From 19589a62b65957370ebf9623bfc6babce7a21102 Mon Sep 17 00:00:00 2001 From: Eric Marguin Date: Fri, 5 Sep 2008 17:46:31 +0200 Subject: [PATCH] [svn r16249] improve survey tool handling with sessions FS#2743 --- main/inc/lib/add_course.lib.inc.php | 5 ++++- main/install/migrate-db-1.8.5-1.8.6-pre.sql | 2 ++ main/survey/create_new_survey.php | 4 ++-- main/survey/question.php | 4 ++-- main/survey/reporting.php | 4 ++-- main/survey/survey.lib.php | 19 ++++++++++++------- main/survey/survey.php | 4 ++-- main/survey/survey_invitation.php | 2 +- main/survey/survey_list.php | 6 +++--- 9 files changed, 30 insertions(+), 20 deletions(-) diff --git a/main/inc/lib/add_course.lib.inc.php b/main/inc/lib/add_course.lib.inc.php index 61abccc626..e00ddf380d 100644 --- a/main/inc/lib/add_course.lib.inc.php +++ b/main/inc/lib/add_course.lib.inc.php @@ -1448,11 +1448,14 @@ function update_Db_course($courseDbName) parent_id int unsigned NOT NULL, survey_type int NOT NULL default 0, show_form_profile int NOT NULL default 0, - form_fields TEXT NOT NULL, + form_fields TEXT NOT NULL, + session_id SMALLINT unsigned NOT NULL default 0, PRIMARY KEY (survey_id) )"; $result = api_sql_query($sql,__FILE__,__LINE__) or die(mysql_error($sql)); + $sql = "ALTER TABLE `".$TABLESURVEY."` ADD INDEX ( session_id )"; + api_sql_query($sql,__FILE__,__LINE__); /* if(!api_sql_query($sql)) { diff --git a/main/install/migrate-db-1.8.5-1.8.6-pre.sql b/main/install/migrate-db-1.8.5-1.8.6-pre.sql index 8a64662159..cebde832b8 100644 --- a/main/install/migrate-db-1.8.5-1.8.6-pre.sql +++ b/main/install/migrate-db-1.8.5-1.8.6-pre.sql @@ -64,3 +64,5 @@ ALTER TABLE calendar_event ADD session_id SMALLINT UNSIGNED NOT NULL default 0 ; ALTER TABLE calendar_event ADD INDEX ( session_id ) ; ALTER TABLE group_info ADD session_id SMALLINT UNSIGNED NOT NULL DEFAULT 0; ALTER TABLE group_info ADD INDEX ( session_id ) ; +ALTER TABLE survey ADD session_id SMALLINT UNSIGNED NOT NULL DEFAULT 0; +ALTER TABLE survey ADD INDEX ( session_id ) ; diff --git a/main/survey/create_new_survey.php b/main/survey/create_new_survey.php index 94c0b18a7f..655b3f601f 100644 --- a/main/survey/create_new_survey.php +++ b/main/survey/create_new_survey.php @@ -25,7 +25,7 @@ * @author unknown, the initial survey that did not make it in 1.8 because of bad code * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts (if not all) of the code * @author Julio Montoya Armas , Dokeos: Personality Test modification and rewriting large parts of the code -* @version $Id: create_new_survey.php 16047 2008-08-21 22:52:00Z juliomontoya $ +* @version $Id: create_new_survey.php 16249 2008-09-05 15:46:31Z elixir_inter $ * * @todo only the available platform languages should be used => need an api get_languages and and api_get_available_languages (or a parameter) */ @@ -56,7 +56,7 @@ $table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course_survey_rel = Database :: get_main_table(TABLE_MAIN_COURSE_SURVEY); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit()) +if (!api_is_allowed_to_edit(false,true)) { Display :: display_header(); Display :: display_error_message(get_lang('NotAllowed'), false); diff --git a/main/survey/question.php b/main/survey/question.php index c4f4927685..a24a9e058a 100644 --- a/main/survey/question.php +++ b/main/survey/question.php @@ -23,7 +23,7 @@ * @package dokeos.survey * @author unknown, the initial survey that did not make it in 1.8 because of bad code * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts of the code -* @version $Id: question.php 15880 2008-07-31 19:58:31Z yannoo $ +* @version $Id: question.php 16249 2008-09-05 15:46:31Z elixir_inter $ */ // name of the language file that needs to be included @@ -37,7 +37,7 @@ require ('../inc/global.inc.php'); require_once('survey.lib.php'); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit()) +if (!api_is_allowed_to_edit(false,true)) { Display :: display_header(); Display :: display_error_message(get_lang('NotAllowed'), false); diff --git a/main/survey/reporting.php b/main/survey/reporting.php index d282c2ca41..18c6990e0e 100644 --- a/main/survey/reporting.php +++ b/main/survey/reporting.php @@ -24,7 +24,7 @@ * @package dokeos.survey * @author unknown, the initial survey that did not make it in 1.8 because of bad code * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts of the code -* @version $Id: reporting.php 15556 2008-06-11 20:53:01Z juliomontoya $ +* @version $Id: reporting.php 16249 2008-09-05 15:46:31Z elixir_inter $ * * @todo The question has to be more clearly indicated (same style as when filling the survey) */ @@ -91,7 +91,7 @@ require_once (api_get_path(LIBRARY_PATH)."/course.lib.php"); SurveyUtil::check_parameters(); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit()) +if (!api_is_allowed_to_edit(false,true)) { Display :: display_header(get_lang('Survey')); Display :: display_error_message(get_lang('NotAllowed'), false); diff --git a/main/survey/survey.lib.php b/main/survey/survey.lib.php index 18ce9a8af6..c739288c56 100644 --- a/main/survey/survey.lib.php +++ b/main/survey/survey.lib.php @@ -24,7 +24,7 @@ * @package dokeos.survey * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts (if not all) of the code @author Julio Montoya Armas , Dokeos: Personality Test modification and rewriting large parts of the code -* @version $Id: survey.lib.php 16101 2008-08-28 08:52:29Z elixir_julian $ +* @version $Id: survey.lib.php 16249 2008-09-05 15:46:31Z elixir_inter $ * * @todo move this file to inc/lib * @todo use consistent naming for the functions (save vs store for instance) @@ -221,7 +221,7 @@ class survey_manager } } - $sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date, anonymous".$additional['columns'].") VALUES ( + $sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date, anonymous".$additional['columns'].", session_id) VALUES ( '".Database::escape_string($values['survey_code'])."', '".Database::escape_string($values['survey_title'])."', '".Database::escape_string($values['survey_subtitle'])."', @@ -234,7 +234,8 @@ class survey_manager '".Database::escape_string($values['survey_introduction'])."', '".Database::escape_string($values['survey_thanks'])."', '".date('Y-m-d H:i:s')."', - '".Database::escape_string($values['anonymous'])."'".$additional['values']." + '".Database::escape_string($values['anonymous'])."'".$additional['values'].", + ".intval($_SESSION['id_session'])." )"; $result = api_sql_query($sql, __FILE__, __LINE__); $survey_id = Database::insert_id(); @@ -4229,7 +4230,7 @@ class SurveyUtil { $table->set_header(10, get_lang('Modify'), false,'width="120"'); $table->set_column_filter(9, 'anonymous_filter'); $table->set_column_filter(10, 'modify_filter'); - if (!api_is_course_coach()) + if (api_is_allowed_to_edit(false,true)) $table->set_form_actions(array ('delete' => get_lang('DeleteSurvey'))); $table->display(); } @@ -4248,10 +4249,10 @@ class SurveyUtil { { global $charset; $survey_id = Security::remove_XSS($survey_id); - if (!api_is_course_coach()) + if (!api_is_course_coach(false,true)) $return = ''.Display::return_icon('edit.gif', get_lang('Edit')).''; - if (!api_is_course_coach()) + if (!api_is_course_coach(false,true)) $return .= ''.Display::return_icon('delete.gif', get_lang('Delete')).''; //$return .