Merge pull request #625 from AngelFQC/BT9325

Modify admin panels for session admins - refs BT#9325
10 years ago · 4e5fb354a5
parent 76d6abbaf6 b561679a2e
commit 4e5fb354a5
16 changed files with 260 additions and 52 deletions
--- a/main/admin/index.php
+++ b/main/admin/index.php
@ -112,16 +112,23 @@ if (api_is_platform_admin()) {
        $items[] = array('url'=>'ldap_users_list.php', 	'label' => get_lang('ImportLDAPUsersIntoPlatform'));
    }
    $items[] = array('url'=>'user_fields.php', 	'label' => get_lang('ManageUserFields'));
+    $items[] = array('url'=>'usergroups.php', 	'label' => get_lang('Classes'));
+} elseif (
+    api_is_session_admin() &&
+    api_get_configuration_value('limit_session_admin_role')
+) {
+    $items = array(
+        array('url'=>'user_list.php', 	'label' => get_lang('UserList'))
+    );
 } else {
    $items = array(
        array('url'=>'user_list.php', 	'label' => get_lang('UserList')),
        array('url'=>'user_add.php', 	'label' => get_lang('AddUsers')),
        array('url'=>'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')),
+        array('url'=>'usergroups.php', 	'label' => get_lang('Classes'))
    );
 }

-$items[] = array('url'=>'usergroups.php', 	'label' => get_lang('Classes'));
-
 $blocks['users']['items'] = $items;
 $blocks['users']['extra'] = null;

@ -245,16 +252,47 @@ $search_form = ' <form method="GET" class="form-search" action="session_list.php
                </form>';
 $blocks['sessions']['search_form'] = $search_form;
 $items = array();
+
 $items[] = array('url'=>'session_list.php', 	'label' => get_lang('ListSession'));
-$items[] = array('url'=>'session_add.php', 	'label' => get_lang('AddSession'));
-$items[] = array('url'=>'session_category_list.php', 	'label' => get_lang('ListSessionCategory'));
-$items[] = array('url'=>'session_import.php', 	'label' => get_lang('ImportSessionListXMLCSV'));
-$items[] = array('url'=>'session_import_drh.php', 	'label' => get_lang('ImportSessionDrhList'));
-if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
-    $items[] = array('url'=>'ldap_import_students_to_session.php', 	'label' => get_lang('ImportLDAPUsersIntoSession'));
+
+if (
+    !api_is_session_admin() ||
+    !api_get_configuration_value('limit_session_admin_role')
+) {
+    $items[] = array(
+        'url' => 'session_add.php',
+        'label' => get_lang('AddSession')
+    );
+    $items[] = array(
+        'url' => 'session_category_list.php',
+        'label' => get_lang('ListSessionCategory'));
+    $items[] = array(
+        'url' => 'session_import.php',
+        'label' => get_lang('ImportSessionListXMLCSV')
+    );
+    $items[] = array(
+        'url' => 'session_import_drh.php',
+        'label' => get_lang('ImportSessionDrhList')
+    );
+    if (
+        isset($extAuthSource) &&
+        isset($extAuthSource['ldap']) &&
+        count($extAuthSource['ldap']) > 0
+    ) {
+        $items[] = array(
+            'url' => 'ldap_import_students_to_session.php',
+            'label' => get_lang('ImportLDAPUsersIntoSession')
+        );
+    }
+    $items[] = array(
+        'url' => 'session_export.php',
+        'label' => get_lang('ExportSessionListXMLCSV')
+    );
+    $items[] = array(
+        'url' => '../coursecopy/copy_course_session.php',
+        'label' => get_lang('CopyFromCourseInSessionToAnotherSession')
+    );
 }
-$items[] = array('url'=>'session_export.php', 	'label' => get_lang('ExportSessionListXMLCSV'));
-$items[] = array('url'=>'../coursecopy/copy_course_session.php', 	'label' => get_lang('CopyFromCourseInSessionToAnotherSession'));

 if (api_is_platform_admin()) {
    if (is_dir(api_get_path(SYS_TEST_PATH).'datafiller/')) { // option only visible in development mode. Enable through code if required
@ -399,6 +437,51 @@ if ($useCookieValidation) {

