Add warning when view open test of user and can submit answers.

Viewing an open gateway test while acting as a student with the
permission to submit answers for that student is dangerous since
the user's answers will be saved over the student's answers.

In this case, give a warning to the user about the danger and
suggest they disable the permission to submit answers as students
before viewing the open test version, unless they plan to submit
answers for that student.

The warning will only appear when they first view the test
version unless they back out of the test version loosing the
hidden `submit_for_student_ok` parameter.

Author: somiaj

lib/WeBWorK/ContentGenerator/GatewayQuiz.pm

@@ -545,7 +545,7 @@ async sub pre_header_initialize ($c) {
 							$authz->hasPermissions($userID, 'record_answers_when_acting_as_student')
 							|| $authz->hasPermissions($userID, 'create_new_set_version_when_acting_as_student')
 						)
-						&& $c->param('createnew_ok')
+						&& $c->param('submit_for_student_ok')
 					)
 				)
 				)
@@ -618,15 +618,16 @@ async sub pre_header_initialize ($c) {
 						. 'the "Create New Test Version" button below.  Alternatively, click "Cancel".',
 					$effectiveUserID
 				);
-				$c->{invalidVersionCreation} = 1;
+				$c->{invalidVersionCreation}  = 1;
+				$c->{confirmSubmitForStudent} = 1;
 
 			} elsif ($effectiveUserID ne $userID) {
 				$c->{invalidSet} = $c->maketext(
 					'You are acting as user [_1], and do not have the permission to create a new test version '
 						. 'when acting as another user.',
 					$effectiveUserID
 				);
-				$c->{invalidVersionCreation} = 2;
+				$c->{invalidVersionCreation} = 1;
 
 			} elsif (($maxAttemptsPerVersion == 0 || $currentNumAttempts < $maxAttemptsPerVersion)
 				&& $c->submitTime < $set->due_date() + $ce->{gatewayGracePeriod})
@@ -659,6 +660,23 @@ async sub pre_header_initialize ($c) {
 			{
 				if (between($set->open_date(), $set->due_date() + $ce->{gatewayGracePeriod}, $c->submitTime)) {
 					$versionIsOpen = 1;
+
+					# If acting as another user, then the user has permissions to record answers for the
+					# student which is dangerous for open test versions. Give a warning unless the user
+					# has already confirmed they understand the risk.
+					if ($effectiveUserID ne $userID && !$c->param('submit_for_student_ok')) {
+						$c->{invalidSet} = $c->maketext(
+							'You are trying to view an open test version for [_1] and have the permission to submit '
+								. 'answers for that user.  This is dangerous, as your answers can overwrite the '
+								. q/student's answers as you move between test pages, preview, or check answers.  /
+								. 'If you are planing to submit answers for this student, click "View Test Version" '
+								. 'below to continue.  If you only want to view the test version, click "Cancel" '
+								. 'below, then disable the permission to record answers when acting as a student '
+								. 'before viewing open test versions.',
+							$effectiveUserID
+						);
+						$c->{confirmSubmitForStudent} = 1;
+					}
 				}
 			}
 		}

templates/ContentGenerator/GatewayQuiz.html.ep

@@ -68,30 +68,33 @@
 % # If the set or problem is invalid, then show that information and exit.
 % if ($c->{invalidSet}) {
 	<div class="alert alert-danger mb-2">
-		<div class="mb-2">
-			% if ($c->{invalidVersionCreation}) {
-				<%= maketext(
-					'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).',
-					$setID, $effectiveUserID, $userID
-				) =%>
-			% } else {
-				<%= maketext(
-					'The selected test ([_1]) is not a valid test for [_2].',
-					$setID, $effectiveUserID
-				) =%>
-			% }
-		</div>
+		% if (!$c->{confirmSubmitForStudent} || $c->{invalidVersionCreation}) {
+			<div class="mb-2">
+				% if ($c->{invalidVersionCreation}) {
+					<%= maketext(
+						'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).',
+						$setID, $effectiveUserID, $userID
+					) =%>
+				% } else {
+					<%= maketext(
+						'The selected test ([_1]) is not a valid test for [_2].',
+						$setID, $effectiveUserID
+					) =%>
+				% }
+			</div>
+		% }
 		<div><%= $c->{invalidSet} %></div>
-		% if ($c->{invalidVersionCreation} && $c->{invalidVersionCreation} == 1) {
+		% if ($c->{confirmSubmitForStudent}) {
 			<div class="mt-3">
-				<%= link_to maketext('Create New Test Version') => $c->systemLink(
+				<%= link_to $c->{invalidVersionCreation}
+					? maketext('Create New Test Version') : maketext('View Test Version') => $c->systemLink(
 						url_for,
-						params => { effectiveUser => $effectiveUserID, user => $userID, createnew_ok => 1 }
+						params => { effectiveUser => $effectiveUserID, user => $userID, submit_for_student_ok => 1 }
 					),
 					class => 'btn btn-primary'
 				=%>
 				<%= link_to maketext('Cancel') => $c->systemLink(
-						url_for('problem_list', setID => $setID),
+						url_for('problem_list', setID => $setID =~ s/,v\d+$//r),
 						params => { effectiveUser => $effectiveUserID, user => $userID }
 					),
 					class => 'btn btn-primary'
@@ -410,6 +413,10 @@
 			<%= hidden_field newPage => '' =%>
 			<%= hidden_field currentPage => $pageNumber =%>
 		% }
+		% # Keep track that a user has confirmed it is okay to submit for a student.
+		% if (param('submit_for_student_ok')) {
+			<%= hidden_field submit_for_student_ok => 1 =%>
+		% }
 		%
 		% # Set up links between problems and, for multi-page tests, pages.
 		% for my $i (0 .. $#$pg_results) {