'short_answer';
+    parent::setUp($modules, $admin_permissions, $user_permissions);
+  }
+
+  public static function getInfo() {
+    return array(
+      'name' => t('Quiz access'),
+      'description' => t('Unit test for Quiz access.'),
+      'group' => t('Quiz'),
+    );
+  }
+
+  /**
+   * Test quiz authors being able to score results for own quiz.
+   */
+  public function testQuizOwnerResultEdit() {
+    $grader = $this->drupalCreateUser(array('score own quiz', 'view results for own quiz'));
+
+    $question_node = $this->drupalCreateNode(array(
+      'type' => 'short_answer',
+      'title' => 'SA 1 title',
+      'correct_answer_evaluation' => ShortAnswerQuestion::ANSWER_MANUAL,
+      'correct_answer' => 'blue',
+      'body' => array(LANGUAGE_NONE => array(array('value' => 'SA 1 body text'))),
+    ));
+    $quiz_node = $this->drupalCreateQuiz(array('uid' => $grader->uid));
+    $this->linkQuestionToQuiz($question_node, $quiz_node);
+
+    $this->drupalLogin($this->user);
+    $this->drupalGet("node/$quiz_node->nid/take");
+    $this->drupalPost(NULL, array(
+      "question[$question_node->nid][answer]" => 'bluish',
+      ), t('Finish'));
+
+    // Score.
+    $this->drupalLogin($grader);
+    $this->drupalGet("node/$quiz_node->nid/quiz/results/1/view");
+    $this->drupalPost(NULL, array(
+      'question[0][score]' => 5,
+      ), t('Save score'));
+  }
+
+  /**
+   * Test quiz takers being able to grade their own results.
+   */
+  public function testQuizTakerAnswerScore() {
+    $question_node = $this->drupalCreateNode(array(
+      'type' => 'short_answer',
+      'title' => 'SA 1 title',
+      'correct_answer_evaluation' => ShortAnswerQuestion::ANSWER_MANUAL,
+      'correct_answer' => 'blue',
+      'correct_answer' => 1,
+      'body' => array(LANGUAGE_NONE => array(array('value' => 'SA 1 body text'))),
+    ));
+    $quiz_node = $this->linkQuestionToQuiz($question_node);
+
+
+    $grader = $this->drupalCreateUser(array('score taken quiz answer', 'view own quiz results'));
+    $this->drupalLogin($grader);
+    $this->drupalGet("node/$quiz_node->nid/take");
+    $this->drupalPost(NULL, array(
+      "question[$question_node->nid][answer]" => 'bluish',
+      ), t('Finish'));
+
+    // Score.
+    $this->drupalGet("node/$quiz_node->nid/quiz/results/1/view");
+    $this->drupalPost(NULL, array(
+      'question[0][score]' => 5,
+      ), t('Save score'));
+  }
+
+}