chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Coach can access detail user information see BT#11985

Browse Source
pull/2487/head
jmontoyaa 9 years ago
parent f914f389a0
commit 55e4718457
1 changed files with 21 additions and 17 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 38
      main/mySpace/myStudents.php

38
main/mySpace/myStudents.php
Unescape View File

@ -9,19 +9,33 @@ require_once '../inc/global.inc.php';
api_block_anonymous_users();
$export = isset($_GET['export']) ? $_GET['export'] : false;
$sessionId = isset($_GET['id_session']) ? intval($_GET['id_session']) : 0;
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : '';
$course_code = isset($_GET['course']) ? Security :: remove_XSS($_GET['course']) : null;
$courseInfo = api_get_course_info($course_code);
$student_id = intval($_GET['student']);
if (!api_is_allowed_to_create_course() &&
!api_is_session_admin() &&
!api_is_drh() &&
!api_is_student_boss() &&
!api_is_platform_admin()
) {
// Check if the user is tutor of the course
$user_course_status = CourseManager::get_tutor_in_course_status(
api_get_user_id(),
api_get_course_int_id()
);
if ($user_course_status != 1) {
api_not_allowed(true);
if (empty($sessionId)) {
// Check if the user is tutor of the course
$userCourseStatus = CourseManager::get_tutor_in_course_status(
api_get_user_id(),
api_get_course_int_id()
);
if ($userCourseStatus != 1) {
api_not_allowed(true);
}
} else {
$coach = api_is_coach($sessionId, $courseInfo['real_id']);
if (!$coach) {
api_not_allowed(true);
}
}
}
@ -33,15 +47,6 @@ function show_image(image,width,height) {
}
</script>';
$export = isset($_GET['export']) ? $_GET['export'] : false;
$sessionId = isset($_GET['id_session']) ? intval($_GET['id_session']) : 0;
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : '';
$course_code = isset($_GET['course']) ? Security :: remove_XSS($_GET['course']) : null;
$student_id = intval($_GET['student']);
// time spent on the course
$courseInfo = api_get_course_info($course_code);
if ($export) {
ob_start();
}
@ -263,7 +268,6 @@ while ($row = Database :: fetch_array($rs)) {
}
}
// Get the list of sessions where the user is subscribed as student
$sql = 'SELECT session_id, c_id
FROM '.Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER).'

Write Preview
Loading…
Cancel
Save