From 9d0e3b74cea59ef4dbec4c7f3c55b1900169178e Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Mon, 17 Apr 2017 10:32:12 -0500 Subject: [PATCH] Avoid show link to survey when access is not allowed - refs BT#12554 --- main/survey/reporting.php | 11 ++++++----- main/survey/surveyUtil.class.php | 25 +++++++++++++++++++++---- main/survey/survey_list.php | 8 +++----- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/main/survey/reporting.php b/main/survey/reporting.php index 8425627409..fbfee2b96f 100755 --- a/main/survey/reporting.php +++ b/main/survey/reporting.php @@ -88,13 +88,14 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh( /** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/ if (!api_is_allowed_to_edit(false, true) || $isDrhOfCourse) { - Display :: display_header(get_lang('ToolSurvey')); // Show error message if the survey can be seen only by tutors - if ($survey_data['visible_results'] != SURVEY_VISIBLE_TUTOR) { - SurveyUtil::handle_reporting_actions($survey_data, $people_filled); - } else { - Display :: display_error_message(get_lang('NotAllowed'), false); + if ($survey_data['visible_results'] == SURVEY_VISIBLE_TUTOR) { + api_not_allowed(true); + exit; } + + Display :: display_header(get_lang('ToolSurvey')); + SurveyUtil::handle_reporting_actions($survey_data, $people_filled); Display :: display_footer(); exit; } diff --git a/main/survey/surveyUtil.class.php b/main/survey/surveyUtil.class.php index bea0ed1ef9..3fae422763 100755 --- a/main/survey/surveyUtil.class.php +++ b/main/survey/surveyUtil.class.php @@ -2956,10 +2956,13 @@ class SurveyUtil } echo ''; + echo ''; echo ''; echo ' '; - echo ' '; + echo ' '; echo ''; + echo ''; + echo ''; $now = api_get_utc_datetime(); @@ -2987,15 +2990,29 @@ class SurveyUtil echo Display::return_icon('statistics.png', get_lang('CreateNewSurvey'), array(),ICON_SIZE_TINY); echo ''.$row['title'].''; } else { + $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh($user_id, $_course); + $icon = Display::return_icon('statistics_na.png', get_lang('Survey'), array(), ICON_SIZE_TINY); + $showLink = (!api_is_allowed_to_edit(false, true) || $isDrhOfCourse) + && $row['visible_results'] != SURVEY_VISIBLE_TUTOR; + echo ''; + echo $showLink + ? Display::url( + $icon.PHP_EOL.$row['title'], + api_get_path(WEB_CODE_PATH).'survey/reporting.php?'.api_get_cidreq().'&'.http_build_query([ + 'action' => 'questionreport', + 'survey_id' => $row['survey_id'] + ]) + ) + : $icon.PHP_EOL.$row['title']; + echo ''; } - echo ''; echo ''; } + echo ''; echo '
'.get_lang('SurveyName').''.get_lang('Anonymous').''.get_lang('Anonymous').'
'; - echo Display::return_icon('statistics_na.png', get_lang('CreateNewSurvey'), array(),ICON_SIZE_TINY); - echo ''.$row['title'].''; + echo ''; echo ($row['anonymous'] == 1) ? get_lang('Yes') : get_lang('No'); echo '
'; } diff --git a/main/survey/survey_list.php b/main/survey/survey_list.php index c3dcc79c2f..d4e2697bce 100755 --- a/main/survey/survey_list.php +++ b/main/survey/survey_list.php @@ -19,6 +19,7 @@ if (!isset($_GET['cidReq'])) { require_once __DIR__.'/../inc/global.inc.php'; $this_section = SECTION_COURSES; $current_course_tool = TOOL_SURVEY; +$currentUserId = api_get_user_id(); api_protect_course_script(true); $action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null; @@ -32,10 +33,7 @@ Event::event_access_tool(TOOL_SURVEY); */ $courseInfo = api_get_course_info(); -$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh( - api_get_user_id(), - $courseInfo -); +$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh($currentUserId, $courseInfo); if ($isDrhOfCourse) { Display::display_header(get_lang('SurveyList')); @@ -47,7 +45,7 @@ if ($isDrhOfCourse) { if (!api_is_allowed_to_edit(false, true)) { // Coach can see this Display::display_header(get_lang('SurveyList')); - SurveyUtil::getSurveyList(api_get_user_id()); + SurveyUtil::getSurveyList($currentUserId); Display::display_footer(); exit; }