diff --git a/main/inc/lib/blog.lib.php b/main/inc/lib/blog.lib.php index e454c4cc11..a5298c2372 100644 --- a/main/inc/lib/blog.lib.php +++ b/main/inc/lib/blog.lib.php @@ -96,6 +96,9 @@ class Blog { */ public static function create_blog ($title, $subtitle) { global $_user; + + $course_id = api_get_course_int_id(); + $current_date=date('Y-m-d H:i:s',time()); $session_id = api_get_session_id(); // Tabel definitions @@ -105,10 +108,9 @@ class Blog { $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); //verified if exist blog - $sql='SELECT COUNT(*) as count FROM '.$tbl_blogs.' WHERE blog_name="'.Database::escape_string($title).'" AND blog_subtitle="'.Database::escape_string($subtitle).'";'; + $sql='SELECT COUNT(*) as count FROM '.$tbl_blogs.' WHERE c_id = '.$course_id.' AND blog_name="'.Database::escape_string($title).'" AND blog_subtitle="'.Database::escape_string($subtitle).'";'; $res=Database::query($sql); - $info_count=Database::result($res,0,0); - $course_id = api_get_course_int_id(); + $info_count=Database::result($res,0,0); if ($info_count==0) { // Create the blog @@ -150,9 +152,12 @@ class Blog { // Table definitions $tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); + + $course_id = api_get_course_int_id(); // Update the blog - $sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' WHERE blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1"; + $sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' + WHERE c_id = $course_id AND blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1"; Database::query($sql); $this_blog_id = Database::insert_id(); @@ -160,7 +165,7 @@ class Blog { api_item_property_update(api_get_course_info(), TOOL_BLOGS, Database::escape_string($blog_id), 'BlogUpdated', api_get_user_id()); // Update course homepage link - $sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; + $sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; Database::query($sql); } @@ -178,32 +183,34 @@ class Blog { $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); $tbl_blogs_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); + + $course_id = api_get_course_int_id(); // Delete posts from DB and the attachments delete_all_blog_attachment($blog_id); //Delete comments - $sql = "DELETE FROM $tbl_blogs_comment WHERE blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_comment WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; Database::query($sql); // Delete posts - $sql = "DELETE FROM $tbl_blogs_posts WHERE blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_posts WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; Database::query($sql); // Delete tasks - $sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_tasks WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; Database::query($sql); // Delete ratings - $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; Database::query($sql); // Delete blog - $sql ="DELETE FROM $tbl_blogs WHERE blog_id ='".(int)$blog_id."'"; + $sql ="DELETE FROM $tbl_blogs WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; Database::query($sql); // Delete from course homepage - $sql = "DELETE FROM $tbl_tool WHERE link = 'blog/blog.php?blog_id=".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_tool WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".(int)$blog_id."'"; Database::query($sql); //update item_property (delete) @@ -294,9 +301,11 @@ class Blog { public static function edit_post ($post_id, $title, $full_text, $blog_id) { // Init $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); + $course_id = api_get_course_int_id(); // Create the post - $sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' WHERE post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;"; + $sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' + WHERE c_id = $course_id AND post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;"; Database::query($sql); } @@ -311,17 +320,19 @@ class Blog { $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); + + $course_id = api_get_course_int_id(); // Delete ratings on this comment - $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'"; + $sql = "DELETE FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'"; Database::query($sql); // Delete the post - $sql = "DELETE FROM $tbl_blogs_posts WHERE post_id = '".