From 1dbb87d809776a10f95700983018c94d6d45cd2b Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Tue, 10 Jul 2012 11:50:06 +0200
Subject: [PATCH] Session admins can add/edit users see #5146

---
 main/admin/index.php          |   2 +-
 main/admin/user_add.php       |  56 ++++++++--------
 main/admin/user_edit.php      |  24 ++++---
 main/admin/user_list.php      |  27 ++++----
 main/inc/lib/main_api.lib.php | 118 ++++++++++++++++------------------
 5 files changed, 117 insertions(+), 110 deletions(-)

diff --git a/main/admin/index.php b/main/admin/index.php
index a1d35356fb..638dad9656 100644
--- a/main/admin/index.php
+++ b/main/admin/index.php
@@ -85,7 +85,7 @@ if (api_is_platform_admin()) {
 } else {
  	$items = array(
  		array('url'=>'user_list.php', 	'label' => get_lang('UserList')),
- 		array('url'=>'../mySpace/user_add.php', 	'label' => get_lang('AddUsers')), 	
+ 		array('url'=>'user_add.php', 	'label' => get_lang('AddUsers')), 	
  		array('url'=>'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')),
  	);
 }
diff --git a/main/admin/user_add.php b/main/admin/user_add.php
index 15a1d0783c..4690c468a0 100644
--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@@ -18,7 +18,9 @@ require_once $libpath.'mail.lib.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;
 
 // User permissions
-api_protect_admin_script();
+api_protect_admin_script(true);
+
+$is_platform_admin = api_is_platform_admin() ? 1 : 0;
 
 $htmlHeadXtra[] = '
 <script type="text/javascript">
@@ -37,21 +39,24 @@ function password_switch_radio_button() {
 	}
 }
 
+var is_platform_id = "'.$is_platform_admin.'";
+
 function display_drh_list(){
-	if(document.getElementById("status_select").value=='.STUDENT.')
-	{
+	if(document.getElementById("status_select").value=='.STUDENT.') {
 		document.getElementById("drh_list").style.display="block";
-		document.getElementById("id_platform_admin").style.display="none";
-	}
-	else if (document.getElementById("status_select").value=='.COURSEMANAGER.')
-	{
+        if (is_platform_id == 1)
+            document.getElementById("id_platform_admin").style.display="none";
+            
+	} else if (document.getElementById("status_select").value=='.COURSEMANAGER.') {
 		document.getElementById("drh_list").style.display="none";
-		document.getElementById("id_platform_admin").style.display="block";
-	}
-	else
-	{
+        
+        if (is_platform_id == 1) 
+            document.getElementById("id_platform_admin").style.display="block";
+	} else {
 		document.getElementById("drh_list").style.display="none";
-		document.getElementById("id_platform_admin").style.display="none";
+        
+        if (is_platform_id == 1) 
+            document.getElementById("id_platform_admin").style.display="none";
 	}
 }
 
@@ -164,13 +169,6 @@ $display = ($_POST['status'] == STUDENT || !isset($_POST['status'])) ? 'block' :
 
 
 $form->addElement('html', '<div id="drh_list" style="display:'.$display.';">');
-/*$drh_select = $form->addElement('select', 'hr_dept_id', get_lang('Drh'), array(), 'id="drh_select"');
-$drh_list = UserManager :: get_user_list(array('status' => DRH), api_sort_by_first_name() ? array('firstname', 'lastname') : array('lastname', 'firstname'));
-if (count($drh_list) == 0) {
-	$drh_select->addOption('- '.get_lang('ThereIsNotStillAResponsible', '').' -', 0);
-} else {
-	$drh_select->addOption('- '.get_lang('SelectAResponsible').' -', 0);
-}*/
 
 if (is_array($drh_list)) {
 	foreach ($drh_list as $drh) {
@@ -180,15 +178,17 @@ if (is_array($drh_list)) {
 $form->addElement('html', '</div>');
 
 
+if (api_is_platform_admin()) {
+    // Platform admin
+    $group = array();
+    $group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('Yes'), 1);
+    $group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('No'), 0);
+    $display = ($_POST['status'] == STUDENT || !isset($_POST['status'])) ? 'none' : 'block';
+    $form->addElement('html', '<div id="id_platform_admin" style="display:'.$display.';">');
+    $form->addGroup($group, 'admin', get_lang('PlatformAdmin'), '&nbsp;');
+    $form->addElement('html', '</div>');
+}
 
