From 8c27f9dcc9daf210942cd171765769f8901d2b37 Mon Sep 17 00:00:00 2001
From: Julio <gugli100@gmail.com>
Date: Mon, 24 Jun 2019 14:25:25 +0200
Subject: [PATCH] Course coach has access to user results see BT#15802

---
 main/gradebook/index.php                    | 25 ++----
 main/gradebook/lib/GradebookUtils.php       | 14 +++-
 main/gradebook/lib/fe/displaygradebook.php  | 91 ++++++++++++++-------
 main/gradebook/lib/fe/resulttable.class.php | 28 +++----
 4 files changed, 91 insertions(+), 67 deletions(-)

diff --git a/main/gradebook/index.php b/main/gradebook/index.php
index f8639ced41..1b7b49f2d2 100755
--- a/main/gradebook/index.php
+++ b/main/gradebook/index.php
@@ -862,22 +862,6 @@ if (isset($first_time) && $first_time == 1 && api_is_allowed_to_edit(null, true)
         );
     }
 
-    if (api_is_allowed_to_edit(null, true)) {
-        if (((empty($selectCat)) || (isset($_GET['cidReq']) && $_GET['cidReq'] !== '')) ||
-            (isset($_GET['isStudentView']) && $_GET['isStudentView'] == 'false')
-        ) {
-            $cats = Category:: load(
-                null,
-                null,
-                $course_code,
-                null,
-                null,
-                $session_id,
-                false
-            );
-        }
-    }
-
     $cats = Category::load(
         null,
         null,
@@ -891,15 +875,16 @@ if (isset($first_time) && $first_time == 1 && api_is_allowed_to_edit(null, true)
     if (!empty($cats)) {
         if ((api_get_setting('gradebook_enable_grade_model') === 'true') &&
             (
-                api_is_platform_admin() || (api_is_allowed_to_edit(null, true) &&
-                api_get_setting('teachers_can_change_grade_model_settings') === 'true')
+                api_is_platform_admin() || (
+                    api_is_allowed_to_edit(null, true) &&
+                    api_get_setting('teachers_can_change_grade_model_settings') === 'true'
+                )
             )
         ) {
             // Getting grade models.
             $obj = new GradeModel();
             $grade_models = $obj->get_all();
             $grade_model_id = $cats[0]->get_grade_model_id();
-
             // No children.
             if ((count($cats) == 1 && empty($grade_model_id)) ||
                 (count($cats) == 1 && $grade_model_id != -1)
@@ -990,7 +975,7 @@ if (isset($first_time) && $first_time == 1 && api_is_allowed_to_edit(null, true)
                 }
 
                 $exportToPdf = false;
-                if ($action == 'export_table') {
+                if ($action === 'export_table') {
                     $exportToPdf = true;
                 }
 
diff --git a/main/gradebook/lib/GradebookUtils.php b/main/gradebook/lib/GradebookUtils.php
index f1798e8ff5..a1196766ac 100644
--- a/main/gradebook/lib/GradebookUtils.php
+++ b/main/gradebook/lib/GradebookUtils.php
@@ -121,8 +121,18 @@ class GradebookUtils
      */
     public static function block_students()
     {
-        if (!api_is_allowed_to_edit()) {
-            api_not_allowed();
+        $sessionId = api_get_session_id();
+        if (empty($sessionId)) {
+            if (!api_is_allowed_to_edit()) {
+                api_not_allowed();
+            }
+        } else {
+            $isCoach = api_is_coach(api_get_session_id(), api_get_course_int_id());
+            if ($isCoach === false) {
+                if (!api_is_allowed_to_edit()) {
+                    api_not_allowed();
+                }
+            }
         }
     }
 
diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php
index 5b2cf344a0..d5f1b1d30d 100755
--- a/main/gradebook/lib/fe/displaygradebook.php
+++ b/main/gradebook/lib/fe/displaygradebook.php
@@ -325,7 +325,7 @@ class DisplayGradebook
             $total_score = [$item_value_total, $item_total];
             $scorecourse_display = $scoredisplay->display_score($total_score, SCORE_DIV_PERCENT);
 