(int)$post_id."'"; + $sql = "DELETE FROM $tbl_blogs_posts WHERE c_id = $course_id AND post_id = '".(int)$post_id."'"; Database::query($sql); // Delete the comments - $sql = "DELETE FROM $tbl_blogs_comments WHERE post_id = '".(int)$post_id."' AND blog_id = '".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_comments WHERE c_id = $course_id AND post_id = '".(int)$post_id."' AND blog_id = '".(int)$blog_id."'"; Database::query($sql); // Delete posts and attachments @@ -418,16 +429,17 @@ class Blog { $blog_id = Database::escape_string($blog_id); $post_id = Database::escape_string($post_id); $comment_id = Database::escape_string($comment_id); - - + + $course_id = api_get_course_int_id(); + delete_all_blog_attachment($blog_id,$post_id,$comment_id); // Delete ratings on this comment - $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'"; + $sql = "DELETE FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'"; Database::query($sql); // select comments that have the selected comment as their parent - $sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE parent_comment_id = '".(int)$comment_id."'"; + $sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE c_id = $course_id AND parent_comment_id = '".(int)$comment_id."'"; $result = Database::query($sql); // Delete them recursively @@ -436,7 +448,7 @@ class Blog { } // Finally, delete the selected comment to - $sql = "DELETE FROM $tbl_blogs_comments WHERE comment_id = '".(int)$comment_id."'"; + $sql = "DELETE FROM $tbl_blogs_comments WHERE c_id = $course_id AND comment_id = '".(int)$comment_id."'"; Database::query($sql); } @@ -509,23 +521,24 @@ class Blog { // Init $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_tasks_permissions = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); + + $course_id = api_get_course_int_id(); + // Create the task $sql = "UPDATE $tbl_blogs_tasks SET title = '".Database::escape_string($title)."', description = '".Database::escape_string($description)."', color = '".Database::escape_string($color)."' - WHERE task_id ='".(int)$task_id."' LIMIT 1"; + WHERE c_id = $course_id AND task_id ='".(int)$task_id."' LIMIT 1"; Database::query($sql); $tool = 'BLOG_' . $blog_id; - $sql = "DELETE FROM " . $tbl_tasks_permissions . " WHERE task_id = '" . (int)$task_id."'"; + $sql = "DELETE FROM " . $tbl_tasks_permissions . " WHERE c_id = $course_id AND task_id = '" . (int)$task_id."'"; Database::query($sql); - $course_id = api_get_course_int_id(); - - if($articleDelete == 'on') { + if ($articleDelete == 'on') { $sql = "INSERT INTO " . $tbl_tasks_permissions . " ( c_id, task_id, tool, action) VALUES ( '" . (int)$course_id . "', '" . (int)$task_id . "', @@ -563,11 +576,11 @@ class Blog { * @param Integer $task_id */ public static function delete_task ($blog_id, $task_id) { - // Init $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $course_id = api_get_course_int_id(); // Delete posts - $sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."'"; + $sql = "DELETE FROM $tbl_blogs_tasks WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."'"; Database::query($sql); } @@ -577,10 +590,11 @@ class Blog { * @param Integer $assignment_id */ public static function delete_assigned_task ($blog_id, $task_id,$user_id) { - // Init $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER); + $course_id = api_get_course_int_id(); + // Delete posts - $sql = "DELETE FROM $tbl_blogs_tasks_rel_user WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'"; + $sql = "DELETE FROM $tbl_blogs_tasks_rel_user WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'"; Database::query($sql); } @@ -644,7 +658,7 @@ class Blog { $course_id = api_get_course_int_id(); // Get blog properties - $sql = "SELECT blog_name, visibility FROM $tbl_blogs WHERE blog_id='".(int)$blog_id."'"; + $sql = "SELECT blog_name, visibility FROM $tbl_blogs WHERE c_id = $course_id AND blog_id='".(int)$blog_id."'"; $result = Database::query($sql); $blog = Database::fetch_array($result); $visibility = $blog['visibility']; @@ -653,16 +667,16 @@ class Blog { if($visibility == 1) { // Change visibility state, remove from course home. - $sql = "UPDATE $tbl_blogs SET visibility = '0' WHERE blog_id ='".