-// Platform admin
-$group = array();
-$group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('Yes'), 1);
-$group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('No'), 0);
-$display = ($_POST['status'] == STUDENT || !isset($_POST['status'])) ? 'none' : 'block';
-$form->addElement('html', '<div id="id_platform_admin" style="display:'.$display.';">');
-$form->addGroup($group, 'admin', get_lang('PlatformAdmin'), '&nbsp;');
-$form->addElement('html', '</div>');
 // Send email
 $group = array();
 $group[] =& HTML_QuickForm::createElement('radio', 'send_mail', null, get_lang('Yes'), 1);
@@ -322,4 +322,4 @@ $tpl = new Template($tool_name);
 $tpl->assign('actions', $actions);
 $tpl->assign('message', $message);
 $tpl->assign('content', $content);
-$tpl->display_one_col_template();
+$tpl->display_one_col_template();
\ No newline at end of file
diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php
index 12a59cf7d7..593e428243 100644
--- a/main/admin/user_edit.php
+++ b/main/admin/user_edit.php
@@ -13,14 +13,18 @@ require_once '../inc/global.inc.php';
 
 $this_section = SECTION_PLATFORM_ADMIN;
 
-api_protect_admin_script();
+api_protect_admin_script(true);
 
 $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : intval($_POST['user_id']);
 
-api_protect_super_admin($user_id);
+api_protect_super_admin($user_id, null, true);
+$is_platform_admin = api_is_platform_admin() ? 1 : 0;
 
 $htmlHeadXtra[] = '
 <script>
+
+var is_platform_id = "'.$is_platform_admin.'";
+    
 <!--
 function enable_expiration_date() {
 	document.user_edit.radio_expiration_date[0].checked=false;
@@ -38,13 +42,16 @@ function password_switch_radio_button(){
 
 function display_drh_list(){
     var $radios = $("input:radio[name=platform_admin]");
-	if(document.getElementById("status_select").value=='.COURSEMANAGER.') {
-		document.getElementById("id_platform_admin").style.display="block";
+	if (document.getElementById("status_select").value=='.COURSEMANAGER.') {
+        if (is_platform_id == 1)
+            document.getElementById("id_platform_admin").style.display="block";
 	} else if (document.getElementById("status_select").value=='.STUDENT.') {
-		document.getElementById("id_platform_admin").style.display="none";
+        if (is_platform_id == 1)
+            document.getElementById("id_platform_admin").style.display="none";
         $radios.filter("[value=0]").attr("checked", true);
 	} else {
-		document.getElementById("id_platform_admin").style.display="none";
+        if (is_platform_id == 1)
+            document.getElementById("id_platform_admin").style.display="none";        
         $radios.filter("[value=0]").attr("checked", true);
 	}
 }
@@ -220,8 +227,7 @@ $form->addElement('html', '</div>');
 */
 
 // Platform admin
-// Only when changing another user!
-//if ($user_id != $_user['user_id']) {
+if (api_is_platform_admin()) {
 	$group = array();
 	$group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', null, get_lang('Yes'), 1);
 	$group[] =& HTML_QuickForm::createElement('radio', 'platform_admin', null, get_lang('No'), 0);
@@ -231,7 +237,7 @@ $form->addElement('html', '</div>');
 	$form->addElement('html', '<div id="id_platform_admin" style="display:'.$display.'">');
 	$form->addGroup($group, 'admin', get_lang('PlatformAdmin'), null, false);
 	$form->addElement('html', '</div>');
-//}
+}
 
 // Send email
 $group = array();
diff --git a/main/admin/user_list.php b/main/admin/user_list.php
index fa0740e30a..6e1d9b72e5 100644
--- a/main/admin/user_list.php
+++ b/main/admin/user_list.php
@@ -135,6 +135,7 @@ function load_calendar(user_id, month, year) {
 </script>';
 
 $this_section = SECTION_PLATFORM_ADMIN;
+
 api_protect_admin_script(true);
 
