diff --git a/main/install/db_main.sql b/main/install/db_main.sql index fc5473be41..32458e527d 100755 --- a/main/install/db_main.sql +++ b/main/install/db_main.sql @@ -759,6 +759,7 @@ VALUES ('show_tabs', 'dashboard', 'checkbox', 'Platform', 'true', 'ShowTabsTitle', 'ShowTabsComment', NULL, 'TabsDashboard', 1), ('use_users_timezone', 'timezones', 'radio', 'Timezones', 'true', 'UseUsersTimezoneTitle','UseUsersTimezoneComment',NULL,'Timezones', 1), ('timezone_value', 'timezones', 'select', 'Timezones', '', 'TimezoneValueTitle','TimezoneValueComment',NULL,'Timezones', 1), +('allow_user_course_subscription_by_course_admin', NULL, 'radio', 'Security', 'true', 'AllowUserCourseSubscriptionByCourseAdminTitle', 'AllowUserCourseSubscriptionByCourseAdminComment', NULL, NULL, 0), ('dokeos_database_version', NULL, 'textfield', NULL,'1.8.7.11220','DokeosDatabaseVersion','',NULL,NULL,0); @@ -969,7 +970,9 @@ VALUES ('allow_send_message_to_all_platform_users','true','Yes'), ('allow_send_message_to_all_platform_users','false','No'), ('use_users_timezone', 'true', 'Yes'), -('use_users_timezone', 'false', 'No'); +('use_users_timezone', 'false', 'No'), +('allow_user_course_subscription_by_course_admin', 'true', 'Yes'), +('allow_user_course_subscription_by_course_admin', 'false', 'No'); UNLOCK TABLES; diff --git a/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql b/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql index 0fe6f8aa51..a2ceeede08 100755 --- a/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql +++ b/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql @@ -77,6 +77,10 @@ INSERT INTO settings_options(variable,value,display_text) VALUES ('homepage_view UPDATE settings_current SET selected_value = 'UTF-8' WHERE variable = 'platform_charset'; +INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('allow_user_course_subscription_by_course_admin', NULL, 'radio', 'Security', 'true', 'AllowUserCourseSubscriptionByCourseAdminTitle', 'AllowUserCourseSubscriptionByCourseAdminComment', NULL, NULL, 0); +INSERT INTO settings_options (variable, value, display_text) VALUES ('allow_user_course_subscription_by_course_admin', 'true', 'Yes'); +INSERT INTO settings_options (variable, value, display_text) VALUES ('allow_user_course_subscription_by_course_admin', 'false', 'No'); + -- xxSTATSxx CREATE TABLE track_e_item_property(id int NOT NULL auto_increment PRIMARY KEY, course_id int NOT NULL, item_property_id int NOT NULL, title varchar(255), content text, progress int NOT NULL default 0, lastedit_date datetime NOT NULL default '0000-00-00 00:00:00', lastedit_user_id int NOT NULL, session_id int NOT NULL default 0); ALTER TABLE track_e_item_property ADD INDEX (course_id, item_property_id, session_id); diff --git a/main/user/user.php b/main/user/user.php index 1e449715ad..7775b6ba10 100755 --- a/main/user/user.php +++ b/main/user/user.php @@ -64,7 +64,7 @@ $is_western_name_order = api_is_western_name_order(); $sort_by_first_name = api_sort_by_first_name(); /* Unregistering a user section */ -if (api_is_allowed_to_edit()) { +if (api_is_allowed_to_edit(null, true)) { if (isset($_POST['action'])) { switch ($_POST['action']) { case 'unsubscribe' : @@ -81,7 +81,7 @@ if (api_is_allowed_to_edit()) { } } -if (api_is_allowed_to_edit()) { +if (api_is_allowed_to_edit(null, true)) { if ( isset ($_GET['action'])) { switch ($_GET['action']) { case 'export' : @@ -137,7 +137,7 @@ if (api_is_allowed_to_edit()) { } } // end if allowed to edit -if (api_is_allowed_to_edit()) { +if (api_is_allowed_to_edit(null, true)) { // Unregister user from course if ($_REQUEST['unregister']) { if (isset($_GET['user_id']) && is_numeric($_GET['user_id']) && $_GET['user_id'] != $_user['user_id']) { @@ -301,16 +301,18 @@ $is_allowed_to_track = ($is_courseAdmin || $is_courseTutor) && $_configuration[' Display::display_introduction_section(TOOL_USER, 'left'); -if ( api_is_allowed_to_edit()) { +if ( api_is_allowed_to_edit(null, true)) { + echo "
