From 8e8b6cf1f57c03c410939f637b4b76200121acb3 Mon Sep 17 00:00:00 2001 From: Christian Date: Mon, 3 Oct 2022 21:05:27 -0500 Subject: [PATCH] Users - Allow susbcriptions drh to session and courses, access to see other students reporting - refs BT#20249 --- main/admin/subscribe_user2course.php | 14 +- main/admin/user_edit.php | 220 +++++++++++++------------- main/inc/lib/sessionmanager.lib.php | 4 +- main/inc/lib/tracking.lib.php | 74 ++++----- main/install/configuration.dist.php | 3 + main/mySpace/myStudents.php | 3 +- main/mySpace/student.php | 6 +- main/mySpace/users.php | 3 +- main/session/add_users_to_session.php | 23 +-- 9 files changed, 163 insertions(+), 187 deletions(-) diff --git a/main/admin/subscribe_user2course.php b/main/admin/subscribe_user2course.php index ecb57e269b..66d2e552a5 100755 --- a/main/admin/subscribe_user2course.php +++ b/main/admin/subscribe_user2course.php @@ -92,23 +92,13 @@ if (isset($_POST['form_sent']) && $_POST['form_sent']) { if (count($users) == 0 || count($courses) == 0) { echo Display::return_message(get_lang('AtLeastOneUserAndOneCourse'), 'error'); } else { - $errorDrh = 0; foreach ($courses as $course_code) { foreach ($users as $user_id) { $user = api_get_user_info($user_id); - if ($user['status'] != DRH) { - CourseManager::subscribeUser($user_id, $course_code); - } else { - $errorDrh = 1; - } + CourseManager::subscribeUser($user_id, $course_code); } } - - if ($errorDrh == 0) { - echo Display::return_message(get_lang('UsersAreSubscibedToCourse'), 'confirm'); - } else { - echo Display::return_message(get_lang('HumanResourcesManagerShouldNotBeRegisteredToCourses'), 'error'); - } + echo Display::return_message(get_lang('UsersAreSubscibedToCourse'), 'confirm'); } } } diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php index 1a84aebff7..0eb5078f4a 100755 --- a/main/admin/user_edit.php +++ b/main/admin/user_edit.php @@ -419,136 +419,128 @@ if ($form->validate()) { $is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']); - if ($user['status'] == DRH && $is_user_subscribed_in_course) { - $error_drh = true; - } else { - $picture_element = $form->getElement('picture'); - $picture = $picture_element->getValue(); - - $picture_uri = $user_data['picture_uri']; - if (isset($user['delete_picture']) && $user['delete_picture']) { - $picture_uri = UserManager::deleteUserPicture($user_id); - } elseif (!empty($picture['name'])) { - $picture_uri = UserManager::update_user_picture( - $user_id, - $_FILES['picture']['name'], - $_FILES['picture']['tmp_name'], - $user['picture_crop_result'] - ); - } - - $lastname = $user['lastname']; - $firstname = $user['firstname']; - $password = $user['password']; - $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source']; - $official_code = $user['official_code']; - $email = $user['email']; - $phone = $user['phone']; - $username = isset($user['username']) ? $user['username'] : $userInfo['username']; - $status = (int) $user['status']; - $platform_admin = 0; - // Only platform admin can change user status to admin. - if (api_is_platform_admin()) { - $platform_admin = (int) $user['platform_admin']; - } + $picture_element = $form->getElement('picture'); + $picture = $picture_element->getValue(); + + $picture_uri = $user_data['picture_uri']; + if (isset($user['delete_picture']) && $user['delete_picture']) { + $picture_uri = UserManager::deleteUserPicture($user_id); + } elseif (!empty($picture['name'])) { + $picture_uri = UserManager::update_user_picture( + $user_id, + $_FILES['picture']['name'], + $_FILES['picture']['tmp_name'], + $user['picture_crop_result'] + ); + } - $send_mail = (int) $user['send_mail']; - $reset_password = (int) $user['reset_password']; - $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null; - $language = $user['language']; - $address = isset($user['address']) ? $user['address'] : null; + $lastname = $user['lastname']; + $firstname = $user['firstname']; + $password = $user['password']; + $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source']; + $official_code = $user['official_code']; + $email = $user['email']; + $phone = $user['phone']; + $username = isset($user['username']) ? $user['username'] : $userInfo['username']; + $status = (int) $user['status']; + $platform_admin = 0; + // Only platform admin can change user status to admin. + if (api_is_platform_admin()) { + $platform_admin = (int) $user['platform_admin']; + } - $expiration_date = null; - if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') { - $expiration_date = $user['expiration_date']; - } + $send_mail = (int) $user['send_mail']; + $reset_password = (int) $user['reset_password']; + $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null; + $language = $user['language']; + $address = isset($user['address']) ? $user['address'] : null; - $active = $user_data['platform_admin'] ? 