[svn r14848] new status : sessions admin (FS#2239)

18 years ago · 0a27f29206
parent 8f57602e0d
commit 0a27f29206
21 changed files with 171 additions and 69 deletions
--- a/main/admin/add_courses_to_session.php
+++ b/main/admin/add_courses_to_session.php
@ -45,7 +45,7 @@ $xajax -> registerFunction ('search_courses');
 $this_section = SECTION_PLATFORM_ADMIN;

 // Access restrictions
-api_protect_admin_script();
+api_protect_admin_script(true);

 // setting breadcrumbs
 $interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
@ -63,6 +63,16 @@ $tool_name= get_lang('SubscribeCoursesToSession');

 $id_session=intval($_GET['id_session']);

+if(!api_is_platform_admin())
+{
+	$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
+	$rs = api_sql_query($sql,__FILE__,__LINE__);
+	if(mysql_result($rs,0,0)!=$_user['user_id'])
+	{
+		api_not_allowed(true);
+	}
+}
+


 function search_courses($needle)
--- a/main/admin/add_users_to_session.php
+++ b/main/admin/add_users_to_session.php
@ -45,7 +45,7 @@ $xajax -> registerFunction ('search_users');
 $this_section = SECTION_PLATFORM_ADMIN;

 // Access restrictions
-api_protect_admin_script();
+api_protect_admin_script(true);

 // setting breadcrumbs
 $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
@ -67,6 +67,16 @@ $tool_name=get_lang('SubscribeUsersToSession');

 $id_session=intval($_GET['id_session']);

+if(!api_is_platform_admin())
+{
+	$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
+	$rs = api_sql_query($sql,__FILE__,__LINE__);
+	if(mysql_result($rs,0,0)!=$_user['user_id'])
+	{
+		api_not_allowed(true);
+	}
+}
+

 function search_users($needle)
 {
--- a/main/admin/index.php
+++ b/main/admin/index.php
@ -1,4 +1,4 @@
-<?php // $Id: index.php 14790 2008-04-08 20:31:45Z yannoo $
+<?php // $Id: index.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -42,7 +42,7 @@ require_once(api_get_path(LIBRARY_PATH).'security.lib.php');
 $this_section=SECTION_PLATFORM_ADMIN;

 // Access restrictions
-api_protect_admin_script();
+api_protect_admin_script(true);
 $nameTools = get_lang('PlatformAdmin');

 // setting breadcrumbs
@ -55,6 +55,7 @@ $tool_name=get_lang("PlatformAdmin");
 Display::display_header($nameTools);


+if(api_is_platform_admin()):
 if(is_dir(api_get_path(SYS_CODE_PATH).'install/') && is_readable(api_get_path(SYS_CODE_PATH).'install/index.php'))
 {
 	Display::display_normal_message(get_lang('InstallDirAccessibleSecurityThreat'));
@ -76,7 +77,6 @@ if ($_POST['Register'])
 ==============================================================================
 */
 $keyword_url = Security::remove_XSS($_GET['keyword']);
-
 ?>

 <div class="admin_section">
@ -150,6 +150,8 @@ $keyword_url = Security::remove_XSS($_GET['keyword']);


 <?php
+endif;
+
 if(api_get_setting('use_session_mode')=='true')
 {
 ?>
@ -174,7 +176,7 @@ if(api_get_setting('use_session_mode')=='true')

 <?php
 }
-else
+else if(api_is_platform_admin())
 {
 ?>

@ -195,6 +197,7 @@ else
 </div>
 <?php
 }
+if(api_is_platform_admin()):
 ?>


@ -222,6 +225,9 @@ else


 <?php
+
+endif;
+
 /**
 * Displays either the text for the registration or the message that the installation is (not) up to date
 *
--- a/main/admin/resume_session.php
+++ b/main/admin/resume_session.php
@ -42,7 +42,7 @@ require ('../inc/global.inc.php');
 // setting the section (for the tabs)
 $this_section=SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+api_protect_admin_script(true);
 $tool_name = get_lang('SessionOverview');
 $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList'));
@ -60,6 +60,20 @@ $tbl_class_rel_user					= Database::get_main_table(TABLE_MAIN_CLASS_USER);

 $id_session = $_GET['id_session'];