 $tpl->assign('web_admin_ajax_url', $admin_ajax_url);
 $tpl->assign('blocks', $blocks);
+
+if (api_is_platform_admin()) {
+    $extraDataForm = new FormValidator(
+        'block_extra_data',
+        'post',
+        '#',
+        null,
+        array(
+            'id' => 'block-extra-data',
+            'class' => 'form-inline'
+        )
+    );
+
+    $extraDataForm->add_html_editor(
+        'extra_content',
+        null,
+        false,
+        false,
+        array(
+            'name' => 'extra-content',
+            'ToolbarSet' => 'AdminPanels',
+            'Width' => 530,
+            'Height' => 300
+        )
+    );
+    $extraDataForm->addElement(
+        'hidden',
+        'block',
+        null,
+        array(
+            'id' => 'extra-block'
+        )
+    );
+    $extraDataForm->add_button(
+        'submit',
+        get_lang('Save'),
+        array(
+            'id' => 'btn-block-editor-save',
+            'class' => 'btn btn-primary'
+        )
+    );
+
+    $tpl->assign('extraDataForm', $extraDataForm->toHtml());
+}
+
 // The template contains the call to the AJAX version checker
 $admin_template = $tpl->get_template('admin/settings_index.tpl');
 $content = $tpl->fetch($admin_template);
--- a/main/admin/session_add.php
+++ b/main/admin/session_add.php
@ -26,6 +26,8 @@ $this_section=SECTION_PLATFORM_ADMIN;

 api_protect_admin_script(true);

+api_protect_limit_for_session_admin();
+
 $formSent=0;
 $errorMsg='';

--- a/main/admin/session_category_list.php
+++ b/main/admin/session_category_list.php
@ -14,6 +14,7 @@ $cidReset = true;
 require_once '../inc/global.inc.php';

 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 // setting the section (for the tabs)
 $this_section = SECTION_PLATFORM_ADMIN;
--- a/main/admin/session_export.php
+++ b/main/admin/session_export.php
@ -13,6 +13,8 @@ include '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();
+
 include api_get_path(LIBRARY_PATH).'fileManage.lib.php';

 $session_id = intval($_GET['session_id']);
--- a/main/admin/session_import.php
+++ b/main/admin/session_import.php
@ -12,6 +12,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
--- a/main/admin/session_import_drh.php
+++ b/main/admin/session_import_drh.php
@ -12,6 +12,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';

--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@ -19,6 +19,7 @@ $this_section = SECTION_PLATFORM_ADMIN;

 // User permissions
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 $is_platform_admin = api_is_platform_admin() ? 1 : 0;

--- a/main/admin/user_import.php
+++ b/main/admin/user_import.php
@ -343,6 +343,7 @@ function parse_xml_data($file)

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true, null, 'login');
+api_protect_limit_for_session_admin();

 $defined_auth_sources[] = PLATFORM_AUTH_SOURCE;

--- a/main/admin/usergroups.php
+++ b/main/admin/usergroups.php
@ -13,6 +13,7 @@ require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
+api_protect_limit_for_session_admin();

 //Add the JS needed to use the jqgrid
 $htmlHeadXtra[] = api_get_jqgrid_js();
--- a/main/coursecopy/copy_course_session.php
+++ b/main/coursecopy/copy_course_session.php
@ -17,6 +17,7 @@ require_once '../inc/global.inc.php';
 $current_course_tool  = TOOL_COURSE_MAINTENANCE;

 api_protect_global_admin_script();
+api_protect_limit_for_session_admin();

 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require_once api_get_path(LIBRARY_PATH).'xajax/xajax.inc.php';
--- a/main/inc/ajax/admin.ajax.php
+++ b/main/inc/ajax/admin.ajax.php
@ -37,7 +37,7 @@ switch ($action) {
        break;

    case 'save_block_extra':
-        $content = isset($_POST['content']) ? Security::remove_XSS($_POST['content']) : null;
+        $content = isset($_POST['extra_content']) ? Security::remove_XSS($_POST['extra_content']) : null;
        $blockName = isset($_POST['block']) ? Security::remove_XSS($_POST['block']) : null;

        if (empty($blockName)) {
@ -61,18 +61,16 @@ switch ($action) {
        }

        if (!is_dir($newUrlDir)) {
-            @mkdir($newUrlDir, api_get_permissions_for_new_directories(), true);
+            mkdir($newUrlDir, api_get_permissions_for_new_directories(), true);
        }

-        $fullFilePath = "{$newUrlDir}{$blockName}_extra.html";
-
-        if (file_exists($fullFilePath)) {
-            @unlink($fullFilePath);
+        if (!is_writable($newUrlDir)) {
+            die;
        }

-        @touch($fullFilePath);
+        $fullFilePath = "{$newUrlDir}{$blockName}_extra.html";

-        @file_put_contents($fullFilePath, $content);
+        file_put_contents($fullFilePath, $content);

        break;

@ -99,9 +97,19 @@ switch ($action) {
            $newUrlDir = api_get_path(SYS_PATH) . "home/admin/";
        }

