drh can access all content (courses, users) inside a session. A new setting must be added $_configuration['drh_can_access_all_session_content'] see BT#6770

12 years ago · 480eb84e5e
parent 2a90cccbd7
commit 480eb84e5e
5 changed files with 245 additions and 202 deletions
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -199,7 +199,8 @@ class CourseManager {
     * @param   string   Course code
     * @return int the status of the user in that course
     */
-    public static function get_user_in_course_status($user_id, $course_code) {
+    public static function get_user_in_course_status($user_id, $course_code)
+    {
        $result = Database::fetch_array(Database::query(
            "SELECT status FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)."
            WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".Database::escape_string($user_id))
@ -207,7 +208,13 @@ class CourseManager {
        return $result['status'];
    }

-    public static function get_tutor_in_course_status($user_id, $course_code) {
+    /**
+     * @param int $user_id
+     * @param string $course_code
+     * @return mixed
+     */
+    public static function get_tutor_in_course_status($user_id, $course_code)
+    {
        $result = Database::fetch_array(Database::query(
                "SELECT tutor_id FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)."
                WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".Database::escape_string($user_id))
@ -215,7 +222,6 @@ class CourseManager {
        return $result['tutor_id'];
    }

-
    /**
     * Unsubscribe one or more users from a course
     *
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -6601,3 +6601,16 @@ function api_remove_tags_with_space($in_html, $in_double_quote_replace = true) {
    $out_res = strip_tags($out_res);
    return $out_res;
 }
+
+/**
+ * If true, the drh can access all content (courses, users) inside a session
+ * @return bool
+ */
+function api_drh_can_access_all_session_content()
+{
+    global $_configuration;
+    if (isset($_configuration['drh_can_access_all_session_content'])) {
+        return $_configuration['drh_can_access_all_session_content'];
+    }
+    return false;
+}
--- a/main/mySpace/index.php
+++ b/main/mySpace/index.php
@ -373,11 +373,16 @@ if (empty($session_id)) {
        $courses_from_session = SessionManager::get_course_list_by_session_id($session_id);

        $courses = array();
+
        foreach ($courses_from_session as $course_item) {
+            if (api_drh_can_access_all_session_content()) {
+                $courses[$course_item['code']] = $course_item['code'];
+            } else {
                if (isset($courses_of_the_platform[$course_item['code']])) {
                    $courses[$course_item['code']] = $course_item['code'];
                }
            }
+        }

        if (empty($courses)) {
            Display::display_warning_message(get_lang('NoResults'));
--- a/main/mySpace/myStudents.php
+++ b/main/mySpace/myStudents.php
@ -203,7 +203,7 @@ if ($check) {
 	Security::clear_token();
 }

-// infos about user
+// user info
 $user_info = api_get_user_info($student_id);

 $courses_in_session = array();
@ -220,7 +220,7 @@ $courses = CourseManager::get_course_list_of_user_as_course_admin(api_get_user_i
 $courses_in_session_by_coach = array();
 $sessions_coached_by_user = Tracking::get_sessions_coached_by_user(api_get_user_id());

-//RRHH or session admin
+// RRHH or session admin
 if (api_is_session_admin() || api_is_drh()) {
    $courses = CourseManager::get_courses_followed_by_drh(api_get_user_id());

@ -242,7 +242,8 @@ if (!empty($sessions_coached_by_user)) {
 	}
 }

-$sql = "SELECT course_code FROM $tbl_course_user WHERE relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND user_id = ".intval($user_info['user_id']);
+$sql = "SELECT course_code FROM $tbl_course_user
+        WHERE relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND user_id = ".intval($user_info['user_id']);
 $rs = Database::query($sql);

 while ($row = Database :: fetch_array($rs)) {
@ -256,7 +257,8 @@ while ($row = Database :: fetch_array($rs)) {
 }

 // Get the list of sessions where the user is subscribed as student
-$sql = 'SELECT id_session, course_code FROM ' . Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . ' WHERE id_user=' . intval($user_info['user_id']);
+$sql = 'SELECT id_session, course_code FROM ' . Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . '
+        WHERE id_user=' . intval($user_info['user_id']);
 $rs = Database::query($sql);
 $tmp_sessions = array();
 while ($row = Database :: fetch_array($rs)) {
@ -274,20 +276,18 @@ while ($row = Database :: fetch_array($rs)) {
    }
 }

-/*if (empty($courses_in_session)) {
-    Display :: display_header($nameTools);
-	echo '<div class="actions">';
-	echo '<a href="javascript: window.back();" ">'.Display::return_icon('back.png', get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
-	echo '</div>';
-	Display::display_warning_message(get_lang('NoDataAvailable'));
-	Display::display_footer();
-	exit;
-}*/
-
 if (!empty($student_id)) {
+    if (api_drh_can_access_all_session_content()) {
+        $sessions = SessionManager::get_sessions_followed_by_drh($user_id);
+        $sessionList = array_keys($sessions);
+        if (!in_array($session_id, $sessionList)) {
+            api_not_allowed();
+        }
+    } else {
        if (api_is_drh() && !UserManager::is_user_followed_by_drh($student_id, api_get_user_id())) {
            api_not_allowed();
        }
+    }
 }

 Display :: display_header($nameTools);
@ -560,8 +560,8 @@ echo Display::page_subheader($table_title);

 if (empty($_GET['details'])) {

-	$csv_content[] = array ();
-	$csv_content[] = array (
+	$csv_content[] = array();
+	$csv_content[] = array(
        get_lang('Session', ''),
        get_lang('Course', ''),
        get_lang('Time', ''),
--- a/main/tracking/courseLog.php
+++ b/main/tracking/courseLog.php
@ -25,6 +25,10 @@ if (!empty($course_info)) {
 $from_myspace = false;
 $from = isset($_GET['from']) ? $_GET['from'] : null;

+// Starting the output buffering when we are exporting the information.
+$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
+$session_id = intval($_REQUEST['id_session']);
+
 if ($from == 'myspace') {
    $from_myspace = true;
    $this_section = "session_my_space";
@ -36,8 +40,27 @@ if ($from == 'myspace') {
 $is_allowedToTrack = api_is_platform_admin() || api_is_allowed_to_create_course() || api_is_session_admin() || api_is_drh() || api_is_course_tutor();

 if (!$is_allowedToTrack) {
+    api_not_allowed(true);
+    exit;
+}
+
+if (api_is_drh()) {
+    // Blocking course for drh
+
+    if (api_drh_can_access_all_session_content()) {
+        $sessions = SessionManager::get_sessions_followed_by_drh($user_id);
+        $sessionList = array_keys($sessions);
+        if (!in_array($session_id, $sessionList)) {
            api_not_allowed();
+        }
+    } else {
+        $coursesFollowedList = CourseManager::get_courses_followed_by_drh(api_get_user_id());
+        $coursesFollowedList = array_keys($coursesFollowedList);
+        if (!in_array(api_get_course_id(), $coursesFollowedList)) {
+            api_not_allowed(true);
            exit;
+        }
+    }
 }

 // Including additional libraries.
@ -53,10 +76,6 @@ require_once api_get_path(SYS_CODE_PATH).'resourcelinker/resourcelinker.inc.php'
 require_once api_get_path(SYS_CODE_PATH).'survey/survey.lib.php';
 require_once api_get_path(SYS_CODE_PATH).'exercice/exercise.lib.php';

-// Starting the output buffering when we are exporting the information.
-$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
-$session_id = intval($_REQUEST['id_session']);
-
 if ($export_csv) {
    if (!empty($session_id)) {
        $_SESSION['id_session'] = $session_id;