+$sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username, session_admin_id
+		FROM '.$tbl_session.'
+		LEFT JOIN '.$tbl_user.'
+			ON id_coach = user_id
+		WHERE '.$tbl_session.'.id='.$id_session;
+
+$rs = api_sql_query($sql, __FILE__, __LINE__);
+$session = api_store_result($rs);
+$session = $session[0];
+
+if(!api_is_platform_admin() && $session['session_admin_id']!=$_user['user_id'])
+{
+	api_not_allowed(true);
+}


 if($_GET['action'] == 'delete')
@ -98,15 +112,7 @@ if($_GET['action'] == 'delete')
 	}
 }

-$sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username
-		FROM '.$tbl_session.'
-		LEFT JOIN '.$tbl_user.'
-			ON id_coach = user_id
-		WHERE '.$tbl_session.'.id='.$id_session;

-$rs = api_sql_query($sql, __FILE__, __LINE__);
-$session = api_store_result($rs);
-$session = $session[0];



@ -192,7 +198,7 @@ else {
 			<td>'.$coach.'</td>
 			<td>'.$course['nbr_users'].'</td>
 			<td>
-				<a href="../tracking/courseLog.php?cidReq='.$course['code'].'"><img src="../img/statistics.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Tracking').'" alt="'.get_lang('Tracking').'"/></a>&nbsp;
+				<a href="../tracking/courseLog.php?id_session='.$id_session.'&cidReq='.$course['code'].'"><img src="../img/statistics.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Tracking').'" alt="'.get_lang('Tracking').'"/></a>&nbsp;
 				<a href="session_course_edit.php?id_session='.$id_session.'&page=resume_session.php&course_code='.$course['code'].'"><img src="../img/edit.gif" border="0" align="absmiddle" title="'.get_lang('Edit').'"></a>
 				<a href="'.api_get_self().'?id_session='.$id_session.'&action=delete&idChecked[]='.$course['code'].'" onclick="javascript:if(!confirm(\''.get_lang('ConfirmYourChoice').'\')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" title="'.get_lang('Delete').'"></a>
 			</td>
--- a/main/admin/session_add.php
+++ b/main/admin/session_add.php
@ -14,7 +14,7 @@ $xajax -> registerFunction ('search_coachs');
 // setting the section (for the tabs)
 $this_section=SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+api_protect_admin_script(true);

 $formSent=0;
 $errorMsg='';
@ -106,7 +106,7 @@ if($_POST['formSent'])
 			$errorMsg = get_lang('SessionNameSoonExists');
 		}
 		else {
-			api_sql_query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach) VALUES('".addslashes($name)."','$date_start','$date_end','$id_coach')",__FILE__,__LINE__);
+			api_sql_query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id) VALUES('".addslashes($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).")",__FILE__,__LINE__);
 			$id_session=mysql_insert_id();

 			header('Location: add_courses_to_session.php?id_session='.$id_session.'&add=true');
--- a/main/admin/session_edit.php
+++ b/main/admin/session_edit.php
@ -9,7 +9,7 @@ include('../inc/global.inc.php');
 // setting the section (for the tabs)
 $this_section=SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+api_protect_admin_script(true);

 $id=intval($_GET['id']);

@ -25,6 +25,22 @@ $tool_name = get_lang('EditSession');
 $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList'));

+$result=api_sql_query("SELECT name,date_start,date_end,id_coach, session_admin_id FROM $tbl_session WHERE id='$id'",__FILE__,__LINE__);
+
+if(!$infos=mysql_fetch_array($result))
+{
+	header('Location: session_list.php');
+	exit();
+}
+
+list($year_start,$month_start,$day_start)=explode('-',$infos['date_start']);
+list($year_end,$month_end,$day_end)=explode('-',$infos['date_end']);
+
+if(!api_is_platform_admin() && $infos['session_admin_id']!=$_user['user_id'])
+{
+	api_not_allowed(true);
+}
+
 if($_POST['formSent'])
 {
 	$formSent=1;
@ -75,19 +91,6 @@ if($_POST['formSent'])
 		}
 	}
 }
-else
-{
-	$result=api_sql_query("SELECT name,date_start,date_end,id_coach FROM $tbl_session WHERE id='$id'",__FILE__,__LINE__);
-
-	if(!$infos=mysql_fetch_array($result))
-	{
-		header('Location: session_list.php');
-		exit();
-	}
-
-	list($year_start,$month_start,$day_start)=explode('-',$infos['date_start']);
-	list($year_end,$month_end,$day_end)=explode('-',$infos['date_end']);
-}