-        if (Security::check_abs_path("{$newUrlDir}{$blockName}_extra.html", $newUrlDir)) {
-            echo @file_get_contents("{$newUrlDir}{$blockName}_extra.html");
+        if (!file_exists($newUrlDir)) {
+            die;
+        }
+
+        if (!Security::check_abs_path("{$newUrlDir}{$blockName}_extra.html", $newUrlDir)) {
+            die;
+        }
+
+        if (!file_exists("{$newUrlDir}{$blockName}_extra.html")) {
+            die;
        }
+
+        echo file_get_contents("{$newUrlDir}{$blockName}_extra.html");
        break;
 }

--- a/main/inc/lib/fckeditor/toolbars/default/admin_panels.php
+++ b/main/inc/lib/fckeditor/toolbars/default/admin_panels.php
@ -0,0 +1,50 @@
+<?php
+/* For licensing terms, see /license.txt */
+/**
+ * AdminPanels FCKEditor's toolbar
+ * For more information: http://docs.fckeditor.net/FCKeditor_2.x/Developers_Guide/Configuration/Configuration_Options
+ * @author Angel Fernando Quiroz Campos <angel.quiroz@beeznest.com>
+ * @package chamilo
+ */
+
+// Hide/show SpellCheck buttom
+if ((api_get_setting('allow_spellcheck') == 'true')) {
+    $VSpellCheck = 'SpellCheck';
+} else {
+    $VSpellCheck = '';
+}
+
+// This is the visible toolbar set when the editor has "normal" size.
+$config['ToolbarSets']['Normal'] = array(
+    array('NewPage', '-', 'PasteWord'),
+    array('Undo', 'Redo'),
+    array('Link', 'Image', 'flvPlayer', 'Flash', 'MP3', 'mimetex'),
+    '/',
+    array('Bold', 'Italic', 'Underline', 'TextColor', 'BGColor'),
+    array('UnorderedList', 'OrderedList', 'Rule'),
+    array('JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyFull'),
+    array('FontFormat', 'FontName', 'FontSize'),
+    array('FitWindow')
+);
+
+// Sets whether the toolbar can be collapsed/expanded or not.
+// Possible values: true , false
+$config['ToolbarCanCollapse'] = true;
+
+// Sets how the editor's toolbar should start - expanded or collapsed.
+// Possible values: true , false
+$config['ToolbarStartExpanded'] = false;
+
+//This option sets the location of the toolbar.
+// Possible values: 'In' , 'None' , 'Out:[TargetId]' , 'Out:[TargetWindow]([TargetId])'
+//$config['ToolbarLocation'] = 'In';
+
+// A setting for blocking copy/paste functions of the editor.
+// This setting activates on leaners only. For users with other statuses there is no blocking copy/paste.
+// Possible values: true , false
+//$config['BlockCopyPaste'] = false;
+
+// Here new width and height of the editor may be set.
+// Possible values, examples: 300 , '250' , '100%' , ...
+//$config['Width'] = '100%';
+//$config['Height'] = '400';
--- a/main/inc/lib/fckeditor/toolbars/extended/admin_panels.php
+++ b/main/inc/lib/fckeditor/toolbars/extended/admin_panels.php
@ -0,0 +1,34 @@
+<?php
+/* For licensing terms, see /license.txt */
+/**
+ * AdminPanels FCKEditor's toolbar
+ * For more information: http://docs.fckeditor.net/FCKeditor_2.x/Developers_Guide/Configuration/Configuration_Options
+ * @author Angel Fernando Quiroz Campos <angel.quiroz@beeznest.com>
+ * @package chamilo
+ */
+
+// Hide/show SpellCheck buttom
+if ((api_get_setting('allow_spellcheck') == 'true')) {
+    $VSpellCheck = 'SpellCheck';
+} else {
+    $VSpellCheck = '';
+}
+
+// This is the visible toolbar set when the editor is maximized.
+// If it has not been defined, then the toolbar set for the "normal" size is used.
+$config['ToolbarSets']['Maximized'] = array(
+    array('NewPage', '-', 'Preview', 'Print'),
+    array('Cut', 'Copy', 'Paste', 'PasteText', 'PasteWord'),
+    array('Undo', 'Redo', '-', 'SelectAll', 'Find', '-', 'RemoveFormat'),
+    array('Link', 'Unlink', 'Anchor', 'Glossary'),
+    array('Image', 'imgmapPopup', 'flvPlayer', 'EmbedMovies', 'YouTube', 'Flash', 'MP3', 'googlemaps', 'Smiley', 'SpecialChar', 'insertHtml', 'mimetex', 'asciimath', 'asciisvg', 'fckeditor_wiris_openFormulaEditor', 'fckeditor_wiris_openCAS'),
+    '/',
+    array('TableOC', 'Table', 'TableInsertRowAfter', 'TableDeleteRows', 'TableInsertColumnAfter', 'TableDeleteColumns', 'TableInsertCellAfter', 'TableDeleteCells', 'TableMergeCells', 'TableHorizontalSplitCell', 'TableVerticalSplitCell', 'TableCellProp', '-', 'CreateDiv'),
+    array('UnorderedList', 'OrderedList', 'Rule', '-', 'Outdent', 'Indent', 'Blockquote'),
+    array('JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyFull'),
+    array('Bold', 'Italic', 'Underline', 'StrikeThrough', '-', 'Subscript', 'Superscript', '-', 'TextColor', 'BGColor'),
+    array($VSpellCheck),
+    array('Style', 'FontFormat', 'FontName', 'FontSize'),
+    array('PageBreak', 'ShowBlocks', 'Source'),
+    array('FitWindow')
+);
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -7517,3 +7517,17 @@ function api_site_use_cookie_warning_cookie_exist()
 {
    return isset($_COOKIE['ChamiloUsesCookies']);
 }
+
+/**
+ * Limit the access to Session Admins wheen the limit_session_admin_role
+ * configuration variable is set to true
+ */
+function api_protect_limit_for_session_admin()
+{
+    if (
+        api_is_session_admin() &&
+        api_get_configuration_value('limit_session_admin_role')
+    ) {
+        api_not_allowed(true);
+    }
+}
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@ -295,3 +295,7 @@ $_configuration['system_stable']     = NEW_VERSION_STABLE;
 //$_configuration['allow_delete_attendance'] = false;
 // Course log - Default columns to hide
 //$_configuration['course_log_hide_columns'] = array(1, 9);
+// Limit for the Session Admin role. The administration page show only
+// User block -> Add user
+// Course Sessions block -> Training session list
+$_configuration['limit_session_admin_role'] = false;
--- a/main/template/default/admin/settings_index.tpl
+++ b/main/template/default/admin/settings_index.tpl
@ -7,40 +7,50 @@ $(document).ready(function() {
        }
    });

