chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed bug when student can post in a forum from a group see BT#3549

Browse Source
skala
Julio Montoya 13 years ago
parent e3baa0df50
commit 03615ff146
2 changed files with 8 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/forum/reply.php
  2. 11
      main/forum/viewforum.php

4
main/forum/reply.php
Unescape View File

@ -76,10 +76,10 @@ $current_forum_category = get_forumcategory_information(Security::remove_XSS($cu
// The only exception is the course manager
// I have split this is several pieces for clarity.
//if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0) OR ($current_forum_category['locked'] <> 0 OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0))) {
if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0))) {
if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
api_not_allowed();
}
if (!api_is_allowed_to_edit(false, true) AND ($current_forum_category['locked'] <> 0 OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
if (!api_is_allowed_to_edit(false, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
api_not_allowed();
}
if (!$_user['user_id'] AND $current_forum['allow_anonymous'] == 0) {

11
main/forum/viewforum.php
Unescape View File

@ -66,6 +66,7 @@ $userinf = api_get_user_info($userid);
$group_id = api_get_group_id();
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$current_forum = get_forum_information($my_forum); // Note: This has to be validated that it is an existing forum.
@ -76,15 +77,15 @@ if (empty($current_forum)) {
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
if ($group_id) {
if (!empty($group_id)) {
//Group info & group category info
$group_properties = GroupManager::get_group_properties($group_id);
//$group_cat_info = GroupManager::get_category(GroupManager::get_category_from_group($group_id));
//User has access in the group?
$user_has_access_in_group = GroupManager::user_has_access($userid, $group_id, GROUP_TOOL_FORUM);
//User is a tutor in the group? the function GroupManager::user_has_access already contains the is_tutor_of_group()
//$is_tutor_group = GroupManager::is_tutor_of_group($userid, $group_id);
//
@ -96,14 +97,14 @@ if ($group_id) {
//Course
if (!api_is_allowed_to_edit(false, true) AND //is a student
($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0 OR !$user_has_access_in_group)
(($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0 OR !$user_has_access_in_group)
) {
api_not_allowed();
}
} else {
//Course
if (!api_is_allowed_to_edit(false, true) AND //is a student
($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0) //forum category or forum visibility is false
(($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0) //forum category or forum visibility is false
) {
api_not_allowed();
}

Write Preview
Loading…
Cancel
Save