 $sql="SELECT user_id,lastname,firstname,username FROM $tbl_user WHERE status='1' ORDER BY lastname,firstname,username";

--- a/main/admin/session_export.php
+++ b/main/admin/session_export.php
@ -36,7 +36,7 @@ include('../inc/global.inc.php');
 // setting the section (for the tabs)
 $this_section=SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+api_protect_admin_script(true);
 include(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');

 $session_id=$_GET['session_id'];
--- a/main/admin/session_import.php
+++ b/main/admin/session_import.php
@ -36,7 +36,7 @@ if(empty($charset))
 {
 	$charset = 'ISO-8859-15';
 }
-api_protect_admin_script();
+api_protect_admin_script(true);

 include(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');
 include (api_get_path(LIBRARY_PATH)."/add_course.conf.php");
@ -325,7 +325,8 @@ if($_POST['formSent'])
 									name = '".Database::escape_string($SessionName)."',
 									id_coach = '$CoachId',
 									date_start = '$DateStart',
-									date_end = '$DateEnd'";
+									date_end = '$DateEnd',
+									session_admin_id=".intval($_user['user_id']);
 					$rsSession = api_sql_query($sqlSession, __FILE__, __LINE__);
 					$session_id = mysql_insert_id();
 					
--- a/main/admin/session_list.php
+++ b/main/admin/session_list.php
@ -5,7 +5,7 @@ $cidReset=true;

 include('../inc/global.inc.php');

-api_protect_admin_script();
+api_protect_admin_script(true);

 $tbl_session=Database::get_main_table(TABLE_MAIN_SESSION);
 $tbl_session_rel_course=Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
@ -28,6 +28,16 @@ if($action == 'delete')
 	{
 		$idChecked=intval($idChecked);
 	}
+	
+	if(!api_is_platform_admin())
+	{
+		$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$idChecked;
+		$rs = api_sql_query($sql,__FILE__,__LINE__);
+		if(mysql_result($rs,0,0)!=$_user['user_id'])
+		{
+			api_not_allowed(true);
+		}
+	}

 	api_sql_query("DELETE FROM $tbl_session WHERE id IN($idChecked)",__FILE__,__LINE__);

@ -44,7 +54,20 @@ if($action == 'delete')
 $limit=20;
 $from=$page * $limit;

-$result=api_sql_query("SELECT id,name,nbr_courses,date_start,date_end FROM $tbl_session ".(empty($_POST['keyword']) ? "" : "WHERE name LIKE '%".addslashes($_POST['keyword'])."%'")." ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__);
+//if user is crfp admin only list its sessions
+if(!api_is_platform_admin())
+{
+	$where = 'WHERE session_admin_id='.intval($_user['user_id']);
+	$where .= (empty($_POST['keyword']) ? " " : " AND name LIKE '%".addslashes($_POST['keyword'])."%'");
+}
+else
+	$where .= (empty($_POST['keyword']) ? " " : " WHERE name LIKE '%".addslashes($_POST['keyword'])."%'");
+
+$result=api_sql_query("SELECT id,name,nbr_courses,date_start,date_end 
+						FROM $tbl_session 
+						 $where
+						ORDER BY $sort 
+						LIMIT $from,".($limit+1),__FILE__,__LINE__);

 $Sessions=api_store_result($result);

--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@ -1,4 +1,4 @@
-<?php // $Id: user_add.php 14804 2008-04-09 14:00:16Z elixir_inter $
+<?php // $Id: user_add.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -144,7 +144,7 @@ $status = array();
 $status[COURSEMANAGER]  = get_lang('Teacher');
 $status[STUDENT] = get_lang('Learner');
 $status[DRH] = get_lang('Drh');
-//$status[ADMINCRFP] = get_lang('AdminCrfp');
+$status[SESSIONADMIN] = get_lang('SessionsAdmin');

 $form->addElement('select','status',get_lang('Status'),$status,'id="status_select" onchange="display_drh_list()"');