1 : intval($user['active']); + $expiration_date = null; + if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') { + $expiration_date = $user['expiration_date']; + } - //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1 - if ($platform_admin == 1) { - $status = COURSEMANAGER; - } + $active = $user_data['platform_admin'] ? 1 : intval($user['active']); - if (api_get_setting('login_is_email') === 'true') { - $username = $email; - } + //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1 + if ($platform_admin == 1) { + $status = COURSEMANAGER; + } - $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; + if (api_get_setting('login_is_email') === 'true') { + $username = $email; + } - UserManager::update_user( - $user_id, - $firstname, - $lastname, - $username, - $password, - $auth_source, - $email, - $status, - $official_code, - $phone, - $picture_uri, - $expiration_date, - $active, - null, - $hr_dept_id, - null, - $language, - null, - $send_mail, - $reset_password, - $address, - $template - ); + $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; + + UserManager::update_user( + $user_id, + $firstname, + $lastname, + $username, + $password, + $auth_source, + $email, + $status, + $official_code, + $phone, + $picture_uri, + $expiration_date, + $active, + null, + $hr_dept_id, + null, + $language, + null, + $send_mail, + $reset_password, + $address, + $template + ); - $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : []; - UserManager::subscribeUserToBossList( - $user_id, - $studentBossListSent, - true - ); + $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : []; + UserManager::subscribeUserToBossList( + $user_id, + $studentBossListSent, + true + ); - if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) { - $up = UserManager::update_openid($user_id, $user['openid']); - } + if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) { + $up = UserManager::update_openid($user_id, $user['openid']); + } - $currentUserId = api_get_user_id(); - if ($user_id != $currentUserId) { - $userObj = api_get_user_entity($user_id); - if ($platform_admin == 1) { - UserManager::addUserAsAdmin($userObj); - } else { - UserManager::removeUserAdmin($userObj); - } + $currentUserId = api_get_user_id(); + if ($user_id != $currentUserId) { + $userObj = api_get_user_entity($user_id); + if ($platform_admin == 1) { + UserManager::addUserAsAdmin($userObj); + } else { + UserManager::removeUserAdmin($userObj); } + } - // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed - if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) { - $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check'); - if (isset($user['extra_'.$extraToCheck])) { - $extraValueToCheck = $user['extra_'.$extraToCheck]; - UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck); - } + // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed + if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) { + $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check'); + if (isset($user['extra_'.$extraToCheck])) { + $extraValueToCheck = $user['extra_'.$extraToCheck]; + UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck); } + } - $extraFieldValue = new ExtraFieldValue('user'); - $extraFieldValue->saveFieldValues($user); - $userInfo = api_get_user_info($user_id); - $message = get_lang('UserUpdated').': '.Display::url( - $userInfo['complete_name_with_username'], - api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id - ); + $extraFieldValue = new ExtraFieldValue('user'); + $extraFieldValue->saveFieldValues($user); + $userInfo = api_get_user_info($user_id); + $message = get_lang('UserUpdated').': '.Display::url( + $userInfo['complete_name_with_username'], + api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id + ); - Session::erase('system_timezone'); + Session::erase('system_timezone'); - Display::addFlash(Display::return_message($message, 'normal', false)); - header('Location: user_list.php'); - exit(); - } -} - -if ($error_drh) { - Display::addFlash(Display::return_message(get_lang('StatusCanNotBeChangedToHumanResourcesManager'), 'error')); + Display::addFlash(Display::return_message($message, 'normal', false)); + header('Location: user_list.php'); + exit(); } $actions = [ diff --git a/main/inc/lib/sessionmanager.lib.php b/main/inc/lib/sessionmanager.lib.php index a90f8da86b..5337ee04bd 100755 --- a/main/inc/lib/sessionmanager.lib.php +++ b/main/inc/lib/sessionmanager.lib.php @@ -6500,9 +6500,9 @@ class SessionManager ) { $userId = api_get_user_id(); $drhLoaded = false; - + $drhCanAccessAllStudents = (api_drh_can_access_all_session_content() || api_get_configuration_value('drh_allow_access_to_all_students')); if (api_is_drh()) { - if (api_drh_can_access_all_session_content()) { + if ($drhCanAccessAllStudents) { $count = self::getAllUsersFromCoursesFromAllSessionFromStatus( 'drh_all', $userId, diff --git a/main/inc/lib/tracking.lib.php b/main/inc/lib/tracking.lib.php index 9ff5947ba3..48533936f2 100755 --- a/main/inc/lib/tracking.lib.php +++ b/main/inc/lib/tracking.lib.php @@ -2137,31 +2137,9 @@ class Tracking $courseCount = 0; $assignedCourseCount = 0; $checkSessionVisibility = api_get_configuration_value('show_users_in_active_sessions_in_tracking'); + $allowDhrAccessToAllStudents = api_get_configuration_value('drh_allow_access_to_all_students'); if (api_is_drh() && api_drh_can_access_all_session_content()) { - $studentList = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus( - 'drh_all', - $userId, - false, - null, - null, - null, - null, - null, - null, - null, - [], - [], - STUDENT - ); - - $students = []; - if (is_array($studentList)) { - foreach ($studentList as $studentData) { - $students[] = $studentData['user_id']; - } - } - $studentBossesList = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus( 'drh_all', $userId, @@ -2266,22 +2244,40 @@ class Tracking false ); } else { - $studentList = UserManager::getUsersFollowedByUser( - $userId, - STUDENT, - false, - false, - false, - null, - null, - null, - null, - null, - null, - COURSEMANAGER, - null, - $checkSessionVisibility - ); + if (api_is_drh() && $allowDhrAccessToAllStudents) { + $studentList = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus( + 'drh_all', + $userId, + false, + null, + null, + null, + null, + null, + null, + null, + [], + [], + STUDENT + ); + } else { + $studentList = UserManager::getUsersFollowedByUser( + $userId, + STUDENT, + false, + false, + false, + null, + null, + null, + null, + null, + null, + COURSEMANAGER, + null, + $checkSessionVisibility + ); + } $students = []; if (is_array($studentList)) { diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php index dfa64f5942..2f48b07ace 100755 --- a/main/install/configuration.dist.php +++ b/main/install/configuration.dist.php @@ -2296,6 +2296,9 @@ INSERT INTO `extra_field` (`extra_field_type`, `field_type`, `variable`, `displa // Disable the possibility for teachers to edit course visibility //$_configuration['course_visibility_change_only_admin'] = false; +// Allow DRH user to access all students from reporting. +// $_configuration['drh_allow_access_to_all_students'] = false; + // KEEP THIS AT THE END // -------- Custom DB changes // Add user activation by confirmation email diff --git a/main/mySpace/myStudents.php b/main/mySpace/myStudents.php index adb2b25ec1..81c2e11594 100755 --- a/main/mySpace/myStudents.php +++ b/main/mySpace/myStudents.php @@ -681,10 +681,11 @@ while ($row = Database::fetch_array($rs, 'ASSOC')) { } $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), $courseInfo); +$drhCanAccessAllStudents = (api_drh_can_access_all_session_content() || api_get_configuration_value('drh_allow_access_to_all_students')); if (api_is_drh() && !api_is_platform_admin()) { if (!empty($student_id)) { - if (api_drh_can_access_all_session_content()) { + if ($drhCanAccessAllStudents) { } else { if (!$isDrhOfCourse) { if (api_is_drh() && diff --git a/main/mySpace/student.php b/main/mySpace/student.php index 6b743eb034..c735cebd70 100755 --- a/main/mySpace/student.php +++ b/main/mySpace/student.php @@ -73,7 +73,8 @@ function get_users($from, $limit, $column, $direction): array $students = []; if (api_is_drh()) { - if (api_drh_can_access_all_session_content()) { + $allowDhrAccessToAllStudents = api_get_configuration_value('drh_allow_access_to_all_students'); + if (api_drh_can_access_all_session_content() || $allowDhrAccessToAllStudents) { $students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus( 'drh_all', api_get_user_id(), @@ -233,8 +234,9 @@ function get_users($from, $limit, $column, $direction): array ['id' => 'details_'.