From 790b33e2e353d87b266a0096b119d65ad2e19a89 Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Thu, 18 May 2017 15:06:00 +0200
Subject: [PATCH] Update permissions rules see BT#12723

---
 .../studentfollowup/StudentFollowUpPlugin.php | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/plugin/studentfollowup/StudentFollowUpPlugin.php b/plugin/studentfollowup/StudentFollowUpPlugin.php
index 389e0470bb..e14a9b1efa 100644
--- a/plugin/studentfollowup/StudentFollowUpPlugin.php
+++ b/plugin/studentfollowup/StudentFollowUpPlugin.php
@@ -105,8 +105,23 @@ class StudentFollowUpPlugin extends Plugin
             $showPrivate = true;
         } else {
             $isDrh = api_is_drh();
+            $isCareTaker = false;
+
+            // Check if user is care taker
+            if ($isDrh) {
+                $criteria = [
+                    'user' => $studentId,
+                    'insertUser' => $currentUserId
+                ];
+
+                $post = Database::getManager()->getRepository('ChamiloPluginBundle:StudentFollowUp\CarePost')->findOneBy($criteria);
+                if ($post) {
+                    $isCareTaker = true;
+                }
+            }
+
             // Only admins and DRH that follow the user
-            $isAdminOrDrh = ($isDrh && UserManager::is_user_followed_by_drh($studentId, $currentUserId)) || api_is_platform_admin();
+            $isAdmin = api_is_platform_admin();
 
             // Check if course session coach
             $sessions = SessionManager::get_sessions_by_user($studentId);
@@ -132,8 +147,8 @@ class StudentFollowUpPlugin extends Plugin
                 }
             }
 
-            $isAllow = $isAdminOrDrh || $isDrhSession;
-            $showPrivate = $isAdminOrDrh;
+            $isAllow = $isAdmin || $isDrhSession || $isCourseCoach;
+            $showPrivate = $isAdmin || ($isDrhSession && $isCareTaker);
         }
 
         return [