--- a/main/admin/user_list.php
+++ b/main/admin/user_list.php
@ -1,4 +1,4 @@
-<?php // $Id: user_list.php 14750 2008-04-03 14:45:13Z yannoo $
+<?php // $Id: user_list.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -375,12 +375,12 @@ function modify_filter($user_id,$url_params,$row)
 	$result .= '<a href="user_information.php?user_id='.$user_id.'"><img src="../img/synthese_view.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Info').'" alt="'.get_lang('Info').'"/></a>&nbsp;';
 	$result .= '<a href="user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.$_SESSION['sec_token'].'"><img src="../img/login_as.gif" border="0" style="vertical-align: middle;" alt="'.get_lang('LoginAs').'" title="'.get_lang('LoginAs').'"/></a>&nbsp;';

-	$statusname = array(1=>get_lang('Teacher'),4=>get_lang('Drh'),5=>get_lang('Student'),6=>get_lang('Anonymous'));
-	if ($row['6'] == $statusname[1])
+	$statusname = api_get_status_langvars();
+	if ($row['6'] != $statusname[STUDENT])
 	{
 		$result .= '<div style="display:inline;margin-left:25px"></div>';
 	}
-	if ($row['6'] == $statusname[5])
+	else
 	{
 		$result .= '<a href="../mySpace/myStudents.php?student='.$user_id.'"><img src="../img/statistics.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Reporting').'" alt="'.get_lang('Reporting').'"/></a>&nbsp;';
 	}
@ -466,7 +466,7 @@ function lock_unlock_user($status,$user_id)
 */
 function status_filter($status)
 {
-	$statusname = array(1=>get_lang('Teacher'),4=>get_lang('Drh'),5=>get_lang('Student'),6=>get_lang('Anonymous'));
+	$statusname = api_get_status_langvars();
 	return $statusname[$status];
 }

--- a/main/course_info/download.php
+++ b/main/course_info/download.php
@ -1,4 +1,4 @@
-<?php // $Id: download.php 14289 2008-02-13 17:57:11Z yannoo $
+<?php // $Id: download.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -43,7 +43,7 @@ if(empty($extension) || !file_exists($archivePath.$archiveFile))

 $content_type='';

-if(in_array($extension,array('xml','csv')) && $is_platformAdmin)
+if(in_array($extension,array('xml','csv')) && api_is_platform_admin(true))
 {
 	$content_type='application/force-download';
 }
--- a/main/inc/banner.inc.php
+++ b/main/inc/banner.inc.php
@ -284,7 +284,7 @@ if ($_user['user_id'] && !api_is_anonymous())
 	}
 	
 	
-	if(api_is_platform_admin())
+	if(api_is_platform_admin(true))
 	{
 		if (api_get_setting('show_tabs', 'platform_administration') == 'true')
 		{
@ -540,7 +540,7 @@ function get_tabs()
 	}

 	// Platform administration
-	if (api_is_platform_admin())
+	if (api_is_platform_admin(true))
 	{
 		$navigation['platform_admin']['url'] = $rootAdminWeb;
 		$navigation['platform_admin']['title'] = get_lang('PlatformAdmin');
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -49,15 +49,18 @@ define('STUDENT', 5);
 /** global status of a user: course manager */
 define('COURSEMANAGER', 1);
 /** global status of a user: session admin */
-define('ADMINCRFP', 3);
+define('SESSIONADMIN', 3);
 /** global status of a user: human ressource manager */
 define('DRH', 4);
+/** global status of a user: human ressource manager */
+define('ANONYMOUS', 6);

 // table of status
 $_status_list[STUDENT] = 'user';
 $_status_list[COURSEMANAGER] = 'teacher';
-$_status_list[ADMINCRFP] = 'admincrfp';
+$_status_list[SESSIONADMIN] = 'session_admin';
 $_status_list[DRH] = 'drh';
+$_status_list[ANONYMOUS] = 'anonymous';


