diff options
| -rwxr-xr-x | GradeBook.tcl | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/GradeBook.tcl b/GradeBook.tcl index 950c922..34c04fb 100755 --- a/GradeBook.tcl +++ b/GradeBook.tcl @@ -124,8 +124,9 @@ proc htmlDBout {db permission_list user {sort_col {}}} { puts {<div class="gradestable">} set show_header 1 - # show the table with grades + # get names of all columns set column_list [getColListFromTable GradesTable] + # set hidden column list switch $permission(GroupName) { instructor { set hidden_columns {} } ta { set hidden_columns [list UserName PasswordHash GroupName] } @@ -138,8 +139,16 @@ proc htmlDBout {db permission_list user {sort_col {}}} { set column_list [removeElementFromList $col $column_list] } set sql_column_str [colList2sqlColStr $column_list] - # get all allowed columns - set eval_str [concat SELECT $sql_column_str FROM GradesTable ORDER BY $sort_col] + # set users of what group user can see, i.e. set WHERE statement + switch $permission(GroupName) { + instructor { set where_statement {} } + ta { set where_statement "WHERE GroupName=\"student\"" } + student { set where_statement "WHERE UserName=\"$user\"" } + guest { dbg "Guest must not be allowed to set table view port. Aborting. This line is never executed" 0; exit } + default { dbg "Default must not be allowed to set table view port. Aborting. This line is never executed." 0; exit } + } + # get all allowed columns and rows + set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY $sort_col] set err [catch { db eval $eval_str v { if { $show_header } { @@ -186,7 +195,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} { if { $err } { dbg "we should never be here if $sortCol exist in the table" 1 dbg $errStat 1 - + htmlErrorMsg $errStat } puts "</table>" puts {</div>} |