chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

improve the access and restrictions to the session's administrator CT#602

Browse Source
skala
Carlos Vargas 16 years ago
parent f53fb7c148
commit 7cb99d41bc
8 changed files with 19 additions and 12 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/admin/add_many_session_to_category.php
  2. 3
      main/admin/session_category_edit.php
  3. 4
      main/admin/session_course_edit.php
  4. 2
      main/admin/session_course_list.php
  5. 2
      main/admin/session_course_user_list.php
  6. 14
      main/admin/session_list.php
  7. 2
      main/coursecopy/copy_course_session.php
  8. 2
      main/tracking/courseLog.php

2
main/admin/add_many_session_to_category.php
Unescape View File

@ -50,7 +50,7 @@ if(isset($_GET['add_type']) && $_GET['add_type']!=''){
$add_type = Security::remove_XSS($_REQUEST['add_type']); $add_type = Security::remove_XSS($_REQUEST['add_type']);
} }
if (!api_is_platform_admin()) { if (!api_is_platform_admin() && !api_is_session_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql); $rs = Database::query($sql);
if (Database::result($rs,0,0)!=$_user['user_id']) { if (Database::result($rs,0,0)!=$_user['user_id']) {

3
main/admin/session_category_edit.php
Unescape View File

@ -45,9 +45,10 @@ if (!$infos=Database::fetch_array($result)) {
list($year_start,$month_start,$day_start)=explode('-',$infos['date_start']); list($year_start,$month_start,$day_start)=explode('-',$infos['date_start']);
list($year_end,$month_end,$day_end)=explode('-',$infos['date_end']); list($year_end,$month_end,$day_end)=explode('-',$infos['date_end']);
if (!api_is_platform_admin() && $infos['session_admin_id']!=$_user['user_id']) { if (!api_is_platform_admin() && $infos['session_admin_id']!=$_user['user_id'] && !api_is_session_admin()) {
api_not_allowed(true); api_not_allowed(true);
} }
if ($_POST['formSent']) { if ($_POST['formSent']) {
$formSent=1; $formSent=1;
$name= $_POST['name']; $name= $_POST['name'];

4
main/admin/session_course_edit.php
Unescape View File

@ -12,9 +12,9 @@ $cidReset=true;
require '../inc/global.inc.php'; require '../inc/global.inc.php';
require_once '../inc/lib/sessionmanager.lib.php'; require_once '../inc/lib/sessionmanager.lib.php';
// setting the section (for the tabs) // setting the section (for the tabs)
$this_section=SECTION_PLATFORM_ADMIN; /*$this_section=SECTION_PLATFORM_ADMIN;
api_protect_admin_script(); api_protect_admin_script();*/
$id_session=intval($_GET['id_session']); $id_session=intval($_GET['id_session']);
$course_code=trim(stripslashes($_GET['course_code'])); $course_code=trim(stripslashes($_GET['course_code']));

2
main/admin/session_course_list.php
Unescape View File

@ -15,7 +15,7 @@ include('../inc/global.inc.php');
// setting the section (for the tabs) // setting the section (for the tabs)
$this_section=SECTION_PLATFORM_ADMIN; $this_section=SECTION_PLATFORM_ADMIN;
api_protect_admin_script(); api_protect_admin_script(true);
// Database Table Definitions // Database Table Definitions
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);

2
main/admin/session_course_user_list.php
Unescape View File

@ -9,7 +9,7 @@
$language_file='admin'; $language_file='admin';
$cidReset=true; $cidReset=true;
include('../inc/global.inc.php'); include('../inc/global.inc.php');
api_protect_admin_script(); api_protect_admin_script(true);
$tbl_user=Database::get_main_table(TABLE_MAIN_USER); $tbl_user=Database::get_main_table(TABLE_MAIN_USER);
$tbl_course=Database::get_main_table(TABLE_MAIN_COURSE); $tbl_course=Database::get_main_table(TABLE_MAIN_COURSE);
$tbl_session=Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session=Database::get_main_table(TABLE_MAIN_SESSION);

14
main/admin/session_list.php
Unescape View File

@ -136,22 +136,27 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$where.= ' session_category_id = "'.$id_category.'" '; $where.= ' session_category_id = "'.$id_category.'" ';
$cond_url.= '&id_category='.$id_category; $cond_url.= '&id_category='.$id_category;
} }
$user_id= $_user['user_id'];
if (api_is_session_admin()==true) {
$where.=" AND s.session_admin_id = $user_id ";
}
//Get list sessions //Get list sessions
$sort = ($sort != "name_category")? 's.'.$sort : 'category_name'; $sort = ($sort != "name_category")? 's.'.$sort : 'category_name';
$query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name, s.visibility $query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name, s.visibility
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
$where $where
ORDER BY $sort "; ORDER BY $sort ";
//query which allows me to get a record without taking into account the page //query which allows me to get a record without taking into account the page
$query_rows = "SELECT count(*) as total_rows $query_rows = "SELECT count(*) as total_rows
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
$where "; $where ";
//filtering the session list by access_url //filtering the session list by access_url
if ($_configuration['multiple_access_urls'] == true){ if ($_configuration['multiple_access_urls'] == true){
$table_access_url_rel_session= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION); $table_access_url_rel_session= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
@ -174,6 +179,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$where "; $where ";
} }
} }
$result_rows = Database::query($query_rows); $result_rows = Database::query($query_rows);
$recorset = Database::fetch_array($result_rows); $recorset = Database::fetch_array($result_rows);

2
main/coursecopy/copy_course_session.php
Unescape View File

@ -26,7 +26,7 @@ require_once '../inc/lib/xajax/xajax.inc.php';
$xajax = new xajax(); $xajax = new xajax();
$xajax -> registerFunction('search_courses'); $xajax -> registerFunction('search_courses');
if (!api_is_allowed_to_edit()) { if (!api_is_allowed_to_edit() && !api_is_session_admin()) {
api_not_allowed(true); api_not_allowed(true);
} }

2
main/tracking/courseLog.php
Unescape View File

@ -37,7 +37,7 @@ if (isset($_GET['from']) && $_GET['from'] == 'myspace') {
// access restrictions // access restrictions
$is_allowedToTrack = $is_courseAdmin || $is_platformAdmin || $is_courseCoach || $is_sessionAdmin || api_is_drh(); $is_allowedToTrack = $is_courseAdmin || $is_platformAdmin || $is_courseCoach || $is_sessionAdmin || api_is_drh();
if (!$is_allowedToTrack) { if (!$is_allowedToTrack && !api_is_session_admin()) {
Display :: display_header(null); Display :: display_header(null);
api_not_allowed(); api_not_allowed();
Display :: display_footer(); Display :: display_footer();

Write Preview
Loading…
Cancel
Save