Coach and download files if session is read only see BT#9233

10 years ago · 74c25067aa
parent 5d74663bae
commit 74c25067aa
7 changed files with 48 additions and 25 deletions
--- a/main/inc/ajax/model.ajax.php
+++ b/main/inc/ajax/model.ajax.php
@ -214,7 +214,6 @@ switch ($action) {
    case 'get_work_student':
        require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
        $count = getWorkListStudent(0, $limit, $sidx, $sord, $whereCondition, true);
-
        break;
    case 'get_work_user_list_all':
        require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
@ -258,7 +257,7 @@ switch ($action) {
        }
        break;
    case 'get_work_student_list_overview':
-        if (!api_is_allowed_to_edit()) {
+        if (!(api_is_allowed_to_edit() || api_is_coach())) {
            return 0;
        }
        require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
@ -588,7 +587,6 @@ switch ($action) {
                'actions'
            );
        } else {
-
            $columns = array(
                'type',
                'firstname',
@ -677,7 +675,7 @@ switch ($action) {
        $result = get_exam_results_hotpotatoes_data($start, $limit, $sidx, $sord, $hotpot_path, $whereCondition);
        break;
    case 'get_work_student_list_overview':
-        if (!api_is_allowed_to_edit()) {
+        if (!(api_is_allowed_to_edit() || api_is_coach())) {
            return array();
        }
        require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
--- a/main/work/downloadfolder.inc.php
+++ b/main/work/downloadfolder.inc.php
@ -10,14 +10,16 @@
 $work_id = $_GET['id'];
 require_once '../inc/global.inc.php';
 $current_course_tool  = TOOL_STUDENTPUBLICATION;
+$_course = api_get_course_info();

-//protection
+// Protection
 api_protect_course_script(true);

 require_once 'work.lib.php';

 $work_data = get_work_data_by_id($work_id);
 $groupId = api_get_group_id();
+
 if (empty($work_data)) {
    exit;
 }
@ -59,7 +61,7 @@ if (array_key_exists('filename', $work_data)) {
    $filenameCondition = ", filename";
 }

-if (api_is_allowed_to_edit()) {
+if (api_is_allowed_to_edit() || api_is_coach()) {
    //Search for all files that are not deleted => visibility != 2
    $sql = "SELECT DISTINCT
                url,
--- a/main/work/student_work.php
+++ b/main/work/student_work.php
@ -39,7 +39,7 @@ if (!empty($group_id)) {
    } else {
        // you are not a teacher
        $show_work = GroupManager::user_has_access(
-            $user_id,
+            api_get_user_id(),
            $group_id,
            GroupManager::GROUP_TOOL_WORK
        );
@ -58,7 +58,7 @@ if (!empty($group_id)) {
        'name' => get_lang('GroupSpace').' '.$group_properties['name']
    );
 } else {
-    if (!api_is_allowed_to_edit(false, true)) {
+    if (!(api_is_allowed_to_edit() || api_is_coach())) {
        api_not_allowed(true);
    }
 }
@ -178,8 +178,14 @@ foreach ($workPerUser as $work) {
            $url = api_get_path(WEB_CODE_PATH).'work/download.php?'.api_get_cidreq().'&id='.$itemId;
            $links .= Display::url(Display::return_icon('save.png', get_lang('Download')), $url);
        }
-        $url = api_get_path(WEB_CODE_PATH).'work/edit.php?'.api_get_cidreq().'&item_id='.$itemId.'&id='.$workId.'&parent_id='.$workId;
-        $links .= Display::url(Display::return_icon('rate_work.png', get_lang('Comment')), $url);
+
+        if (api_is_allowed_to_edit()) {
+            $url = api_get_path(WEB_CODE_PATH).'work/edit.php?'.api_get_cidreq().'&item_id='.$itemId.'&id='.$workId.'&parent_id='.$workId;
+            $links .= Display::url(
+                Display::return_icon('rate_work.png', get_lang('Comment')),
+                $url
+            );
+        }

        $table->setCellContents($row, $column, $links);

--- a/main/work/view.php
+++ b/main/work/view.php
@ -35,14 +35,14 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
    $courseInfo
 );