 //COURSE VISIBILITY CONSTANTS
@ -184,9 +187,9 @@ function api_protect_course_script($print_headers=false)
 *
 * @author Roan Embrechts
 */
-function api_protect_admin_script()
+function api_protect_admin_script($allow_sessions_admins=false)
 {
-	if (!api_is_platform_admin())
+	if (!api_is_platform_admin($allow_sessions_admins))
 	{
 		include (api_get_path(INCLUDE_PATH)."header.inc.php");
 		api_not_allowed();
@ -1205,9 +1208,17 @@ function api_get_interface_language()
 * @return boolean True if the user has platform admin rights,
 * false otherwise.
 */
-function api_is_platform_admin()
+function api_is_platform_admin($allow_sessions_admins = false)
 {
-	return $_SESSION["is_platformAdmin"];
+	if($_SESSION['is_platformAdmin'])
+		return true;
+	else
+	{
+		global $_user;
+		if($allow_sessions_admins && $_user['status']==SESSIONADMIN)
+			return true;
+	}
+	return false;
 }
 /**
 * Check if current user is allowed to create courses
@ -2220,4 +2231,19 @@ function api_status_key($status)
 		return array_search($status,$_status_list);
 	}
 }
+
+/**
+ * get the status langvars list
+ * @return array the list of status with their translations
+ */
+function api_get_status_langvars()
+{
+	return array(
+				COURSEMANAGER=>get_lang('Teacher'),
+				SESSIONADMIN=>get_lang('SessionsAdmin'),
+				DRH=>get_lang('Drh'),
+				STUDENT=>get_lang('Student'),
+				ANONYMOUS=>get_lang('Anonymous')
+				);
+}
 ?>
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -1,4 +1,4 @@
-<?php // $Id: usermanager.lib.php 14841 2008-04-11 07:52:45Z yannoo $
+<?php // $Id: usermanager.lib.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -1198,6 +1198,6 @@ class UserManager
 		//print_r($personal_course_list);
 	
 		return $personal_course_list;
-	}	
+	}
 }
 ?>
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -772,29 +772,39 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) // sessi
 	        }
 	        if (!$is_courseAdmin) // this user has no status related to this course
 		        {
-		    	// is it the session coach ?
+		    	// is it the session coach or the session admin ?
 		    	
 		    	$tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION);
 		    	$tbl_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		    	$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
 		    	
-		        $sql = "SELECT 1
-						FROM ".$tbl_session."
+		        $sql = "SELECT session.id_coach, session_admin_id
+						FROM ".$tbl_session." as session
 						INNER JOIN ".$tbl_session_course."
 							ON session_rel_course.id_session = session.id
-							AND session_rel_course.course_code='$_cid'
-						WHERE session.id_coach = '".$_user['user_id']."'";
-	
+							AND session_rel_course.course_code='$_cid'";
+
 		        $result = api_sql_query($sql,__FILE__,__LINE__);
-		        if($row = mysql_fetch_array($result)){
+		        $row = api_store_result($result);
+		        
+		        if($row[0]['id_coach']==$_user['user_id']){
 		        	$_courseUser['role'] = 'Professor';
 		            $is_courseMember     = true;
 		            $is_courseTutor      = true;
 		            $is_courseAdmin      = false;
 		            $is_courseCoach      = true;
+		            $is_sessionAdmin     = false;
 	
 		            api_session_register('_courseUser');
 		        }
+		        else if($row[0]['session_admin_id']==$_user['user_id']){
+		        	$_courseUser['role'] = 'Professor';
+		            $is_courseMember     = false;
+		            $is_courseTutor      = false;
+		            $is_courseAdmin      = false;
+		            $is_courseCoach      = false;
+		            $is_sessionAdmin     = true;
+		        }
 	        	else
 	        	{
 		        	// Check if the current user is the course coach
@ -809,6 +819,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) // sessi
 			            $is_courseMember     = true;
 			            $is_courseTutor      = true;
 			            $is_courseCoach      = true;
+			            $is_sessionAdmin     = false;
 			            
 			            $tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
 			            
@ -839,6 +850,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) // sessi
 					            $is_courseMember     = true;
 					            $is_courseTutor      = false;
 					            $is_courseAdmin      = false;
+					            $is_sessionAdmin     = false;
 	
 					            api_session_register('_courseUser');
 				        	}
@ -856,6 +868,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) // sessi
        $is_courseAdmin  = false;
        $is_courseTutor  = false;
        $is_courseCoach  = false;
+        $is_sessionAdmin     = false;

        api_session_unregister('_courseUser');
    }
@ -885,6 +898,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) // sessi
 	api_session_register('is_courseTutor');
 	api_session_register('is_allowed_in_course'); //new permission var
 	api_session_register('is_courseCoach');
+	api_session_register('is_sessionAdmin');
 }
 else // continue with the previous values
 {
--- a/main/install/dokeos_main.sql
+++ b/main/install/dokeos_main.sql
@ -335,10 +335,11 @@ CREATE TABLE session (
  nbr_classes mediumint(8) unsigned NOT NULL default '0',
  date_start date NOT NULL default '0000-00-00',
  date_end date NOT NULL default '0000-00-00',
+  session_admin_id INT UNSIGNED NOT NULL,
  PRIMARY KEY  (id),
+  INDEX (session_admin_id),
  UNIQUE KEY name (name)
 );
-
 -- --------------------------------------------------------

