From 2bd0b38f8a8ddcda8de271d250ab3952c1cbaa25 Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Thu, 13 Jun 2019 11:11:49 +0200
Subject: [PATCH] OO-4094: restrict access to change log for assessed users

---
 .../nodes/gta/ui/GTAAbstractController.java   |  4 +--
 .../gta/ui/GTAParticipantController.java      | 32 +++++++++++++++----
 .../gta/ui/GroupAssessmentController.java     |  2 +-
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/olat/course/nodes/gta/ui/GTAAbstractController.java b/src/main/java/org/olat/course/nodes/gta/ui/GTAAbstractController.java
index dfd7214e879..9bcf898dff0 100644
--- a/src/main/java/org/olat/course/nodes/gta/ui/GTAAbstractController.java
+++ b/src/main/java/org/olat/course/nodes/gta/ui/GTAAbstractController.java
@@ -250,7 +250,7 @@ public abstract class GTAAbstractController extends BasicController implements G
 		
 		resetTask(ureq, task);
 		
-		nodeLog();
+		nodeLog(task);
 		collapsedContents(task);
 	}
 	
@@ -460,7 +460,7 @@ public abstract class GTAAbstractController extends BasicController implements G
 		return assignedTask;
 	}
 	
-	protected void nodeLog() {
+	protected void nodeLog(@SuppressWarnings("unused") Task assignedTask) {
 		if(businessGroupTask) {
 			String groupLog = courseEnv.getAuditManager().getUserNodeLog(gtaNode, assessedGroup);
 			if(StringHelper.containsNonWhitespace(groupLog)) {
diff --git a/src/main/java/org/olat/course/nodes/gta/ui/GTAParticipantController.java b/src/main/java/org/olat/course/nodes/gta/ui/GTAParticipantController.java
index 42c2b4ead8f..c8c56fd0605 100644
--- a/src/main/java/org/olat/course/nodes/gta/ui/GTAParticipantController.java
+++ b/src/main/java/org/olat/course/nodes/gta/ui/GTAParticipantController.java
@@ -67,6 +67,7 @@ import org.olat.course.nodes.gta.model.TaskDefinition;
 import org.olat.course.nodes.gta.ui.events.SubmitEvent;
 import org.olat.course.nodes.gta.ui.events.TaskMultiUserEvent;
 import org.olat.course.nodes.ms.MSCourseNodeRunController;
+import org.olat.course.run.scoring.AssessmentEvaluation;
 import org.olat.course.run.userview.UserCourseEnvironment;
 import org.olat.group.BusinessGroup;
 import org.olat.modules.assessment.Role;
@@ -696,17 +697,34 @@ public class GTAParticipantController extends GTAAbstractController implements A
 	}
 
 	@Override
-	protected void nodeLog() {
-		if(businessGroupTask) {
-			String userLog = courseEnv.getAuditManager().getUserNodeLog(gtaNode, getIdentity());
-			if(StringHelper.containsNonWhitespace(userLog)) {
-				mainVC.contextPut("userLog", userLog);
+	protected void nodeLog(Task assignedTask) {
+		if(isResultVisible(assignedTask)) {
+			if(businessGroupTask) {
+				String userLog = courseEnv.getAuditManager().getUserNodeLog(gtaNode, getIdentity());
+				if(StringHelper.containsNonWhitespace(userLog)) {
+					mainVC.contextPut("userLog", userLog);
+				} else {
+					mainVC.contextRemove("userLog");
+				}
 			} else {
-				mainVC.contextRemove("userLog");
+				super.nodeLog(assignedTask);
+			}
+		} else {
+			mainVC.contextRemove("userLog");
+		}
+	}
+	
+	private boolean isResultVisible(Task assignedTask) {
+		boolean isVisible = false;
+		if(config.getBooleanSafe(GTACourseNode.GTASK_GRADING)) {
+			if (assignedTask != null && (assignedTask.getTaskStatus() == TaskProcess.grading || assignedTask.getTaskStatus() == TaskProcess.graded)) {
+				AssessmentEvaluation eval = gtaNode.getUserScoreEvaluation(getAssessedUserCourseEnvironment());
+				isVisible = eval.getUserVisible() == null || eval.getUserVisible().booleanValue();
 			}
 		} else {
-			super.nodeLog();
+			isVisible = true;
 		}
+		return isVisible;
 	}
 
 	private TaskDefinition getTaskDefinition(Task task) {
diff --git a/src/main/java/org/olat/course/nodes/gta/ui/GroupAssessmentController.java b/src/main/java/org/olat/course/nodes/gta/ui/GroupAssessmentController.java
index f06428c9fdf..2f46d0611d6 100644
--- a/src/main/java/org/olat/course/nodes/gta/ui/GroupAssessmentController.java
+++ b/src/main/java/org/olat/course/nodes/gta/ui/GroupAssessmentController.java
@@ -382,7 +382,7 @@ public class GroupAssessmentController extends FormBasicController {
 				}
 			}
 			
-			if(withScore || withPassed || withPassed) {
+			if(withScore || withPassed) {
 				Boolean userVisible = scoreEval.getUserVisible();
 				if(userVisible == null) {
 					userVisible = Boolean.TRUE;
-- 
GitLab