-            if ((!$catobj->get_id() == '0') && (!isset($_GET['studentoverview'])) && (!isset($_GET['search']))) {
+            if (!$catobj->get_id() == '0' && !isset($_GET['studentoverview']) && !isset($_GET['search'])) {
                 $additionalButtons = null;
                 if (!empty($certificateLinkInfo)) {
                     $additionalButtons .= '<div class="btn-group pull-right">';
@@ -394,9 +394,14 @@ class DisplayGradebook
         $actionsLeft = '';
         $actionsRight = '';
         $my_api_cidreq = api_get_cidreq();
-        if (api_is_allowed_to_edit(null, true)) {
-            if ($selectcat != '0') {
-                $my_category = $catobj->showAllCategoryInfo($catobj->get_id());
+        $isCoach = api_is_coach(api_get_session_id(), api_get_course_int_id());
+        $accessToRead = api_is_allowed_to_edit(null, true) || $isCoach;
+        $accessToEdit = api_is_allowed_to_edit(null, true);
+        $courseCode = api_get_course_id();
+
+        if ($accessToRead) {
+            $my_category = $catobj->showAllCategoryInfo($catobj->get_id());
+            if ($selectcat != '0' && $accessToEdit) {
                 if ($my_api_cidreq == '') {
                     $my_api_cidreq = 'cidReq='.$my_category['course_code'];
                 }
@@ -417,7 +422,7 @@ class DisplayGradebook
                     }
                 }
             }
-            if (empty($grade_model_id) || $grade_model_id == -1) {
+            if ((empty($grade_model_id) || $grade_model_id == -1) && $accessToEdit) {
                 $actionsLeft .= '<a href="gradebook_add_cat.php?'.api_get_cidreq().'&selectcat='.$catobj->get_id().'">'.
                     Display::return_icon(
                         'new_folder.png',
@@ -426,7 +431,8 @@ class DisplayGradebook
                         ICON_SIZE_MEDIUM
                     ).'</a></td>';
             }
-            if ($selectcat != '0') {
+
+            if ($selectcat != '0' && $accessToRead) {
                 if (!$message_resource) {
                     $actionsLeft .= '<a href="gradebook_flatview.php?'.$my_api_cidreq.'&selectcat='.$catobj->get_id().'">'.
                         Display::return_icon('statistics.png', get_lang('FlatView'), '', ICON_SIZE_MEDIUM).'</a>';
@@ -463,30 +469,53 @@ class DisplayGradebook
                     }
 
