chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow delete user and enable/disable user accounts for session admin

Browse Source 
See BT#13369
Settings:

$_configuration['allow_delete_user_for_session_admin'] = false;
$_configuration['allow_disable_user_for_session_admin'] = false;
pull/2487/head
Julio 8 years ago
parent 19eccdc89d
commit 54cfc37a14
3 changed files with 37 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      main/admin/user_list.php
  2. 12
      main/inc/ajax/user_manager.ajax.php
  3. 5
      main/install/configuration.dist.php

26
main/admin/user_list.php
Unescape View File

@ -672,6 +672,24 @@ function modify_filter($user_id, $url_params, $row)
}
}
$allowDelete = api_get_configuration_value('allow_delete_user_for_session_admin');
if (api_is_session_admin() && $allowDelete) {
if ($user_id != api_get_user_id() &&
!$user_is_anonymous &&
api_global_admin_can_edit_admin($user_id, null, true)
) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' <a href="user_list.php?action=delete_user&user_id='.$user_id.'&'.$url_params.'&sec_token='.Security::getTokenFromSession().'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice")))."'".')) return false;">'.
Display::return_icon(
'delete.png',
get_lang('Delete'),
array(),
ICON_SIZE_SMALL
).
'</a>';
}
}
if (api_is_platform_admin()) {
$result .= ' <a data-title="'.get_lang('FreeBusyCalendar').'" href="'.api_get_path(WEB_AJAX_PATH).'agenda.ajax.php?a=get_user_agenda&user_id='.$user_id.'&modal_size=lg" class="agenda_opener ajax">'.
Display::return_icon(
@ -798,13 +816,17 @@ if (!empty($action)) {
}
break;
case 'delete_user':
if (api_is_platform_admin()) {
$allowDelete = api_get_configuration_value('allow_delete_user_for_session_admin');
if (api_is_platform_admin() ||
($allowDelete && api_is_session_admin())
) {
$user_to_delete = $_GET['user_id'];
$userToDeleteInfo = api_get_user_info($user_to_delete);
$current_user_id = api_get_user_id();
if ($userToDeleteInfo && $deleteUserAvailable &&
api_global_admin_can_edit_admin($_GET['user_id'])
api_global_admin_can_edit_admin($_GET['user_id'], null, $allowDelete)
) {
if ($user_to_delete != $current_user_id &&
UserManager::delete_user($_GET['user_id'])

12
main/inc/ajax/user_manager.ajax.php
Unescape View File

@ -1,8 +1,9 @@
<?php
/* For licensing terms, see /license.txt */
use Doctrine\Common\Collections\Criteria,
Chamilo\UserBundle\Entity\User,
Doctrine\ORM\Query\Expr\Join;
use Doctrine\Common\Collections\Criteria;
use Chamilo\UserBundle\Entity\User;
use Doctrine\ORM\Query\Expr\Join;
/**
* Responses to AJAX calls
@ -130,7 +131,10 @@ switch ($action) {
}
break;
case 'active_user':
if (api_is_platform_admin() && api_global_admin_can_edit_admin($_GET['user_id'])) {
$allow = api_get_configuration_value('allow_disable_user_for_session_admin');
if ((api_is_platform_admin() && api_global_admin_can_edit_admin($_GET['user_id'])) ||
($allow && api_is_session_admin() && api_global_admin_can_edit_admin($_GET['user_id'], null, true))
) {
$user_id = intval($_GET['user_id']);
$status = intval($_GET['status']);

5
main/install/configuration.dist.php
Unescape View File

@ -628,3 +628,8 @@ $_configuration['gradebook_badge_sidebar'] = [
// Allow public courses access with no terms and conditions validation.
//$_configuration['allow_public_course_with_no_terms_conditions'] = false;
// Allow delete user for session admin
//$_configuration['allow_delete_user_for_session_admin'] = false;
// Allow enable/disable user accounts for session admin
//$_configuration['allow_disable_user_for_session_admin'] = false;

Write Preview
Loading…
Cancel
Save