Limit the access for session admins - refs BT#9325

10 years ago · 163f282040
parent 56fbda7415
commit 163f282040
10 changed files with 24 additions and 0 deletions
--- a/main/admin/session_add.php
+++ b/main/admin/session_add.php
@ -26,6 +26,8 @@ $this_section=SECTION_PLATFORM_ADMIN;

 api_protect_admin_script(true);

+api_protect_limit_for_session_admin();
+
 $formSent=0;
 $errorMsg='';

--- a/main/admin/session_category_list.php
+++ b/main/admin/session_category_list.php
@ -14,6 +14,7 @@ $cidReset = true;
 require_once '../inc/global.inc.php';

 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 // setting the section (for the tabs)
 $this_section = SECTION_PLATFORM_ADMIN;
--- a/main/admin/session_export.php
+++ b/main/admin/session_export.php
@ -13,6 +13,7 @@ include '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();
 include api_get_path(LIBRARY_PATH).'fileManage.lib.php';

 $session_id = intval($_GET['session_id']);
--- a/main/admin/session_import.php
+++ b/main/admin/session_import.php
@ -12,6 +12,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
--- a/main/admin/session_import_drh.php
+++ b/main/admin/session_import_drh.php
@ -12,6 +12,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';

--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@ -19,6 +19,7 @@ $this_section = SECTION_PLATFORM_ADMIN;

 // User permissions
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 $is_platform_admin = api_is_platform_admin() ? 1 : 0;

--- a/main/admin/user_import.php
+++ b/main/admin/user_import.php
@ -343,6 +343,7 @@ function parse_xml_data($file)

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true, null, 'login');
+api_protect_limit_for_session_admin();

 $defined_auth_sources[] = PLATFORM_AUTH_SOURCE;

--- a/main/admin/usergroups.php
+++ b/main/admin/usergroups.php
@ -13,6 +13,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 //Add the JS needed to use the jqgrid
 $htmlHeadXtra[] = api_get_jqgrid_js();
--- a/main/coursecopy/copy_course_session.php
+++ b/main/coursecopy/copy_course_session.php
@ -17,6 +17,7 @@ require_once '../inc/global.inc.php';
 $current_course_tool  = TOOL_COURSE_MAINTENANCE;

 api_protect_global_admin_script();
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require_once api_get_path(LIBRARY_PATH).'xajax/xajax.inc.php';
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -7517,3 +7517,17 @@ function api_site_use_cookie_warning_cookie_exist()
 {
    return isset($_COOKIE['ChamiloUsesCookies']);
 }
+
+/**
+ * Limit the access to Session Admins wheen the limit_session_admin_role
+ * configuration variable is set to true
+ */
+function api_protect_limit_for_session_admin()
+{
+    if (
+        api_is_session_admin() &&
+        api_get_configuration_value('limit_session_admin_role')
+    ) {
+        api_not_allowed(true);
+    }
+}