(int)$blog_id."' LIMIT 1"; + $sql = "UPDATE $tbl_blogs SET visibility = '0' WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."' LIMIT 1"; $result = Database::query($sql); - $sql = "DELETE FROM $tbl_tool WHERE name = '".Database::escape_string($title)."' LIMIT 1"; + $sql = "DELETE FROM $tbl_tool WHERE c_id = $course_id AND name = '".Database::escape_string($title)."' LIMIT 1"; $result = Database::query($sql); } else { // Change visibility state, add to course home. - $sql = "UPDATE $tbl_blogs SET visibility = '1' WHERE blog_id ='".(int)$blog_id."' LIMIT 1"; + $sql = "UPDATE $tbl_blogs SET visibility = '1' WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."' LIMIT 1"; $result = Database::query($sql); $sql = "INSERT INTO $tbl_tool (c_id, name, link, image, visibility, admin, address, added_tool, target ) @@ -704,7 +718,7 @@ class Blog { } while($blog_post = Database::fetch_array($result)) { // Get number of comments - $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'"; + $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'"; $tmp = Database::query($sql); $blog_post_comments = Database::fetch_array($tmp); @@ -829,7 +843,7 @@ class Blog { $blog_post = Database::fetch_array($result); // Get number of comments - $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'"; + $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'"; $result = Database::query($sql); $blog_post_comments = Database::fetch_array($result); @@ -913,7 +927,8 @@ class Blog { // Check if the user has already rated this post/comment $sql = "SELECT rating_id FROM $tbl_blogs_rating - WHERE blog_id = '".(int)$blog_id."' + WHERE c_id = $course_id AND + blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' AND user_id = '".(int)$_user['user_id']."'"; @@ -943,9 +958,10 @@ class Blog { */ public static function display_rating ($type, $blog_id, $item_id) { $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); + $course_id = api_get_course_int_id(); // Calculate rating - $sql = "SELECT AVG(rating) as rating FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' "; + $sql = "SELECT AVG(rating) as rating FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' "; $result = Database::query($sql); $result = Database::fetch_array($result); return round($result['rating'], 2); @@ -963,15 +979,15 @@ class Blog { */ public static function display_rating_form ($type, $blog_id, $post_id, $comment_id = NULL) { global $_user; - - // Init $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); + $course_id = api_get_course_int_id(); if($type == 'post') { // Check if the user has already rated this post $sql = "SELECT rating_id FROM $tbl_blogs_rating - WHERE blog_id = '".(int)$blog_id."' + WHERE c_id = $course_id AND + blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = '".Database::escape_string($type)."' AND user_id = '".(int)$_user['user_id']."'"; @@ -990,7 +1006,7 @@ class Blog { { // Check if the user has already rated this comment $sql = "SELECT rating_id FROM $tbl_blogs_rating - WHERE blog_id = '".(int)$blog_id ."' + WHERE c_id = $course_id AND blog_id = '".(int)$blog_id ."' AND item_id = '".(int)$comment_id."' AND rating_type = '".Database::escape_string($type)."' AND user_id = '".(int)$_user['user_id']."'"; @@ -1025,13 +1041,12 @@ class Blog { $course_id = api_get_course_int_id(); // Select top level comments - $next_level = $current_level + 1; - $sql = "SELECT comments.*, user.lastname, user.firstname, task.color + $next_level = $current_level + 1; + $sql = "SELECT comments.*, user.lastname, user.firstname, task.color FROM $tbl_blogs_comments comments INNER JOIN $tbl_users user ON comments.author_id = user.user_id - LEFT JOIN $tbl_blogs_tasks task ON comments.task_id = task.task_id - WHERE comments.c_id = $course_id AND - task.c_id = $course_id AND + LEFT JOIN $tbl_blogs_tasks task ON comments.task_id = task.task_id AND task.c_id = $course_id + WHERE comments.c_id = $course_id AND parent_comment_id = $current AND comments.blog_id = '".(int)$blog_id."' AND comments.post_id = '".