Fixing session visibility

12 years ago · 7d3af870c5
parent c16ffee8ff
commit 7d3af870c5
4 changed files with 19 additions and 7 deletions
--- a/main/course_home/course_home.php
+++ b/main/course_home/course_home.php
@ -161,9 +161,7 @@ if ($_GET['action'] == 'subscribe') {
 }

 /*	Is the user allowed here? */
-if (!$is_allowed_in_course) {
-	api_not_allowed(true);
-}
+api_protect_course_script(true);

 /*  STATISTICS */

--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -810,9 +810,11 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
    if (api_is_drh()) {
        return true;
    }
+    
    if (api_is_platform_admin($allow_session_admins)) {
    	return true;
    }
+    
    $course_info = api_get_course_info();

    if (isset($course_info) && isset($course_info['visibility'])) {
@ -838,6 +840,16 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
    			break;
    	}
    }
+    
+    //Check session visibility
+    $session_id = api_get_session_id();
+    
+    if (!empty($session_id)) {
+        //$is_allowed_in_course was set in local.inc.php
+        if (!$is_allowed_in_course) {
+            $is_visible = false;
+        }
+    }

    if (!$is_visible) {
        api_not_allowed($print_headers);
--- a/main/inc/lib/userportal.lib.php
+++ b/main/inc/lib/userportal.lib.php
@ -954,7 +954,10 @@ class IndexManager {

                            $params['title'] = $session_link;
                            
-                            $params['subtitle'] = $extra_info.SessionManager::get_session_change_user_reason($session['moved_status']);
+                            $moved_status = SessionManager::get_session_change_user_reason($session['moved_status']);
+                            $moved_status = isset($moved_status) && !empty($moved_status) ? ' ('.$moved_status.')' : null;
+                            
+                            $params['subtitle'] = $extra_info.$moved_status;

                            $params['right_actions'] = '';
                            if (api_is_platform_admin()) {
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -1017,7 +1017,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
            if (!$is_platformAdmin) {
                // admin is not affected to the invisible session mode
                $session_visibility = api_get_session_visibility($session_id);
-
+                
                switch ($session_visibility) {
                    case SESSION_INVISIBLE:
                        $is_allowed_in_course = false;
@ -1104,5 +1104,4 @@ if (isset($_cid)) {
    Database::query($sql);
 }

-Redirect::session_request_uri($logging_in, $user_id);
-
+Redirect::session_request_uri($logging_in, $user_id);