chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Session : Give access in the session to the export user function for Session's general coach from the resume session page - refs BT#20259

Browse Source
pull/4441/head
Nicolas Ducoulombier 3 years ago
parent 4815485d60
commit 9628c951af
3 changed files with 9 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      main/inc/lib/api.lib.php
  2. 3
      main/session/resume_session.php
  3. 2
      main/user/user_export.php

13
main/inc/lib/api.lib.php
Unescape View File

@ -1328,22 +1328,22 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
* @param bool Whether to allow session admins as well * @param bool Whether to allow session admins as well
* @param bool Whether to allow HR directors as well * @param bool Whether to allow HR directors as well
* @param string An optional message (already passed through get_lang) * @param string An optional message (already passed through get_lang)
* @param bool Whether to allow session coach as well
* *
* @return bool True if user is allowed, false otherwise. * @return bool True if user is allowed, false otherwise.
* The function also outputs an error message in case not allowed * The function also outputs an error message in case not allowed
* *
* @author Roan Embrechts (original author) * @author Roan Embrechts (original author)
*/ */
function api_protect_admin_script($allow_sessions_admins = false, $allow_drh = false, $message = null) function api_protect_admin_script($allow_sessions_admins = false, $allow_drh = false, $message = null, $allow_session_coach = false)
{ {
if (!api_is_platform_admin($allow_sessions_admins, $allow_drh)) { if (!api_is_platform_admin($allow_sessions_admins, $allow_drh)) {
api_not_allowed(true, $message); if (!($allow_session_coach && api_is_coach())) {
api_not_allowed(true, $message);
return false; return false;
}
} }
api_block_inactive_user(); api_block_inactive_user();
return true; return true;
} }
@ -3369,7 +3369,6 @@ function api_is_coach($session_id = 0, $courseId = null, $check_student_view = t
$sessionIsCoach = Database::store_result($result); $sessionIsCoach = Database::store_result($result);
} }
} }
return count($sessionIsCoach) > 0; return count($sessionIsCoach) > 0;
} }

3
main/session/resume_session.php
Unescape View File

@ -8,6 +8,7 @@ use Chamilo\CoreBundle\Entity\Repository\SessionRepository;
use Chamilo\CoreBundle\Entity\SequenceResource; use Chamilo\CoreBundle\Entity\SequenceResource;
use Chamilo\CoreBundle\Entity\Session; use Chamilo\CoreBundle\Entity\Session;
use Chamilo\CoreBundle\Entity\SessionRelCourseRelUser; use Chamilo\CoreBundle\Entity\SessionRelCourseRelUser;
use ChamiloSession as PHPSession;
/** /**
* @author Bart Mollet, Julio Montoya lot of fixes * @author Bart Mollet, Julio Montoya lot of fixes
@ -23,7 +24,7 @@ $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : null;
if (empty($sessionId)) { if (empty($sessionId)) {
api_not_allowed(true); api_not_allowed(true);
} }
PHPSession::write('id_session',$sessionId);
SessionManager::protectSession($sessionId); SessionManager::protectSession($sessionId);
$codePath = api_get_path(WEB_CODE_PATH); $codePath = api_get_path(WEB_CODE_PATH);

2
main/user/user_export.php
Unescape View File

@ -5,7 +5,7 @@
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;
api_protect_admin_script(true, true); api_protect_admin_script(true, true, null, true);
$export = []; $export = [];
$export['file_type'] = isset($_REQUEST['file_type']) ? $_REQUEST['file_type'] : null; $export['file_type'] = isset($_REQUEST['file_type']) ? $_REQUEST['file_type'] : null;

Write Preview
Loading…
Cancel
Save