From 7d102e29cd282988943c8fc864a2a81ae069e45a Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 24 Jul 2020 14:47:51 +0200 Subject: [PATCH] Allow session admins to see session reports BT#17576 --- main/inc/ajax/model.ajax.php | 35 +++++++++++++++++++++++++++-- main/inc/lib/sessionmanager.lib.php | 21 ++++++++++++----- 2 files changed, 48 insertions(+), 8 deletions(-) diff --git a/main/inc/ajax/model.ajax.php b/main/inc/ajax/model.ajax.php index 4879858775..394ee50f21 100755 --- a/main/inc/ajax/model.ajax.php +++ b/main/inc/ajax/model.ajax.php @@ -691,7 +691,7 @@ switch ($action) { $description = $keyword; } - if (api_is_drh() || api_is_session_admin()) { + if (api_is_drh()) { $count = SessionManager::get_sessions_followed_by_drh( api_get_user_id(), null, @@ -704,6 +704,20 @@ switch ($action) { $description, ['where' => $whereCondition, 'extra' => $extra_fields] ); + } elseif (api_is_session_admin()) { + $count = SessionManager::getSessionsFollowedByUser( + api_get_user_id(), + SESSIONADMIN, + null, + null, + true, + false, + false, + null, + $keyword, + $description, + ['where' => $whereCondition, 'extra' => $extra_fields] + ); } else { // Sessions for the coach $count = Tracking::get_sessions_coached_by_user( @@ -1608,7 +1622,7 @@ switch ($action) { ); break; case 'get_sessions_tracking': - if (api_is_drh() || api_is_session_admin()) { + if (api_is_drh()) { $orderByName = Database::escape_string($sidx); $orderByName = in_array($orderByName, ['name', 'access_start_date']) ? $orderByName : 'name'; $orderBy = " ORDER BY $orderByName $sord"; @@ -1624,6 +1638,23 @@ switch ($action) { $description, ['where' => $whereCondition, 'extra' => $extra_fields] ); + } elseif (api_is_session_admin()) { + $orderByName = Database::escape_string($sidx); + $orderByName = in_array($orderByName, ['name', 'access_start_date']) ? $orderByName : 'name'; + $orderBy = " ORDER BY $orderByName $sord"; + $sessions = SessionManager::getSessionsFollowedByUser( + api_get_user_id(), + SESSIONADMIN, + $start, + $limit, + false, + false, + false, + $orderBy, + $keyword, + $description, + ['where' => $whereCondition, 'extra' => $extra_fields] + ); } else { // Sessions for the coach $sessions = Tracking::get_sessions_coached_by_user( diff --git a/main/inc/lib/sessionmanager.lib.php b/main/inc/lib/sessionmanager.lib.php index 0b703b0f66..c9fe181676 100755 --- a/main/inc/lib/sessionmanager.lib.php +++ b/main/inc/lib/sessionmanager.lib.php @@ -3839,7 +3839,6 @@ class SessionManager $sessionConditions = null; $sessionQuery = ''; $courseSessionQuery = null; - switch ($status) { case DRH: $sessionQuery = "SELECT sru.session_id @@ -3857,6 +3856,10 @@ class SessionManager $whereConditions = " OR (s.id_coach = $userId) "; break; + case SESSIONADMIN: + $sessionQuery = ''; + $sqlInjectJoins .= " AND s.session_admin_id = $userId "; + break; default: $sessionQuery = "SELECT sru.session_id FROM @@ -3880,16 +3883,18 @@ class SessionManager $whereConditions .= $keywordCondition; $subQuery = $sessionQuery.$courseSessionQuery; + if (!empty($subQuery)) { + $subQuery = " AND s.id IN ($subQuery)"; + } + $sql = " $select FROM $tbl_session s INNER JOIN $tbl_session_rel_access_url a ON (s.id = a.session_id) $sqlInjectJoins WHERE - access_url_id = ".api_get_current_access_url_id()." AND - s.id IN ( - $subQuery - ) + access_url_id = ".api_get_current_access_url_id()." + $subQuery $whereConditions $extraFieldsConditions $sqlInjectWhere @@ -3903,8 +3908,12 @@ class SessionManager if ($getCount) { $row = Database::fetch_array($result); + if ($row) { - return $row['count']; + return (int) $row['count']; + } + + return 0; } $sessions = [];