Fixes User Access to course - Refs #7900

main/course_home/course_home.php

@@ -171,6 +171,9 @@ if (isset($_GET['action']) && $_GET['action'] == 'subscribe') {
         Security::clear_token();
         $auth = new Auth();
         $msg = $auth->subscribe_user($course_code);
+        if (CourseManager::is_user_subscribed_in_course($user_id, $course_code)) {
+            Session::write('is_allowed_in_course', true);
+        }
         if (!empty($msg)) {
             $show_message .= Display::return_message(
                 get_lang($msg['message']),

main/inc/lib/api.lib.php

@@ -1157,7 +1157,7 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
                 break;
             case COURSE_VISIBILITY_OPEN_PLATFORM:
                 // Open - access allowed for users registered on the platform - 2
-                if (api_get_user_id() && !api_is_anonymous()) {
+                if (api_get_user_id() && !api_is_anonymous() && $is_allowed_in_course) {
                     $is_visible = true;
                 }
                 break;

main/inc/local.inc.php

@@ -1239,7 +1239,12 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
                 $is_allowed_in_course = true;
                 break;
             case COURSE_VISIBILITY_OPEN_PLATFORM: //2
-                if (isset($user_id) && !api_is_anonymous($user_id)) {
+                $courseCode = $_course['code'];
+                $isUserSubscribedInCourse = CourseManager::is_user_subscribed_in_course(
+                    $user_id,
+                    $courseCode
+                );
+                if (isset($user_id) && $isUserSubscribedInCourse === true && !api_is_anonymous($user_id)) {
                     $is_allowed_in_course = true;
                 }
                 break;