 /**
@@ -329,6 +330,7 @@ function get_number_of_users() {
 	$obj = Database::fetch_object($res);
 	return $obj->total_number_of_items;
 }
+
 /**
  * Get the users to display on the current page (fill the sortable-table)
  * @param   int     offset of first user to recover
@@ -460,6 +462,7 @@ function get_user_data($from, $number_of_items, $column, $direction) {
 	}
 	return $users;
 }
+
 /**
 * Returns a mailto-link
 * @param string $email An email-address
@@ -527,19 +530,23 @@ function modify_filter($user_id, $url_params, $row) {
     } else {
     	$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).'&nbsp;&nbsp;';
     }
+    
 	if ($row['7'] != $statusname[STUDENT]) {
 		$result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')).'&nbsp;&nbsp;';
 	} else {
 		$result .= '<a href="../mySpace/myStudents.php?student='.$user_id.'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).'</a>&nbsp;&nbsp;';
 	}
 
-	if (api_is_platform_admin()) {
-		if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) {            
-            $result .= '<a href="user_edit.php?user_id='.$user_id.'">'.Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a>&nbsp;';        
+	if (api_is_platform_admin(true)) {        
+        
+		if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) {
+            $result .= '<a href="user_edit.php?user_id='.$user_id.'">'.Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a>&nbsp;';
 		} else {
             $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a>&nbsp;';
 		}
 	}
+    
+    
 	if ($is_admin) {
 		$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'),array('width'=> ICON_SIZE_SMALL, 'heigth'=> ICON_SIZE_SMALL));
 	} else {
@@ -624,9 +631,6 @@ function status_filter($status) {
 	return $statusname[$status];
 }
 
-
-/**	INIT SECTION  */
-
 $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : null;
 
 if (isset($_GET['keyword']) || isset($_GET['keyword_firstname'])) {
@@ -713,7 +717,7 @@ if (!empty($action)) {
 }
 
 // Create a search-box
-$form = new FormValidator('search_simple','get', '', '',array('class' => 'form-search'),false);
+$form = new FormValidator('search_simple','get', '', '', array('class' => 'form-search'),false);
 $renderer =& $form->defaultRenderer();
 $renderer->setElementTemplate('<span>{element}</span> ');
 $form->addElement('text','keyword',get_lang('keyword'), 'size="25"');
@@ -839,6 +843,7 @@ $table->set_additional_parameters($parameters);
 $table->set_header(0, '', false, 'width="18px"');
 $table->set_header(1, get_lang('Photo'), false);
 $table->set_header(2, get_lang('OfficialCode'));
+
 if (api_is_western_name_order()) {
 	$table->set_header(3, get_lang('FirstName'));
 	$table->set_header(4, get_lang('LastName'));
@@ -849,7 +854,7 @@ if (api_is_western_name_order()) {
 $table->set_header(5, get_lang('LoginName'));
 $table->set_header(6, get_lang('Email'));
 $table->set_header(7, get_lang('Profile'));
-$table->set_header(8, get_lang('Active'),true, 'width="15px"');
+$table->set_header(8, get_lang('Active'), true, 'width="15px"');
 $table->set_header(9, get_lang('Action'), false,'width="220px"');
 
 $table->set_column_filter(3, 'user_filter');
@@ -862,11 +867,11 @@ $table->set_column_filter(9, 'modify_filter');
 
 if (api_is_platform_admin())
 	$table->set_form_actions(array ('delete' => get_lang('DeleteFromPlatform')));
-$table_result = $table->return_table();
 
-/* */
+$table_result = $table->return_table();
 
 $extra_search_options = '';
+
 //Try to search the user everywhere
 if ($table->get_total_number_of_items() ==0) {
     
@@ -929,4 +934,4 @@ $tpl = new Template($tool_name);
 $tpl->assign('actions', $actions);
 $tpl->assign('message', $message);
 $tpl->assign('content', $form.$table_result.$extra_search_options);
-$tpl->display_one_col_template();
+$tpl->display_one_col_template();
\ No newline at end of file
diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index e119be5741..e53f1157fb 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -2102,6 +2102,22 @@ function api_is_platform_admin_by_id($user_id = null) {
     return Database::num_rows($res) === 1;
 }
 