"; // the action links $actions .= ''.Display::return_icon('csv.gif', get_lang('ExportAsCSV')).' '.get_lang('ExportAsCSV').' '; $actions .= ''.Display::return_icon('excel.gif', get_lang('ExportAsXLS')).' '.get_lang('ExportAsXLS').' '; - - $actions .= ''.Display::return_icon('add_user_big.gif',get_lang("SubscribeUserToCourse")).' '.get_lang("SubscribeUserToCourse").' '; - $actions .= "".Display::return_icon('add_teacher_big.gif', get_lang("SubscribeUserToCourseAsTeacher"))." ".get_lang("SubscribeUserToCourseAsTeacher")." "; - $actions .= "".Display::return_icon('group.gif', get_lang("GroupUserManagement"))." ".get_lang("GroupUserManagement").""; + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + $actions .= ''.Display::return_icon('add_user_big.gif',get_lang("SubscribeUserToCourse")).' '.get_lang("SubscribeUserToCourse").' '; + $actions .= "".Display::return_icon('add_teacher_big.gif', get_lang("SubscribeUserToCourseAsTeacher"))." ".get_lang("SubscribeUserToCourseAsTeacher")." "; + } + $actions .= "".Display::return_icon('group.gif', get_lang("GroupUserManagement"))." ".get_lang("GroupUserManagement").""; if (api_get_setting('use_session_mode') == 'false') { $actions .= ' '.get_lang('Classes').''; } @@ -445,11 +447,12 @@ function get_user_data($from, $number_of_items, $column, $direction) { if ((isset ($_GET['keyword']) && search_keyword($o_course_user['firstname'], $o_course_user['lastname'], $o_course_user['username'], $o_course_user['official_code'], $_GET['keyword'])) || !isset($_GET['keyword']) || empty($_GET['keyword'])) { $groups_name = GroupManager :: get_user_group_name($user_id); - - if (api_is_allowed_to_edit()) { - $temp = array(); - - $temp[] = $user_id; + $temp = array(); + if (api_is_allowed_to_edit(null, true)) { + + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + $temp[] = $user_id; + } $image_path = UserManager::get_user_picture_path_by_id($user_id, 'web', false, true); $user_profile = UserManager::get_picture_user($user_id, $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" '); if (!api_is_anonymous()) { @@ -487,8 +490,6 @@ function get_user_data($from, $number_of_items, $column, $direction) { $temp[] = $o_course_user['active']; $temp[] = $user_id; } else { - $temp = array(); - $image_path = UserManager::get_user_picture_path_by_id($user_id, 'web', false, true); $image_repository = $image_path['dir']; $existing_image = $image_path['file']; @@ -508,10 +509,7 @@ function get_user_data($from, $number_of_items, $column, $direction) { } $temp[] = $o_course_user['role']; $temp[] = implode(', ', $groups_name);//Group - $temp[] = $o_course_user['official_code']; - if (api_is_allowed_to_edit()) { - $temp[] = $user_id; - } + $temp[] = $o_course_user['official_code']; } $a_users[$user_id] = $temp; } @@ -539,7 +537,7 @@ function active_filter($active, $url_params, $row) { $action='AccountInactive'; $image='wrong'; } - if ($row['0']<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. + if ($row[count($row)-1]<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result = '
'.get_lang(ucfirst($action)).'