(int)$post_id."'"; @@ -1552,12 +1567,13 @@ class Blog { * @author Toon Keppens * */ - public static function display_edit_task_form ($blog_id, $task_id) { - // Init + public static function display_edit_task_form ($blog_id, $task_id) { $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $course_id = api_get_course_int_id(); + $colors = array('FFFFFF','FFFF99','FFCC99','FF9933','FF6699','CCFF99','CC9966','66FF00', '9966FF', 'CF3F3F', '990033','669933','0033FF','003366','000000'); - $sql = "SELECT blog_id, task_id, title, description, color FROM $tbl_blogs_tasks WHERE task_id = '".(int)$task_id."'"; + $sql = "SELECT blog_id, task_id, title, description, color FROM $tbl_blogs_tasks WHERE c_id = $course_id AND task_id = '".(int)$task_id."'"; $result = Database::query($sql); $task = Database::fetch_array($result); @@ -1577,17 +1593,13 @@ class Blog { /* edit by Kevin Van Den Haute (kevin@develop-it.be) */ $tbl_tasks_permissions = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); - $sql = " - SELECT - id, - action - FROM " . $tbl_tasks_permissions . " - WHERE task_id = '" . (int)$task_id."'"; + $sql = " SELECT id, action FROM " . $tbl_tasks_permissions . " + WHERE c_id = $course_id AND task_id = '" . (int)$task_id."'"; $result = Database::query($sql); $arrPermissions = array(); - while($row = @Database::fetch_array($result)) + while ($row = Database::fetch_array($result)) $arrPermissions[] = $row['action']; echo "\t" . '' . "\n"; @@ -1816,7 +1828,7 @@ class Blog { $sql = " SELECT user.user_id, user.firstname, user.lastname FROM $tbl_users user - INNER JOIN $tbl_blogs_rel_user blogs_rel_user O user.user_id = blogs_rel_user.user_id + INNER JOIN $tbl_blogs_rel_user blogs_rel_user ON user.user_id = blogs_rel_user.user_id WHERE blogs_rel_user.c_id = $course_id AND blogs_rel_user.blog_id = '".(int)$blog_id."'"; $result = Database::query($sql); @@ -2162,7 +2174,7 @@ class Blog { //Link to register users if($a_infosUser["user_id"] != $_SESSION['_user']['user_id']) { - $row[] = "" . get_lang('Register').""; + $row[] = "" . get_lang('Register').""; } else { @@ -2274,7 +2286,7 @@ class Blog { //Link to register users if($myrow["user_id"] != $_user['user_id']) { - $row[] = "" . get_lang('UnRegister').""; + $row[] = "" . get_lang('UnRegister').""; } else { $row[] = ''; } @@ -2316,7 +2328,7 @@ class Blog { echo '
'; // Integration of patricks permissions system. - require_once(api_get_path(SYS_CODE_PATH).'permissions/blog_permissions.inc.php'); + require_once api_get_path(SYS_CODE_PATH).'permissions/blog_permissions.inc.php'; } /** diff --git a/main/permissions/blog_permissions.inc.php b/main/permissions/blog_permissions.inc.php old mode 100755 new mode 100644 index 77149a89c4..a311f32b6b --- a/main/permissions/blog_permissions.inc.php +++ b/main/permissions/blog_permissions.inc.php @@ -15,7 +15,9 @@ $rights_blog=array("article_add","article_delete","article_edit","article_rate", $course_tool_table = Database::get_course_table(TABLE_TOOL_LIST); // Get all user -$blog_users = Blog::get_blog_users(Database::escape_string($_GET['blog_id'])); +$blog_users = Blog::get_blog_users($_GET['blog_id']); + +$course_id = api_get_course_int_id(); // Remove the blog creater because he has all the rights automatically // and we want to keep it that way. @@ -34,9 +36,7 @@ if ($mainUserInfo['status']==1) include_once('permissions_functions.inc.php'); include_once(api_get_path(LIBRARY_PATH) . "/groupmanager.lib.php"); -// --------------------------------------------------- // ACTIONS -// --------------------------------------------------- if (isset($_GET['do'])) { if ( isset($_GET['permission']) AND isset($_GET['tool']) AND ($_GET['do']=='grant' OR $_GET['do']=='revoke')) @@ -59,8 +59,7 @@ if (isset($result_message)) // ------------------------------------------------------------------ // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER // ------------------------------------------------------------------ -if (api_get_setting('user_roles')=='true') -{ +if (api_get_setting('user_roles')=='true') { // course roles that are assigned to the user $current_user_role_permissions_of_user=get_roles_permissions('user',$user_id); $inherited_permissions=permission_array_merge($inherited_permissions,$current_user_role_permissions_of_user); @@ -167,12 +166,8 @@ foreach ($blog_users as $user_id => $user_name) // $blog_users contains all the echo "\n"; echo "
"; -// --------------------------------------------------- // LEGEND -// --------------------------------------------------- echo ''.get_lang('Legend').'
