sakaiproject · st-manu · Nov 20, 2025 · Nov 20, 2025 · Nov 21, 2025
diff --git a/sections/sections-app/src/java/org/sakaiproject/tool/section/filter/RoleFilter.java b/sections/sections-app/src/java/org/sakaiproject/tool/section/filter/RoleFilter.java
@@ -21,6 +21,7 @@
 package org.sakaiproject.tool.section.filter;
 
 import java.io.IOException;
+import java.util.Calendar;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -31,14 +32,14 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.context.ApplicationContext;
-import org.springframework.web.context.WebApplicationContext;
-
-import org.sakaiproject.component.cover.ServerConfigurationService;
+import org.sakaiproject.section.api.SectionManager;
 import org.sakaiproject.section.api.facade.manager.Authn;
 import org.sakaiproject.section.api.facade.manager.Authz;
 import org.sakaiproject.section.api.facade.manager.Context;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.WebApplicationContext;
+
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * An authorization filter to keep users out of pages they are not authorized
@@ -77,7 +78,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse response, Fi
 		String servletPath = request.getServletPath();
 		if (log.isDebugEnabled()) log.debug("Filtering request for servletPath=" + servletPath);
 		servletPath = servletPath.replaceFirst("^/", "");
-		if (servletPath.indexOf("/") >= 0) {
+		if (servletPath.contains("/")) {
 			// Only protect the top-level folder, to allow for login through
 			// a subdirectory, shared resource files, and so on.
 			chain.doFilter(request, response);
@@ -117,7 +118,19 @@ public void doFilter(ServletRequest servletRequest, ServletResponse response, Fi
 				isAuthorized = true;
 			} else if (authz.isViewOwnSectionsAllowed(userUid, siteContext)
 					&& authzFilterConfigBean.getViewOwnSections().contains(pageName)) {
-				isAuthorized = true;
+				// Check if sections are closed for students accessing studentView
+				if (pageName.equals("studentView")) {
+					SectionManager sm = (SectionManager)ac.getBean("org.sakaiproject.section.api.SectionManager");
+					Calendar open = sm.getOpenDate(siteContext);
+					Calendar now = Calendar.getInstance();
+					if (now.before(open)) {
+						isAuthorized = false;
+					} else {
+						isAuthorized = true;
+					}
+				} else {
+					isAuthorized = true;
+				}
 			} else if (pageName.contains("closed")) {
 				isAuthorized = true;
 			}