'; } return $result; @@ -560,15 +558,17 @@ function modify_filter($user_id) { $result .= ''.get_lang('Tracking').' '; } - if (api_is_allowed_to_edit()) { - // edit - $result .= ''.get_lang('Edit').' '; - // unregister - if ($user_id != $_user['user_id']) { - $result .= ''.get_lang('; - } else { - $result .= ''.get_lang('; - } + if (api_is_allowed_to_edit(null, true)) { + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + // edit + $result .= ''.get_lang('Edit').' '; + // unregister + if ($user_id != $_user['user_id']) { + $result .= ''.get_lang('; + } else { + $result .= ''.get_lang('; + } + } } $result .= "
"; return $result; @@ -582,8 +582,10 @@ $parameters['keyword'] = Security::remove_XSS($_GET['keyword']); $table->set_additional_parameters($parameters); $header_nr = 0; -if (api_is_allowed_to_edit()) { - $table->set_header($header_nr++, '', false); +if (api_is_allowed_to_edit(null, true)) { + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + $table->set_header($header_nr++, '', false); + } } $table->set_header($header_nr++, get_lang('Photo'), false); if ($is_western_name_order) { @@ -597,18 +599,23 @@ $table->set_header($header_nr++, get_lang('Description'), false); $table->set_header($header_nr++, get_lang('GroupSingle'), false); $table->set_header($header_nr++, get_lang('OfficialCode')); -if (api_is_allowed_to_edit()) { +if (api_is_allowed_to_edit(null, true)) { // deprecated feature $table->set_header($header_nr++, get_lang('Tutor'), false); $table->set_header($header_nr++, get_lang('CourseManager'), false); $table->set_header($header_nr++, get_lang('Active'), false); - $table->set_column_filter(9, 'active_filter'); + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + $table->set_column_filter(9, 'active_filter'); + } else { + $table->set_column_filter(8, 'active_filter'); + } //actions column $table->set_header($header_nr++, get_lang('Action'), false); $table->set_column_filter($header_nr-1, 'modify_filter'); - if (api_is_allowed_to_edit()) { - $table->set_form_actions(array('unsubscribe' => get_lang('Unreg')), 'user'); - } + + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + $table->set_form_actions(array('unsubscribe' => get_lang('Unreg')), 'user'); + } } $table->display(); diff --git a/main/user/userInfo.php b/main/user/userInfo.php index 1ce02530a8..c7fb62750b 100755 --- a/main/user/userInfo.php +++ b/main/user/userInfo.php @@ -98,8 +98,8 @@ $userIdViewer = $_user['user_id']; // id fo the user currently online //$userIdViewed = $_GET['userIdViewed']; // Id of the user we want to view $allowedToEditContent = ($userIdViewer == $userIdViewed) || $is_platformAdmin; -$allowedToEditDef = api_is_allowed_to_edit(); -$is_allowedToTrack = api_is_allowed_to_edit() && $_configuration['tracking_enabled']; +$allowedToEditDef = api_is_allowed_to_edit(null, true); +$is_allowedToTrack = api_is_allowed_to_edit(null, true) && $_configuration['tracking_enabled']; // Library connection require_once ("userInfoLib.php"); @@ -122,55 +122,33 @@ $editDef = Security::remove_XSS($_GET['editDef']); $moveUpDef = Security::remove_XSS($_GET['moveUpDef']); $moveDownDef = Security::remove_XSS($_GET['moveDownDef']); -if ($allowedToEditDef) -{ - if (!empty($_POST['submitDef'])) - { - if (!empty($_POST['id'])) - { +if ($allowedToEditDef) { + if (!empty($_POST['submitDef'])) { + if (!empty($_POST['id'])) { edit_cat_def($_POST['id'], $_POST['title'], $_POST['comment'], $_POST['nbline']); - } - else - { + } else { create_cat_def($_POST['title'], $_POST['comment'], $_POST['nbline']); } - $displayMode = "viewDefList"; - } - elseif (!empty($_GET['removeDef'])) - { + } elseif (!empty($_GET['removeDef'])) { remove_cat_def($_GET['removeDef'], true); $displayMode = "viewDefList"; - } - elseif (!empty($_GET['editDef'])) - { + } elseif (!empty($_GET['editDef'])) { $displayMode = "viewDefEdit"; - } - elseif (!empty ($_POST['addDef'])) - { + } elseif (!empty ($_POST['addDef'])) { $displayMode = "viewDefEdit"; - } - elseif (!empty($_GET['moveUpDef'])) - { + } elseif (!empty($_GET['moveUpDef'])) { move_cat_rank($_GET['moveUpDef'], "up"); $displayMode = "viewDefList"; - } - elseif (!empty($_GET['moveDownDef'])) - { + } elseif (!empty($_GET['moveDownDef'])) { move_cat_rank($_GET['moveDownDef'], "down"); $displayMode = "viewDefList"; - } - elseif (!empty($_POST['viewDefList'])) - { + } elseif (!empty($_POST['viewDefList'])) { $displayMode = "viewDefList"; - } - elseif (!empty($_GET['editMainUserInfo'])) - { + } elseif (!empty($_GET['editMainUserInfo'])) { $userIdViewed = strval(intval($_GET['editMainUserInfo'])); $displayMode = "viewMainInfoEdit"; - } - elseif (!empty($_REQUEST['submitMainUserInfo'])) - { + } elseif (!empty($_REQUEST['submitMainUserInfo'])) { /* if (isset ($_REQUEST['submitMainUserInfo'])) { @@ -237,25 +215,19 @@ if ($allowedToEditDef) // COMMON COMMANDS -if ($allowedToEditContent) -{ - if (isset($_POST['submitContent'])) - { - if ($_POST['cntId']) // submit a content change - { - edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']); +if ($allowedToEditContent) { + if (isset($_POST['submitContent'])) { + if ($_POST['cntId']) { + // submit a content change + edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']); - } - else // submit a totally new content - { - fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']); + } else { + // submit a totally new content + fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']); } - $displayMode = "viewContentList"; - } - elseif (!empty($_GET['editContent'])) - { + } elseif (!empty($_GET['editContent'])) { $displayMode = "viewContentEdit"; $userIdViewed = $userIdViewed; } @@ -264,13 +236,17 @@ if ($allowedToEditContent) /* DISPLAY MODES */ // Back button for each display mode (Top) -if (api_is_allowed_to_edit()) { +if (api_is_allowed_to_edit(null, true)) { echo '
'; echo ''.Display::return_icon('back.png',get_lang('BackUser')).get_lang('BackUser').''; if (!is_numeric($_GET['editMainUserInfo'])) { - echo ''.Display::return_icon('edit.gif',get_lang('EditUser')).get_lang('EditUser').''; + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + echo ''.Display::return_icon('edit.gif',get_lang('EditUser')).get_lang('EditUser').''; + } } else { - echo ''.Display::return_icon('members.gif',get_lang('ViewUser')).get_lang('ViewUser').''; + if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { + echo ''.Display::return_icon('members.gif',get_lang('ViewUser')).get_lang('ViewUser').''; + } } echo ''.Display::return_icon('statistics.gif',get_lang('UserStatistics')).get_lang('UserStatistics').''; echo '
'; @@ -286,8 +262,7 @@ if (api_is_allowed_to_edit()) { $user_info_viewed = api_get_user_info($userIdViewed); $is_session_course_coach = UserManager::is_session_course_coach($userIdViewed, $_course['sysCode'], $current_session_id); -if ($displayMode == "viewDefEdit") -{ +if ($displayMode == "viewDefEdit") { /*>>>>>>>>>>>> CATEGORIES DEFINITIONS : EDIT <<<<<<<<<<<<*/ $catToEdit = get_cat_def($_GET['editDef']); @@ -304,38 +279,28 @@ if ($displayMode == "viewDefEdit") $edit_heading_form->addElement('submit', 'submitDef', get_lang('Ok')); $edit_heading_form->setDefaults($catToEdit); $edit_heading_form->display(); -} -elseif ($displayMode == "viewDefList") -{ + +} elseif ($displayMode == "viewDefList") { /*>>>>>>>>>>>> CATEGORIES DEFINITIONS : LIST <<<<<<<<<<<<*/ $catList = get_cat_def_list(); - if ($catList) - { - - foreach ($catList as $thisCat) - { + if ($catList) { + foreach ($catList as $thisCat) { // displays Title and comments - echo "

", "".htmlize($thisCat['title'])."
