[svn r16504] the coachs can now delete only message in forums of his sessions (FS#2864)

17 years ago · 87d2e24aea
parent 43a02bf349
commit 87d2e24aea
5 changed files with 9 additions and 10 deletions
--- a/main/forum/viewforum.php
+++ b/main/forum/viewforum.php
@ -161,7 +161,6 @@ if (!api_is_allowed_to_edit(false,true) AND ($current_forum_category['visibility
 	forum_not_allowed_here();
 }

-
 /*
 -----------------------------------------------------------
 	Display the action messages
@ -326,8 +325,8 @@ if(is_array($threads))
 				$last_post=$last_post_row['post_date']." ".get_lang('By').' '.$name;
 			}
 			echo "\t\t<td>".$last_post."</td>\n";
-			echo "\t\t<td>";			
-			if (api_is_allowed_to_edit(false,true))
+			echo "\t\t<td>";	
+			if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))
 			{
 				echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;action=delete&amp;content=thread&amp;id=".$row['thread_id'].$origin_string."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteCompleteThread"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";
 				display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array("forum"=>$_GET['forum'],'origin'=>$origin));
--- a/main/forum/viewthread.php
+++ b/main/forum/viewthread.php
@ -204,7 +204,7 @@ if ($message<>'PostDeletedSpecial') // in this case the first and only post of t
 			echo '<a href="reply.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;action=replythread&origin='.$origin.'">'.get_lang('ReplyToThread').'</a>';
 			
 			//new thread link
-			if (api_is_allowed_to_edit(false,true) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
+			if ((api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
 			{
 				if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1)
 				{
--- a/main/forum/viewthread_flat.inc.php
+++ b/main/forum/viewthread_flat.inc.php
@ -100,11 +100,11 @@ foreach ($rows as $row)
 	echo $row['post_date'].'<br /><br />';
 	// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 	// The course admin him/herself can do this off course always
-	if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
+	if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))
 	{
 		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$row['post_id']."&origin=".$origin."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 	}
-	if (api_is_allowed_to_edit(false,true))
+	if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))
 	{
 		echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$row['post_id']."&origin=".$origin."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
 		display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'origin'=>$origin ));
--- a/main/forum/viewthread_nested.inc.php
+++ b/main/forum/viewthread_nested.inc.php
@ -91,11 +91,11 @@ foreach ($rows as $post)
 	echo $post['post_date'].'<br /><br />';
 	// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 	// The course admin him/herself can do this off course always
-	if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
+	if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))
 	{
 		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 	}
-	if (api_is_allowed_to_edit(false,true))
+	if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))
 	{
 		echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$post['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
 		display_visible_invisible_icon('post', $post['post_id'], $post['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']) ));
--- a/main/forum/viewthread_threaded.inc.php
+++ b/main/forum/viewthread_threaded.inc.php
@ -222,11 +222,11 @@ echo display_user_link($rows[$display_post_id]['user_id'], $name).'<br />';
 echo $rows[$display_post_id]['post_date'].'<br /><br />';
 // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 // The course admin him/herself can do this off course always
-if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
+if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))
 {
 	echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$rows[$display_post_id]['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 }
-if (api_is_allowed_to_edit(false,true))
+if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))
 {
 	echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$rows[$display_post_id]['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
 	display_visible_invisible_icon('post', $rows[$display_post_id]['post_id'], $rows[$display_post_id]['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'post'=>Security::remove_XSS($_GET['post']) ));