1 files changed, 13 insertions, 4 deletions

diff --git a/GradeBook.tcl b/GradeBook.tcl
index 950c922..34c04fb 100755
--- a/GradeBook.tcl
+++ b/GradeBook.tcl
@@ -124,8 +124,9 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 
 	puts  {<div class="gradestable">}
 	set show_header 1
-	# show the table with grades
+	# get names of all columns
 	set column_list [getColListFromTable GradesTable]
+	# set hidden column list
 	switch $permission(GroupName) {
 		instructor { set hidden_columns {} }
 		ta         { set hidden_columns [list UserName PasswordHash GroupName] }
@@ -138,8 +139,16 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 		set column_list [removeElementFromList $col $column_list]
 	}
 	set sql_column_str [colList2sqlColStr $column_list]
-	# get all allowed columns
-	set eval_str [concat SELECT $sql_column_str FROM GradesTable ORDER BY $sort_col]
+	# set users of what group user can see, i.e. set WHERE statement
+	switch $permission(GroupName) {
+		instructor { set where_statement {} }
+		ta         { set where_statement "WHERE GroupName=\"student\"" }
+		student    { set where_statement "WHERE UserName=\"$user\"" }
+		guest      { dbg "Guest must not be allowed to set table view port. Aborting. This line is never executed" 0; exit }
+		default      { dbg "Default must not be allowed to set table view port. Aborting. This line is never executed." 0; exit }
+	}
+	# get all allowed columns and rows
+	set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY $sort_col]
 	set err [catch {
 			db eval $eval_str v {
 				if { $show_header } {
@@ -186,7 +195,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 	if { $err } {
 		dbg "we should never be here if $sortCol exist in the table" 1
 		dbg $errStat 1
-
+		htmlErrorMsg $errStat
 	}
 	puts  "</table>"
 	puts  {</div>}