+function api_get_user_status($user_id = null) {
+    $user_id = intval($user_id);
+    if (empty($user_id)) {
+        $user_id = api_get_user_id();
+    }
+    $table = Database::get_main_table(TABLE_MAIN_USER);
+    $sql = "SELECT status FROM $table WHERE user_id = $user_id ";
+    $result = Database::query($sql);
+    $status = null;
+    if (Database::num_rows($result)) {
+        $row = Database::fetch_array($result);
+        $status = $row['status'];
+    }        
+    return $status;
+}
+
 /**
  * Checks whether current user is allowed to create courses
  * @return boolean True if the user has course creation rights,
@@ -2152,8 +2168,7 @@ function api_get_user_platform_status($user_id = false) {
 
 	//Group (in course)
     if ($group_id && $course_id) {
-        $group_status = array();
-        require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
+        $group_status = array();        
         $is_subscribed = GroupManager::is_subscribed($user_id, $group_id);
         if ($is_subscribed) {
             $group_status = array('id'=> $group_id , 'status' => 'student');
@@ -5404,11 +5419,12 @@ function api_is_global_platform_admin($user_id = null) {
     return false;
 }
 
-function api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id = null) {
+function api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id = null, $allow_session_admin = false) {
     if (empty($my_user_id)) {
         $my_user_id = api_get_user_id();
     }
-    $iam_a_global_admin     = api_is_global_platform_admin($my_user_id);
+    
+    $iam_a_global_admin     = api_is_global_platform_admin($my_user_id);    
     $user_is_global_admin   = api_is_global_platform_admin($admin_id_to_check);
 
     if ($iam_a_global_admin) {
@@ -5416,7 +5432,13 @@ function api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id = null)
         return true;
     } else {
         //If i'm a simple admin
-        if (api_is_platform_admin_by_id($my_user_id)) {
+        $is_platform_admin = api_is_platform_admin_by_id($my_user_id);
+        
+        if ($allow_session_admin) {
+            $is_platform_admin = api_is_platform_admin_by_id($my_user_id) || (api_get_user_status($my_user_id) == SESSIONADMIN);    
+        }
+        
+        if ($is_platform_admin) {
             if ($user_is_global_admin) {
                 return false;
             } else {
@@ -5428,8 +5450,8 @@ function api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id = null)
     }
 }
 