-    $('.edit-block a').on('click', function(e) {
-        e.preventDefault();
+{% if _u.is_admin %}
+    (function(){
+        $('.edit-block a').on('click', function(e) {
+            e.preventDefault();

-        var $self = $(this);
+            var $self = $(this);

-        var extraContent = $.ajax('{{ _p.web_ajax }}admin.ajax.php', {
-            type: 'post',
-            data: {
-                a: 'get_extra_content',
-                block: $self.data('id')
-            }
-        });
+            var extraContent = $.ajax('{{ _p.web_ajax }}admin.ajax.php', {
+                type: 'post',
+                data: {
+                    a: 'get_extra_content',
+                    block: $self.data('id')
+                }
+            });

-        $.when(extraContent).done(function(content) {
-            $('#extra-content').val(content);
-            $('#extra-block').val($self.data('id'));
-            $('#modal-extra-title').text($self.data('label'));
+            $.when(extraContent).done(function(content) {
+                FCKeditorAPI.GetInstance('extra_content').SetData(content);
+                $('#extra-block').val($self.data('id'));
+                $('#modal-extra-title').text($self.data('label'));

-            $('#modal-extra').modal('show');
+                $('#modal-extra').modal('show');
+            });
        });
-    });

-    $('#btn-block-editor-save').on('click', function(e) {
-        e.preventDefault();
+        $('#btn-block-editor-save').on('click', function(e) {
+            e.preventDefault();

-        var save = $.ajax('{{ _p.web_ajax }}admin.ajax.php', {
-            type: 'post',
-            data: $('#block-extra-data').serialize() + '&a=save_block_extra'
-        });
+            var formParams = $.param({
+                a: 'save_block_extra',
+                extra_content: FCKeditorAPI.GetInstance('extra_content').GetHTML(),
+                block:  $('#extra-block').val()
+            });

-        $.when(save).done(function() {
-            window.location.reload();
+            var save = $.ajax('{{ _p.web_ajax }}admin.ajax.php', {
+                type: 'post',
+                data: formParams
+            });
+
+            $.when(save).done(function() {
+                window.location.reload();
+            });
        });
-    });
+    })();
+{% endif %}
 });
 </script>

@ -94,13 +104,7 @@ $(document).ready(function() {
        <h3 id="modal-extra-title">{{ 'Blocks' | get_lang }}</h3>
    </div>
    <div class="modal-body">
-        <form action="#" method="post" id="block-extra-data">
-            <textarea rows="5" name="content" class="input-block-level" id="extra-content"></textarea>
-            <input type="hidden" name="block" id="extra-block" value="">
-        </form>
-    </div>
-    <div class="modal-footer">
-        <button id="btn-block-editor-save" class="btn btn-primary">{{ 'Save' | get_lang }}</button>
+        {{ extraDataForm }}
    </div>
 </div>
 {% endif %}