From 7bbef3b050129afca5c6fa155ea79c0a01efbdb5 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Fri, 24 May 2013 18:23:24 +0200
Subject: [PATCH] Auto subscription is only allow for "open to members" and
 "open to the world" courses see #5698

---
 main/auth/courses_controller.php | 45 ++++++++++++++++++--------------
 main/inc/lib/course.lib.php      |  4 +--
 main/inc/lib/main_api.lib.php    |  2 +-
 3 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/main/auth/courses_controller.php b/main/auth/courses_controller.php
index 747e13b237..4ea8f6b29c 100644
--- a/main/auth/courses_controller.php
+++ b/main/auth/courses_controller.php
@@ -18,7 +18,7 @@ class CoursesController { // extends Controller {
     /**
      * Constructor
      */
-    public function __construct() {		
+    public function __construct() {
         $this->toolname = 'auth';
         $actived_theme_path = api_get_template();
         $this->view = new View($this->toolname, $actived_theme_path);
@@ -34,7 +34,7 @@ class CoursesController { // extends Controller {
     public function courses_list($action, $message = '') {
         $data = array();
         $user_id = api_get_user_id();
-        
+
         $data['user_courses']             = $this->model->get_courses_of_user($user_id);
         $data['user_course_categories']   = $this->model->get_user_course_categories();
         $data['courses_in_category']      = $this->model->get_courses_in_category();
@@ -60,7 +60,7 @@ class CoursesController { // extends Controller {
      * @param string    error message(optional)
      */
     public function categories_list($action, $message='', $error='') {
-        $data = array();            
+        $data = array();
         $data['user_course_categories'] = $this->model->get_user_course_categories();
         $data['action'] = $action;
         $data['message'] = $message;
@@ -81,23 +81,23 @@ class CoursesController { // extends Controller {
      */
     public function courses_categories($action, $category_code = null, $message = '', $error = '', $content = null) {
         $data = array();
-        $browse_course_categories = $this->model->browse_course_categories();        
-        
+        $browse_course_categories = $this->model->browse_course_categories();
+
         if ($action == 'display_random_courses') {
             $data['browse_courses_in_category'] = $this->model->browse_courses_in_category(null, 10);
         } else {
             if (!isset($category_code)) {
                 $category_code = $browse_course_categories[0][1]['code']; // by default first category
-            }            
+            }
             $data['browse_courses_in_category'] = $this->model->browse_courses_in_category($category_code);
         }
-        
+
         $data['browse_course_categories'] = $browse_course_categories;
         $data['code'] = Security::remove_XSS($category_code);
 
         // getting all the courses to which the user is subscribed to
         $curr_user_id = api_get_user_id();
-        $user_courses = $this->model->get_courses_of_user($curr_user_id);            
+        $user_courses = $this->model->get_courses_of_user($curr_user_id);
         $user_coursecodes = array();
 
         // we need only the course codes as these will be used to match against the courses of the category
@@ -106,14 +106,14 @@ class CoursesController { // extends Controller {
                 $user_coursecodes[] = $value['code'];
             }
         }
-        
+
         if (api_is_drh()) {
             $courses = CourseManager::get_courses_followed_by_drh(api_get_user_id());
             foreach ($courses as $course) {
                 $user_coursecodes[] = $course['code'];
-            }            
+            }
         }
-        
+
         $data['user_coursecodes'] = $user_coursecodes;
         $data['action']           = $action;
         $data['message']          = $message;
@@ -167,19 +167,26 @@ class CoursesController { // extends Controller {
     }
 
     /**
-     *
+     * Auto user subcription to a course
      */
     public function subscribe_user($course_code, $search_term, $category_code) {
         $data = array();
-        $result = $this->model->subscribe_user($course_code);
-        if (!$result) {
-            $error = get_lang('CourseRegistrationCodeIncorrect');
+        $courseInfo = api_get_course_info($course_code);
+        // The course must be open in order to access the auto subscription
+        if (in_array($courseInfo['visibility'], array(COURSE_VISIBILITY_CLOSED, COURSE_VISIBILITY_REGISTERED))) {
+            $error = get_lang('SubscribingNotAllowed');
+            //$message = get_lang('SubscribingNotAllowed');
         } else {
-            //Redirect directly to the course after subscription
-            $message = $result['message'];
-            $content = $result['content'];
+            $result = $this->model->subscribe_user($course_code);
+            if (!$result) {
+                $error = get_lang('CourseRegistrationCodeIncorrect');
+            } else {
+                //Redirect directly to the course after subscription
+                $message = $result['message'];
+                $content = $result['content'];
+            }
         }
-        
+
         if (!empty($search_term)) {
             $this->search_courses($search_term, $message, $error);
         } else {
diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php
index 1e7cd6cb86..1ced21b2bf 100644
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@@ -3967,8 +3967,8 @@ class CourseManager {
         if (!api_is_anonymous($uid) &&
             !$is_admin &&
             (
-                ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM) ||
-                $course['visibility'] == COURSE_VISIBILITY_REGISTERED && $course['subscribe'] == SUBSCRIBE_ALLOWED
+                ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM)
+                //$course['visibility'] == COURSE_VISIBILITY_REGISTERED && $course['subscribe'] == SUBSCRIBE_ALLOWED
             ) &&
             $course['subscribe'] == SUBSCRIBE_ALLOWED &&
             (!in_array($course['real_id'], $user_courses) || empty($user_courses))
diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index 727c0c543c..9d78cd425a 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -58,7 +58,7 @@ $_status_list[ANONYMOUS]        = 'anonymous';      // 6
 // COURSE VISIBILITY CONSTANTS
 /** only visible for course admin */
 define('COURSE_VISIBILITY_CLOSED', 0);
-/** only visible for users registered in the course*/
+/** only visible for users registered in the course */
 define('COURSE_VISIBILITY_REGISTERED', 1);
 /** Open for all registered users on the platform */
 define('COURSE_VISIBILITY_OPEN_PLATFORM', 2);