\n", "".htmlize($thisCat['comment'])."\n", "

"; // displays lines - echo "
\n", "\n"; - for ($i = 1; $i <= $thisCat['nbline']; $i ++) - { + for ($i = 1; $i <= $thisCat['nbline']; $i ++) { echo "
__________________________________________\n"; } - echo "\n", "
\n"; // displays commands - echo "", "\"".get_lang('Remove')."\"", "", "", "\"".get_lang('Edit')."\"", "", "", "\"".get_lang('MoveUp')."\"", "", "", "\"".get_lang('MoveDown')."\"", "\n"; } // end for each - } // end if ($catList) echo "
\n", @@ -344,8 +309,7 @@ elseif ($displayMode == "viewDefList") "\n", "
\n"; } -elseif ($displayMode == "viewContentEdit") -{ +elseif ($displayMode == "viewContentEdit") { /*>>>>>>>>>>>> CATEGORIES CONTENTS : EDIT <<<<<<<<<<<<*/ $catToEdit = get_cat_content($userIdViewed, $_GET['editContent']); @@ -354,12 +318,9 @@ elseif ($displayMode == "viewContentEdit") $content_heading_form->addElement('hidden', 'catId'); $content_heading_form->addElement('hidden', 'uInfo'); $content_heading_form->addElement('static', null, $catToEdit['title'], htmlize($catToEdit['comment'])); - if ($catToEdit['nbline'] == 1) - { + if ($catToEdit['nbline'] == 1) { $content_heading_form->addElement('text', 'content', null, array ('size' => 80)); - } - else - { + } else { $content_heading_form->addElement('textarea', 'content', null, array ('cols' => 60, 'rows' => $catToEdit['nbline'])); } $content_heading_form->addElement('submit', 'submitContent', get_lang('Ok')); @@ -368,16 +329,13 @@ elseif ($displayMode == "viewContentEdit") $defaults['uInfo'] = $userIdViewed; $content_heading_form->setDefaults($defaults); $content_heading_form->display(); -} -elseif ($displayMode == "viewMainInfoEdit") -{ +} elseif ($displayMode == "viewMainInfoEdit") { /*>>>>>>>>>>>> CATEGORIES MAIN INFO : EDIT <<<<<<<<<<<<*/ $mainUserInfo = get_main_user_info($userIdViewed, $courseCode); - if ($mainUserInfo) - { + if ($mainUserInfo) { ($mainUserInfo['status'] == COURSEMANAGER) ? $courseAdminChecked = "checked" : $courseAdminChecked = ""; if ($current_session_id) { @@ -400,7 +358,6 @@ elseif ($displayMode == "viewMainInfoEdit") echo ''; } - //"", get_lang('Tutor'), "\n", echo "
\n", "\n", "", @@ -423,14 +380,9 @@ elseif ($displayMode == "viewMainInfoEdit") echo "\n", "", "\n", - ""; - //""; - - - //aca + ""; if (!($is_courseAdmin && $_user['user_id'] == $userIdViewed)) { - if ($current_session_id) { if ($user_info_viewed['status'] == COURSEMANAGER) { echo ""; @@ -441,17 +393,13 @@ elseif ($displayMode == "viewMainInfoEdit") } else { echo "\n"; } - } - - + } } else { echo "\n"; } - - echo "\n", "", "
", htmlize(api_get_person_name($mainUserInfo['firstName'], $mainUserInfo['lastName'])), "", get_lang('CourseManager'), "
", "
\n"; echo "

".Display :: encrypted_mailto_link($mainUserInfo['email'], $mainUserInfo['email'])."

"; @@ -470,14 +418,12 @@ elseif ($displayMode == "viewMainInfoEdit") { Display :: display_normal_message(get_lang('ThisStudentIsSubscribeThroughASession')); } -} -elseif ($displayMode == "viewContentList") // default display -{ +} elseif ($displayMode == "viewContentList") { + // default display /*>>>>>>>>>>>> CATEGORIES CONTENTS : LIST <<<<<<<<<<<<*/ $virtual_course_code = $_GET["virtual_course"]; - if (isset ($virtual_course_code)) - { + if (isset ($virtual_course_code)) { $courseCode = $virtual_course_code; //not supported yet: editing users of virtual courses $allowedToEditDef = false; @@ -485,8 +431,7 @@ elseif ($displayMode == "viewContentList") // default display $mainUserInfo = get_main_user_info($userIdViewed, $courseCode); - if ($mainUserInfo) - { + if ($mainUserInfo) { $image_array=UserManager::get_user_picture_path_by_id($userIdViewed,'web',false,true); // get the path,width and height from original picture $big_image = $image_array['dir'].'big_'.$image_array['file']; @@ -505,13 +450,9 @@ elseif ($displayMode == "viewContentList") // default display $users_online = who_is_online(30); foreach ($users_online as $online) { if (in_array($userIdViewed, $online)) { - - $online = Display::return_icon('online.gif', get_lang('OnLine'),array('style'=>'with="8"; height="8"')); break; - } - else - { + } else { $online =''; } @@ -539,7 +480,7 @@ elseif ($displayMode == "viewContentList") // default display } } - echo ($allowedToEditDef?"".get_lang('Edit')."\n":""), + echo ($allowedToEditDef && api_get_setting('allow_user_course_subscription_by_course_admin') == 'true'?"".get_lang('Edit')."\n":""), ($is_allowedToTrack?"".get_lang('Tracking')."\n":""), "\n", @@ -574,7 +515,7 @@ elseif ($displayMode == "viewContentList") // default display } } - if ($allowedToEditDef) { + if ($allowedToEditDef && api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { echo "", "", "\"\"",