Skip to main content

Overview

The GradeController allows teachers to view their courses, access enrolled students, and assign/update grades. All operations are restricted to teachers and include course ownership verification. File Location: app/controllers/GradeController.php Dependencies:
  • Grade model
  • Course model
  • Auth helper

Methods

myCourses()

Displays all courses assigned to the logged-in teacher. Authorization: Teacher only Behavior:
  • Retrieves courses belonging to the authenticated teacher
  • Renders teacher’s course listing view
Code Example: 
// Teacher: My Courses
public function myCourses()
{
    Auth::teacher();

    $teacher_id = $_SESSION['user']['id'];
    $courses = $this->courseModel->getByTeacher($teacher_id);

    require __DIR__ . '/../views/grades/my_courses.php';
}
View Location: app/views/grades/my_courses.php

students()

Displays all students enrolled in a specific course with their grades. Authorization: Teacher only (must own the course)
course_id
integer
required
Course ID (passed as route parameter)
Security:
  • Verifies that the course belongs to the authenticated teacher
  • Redirects to /grades if unauthorized
Behavior:
  1. Validates teacher owns the course
  2. Retrieves enrolled students and their grades
  3. Renders student listing view
Code Example: 
// Teacher: Students in Course
public function students($course_id)
{
    Auth::teacher();

    $teacher_id = $_SESSION['user']['id'];

    // 🔒 Ensure course belongs to teacher
    if (!$this->courseModel->belongsToTeacher($course_id, $teacher_id)) {
        header("Location: /school_management/public/grades");
        exit;
    }

    $students = $this->gradeModel->getStudentsByCourse($course_id);

    require __DIR__ . '/../views/grades/students.php';
}
View Location: app/views/grades/students.php Response:
  • Authorized: Renders student list with grades
  • Unauthorized: Redirects to /grades

save()

Saves or updates a student’s grade for a course. Authorization: Teacher only (must own the course)
student_id
integer
required
Student ID (POST request)
course_id
integer
required
Course ID (POST request)
grade
float
required
Grade value (POST request)
Security:
  • Verifies teacher owns the course before saving grade
  • Prevents teachers from grading other teachers’ courses
Behavior:
  1. Validates teacher authorization
  2. Verifies course ownership
  3. Saves/updates grade
  4. Redirects back to course student list
Code Example: 
// Teacher: Save Grade
public function save()
{
    Auth::teacher();

    $teacher_id = $_SESSION['user']['id'];
    $course_id = $_POST['course_id'];

    // 🔒 Ensure course belongs to teacher
    if (!$this->courseModel->belongsToTeacher($course_id, $teacher_id)) {
        header("Location: /school_management/public/grades");
        exit;
    }

    $this->gradeModel->save(
        $_POST['student_id'],
        $course_id,
        $_POST['grade']
    );

    header("Location: /school_management/public/grades/course?course_id=" . $course_id);
    exit;
}
Response: Redirects to /grades/course?course_id={course_id}

Usage Examples

Viewing Teacher’s Courses

// GET /grades
// Session must contain:
$_SESSION['user'] = [
    'id' => 3,
    'role' => 'teacher'
];

Viewing Students in a Course

// GET /grades/course?course_id=12
// Teacher must own course with ID 12

Saving a Grade

// POST /grades/save
$_POST = [
    'student_id' => 25,
    'course_id' => 12,
    'grade' => 15.5
];

Security Features

Course Ownership Verification

Before displaying students or saving grades, the controller verifies ownership: 
if (!$this->courseModel->belongsToTeacher($course_id, $teacher_id)) {
    header("Location: /school_management/public/grades");
    exit;
}
This prevents teachers from:
  • Viewing students in other teachers’ courses
  • Grading students in courses they don’t teach

Authorization Flow

  1. Auth::teacher() - Ensures user is logged in as teacher
  2. belongsToTeacher() - Verifies course ownership
  3. Action execution - Only proceeds if both checks pass

Build docs developers (and LLMs) love

Get started for freeTalk to us