                     // Right icons
-                    $actionsRight = '<a href="gradebook_edit_cat.php?editcat='.$catobj->get_id().'&cidReq='.$catobj->get_course_code().'&id_session='.$catobj->get_session_id().'">'.
-                        Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_MEDIUM).'</a>';
-                    $courseCode = api_get_course_id();
-                    if (api_get_plugin_setting('customcertificate', 'enable_plugin_customcertificate') == 'true' &&
-                        api_get_course_setting('customcertificate_course_enable', $courseCode) == 1
-                    ) {
-                        $actionsRight .= '<a href="'.api_get_path(WEB_PLUGIN_PATH).'customcertificate/src/index.php?'.
-                            $my_api_cidreq.'&origin=gradebook&selectcat='.$catobj->get_id().'">'.
-                            Display::return_icon('certificate.png', get_lang('AttachCertificate'), '', ICON_SIZE_MEDIUM).'</a>';
-                    } else {
-                        $actionsRight .= '<a href="'.api_get_path(WEB_CODE_PATH).
-                            'document/document.php?curdirpath=/certificates&'.
-                            $my_api_cidreq.'&origin=gradebook&selectcat='.$catobj->get_id().'">'.
-                            Display::return_icon('certificate.png', get_lang('AttachCertificate'), '', ICON_SIZE_MEDIUM).'</a>';
-                    }
+                    if ($accessToEdit) {
+                        $actionsRight = '<a href="gradebook_edit_cat.php?editcat='.$catobj->get_id(
+                            ).'&cidReq='.$catobj->get_course_code().'&id_session='.$catobj->get_session_id().'">'.
+                            Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_MEDIUM).'</a>';
+
+                        if (api_get_plugin_setting('customcertificate', 'enable_plugin_customcertificate') == 'true' &&
+                            api_get_course_setting('customcertificate_course_enable', $courseCode) == 1
+                        ) {
+                            $actionsRight .= '<a href="'.api_get_path(
+                                    WEB_PLUGIN_PATH
+                                ).'customcertificate/src/index.php?'.
+                                $my_api_cidreq.'&origin=gradebook&selectcat='.$catobj->get_id().'">'.
+                                Display::return_icon(
+                                    'certificate.png',
+                                    get_lang('AttachCertificate'),
+                                    '',
+                                    ICON_SIZE_MEDIUM
+                                ).'</a>';
+                        } else {
+                            $actionsRight .= '<a href="'.api_get_path(WEB_CODE_PATH).
+                                'document/document.php?curdirpath=/certificates&'.
+                                $my_api_cidreq.'&origin=gradebook&selectcat='.$catobj->get_id().'">'.
+                                Display::return_icon(
+                                    'certificate.png',
+                                    get_lang('AttachCertificate'),
+                                    '',
+                                    ICON_SIZE_MEDIUM
+                                ).'</a>';
+                        }
 
-                    if (empty($categories)) {
-                        $actionsRight .= '<a href="gradebook_edit_all.php?id_session='.api_get_session_id().'&'.$my_api_cidreq.'&selectcat='.$catobj->get_id().'">'.
-                            Display::return_icon('percentage.png', get_lang('EditAllWeights'), '', ICON_SIZE_MEDIUM).'</a>';
-                    }
-                    $score_display_custom = api_get_setting('gradebook_score_display_custom');
-                    if (api_get_setting('teachers_can_change_score_settings') == 'true' && $score_display_custom['my_display_custom'] == 'true') {
-                        $actionsRight .= '<a href="gradebook_scoring_system.php?'.$my_api_cidreq.'&selectcat='.$catobj->get_id().'">'.
-                            Display::return_icon('ranking.png', get_lang('ScoreEdit'), '', ICON_SIZE_MEDIUM).'</a>';
+                        if (empty($categories)) {
+                            $actionsRight .= '<a href="gradebook_edit_all.php?id_session='.api_get_session_id(
+                                ).'&'.$my_api_cidreq.'&selectcat='.$catobj->get_id().'">'.
+                                Display::return_icon(
+                                    'percentage.png',
+                                    get_lang('EditAllWeights'),
+                                    '',
+                                    ICON_SIZE_MEDIUM
+                                ).'</a>';
+                        }
+                        $score_display_custom = api_get_setting('gradebook_score_display_custom');
+                        if (api_get_setting('teachers_can_change_score_settings') == 'true' &&
+                            $score_display_custom['my_display_custom'] == 'true'
+                        ) {
+                            $actionsRight .= '<a href="gradebook_scoring_system.php?'.$my_api_cidreq.'&selectcat='.$catobj->get_id().'">'.
+                                Display::return_icon('ranking.png', get_lang('ScoreEdit'), '', ICON_SIZE_MEDIUM).'</a>';
+                        }
                     }
                 }
             }
@@ -510,14 +539,14 @@ class DisplayGradebook
                 '</a>';
         }
 
-        if (api_is_allowed_to_edit(null, true)) {
+        if (api_is_allowed_to_edit(null, true) || $isCoach) {
             echo $toolbar = Display::toolbarAction(
                 'gradebook-actions',
                 [$actionsLeft, $actionsRight]
             );
         }
 