-if ((user_is_author($id) || $isDrhOfCourse) ||
+if ((user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach())) ||
    (
        $courseInfo['show_score'] == 0 &&
        $work['active'] == 1 &&
        $work['accepted'] == 1
    )
 ) {
-    if (api_is_allowed_to_edit(null, true) || api_is_drh()) {
+    if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
        $url_dir = 'work_list_all.php?id='.$my_folder_data['id'];
    } else {
        $url_dir = 'work_list.php?id='.$my_folder_data['id'];
@ -51,8 +51,13 @@ if ((user_is_author($id) || $isDrhOfCourse) ||
    $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
    $interbreadcrumb[] = array('url' => '#','name' => $work['title']);
    //|| api_is_drh()
-    if (($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) ||
-        (api_is_allowed_to_edit()) || user_is_author($id) || $isDrhOfCourse
+    if (($courseInfo['show_score'] == 0 &&
+        $work['active'] == 1 &&
+        $work['accepted'] == 1
+        ) ||
+        (api_is_allowed_to_edit() || api_is_coach()) ||
+        user_is_author($id) ||
+        $isDrhOfCourse
    ) {
        $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
        switch ($action) {
@ -89,7 +94,9 @@ if ((user_is_author($id) || $isDrhOfCourse) ||
        $tpl->assign('work', $work);
        $tpl->assign('work_comment_enabled', ALLOW_USER_COMMENTS);
        $tpl->assign('comments', $comments);
-        $tpl->assign('form', $commentForm);
+        if (api_is_allowed_to_session_edit()) {
+            $tpl->assign('form', $commentForm);
+        }
        $tpl->assign('is_allowed_to_edit', api_is_allowed_to_edit());

        $template = $tpl->get_template('work/view.tpl');
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@ -1828,12 +1828,12 @@ function getWorkListTeacher(
 ) {
    $workTable = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
    $workTableAssignment  = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
-    $courseInfo = api_get_course_info();
+
    $course_id = api_get_course_int_id();
    $session_id = api_get_session_id();
    $condition_session = api_get_session_condition($session_id);
    $group_id = api_get_group_id();
-    $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
+    $is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();

    if (!in_array($direction, array('asc', 'desc'))) {
        $direction = 'desc';
@ -1931,9 +1931,18 @@ function getWorkListTeacher(
                );
            }
            $deleteUrl = api_get_path(WEB_CODE_PATH).'work/work.php?id='.$workId.'&action=delete_dir&'.api_get_cidreq();
-            $deleteLink = '<a href="#" onclick="showConfirmationPopup(this, \''.$deleteUrl.'\' ) " >'.
-                Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'</a>';
-
+            $deleteLink = '<a href="#" onclick="showConfirmationPopup(this, \'' . $deleteUrl . '\' ) " >' .
+                Display::return_icon(
+                    'delete.png',
+                    get_lang('Delete'),
+                    array(),
+                    ICON_SIZE_SMALL
+                ) . '</a>';
+
+            if (!api_is_allowed_to_edit()) {
+                $deleteLink = null;
+                $editLink = null;
+            }
            $work['actions'] = $downloadLink.$editLink.$deleteLink;
            $works[] = $work;
        }
@ -2184,7 +2193,7 @@ function get_work_user_list(
    }

    $work_data = get_work_data_by_id($work_id);
-    $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
+    $is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();
    $condition_session  = api_get_session_condition($session_id);
    $locked = api_resource_is_locked_by_gradebook($work_id, LINK_STUDENTPUBLICATION);

@ -2377,7 +2386,7 @@ function get_work_user_list(
                // Actions.

                $action = '';
-                if ($is_allowed_to_edit) {
+                if (api_is_allowed_to_edit()) {
                    $action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.
                        Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a> ';

@ -3632,6 +3641,7 @@ function getWorkCommentForm($work)
        $form->addElement('checkbox', 'send_mail', null, get_lang('SendMail'));
    }
    $form->addElement('button', 'button', get_lang('Send'));
+
    return $form->return_form();
 }

--- a/main/work/work.php
+++ b/main/work/work.php
@ -289,7 +289,7 @@ switch ($action) {
                get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description'], STUDENT).
                '</p></div></p>';
        }
-        if (api_is_allowed_to_edit()) {
+        if (api_is_allowed_to_edit() || api_is_coach()) {
            // Work list
            $content .= '<div class="row">';
            $content .= '<div class="span9">';
--- a/main/work/work_list_all.php
+++ b/main/work/work_list_all.php
@ -15,7 +15,7 @@ require_once 'work.lib.php';
 $this_section = SECTION_COURSES;

 $workId = isset($_GET['id']) ? intval($_GET['id']) : null;
-$is_allowed_to_edit = api_is_allowed_to_edit();
+$is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();

 if (empty($workId)) {
    api_not_allowed(true);
@ -33,7 +33,7 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
    api_get_course_info()
 );

-if (!(api_is_allowed_to_edit() || $isDrhOfCourse)) {
+if (!($is_allowed_to_edit || $isDrhOfCourse)) {
    api_not_allowed(true);
 }