 --
--- a/main/install/migrate-db-1.8.4-1.8.5-pre.sql
+++ b/main/install/migrate-db-1.8.4-1.8.5-pre.sql
@ -76,6 +76,8 @@ INSERT INTO settings_options (variable, value, display_text) VALUES ('allow_cour
 CREATE TABLE user_field (id	INT NOT NULL auto_increment,field_type int NOT NULL DEFAULT 1,field_variable	varchar(64) NOT NULL,field_display_text	varchar(64),field_default_value text,field_order int,field_visible tinyint default 0,field_changeable tinyint default 0,tms	TIMESTAMP,PRIMARY KEY(id));
 CREATE TABLE user_field_options (id	int NOT NULL auto_increment,field_id int	NOT NULL,option_value	text,option_display_text varchar(64),option_order int,tms	TIMESTAMP,PRIMARY KEY (id));
 CREATE TABLE user_field_values(id	int	NOT NULL auto_increment,user_id	int	NOT NULL,field_id int NOT NULL,field_value	text,tms TIMESTAMP,PRIMARY KEY(id));
+ALTER TABLE session ADD session_admin_id INT UNSIGNED NOT NULL ;
+ALTER TABLE session ADD INDEX ( session_admin_id ) ;

 -- xxSTATSxx
 ALTER TABLE track_e_downloads ADD INDEX (down_user_id);
--- a/main/mySpace/lp_tracking.php
+++ b/main/mySpace/lp_tracking.php
@ -30,7 +30,7 @@ $user_infos = UserManager :: get_user_info_by_id($user_id);
 $name = $user_infos['firstname'].' '.$user_infos['lastname'];


-if(!api_is_platform_admin() && !CourseManager :: is_course_teacher($_user['user_id'], $_GET['course']) && !Tracking :: is_allowed_to_coach_student($_user['user_id'],$_GET['student_id']) && $user_infos['hr_dept_id']!==$_user['user_id'])
+if(!api_is_platform_admin(true) && !CourseManager :: is_course_teacher($_user['user_id'], $_GET['course']) && !Tracking :: is_allowed_to_coach_student($_user['user_id'],$_GET['student_id']) && $user_infos['hr_dept_id']!==$_user['user_id'])
 {
 	Display::display_header('');
 	api_not_allowed();
--- a/main/mySpace/myStudents.php
+++ b/main/mySpace/myStudents.php
@ -1,4 +1,4 @@
-<?php //$Id: myStudents.php 14827 2008-04-10 08:22:32Z elixir_inter $
+<?php //$Id: myStudents.php 14848 2008-04-11 13:21:04Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -95,7 +95,7 @@ $csv_content = array();
 
 api_block_anonymous_users();

-if(empty($_SESSION['is_allowedCreateCourse']) && !api_is_coach() && $_user['status']!=DRH){
+if(empty($_SESSION['is_allowedCreateCourse']) && !api_is_coach() && $_user['status']!=DRH && $_user['status']!=SESSIONADMIN){
 	api_not_allowed(true);
 }

@ -949,7 +949,7 @@ if(!empty($_GET['student']))
 			</th>
 		</tr>
 <?php
-		if(!api_is_platform_admin() && $_user['status']!=DRH){
+		if(!api_is_platform_admin(true) && $_user['status']!=DRH){
 			// courses followed by user where we are coach
 			if(!isset($_GET['id_coach'])){
 				$a_courses = Tracking :: get_courses_followed_by_coach($_user['user_id']);
--- a/main/tracking/courseLog.php
+++ b/main/tracking/courseLog.php
@ -47,7 +47,7 @@ $language_file[] = 'scorm';
 include('../inc/global.inc.php');


-$is_allowedToTrack = $is_courseAdmin || $is_platformAdmin || $is_courseCoach;
+$is_allowedToTrack = $is_courseAdmin || $is_platformAdmin || $is_courseCoach || $is_sessionAdmin;

 if(!$is_allowedToTrack)
 {