'; echo ' '.get_lang('UserHasPermissionNot').'
'; echo ' '.get_lang('UserHasPermission').'
'; -echo ' '.get_lang('UserHasPermissionByRoleGroup').'
'; - -?> +echo ' '.get_lang('UserHasPermissionByRoleGroup').'
'; \ No newline at end of file diff --git a/main/permissions/permissions_functions.inc.php b/main/permissions/permissions_functions.inc.php old mode 100755 new mode 100644 index 3e3fc48df2..d5a43cbe8b --- a/main/permissions/permissions_functions.inc.php +++ b/main/permissions/permissions_functions.inc.php @@ -22,8 +22,9 @@ * @author Patrick Cool , Ghent University * @version 1.0 */ -function store_permissions($content, $id) -{ +function store_permissions($content, $id) { + $course_id = api_get_course_int_id(); + // Which database are we using (depending on the $content parameter) if($content=='user') { @@ -42,7 +43,7 @@ function store_permissions($content, $id) } // We first delete all the existing permissions for that user/group/role - $sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."'"; + $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."'"; $result=Database::query($sql); // looping through the post values to find the permission (containing the string permission* ) @@ -51,10 +52,8 @@ function store_permissions($content, $id) if(strstr($key,"permission*")) { list($brol,$tool,$action)=explode("*",$key); - $sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')"; + $sql="INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')"; $result=Database::query($sql); - - } } return get_lang('PermissionsStored'); @@ -70,9 +69,9 @@ function store_permissions($content, $id) * @author Patrick Cool , Ghent University * @version 1.0 */ -function store_one_permission($content, $action, $id, $tool,$permission) -{ +function store_one_permission($content, $action, $id, $tool,$permission) { global $rights_full; + $course_id = api_get_course_int_id(); // for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out. // check @@ -99,9 +98,8 @@ function store_one_permission($content, $action, $id, $tool,$permission) } // grating a right - if($action=='grant') - { - $sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')"; + if($action=='grant') { + $sql="INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')"; $result=Database::query($sql); if($result) { @@ -110,10 +108,9 @@ function store_one_permission($content, $action, $id, $tool,$permission) } if($action=='revoke') { - $sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'"; + $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'"; $result=Database::query($sql); - if($result) - { + if($result) { $result_message=get_lang('PermissionRevoked'); } } @@ -127,42 +124,43 @@ function store_one_permission($content, $action, $id, $tool,$permission) * @author Patrick Cool , Ghent University * @version 1.0 */ -function get_permissions($content, $id) -{ +function get_permissions($content, $id) { + $course_id = api_get_course_int_id(); $currentpermissions=array(); // Which database are we using (depending on the $content parameter) - + $course_id_condition = " c_id = $course_id AND "; if($content == 'user') { $table=Database::get_course_table(TABLE_PERMISSION_USER); - $id_field = user_id; + $id_field = 'user_id'; } elseif($content == 'group') { $table=Database::get_course_table(TABLE_PERMISSION_GROUP); - $id_field = group_id; + $id_field = 'group_id'; } elseif($content == 'role') { $table=Database::get_course_table(TABLE_ROLE_PERMISSION); - $id_field = role_id; + $id_field = 'role_id'; } elseif($content == 'platform_role') { $table=Database::get_main_table(TABLE_ROLE_PERMISSION); - $id_field = role_id; + $id_field = 'role_id'; + $course_id_condition = ''; } elseif($content == 'task') { $table=Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); - $id_field = task_id; + $id_field = 'task_id'; } // finding all the