Evaluate api_get_course_setting more strictly

1 === (int) api_get_course_setting('allow_user_edit_announcement')
5 years ago · 4226884cb6
parent b32b16f8ac
commit 4226884cb6
4 changed files with 8 additions and 7 deletions
--- a/public/main/announcements/announcements.php
+++ b/public/main/announcements/announcements.php
@ -34,7 +34,7 @@ $repo = Container::getAnnouncementRepository();

 $allowToEdit = (
    api_is_allowed_to_edit(false, true) ||
-    (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous()) ||
+    (1 === (int) api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous()) ||
    ($sessionId && api_is_coach() && api_get_configuration_value('allow_coach_to_edit_announcements'))
 );
 $allowStudentInGroupToSend = false;
--- a/public/main/inc/ajax/announcement.ajax.php
+++ b/public/main/inc/ajax/announcement.ajax.php
@ -29,7 +29,7 @@ switch ($action) {
    case 'preview':
        $allowToEdit = (
            api_is_allowed_to_edit(false, true) ||
-            (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
+            (1 === (int) api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
        );

        $drhHasAccessToSessionContent = api_drh_can_access_all_session_content();
--- a/public/main/inc/lib/AnnouncementManager.php
+++ b/public/main/inc/lib/AnnouncementManager.php
@ -373,7 +373,7 @@ class AnnouncementManager
        $groupId = (int) $groupId;

        if (api_is_allowed_to_edit(false, true) ||
-            (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
+            (1 === (int) api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
        ) {
            $dql = "SELECT a, ip
                    FROM ChamiloCourseBundle:CAnnouncement a
@ -470,7 +470,7 @@ class AnnouncementManager
            api_get_group_id()
        );

-        if (empty($announcement)) {
+        if (null === $announcement) {
            return '';
        }

@ -482,9 +482,10 @@ class AnnouncementManager

        $repo = Container::getAnnouncementRepository();
        $isVisible = $repo->isGranted(ResourceNodeVoter::VIEW, $announcement);
+
        $url = api_get_self()."?".api_get_cidreq();
        if (api_is_allowed_to_edit(false, true) ||
-            (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
+            (1 === (int) api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())
        ) {
            $modify_icons = "<a href=\"".$url."&action=modify&id=".$id."\">".
                Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL)."</a>";
--- a/public/main/webservices/cm_webservice_announcements.php
+++ b/public/main/webservices/cm_webservice_announcements.php
@ -136,7 +136,7 @@ class WSCMAnnouncements extends WSCM
            // the user is not member of any group
            // this is an identified user => show the general announcements AND his personal announcements
            if ($user_id) {
-                if ((api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
+                if ((1 === (int) api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
                    $cond_user_id = " AND (
                        ip.lastedit_user_id = '".api_get_user_id()."' OR
                        ( ip.to_user_id='".$user_id."' OR ip.to_group_id='0' OR ip.to_group_id IS NULL)
@ -159,7 +159,7 @@ class WSCMAnnouncements extends WSCM
                        ORDER BY display_order DESC
                        LIMIT 0,$maximum";
            } else {
-                if (api_get_course_setting('allow_user_edit_announcement')) {
+                if (1 === (int) api_get_course_setting('allow_user_edit_announcement')) {
                    $cond_user_id = " AND (
                        ip.lastedit_user_id = '".api_get_user_id()."' OR ip.to_group_id='0' OR ip.to_group_id IS NULL
                    ) ";