= ''.Display::return_icon('copy.gif', get_lang('Copy')).''; //$return .= ''.Display::return_icon('add.gif', get_lang('Add')).''; @@ -4259,7 +4260,7 @@ class SurveyUtil { $return .= ''.Display::return_icon('survey_publish.gif', get_lang('Publish')).''; $return .= ''.Display::return_icon('empty.gif', get_lang('EmptySurvey')).''; - if (!api_is_course_coach()) + if (!api_is_course_coach(false,true)) $return .= ''.Display::return_icon('statistics.gif', get_lang('Reporting')).''; return $return; } @@ -4363,6 +4364,9 @@ class SurveyUtil { { $search_restriction = ' AND '.$search_restriction; } + + $session_condition = intval($_SESSION['id_session'])==0 ? '' : ' AND survey.session_id IN(0,'.intval($_SESSION['id_session']).') '; + //IF(is_shared<>0,'V','-') AS col6, $sql = "SELECT survey.survey_id AS col0, @@ -4380,6 +4384,7 @@ class SurveyUtil { LEFT JOIN $table_survey_question survey_question ON survey.survey_id = survey_question.survey_id , $table_user user WHERE survey.author = user.user_id + $session_condition $search_restriction "; $sql .= " GROUP BY survey.survey_id"; diff --git a/main/survey/survey.php b/main/survey/survey.php index 1f1af7f77b..2e1e74f889 100644 --- a/main/survey/survey.php +++ b/main/survey/survey.php @@ -24,7 +24,7 @@ * @package dokeos.survey * @author unknown * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts of the code -* @version $Id: survey.php 15880 2008-07-31 19:58:31Z yannoo $ +* @version $Id: survey.php 16249 2008-09-05 15:46:31Z elixir_inter $ * * @todo use quickforms for the forms */ @@ -41,7 +41,7 @@ require_once('survey.lib.php'); require_once (api_get_path(LIBRARY_PATH)."/course.lib.php"); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit()) +if (!api_is_allowed_to_edit(false,true)) { Display :: display_header(get_lang('Survey')); Display :: display_error_message(get_lang('NotAllowed'), false); diff --git a/main/survey/survey_invitation.php b/main/survey/survey_invitation.php index 5cec69c9e6..a55fd5fc8d 100644 --- a/main/survey/survey_invitation.php +++ b/main/survey/survey_invitation.php @@ -39,7 +39,7 @@ require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php' require_once (api_get_path(LIBRARY_PATH)."mail.lib.inc.php"); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit()) +if (!api_is_allowed_to_edit(false,true)) { Display :: display_header(get_lang('Survey')); Display :: display_error_message(get_lang('NotAllowed'), false); diff --git a/main/survey/survey_list.php b/main/survey/survey_list.php index 0a1c5ec7a1..449e8eeb5f 100644 --- a/main/survey/survey_list.php +++ b/main/survey/survey_list.php @@ -26,7 +26,7 @@ * @author unknown, the initial survey that did not make it in 1.8 because of bad code * @author Patrick Cool , Ghent University: cleanup, refactoring and rewriting large parts of the code * @author Julio Montoya Armas , Dokeos: Personality Test modification and rewriting large parts of the code -* @version $Id: survey_list.php 16046 2008-08-21 22:24:17Z juliomontoya $ +* @version $Id: survey_list.php 16249 2008-09-05 15:46:31Z elixir_inter $ * * @todo use quickforms for the forms */ @@ -43,7 +43,7 @@ require_once('survey.lib.php'); require_once (api_get_path(LIBRARY_PATH)."/course.lib.php"); /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ -if (!api_is_allowed_to_edit(false,true)) //coach can see this +if (!api_is_allowed_to_edit(false,true)) //users only see a list of surveys { Display :: display_header(get_lang('SurveyList')); SurveyUtil::survey_list_user($_user['user_id']); @@ -137,7 +137,7 @@ if ($_POST['action']) } } -if (!api_is_course_coach()) +if (api_is_allowed_to_edit(false,true)) { // Action links echo ''.get_lang('CreateNewSurvey').' | ';