-function api_protect_super_admin($admin_id_to_check, $my_user_id = null) {
-    if (api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id)) {
+function api_protect_super_admin($admin_id_to_check, $my_user_id = null, $allow_session_admin = false) {
+    if (api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id, $allow_session_admin)) {
         return true;
     } else {
         api_not_allowed();
@@ -5497,66 +5519,52 @@ function api_browser_support($format="") {
 	if ($format=='svg'){
 		if (($current_browser == 'Internet Explorer' && $current_majorver >= 9) || ($current_browser == 'Firefox' && $current_majorver > 1) || ($current_browser == 'Safari' && $current_majorver >= 4) || ($current_browser == 'Chrome' && $current_majorver >= 1) || ($current_browser == 'Opera' && $current_majorver >= 9)) {
 			return true;
-		}
-		else {
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='pdf'){
+	} elseif($format=='pdf') {
 		//native pdf support
 		if($current_browser == 'Chrome' && $current_majorver >= 6){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='tif' || $format=='tiff'){
+	} elseif($format=='tif' || $format=='tiff'){
 		//native tif support
 		if($current_browser == 'Safari' && $current_majorver >= 5){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='ogg' || $format=='ogx'|| $format=='ogv' || $format=='oga'){
+	} elseif($format=='ogg' || $format=='ogx'|| $format=='ogv' || $format=='oga'){
 	//native ogg, ogv,oga support
 		if (($current_browser == 'Firefox' && $current_majorver >= 3)  || ($current_browser == 'Chrome' && $current_majorver >= 3) || ($current_browser == 'Opera' && $current_majorver >= 9)) {
 			return true;
-		}
-		else {
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='mpg' || $format=='mpeg'){
+	} elseif($format=='mpg' || $format=='mpeg'){
 		//native mpg support
 		if(($current_browser == 'Safari' && $current_majorver >= 5)){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='mp4'){
+	} elseif($format=='mp4') {
 		//native mp4 support (TODO: Android, iPhone)
 		if($current_browser == 'Android' || $current_browser == 'iPhone') {
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='mov'){
+	} elseif($format=='mov') {
 		//native mov support( TODO:check iPhone)
 		if($current_browser == 'Safari' && $current_majorver >= 5 || $current_browser == 'iPhone'){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='avi'){
+	} elseif($format=='avi') {
 		//native avi support
 		if($current_browser == 'Safari' && $current_majorver >= 5){
 			return true;
@@ -5564,17 +5572,14 @@ function api_browser_support($format="") {
 		else{
 			return false;
 		}
-	}
-	elseif($format=='wmv'){
+	} elseif($format=='wmv') {
 		//native wmv support
-		if($current_browser == 'Firefox' && $current_majorver >= 4){
+		if ($current_browser == 'Firefox' && $current_majorver >= 4){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='webm'){
+	} elseif($format=='webm') {
 		//native webm support (TODO:check IE9, Chrome9, Android)
 		if(($current_browser == 'Firefox' && $current_majorver >= 4) || ($current_browser == 'Opera' && $current_majorver >= 9) || ($current_browser == 'Internet Explorer' && $current_majorver >= 9)|| ($current_browser == 'Chrome' && $current_majorver >=9)|| $current_browser == 'Android'){
 			return true;
@@ -5582,26 +5587,22 @@ function api_browser_support($format="") {
 		else{
 			return false;
 		}
-	}
-	elseif($format=='wav'){
+	} elseif($format=='wav') {
 		//native wav support (only some codecs !)
-		if(($current_browser == 'Firefox' && $current_majorver >= 4) || ($current_browser == 'Safari' && $current_majorver >= 5) || ($current_browser == 'Opera' && $current_majorver >= 9) || ($current_browser == 'Internet Explorer' && $current_majorver >= 9)|| ($current_browser == 'Chrome' && $current_majorver > 9)|| $current_browser == 'Android' || $current_browser == 'iPhone'){
+		if (($current_browser == 'Firefox' && $current_majorver >= 4) || ($current_browser == 'Safari' && $current_majorver >= 5) || ($current_browser == 'Opera' && $current_majorver >= 9) || ($current_browser == 'Internet Explorer' && $current_majorver >= 9)|| ($current_browser == 'Chrome' && $current_majorver > 9)|| $current_browser == 'Android' || $current_browser == 'iPhone'){
 			return true;
 		}
 		else{
 			return false;
 		}
-	}
-	elseif($format=='mid' || $format=='kar'){
+	} elseif($format=='mid' || $format=='kar') {
 		//native midi support (TODO:check Android)
 		if($current_browser == 'Opera'&& $current_majorver >= 9 || $current_browser == 'Android'){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=='wma'){
+	} elseif($format=='wma') {
 		//native wma support
 		if($current_browser == 'Firefox' && $current_majorver >= 4){
 			return true;
@@ -5609,8 +5610,7 @@ function api_browser_support($format="") {
 		else{
 			return false;
 		}
-	}
-	elseif($format=='au'){
+	} elseif($format=='au') {
 		//native au support
 		if($current_browser == 'Safari' && $current_majorver >= 5){
 			return true;
@@ -5618,21 +5618,17 @@ function api_browser_support($format="") {
 		else{
 			return false;
 		}
-	}
-	elseif($format=='mp3'){
+	} elseif($format=='mp3') {
 		//native mp3 support (TODO:check Android, iPhone)
 		if(($current_browser == 'Safari' && $current_majorver >= 5) || ($current_browser == 'Chrome' && $current_majorver >=6)|| ($current_browser == 'Internet Explorer' && $current_majorver >= 9)|| $current_browser == 'Android' || $current_browser == 'iPhone'){
 			return true;
-		}
-		else{
+		} else {
 			return false;
 		}
-	}
-	elseif($format=="check_browser"){
+	} elseif($format=="check_browser") {
 		$array_check_browser=array($current_browser, $current_majorver);
 		return $array_check_browser;
-	}
-	else{
+	} else {
 		return false;
 	}
 }