Lesson results privacy

major
Mon, 12/08/2014 - 10:46
Forums
Developing Opigno
Hi, I just noticed that you are able to see anyone lesson results even if you are not logged in, if you just write the precise url address to the result-page. For example: http://dev.opigno.org/node/13/results/1098 Is this working as designed? Of course it's not showing who has taken the lesson but I feel that it's too exposed at the moment...
Profile picture for user James Aparicio
James Aparicio
Mon, 12/08/2014 - 12:49

Hi major,

Hi major,

Thank you very much for finding this issue, we had not notice it, it is a typo on our part

Inside the og_quiz_module, just substitute    $items['node/%node/results/%quiz_rid']['access callback'] = 'og_quiz_get_user_results';  by  $items['node/%node/results/%quiz_rid']['access callback'] = 'og_quiz_access_results'; I will create a major issue for this. Will be included in our next version (coming out later this week or next week) 
major

In reply to by James Aparicio

Fri, 12/12/2014 - 09:39

Hi,

Hi, thanks for the update, it fixed the issue, but now I'm facing another one. I have this custom page where users can see their lessons and they are also able to see results of these lessons. After this update they just get access denied page... Is it possible to allow the quiz taker to see their own result pages? I already tried to change this OG-permission: View own quiz results Quiz takers can view their own results, also when quiz is not passed. But it didn't do the trick. Any suggestions?
Profile picture for user James Aparicio
James Aparicio
Fri, 12/12/2014 - 10:21

Hi Major,

Hi Major,

You are talking about the user/quiz/%/userresults?

Can you check that % is a valid result? (If the % exists in the table node_quiz_results as result_id)

If it is, do you mind checking if the quiz has been finished? and try accessing the result of a quiz that has been finished?

I suspect the access denied is for quizes that the user has not finished.

Best regards

 

major
Fri, 12/12/2014 - 12:25

Hi,

Hi, thx! I got it fixed, my view was linking the users to wrong page: /node/[nid]/results/[result_id] instead of user/quiz/%/userresults