permissions. We store this in a multidimensional array // where the first dimension is the tool. $sql=" SELECT * FROM " . $table . " - WHERE " . $id_field . "='" . Database::escape_string($id) . "'"; + WHERE $course_id_condition " . $id_field . "='" . Database::escape_string($id) . "'"; $result = Database::query($sql); while($row = Database::fetch_array($result)) @@ -414,6 +412,7 @@ function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $per function display_role_list($current_course_roles, $current_platform_roles) { global $setting_visualisation; + $course_id = api_get_course_int_id(); $coures_roles_table=Database::get_course_table(TABLE_ROLE); $platform_roles_table=Database::get_main_table(TABLE_ROLE); @@ -448,7 +447,7 @@ function display_role_list($current_course_roles, $current_platform_roles) } */ // course roles - $sql="SELECT * FROM $coures_roles_table"; + $sql="SELECT * FROM $coures_roles_table WHERE c_id = $course_id "; $result=Database::query($sql); while ($row=Database::fetch_array($result)) { @@ -488,8 +487,9 @@ function display_role_list($current_course_roles, $current_platform_roles) * @author Patrick Cool , Ghent University * @version 1.0 */ -function get_roles($content,$id, $scope='course') -{ +function get_roles($content,$id, $scope='course') { + $course_id = api_get_course_int_id(); + if($content=='user') { $table=Database::get_course_table(TABLE_ROLE_USER); @@ -498,13 +498,13 @@ function get_roles($content,$id, $scope='course') if($content=='group') { $table=Database::get_course_table(TABLE_ROLE_GROUP); - $id_field = group_id; + $id_field = 'group_id'; } $table_role=Database::get_course_table(TABLE_ROLE); $current_roles=array(); //$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'"; - $sql="SELECT role_id FROM $table WHERE $id_field = '$id' AND scope='".$scope."'"; + $sql="SELECT role_id FROM $table WHERE c_id = $course_id AND $id_field = '$id' AND scope='".$scope."'"; $result=Database::query($sql); while ($row=Database::fetch_array($result)) { @@ -520,8 +520,10 @@ function get_roles($content,$id, $scope='course') * @author Patrick Cool , Ghent University * @version 1.0 */ -function get_all_roles($content='course') -{ +function get_all_roles($content='course') { + $course_id = api_get_course_int_id(); + $course_id_condition = " WHERE c_id = $course_id "; + if($content=='course') { $table_role=Database::get_course_table(TABLE_ROLE); @@ -529,10 +531,11 @@ function get_all_roles($content='course') if($content=='platform') { $table_role=Database::get_main_table(TABLE_ROLE); + $course_id_condition = ''; } $current_roles=array(); - $sql="SELECT * FROM $table_role"; + $sql="SELECT * FROM $table_role $course_id_condition "; $result=Database::query($sql); while ($row=Database::fetch_array($result)) { @@ -553,18 +556,18 @@ function get_all_roles($content='course') * @author Patrick Cool , Ghent University * @version 1.0 */ -function get_roles_permissions($content,$id, $scope='course') -{ +function get_roles_permissions($content,$id, $scope='course') { + $course_id = api_get_course_int_id(); if($content == 'user') { $table=Database::get_course_table(TABLE_ROLE_USER); - $id_field = user_id; + $id_field = 'user_id'; } if($content == 'group') { $table = Database::get_course_table(TABLE_ROLE_GROUP); - $id_field = group_id; + $id_field = 'group_id'; } // course roles or platform roles @@ -573,12 +576,15 @@ function get_roles_permissions($content,$id, $scope='course') { $table_role = Database::get_course_table(TABLE_ROLE); $table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION); + + $role_condition = " role.c_id = $course_id AND role_permissions.c_id = $course_id AND "; } if($scope == 'platform') { $table_role = Database::get_main_table(TABLE_ROLE); $table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION); + $role_condition = ''; } $current_roles = array(); @@ -590,6 +596,8 @@ function get_roles_permissions($content,$id, $scope='course') " . $table_role . " role, " . $table_role_permissions . " role_permissions WHERE + role_group_user.c_id = $course_id AND + $role_condition role_group_user.scope = '" . $scope . "' AND role_group_user." . $id_field . " = '" . $id . "' AND role_group_user.role_id = role.role_id AND @@ -612,18 +620,18 @@ function get_roles_permissions($content,$id, $scope='course') * @author Patrick Cool , Ghent University */ -function assign_role($content, $action, $id, $role_id, $scope='course') -{ +function assign_role($content, $action, $id, $role_id, $scope='course') { + $course_id = api_get_course_int_id(); // Which database are we using (depending on the $content parameter) if($content=='user') { $table=Database::get_course_table(TABLE_ROLE_USER); - $id_field = user_id; + $id_field = 'user_id'; } elseif($content=='group') { $table=Database::get_course_table(TABLE_ROLE_GROUP); - $id_field = group_id; + $id_field = 'group_id'; } else { @@ -633,7 +641,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course') // grating a right if($action=='grant') { - $sql="INSERT INTO $table (role_id, scope, $id_field) VALUES ('".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')"; + $sql="INSERT INTO $table (c_id, role_id, scope, $id_field) VALUES ($course_id, '".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')"; $result=Database::query($sql); if($result) { @@ -642,7 +650,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course') } if($action=='revoke') { - $sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'"; + $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'"; $result=Database::query($sql); if($result) { diff --git a/main/permissions/user_permissions.inc.php b/main/permissions/user_permissions.inc.php index ae9a0f54eb..aadcfb2d11 100644 --- a/main/permissions/user_permissions.inc.php +++ b/main/permissions/user_permissions.inc.php @@ -48,13 +48,9 @@ $current_user_permissions=array(); $current_user_permissions=get_permissions('user',$user_id); -// ================================================================== // INHERITED PERMISSIONS (group permissions, user roles, group roles) -// ================================================================== -// ------------------------------------------------------------------ // RETRIEVING THE PERMISSIONS OF THE GROUPS OF THE USER -// ------------------------------------------------------------------ $groups_of_user=array(); $groups_of_user=GroupManager::get_group_ids($_course['real_id'],$user_id); foreach ($groups_of_user as $group) @@ -70,11 +66,8 @@ foreach ($groups_of_user as $group) } $inherited_permissions=$inherited_group_permissions; -// ------------------------------------------------------------------ // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER -// ------------------------------------------------------------------ -if (api_get_setting('user_roles')=='true') -{ +if (api_get_setting('user_roles')=='true') { // course roles that are assigned to the user $current_user_role_permissions_of_user=get_roles_permissions('user',$user_id); $inherited_permissions=permission_array_merge($inherited_permissions,$current_user_role_permissions_of_user); @@ -90,9 +83,7 @@ if (api_get_setting('user_roles')=='true') $current_user_role_permissions_of_user=get_roles_permissions('user',$user_id, 'platform'); $inherited_permissions=permission_array_merge($inherited_permissions,$current_user_role_permissions_of_user); } -// ------------------------------------------------------------------ // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE GROUPS OF THE USER -// ------------------------------------------------------------------ if (api_get_setting('group_roles')=='true') { // NOTE: DIT MOET NOG VERDER UITGEWERKT WORDEN