-        if (api_is_allowed_to_edit(null, true)) {
+        if (api_is_allowed_to_edit(null, true) || $accessToEdit) {
             $weight = intval($catobj->get_weight()) > 0 ? $catobj->get_weight() : 0;
             $weight = '<strong>'.get_lang('TotalWeight').' : </strong>'.$weight;
 
diff --git a/main/gradebook/lib/fe/resulttable.class.php b/main/gradebook/lib/fe/resulttable.class.php
index 41b304ffce..dce8dcbf8d 100755
--- a/main/gradebook/lib/fe/resulttable.class.php
+++ b/main/gradebook/lib/fe/resulttable.class.php
@@ -222,34 +222,34 @@ class ResultTable extends SortableTable
         $locked_status = $this->evaluation->get_locked();
         $allowMultipleAttempts = api_get_configuration_value('gradebook_multiple_evaluation_attempts');
         $baseUrl = api_get_self().'?selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq();
+        $editColumn = '';
         if (api_is_allowed_to_edit(null, true) && $locked_status == 0) {
-            $edit_column = '';
             if ($allowMultipleAttempts) {
                 if (!empty($item['percentage_score'])) {
-                    $edit_column .=
+                    $editColumn .=
                         Display::url(
                             Display::return_icon('add.png', get_lang('AddAttempt'), '', '22'),
                             $baseUrl.'&action=add_attempt&editres='.$item['result_id']
                         );
                 } else {
-                    $edit_column .= '<a href="'.api_get_self().'?editres='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
+                    $editColumn .= '<a href="'.api_get_self().'?editres='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
                         Display::return_icon('edit.png', get_lang('Modify'), '', '22').'</a>';
                 }
             } else {
-                $edit_column .= '<a href="'.api_get_self().'?editres='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
+                $editColumn .= '<a href="'.api_get_self().'?editres='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
                     Display::return_icon('edit.png', get_lang('Modify'), '', '22').'</a>';
             }
-            $edit_column .= ' <a href="'.api_get_self().'?delete_mark='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
+            $editColumn .= ' <a href="'.api_get_self().'?delete_mark='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">'.
                 Display::return_icon('delete.png', get_lang('Delete'), '', '22').'</a>';
         }
 
         if ($this->evaluation->get_course_code() == null) {
-            $edit_column .= '&nbsp;<a href="'.api_get_self().'?resultdelete='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'" onclick="return confirmationuser();">';
-            $edit_column .= Display::return_icon('delete.png', get_lang('Delete'));
-            $edit_column .= '</a>';
-            $edit_column .= '&nbsp;<a href="user_stats.php?userid='.$item['id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">';
-            $edit_column .= Display::return_icon('statistics.gif', get_lang('Statistics'));
-            $edit_column .= '</a>';
+            $editColumn .= '&nbsp;<a href="'.api_get_self().'?resultdelete='.$item['result_id'].'&selecteval='.$this->evaluation->get_id().'" onclick="return confirmationuser();">';
+            $editColumn .= Display::return_icon('delete.png', get_lang('Delete'));
+            $editColumn .= '</a>';
+            $editColumn .= '&nbsp;<a href="user_stats.php?userid='.$item['id'].'&selecteval='.$this->evaluation->get_id().'&'.api_get_cidreq().'">';
+            $editColumn .= Display::return_icon('statistics.gif', get_lang('Statistics'));
+            $editColumn .= '</a>';
         }
 
         // Evaluation's origin is a link
@@ -258,11 +258,11 @@ class ResultTable extends SortableTable
             $doc_url = $link->get_view_url($item['id']);
 
             if ($doc_url != null) {
-                $edit_column .= '&nbsp;<a href="'.$doc_url.'" target="_blank">';
-                $edit_column .= Display::return_icon('link.gif', get_lang('OpenDocument')).'</a>';
+                $editColumn .= '&nbsp;<a href="'.$doc_url.'" target="_blank">';
+                $editColumn .= Display::return_icon('link.gif', get_lang('OpenDocument')).'</a>';
             }
         }
 
-        return $edit_column;
+        return $editColumn;
     }
 }