From 477e265e9645df146133c41244115996c448e780 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 12 May 2021 08:32:05 +0200
Subject: [PATCH] Admin: config "allow_session_admin_extra_access" BT#18774

Allow session admin access to main/admin/user_update_import.php and
main/admin/user_export.php
---
 main/admin/index.php                | 11 +++++++++++
 main/admin/user_export.php          |  7 ++++++-
 main/install/configuration.dist.php |  3 +++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/main/admin/index.php b/main/admin/index.php
index fc125c4741..b92151d23c 100644
--- a/main/admin/index.php
+++ b/main/admin/index.php
@@ -181,6 +181,17 @@ if (api_is_platform_admin()) {
             });
         }
     }
+
+    if (api_get_configuration_value('allow_session_admin_extra_access')) {
+        $items[] = [
+            'url' => 'user_update_import.php',
+            'label' => get_lang('EditUserListCSV'),
+        ];
+        $items[] = [
+            'url' => 'user_export.php',
+            'label' => get_lang('ExportUserListXMLCSV'),
+        ];
+    }
 }
 
 $blocks['users']['items'] = $items;
diff --git a/main/admin/user_export.php b/main/admin/user_export.php
index e8d89e11e5..6d2fdc45e4 100755
--- a/main/admin/user_export.php
+++ b/main/admin/user_export.php
@@ -7,7 +7,12 @@ $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;
 
-api_protect_admin_script();
+$allowSessionAdmin = false;
+if (api_get_configuration_value('allow_session_admin_extra_access')) {
+    $allowSessionAdmin = true;
+}
+
+api_protect_admin_script($allowSessionAdmin);
 
 $course_table = Database::get_main_table(TABLE_MAIN_COURSE);
 $user_table = Database::get_main_table(TABLE_MAIN_USER);
diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
index 6d21c0f2c3..b853d00712 100755
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@@ -1915,6 +1915,9 @@ ALTER TABLE gradebook_comment ADD CONSTRAINT FK_C3B70763AD3ED51C FOREIGN KEY (gr
     ]
 ];*/
 
+// Allow session admin access to main/admin/user_update_import.php and main/admin/user_export.php
+//$_configuration['allow_session_admin_extra_access'] = true;
+
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email