chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix resource document session access for students.

Browse Source
pull/3064/head
Julio Montoya 5 years ago
parent c734ad4dc2
commit 2e7097cf03
3 changed files with 37 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      src/CoreBundle/Controller/ResourceController.php
  2. 5
      src/CoreBundle/Entity/Resource/AbstractResource.php
  3. 33
      src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php

9
src/CoreBundle/Controller/ResourceController.php
Unescape View File

@ -288,6 +288,10 @@ class ResourceController extends AbstractResourceController implements CourseCon
$icon = 'fa-eye-slash';
$link = $resource->getCourseSessionResourceLink($this->getCourse(), $this->getSession());
if ($link === null) {
return null;
}
if ($link->getVisibility() === ResourceLink::VISIBILITY_PUBLISHED) {
$icon = 'fa-eye';
}
@ -420,14 +424,13 @@ class ResourceController extends AbstractResourceController implements CourseCon
$resourceNodeId = $request->get('id');
$this->setBreadCrumb($request);
$repository = $this->getRepositoryFromRequest($request);
/** @var AbstractResource $resource */
$resource = $repository->getRepository()->findOneBy(['resourceNode' => $resourceNodeId]);
$resourceNode = $resource->getResourceNode();
$this->denyAccessUnlessGranted(
ResourceNodeVoter::VIEW,
ResourceNodeVoter::EDIT,
$resourceNode,
$this->trans('Unauthorised access to resource')
);
@ -606,8 +609,6 @@ class ResourceController extends AbstractResourceController implements CourseCon
*/
public function changeVisibilityAction(Request $request): Response
{
$em = $this->getDoctrine()->getManager();
$id = $request->get('id');
$repository = $this->getRepositoryFromRequest($request);

5
src/CoreBundle/Entity/Resource/AbstractResource.php
Unescape View File

@ -64,8 +64,11 @@ abstract class AbstractResource implements ResourceInterface
$result = null;
if ($resourceNode && $resourceNode->getResourceLinks()) {
$result = $resourceNode->getResourceLinks()->matching($criteria)->first();
if ($result) {
return $result;
}
}
return $result;
return null;
}
}

33
src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php
Unescape View File

@ -14,12 +14,9 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use Zend\Permissions\Acl\Acl;
//use Zend\Permissions\Acl\Resource\GenericResource as Resource;
use Zend\Permissions\Acl\Resource\GenericResource as SecurityResource;
use Zend\Permissions\Acl\Role\GenericRole as Role;
//use Sonata\AdminBundle\Security\Acl\Permission\MaskBuilder;
/**
* Class ResourceNodeVoter.
*/
@ -102,6 +99,7 @@ class ResourceNodeVoter extends Voter
/**
* @param string $attribute
* @param ResourceNode $resourceNode
* @param TokenInterface $token
*/
protected function voteOnAttribute($attribute, $resourceNode, TokenInterface $token): bool
{
@ -160,7 +158,6 @@ class ResourceNodeVoter extends Voter
// @todo Check if resource was sent to a usergroup
// @todo Check if resource was sent to a group inside a course
// Check if resource was sent to a course inside a session
if ($linkSession instanceof Session && !empty($sessionId) &&
$linkCourse instanceof Course && !empty($courseCode)
@ -197,8 +194,7 @@ class ResourceNodeVoter extends Voter
// Getting rights from the link
$rightFromResourceLink = $link->getResourceRight();
if ($rightFromResourceLink->count()) {
if ($rightFromResourceLink->count() > 0) {
// Taken rights from the link
$rights = $rightFromResourceLink;
} else {
@ -224,6 +220,22 @@ class ResourceNodeVoter extends Voter
->setRole(self::ROLE_CURRENT_COURSE_STUDENT)
;
$rights[] = $resourceRight;
if (!empty($sessionId)) {
$resourceRight = new ResourceRight();
$resourceRight
->setMask($editorMask)
->setRole(self::ROLE_CURRENT_SESSION_COURSE_TEACHER)
;
$rights[] = $resourceRight;
$resourceRight = new ResourceRight();
$resourceRight
->setMask($readerMask)
->setRole(self::ROLE_CURRENT_SESSION_COURSE_STUDENT)
;
$rights[] = $resourceRight;
}
}
// Asked mask
@ -241,6 +253,10 @@ class ResourceNodeVoter extends Voter
$student = new Role('ROLE_STUDENT');
$currentTeacher = new Role(self::ROLE_CURRENT_COURSE_TEACHER);
$currentStudent = new Role(self::ROLE_CURRENT_COURSE_STUDENT);
$currentTeacherSession = new Role(self::ROLE_CURRENT_SESSION_COURSE_TEACHER);
$currentStudentSession = new Role(self::ROLE_CURRENT_SESSION_COURSE_STUDENT);
$superAdmin = new Role('ROLE_SUPER_ADMIN');
$admin = new Role('ROLE_ADMIN');
@ -251,6 +267,8 @@ class ResourceNodeVoter extends Voter
->addRole($teacher)
->addRole($currentStudent)
->addRole($currentTeacher, self::ROLE_CURRENT_COURSE_STUDENT)
->addRole($currentStudentSession)
->addRole($currentTeacherSession, self::ROLE_CURRENT_SESSION_COURSE_STUDENT)
->addRole($superAdmin)
->addRole($admin)
;
@ -264,6 +282,7 @@ class ResourceNodeVoter extends Voter
// Set rights from the ResourceRight
foreach ($rights as $right) {
//$roles[$right->getMask()] = $right->getRole();
//var_dump($right->getRole());
$acl->allow($right->getRole(), null, $right->getMask());
}
@ -285,7 +304,7 @@ class ResourceNodeVoter extends Voter
// Admin can do everything
$acl->allow($admin);
$acl->allow($superAdmin);
//var_dump($user->getRoles() );
foreach ($user->getRoles() as $role) {
//var_dump($acl->isAllowed($role, $resource, $askedMask), $role);
if ($acl->isAllowed($role, $resource, $askedMask)) {

Write Preview
Loading…
Cancel
Save