$student_data['username']] ); + $userIsFollowed = UserManager::is_user_followed_by_drh($student_id, api_get_user_id()); $lostPasswordLink = ''; - if (api_is_drh() || api_is_platform_admin()) { + if ((api_is_drh() && $userIsFollowed) || api_is_platform_admin()) { $lostPasswordLink = ' '.Display::url( Display::return_icon('edit.png', get_lang('Edit')), $webCodePath.'mySpace/user_edit.php?user_id='.$student_id diff --git a/main/mySpace/users.php b/main/mySpace/users.php index 95300b5515..ef02b156f3 100755 --- a/main/mySpace/users.php +++ b/main/mySpace/users.php @@ -83,9 +83,10 @@ function get_users($from, $limit, $column, $direction) $is_western_name_order = api_is_western_name_order(); $coach_id = api_get_user_id(); $drhLoaded = false; + $drhCanAccessAllStudents = (api_drh_can_access_all_session_content() || api_get_configuration_value('drh_allow_access_to_all_students')); if (api_is_drh()) { - if (api_drh_can_access_all_session_content()) { + if ($drhCanAccessAllStudents) { $students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus( 'drh_all', api_get_user_id(), diff --git a/main/session/add_users_to_session.php b/main/session/add_users_to_session.php index 82503fbb68..394404da59 100644 --- a/main/session/add_users_to_session.php +++ b/main/session/add_users_to_session.php @@ -134,7 +134,6 @@ function search_users($needle, $type) OR firstname LIKE '$needle%' ) AND user.status <> 6 - AND user.status <> ".DRH." $order_clause LIMIT 11 "; break; @@ -144,7 +143,6 @@ function search_users($needle, $type) FROM $tbl_user user WHERE lastname LIKE '$needle%' - AND user.status <> ".DRH." AND user.status <> 6 $cond_user_id $order_clause "; @@ -156,7 +154,6 @@ function search_users($needle, $type) LEFT OUTER JOIN $tbl_session_rel_user s ON (s.user_id = user.id) WHERE s.user_id IS NULL - AND user.status <> ".DRH." AND user.status <> 6 $cond_user_id $order_clause "; @@ -177,12 +174,11 @@ function search_users($needle, $type) WHERE access_url_id = '$access_url_id' AND ( - username LIKE '$needle%' OR - lastname LIKE '$needle%' OR + username LIKE '$needle%' OR + lastname LIKE '$needle%' OR firstname LIKE '$needle%' - ) AND - user.status <> 6 AND - user.status <> ".DRH." + ) AND + user.status <> 6 $order_clause LIMIT 11 "; break; @@ -194,7 +190,6 @@ function search_users($needle, $type) WHERE access_url_id = $access_url_id AND lastname LIKE '$needle%' - AND user.status <> ".DRH." AND user.status <> 6 $cond_user_id $order_clause "; @@ -210,7 +205,6 @@ function search_users($needle, $type) WHERE access_url_id = $access_url_id AND s.user_id IS null - AND user.status <> ".DRH." AND user.status <> 6 $cond_user_id $order_clause "; @@ -278,7 +272,7 @@ function add_user_to_session (code, content) { } destination.options[destination.length] = new Option(content,code); destination.selectedIndex = -1; - + $("#remove_user").show(); sortOptions(destination.options); } @@ -451,7 +445,6 @@ if ($ajax_search) { AND su.session_id = $id_session AND su.relation_type <> ".SESSION_RELATION_TYPE_RRHH." $where_filter - AND u.status <> ".DRH." AND u.status <> 6 $order_clause "; @@ -463,7 +456,7 @@ if ($ajax_search) { ON su.user_id = u.id AND su.session_id = $id_session AND su.relation_type <> ".SESSION_RELATION_TYPE_RRHH." - WHERE u.status <> ".DRH." AND u.status <> 6 + WHERE u.status <> 6 $order_clause "; } @@ -481,7 +474,6 @@ if ($ajax_search) { INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id = u.id) WHERE access_url_id = $access_url_id $where_filter - AND u.status <> ".DRH." AND u.status<>6 $order_clause "; @@ -512,7 +504,7 @@ if ($ajax_search) { ON $tbl_session_rel_user.user_id = u.id AND $tbl_session_rel_user.session_id = $id_session AND $tbl_session_rel_user.relation_type <> ".SESSION_RELATION_TYPE_RRHH." - WHERE u.status <> ".DRH." AND u.status <> 6 $order_clause + WHERE u.status <> 6 $order_clause "; if (api_is_multiple_url_enabled()) { @@ -528,7 +520,6 @@ if ($ajax_search) { AND $tbl_session_rel_user.relation_type <> ".SESSION_RELATION_TYPE_RRHH." INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id = u.id) WHERE access_url_id = $access_url_id - AND u.status <> ".DRH." AND u.status <> 6 $order_clause ";