diff --git a/main/inc/ajax/announcement.ajax.php b/main/inc/ajax/announcement.ajax.php index bdb7db988d..f0f814095a 100644 --- a/main/inc/ajax/announcement.ajax.php +++ b/main/inc/ajax/announcement.ajax.php @@ -10,6 +10,7 @@ $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null; $isAllowedToEdit = api_is_allowed_to_edit(); $courseInfo = api_get_course_info(); +$courseId = api_get_course_int_id(); $groupId = api_get_group_id(); $sessionId = api_get_session_id(); @@ -35,12 +36,17 @@ switch ($action) { } if ($allowToEdit === false && !empty($groupId)) { - $groupProperties = GroupManager:: get_group_properties($groupId); + $groupProperties = GroupManager::get_group_properties($groupId); // Check if user is tutor group $isTutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupProperties, $courseId); if ($isTutor) { $allowToEdit = true; } + + // Last chance ... students can send announcements. + /*if ($groupProperties['announcements_state'] == GroupManager::TOOL_PRIVATE_BETWEEN_USERS) { + $allowToEdit = true; + }*/ } if ($allowToEdit === false) { diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index f1bc187ac6..ec0a530880 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -8982,11 +8982,17 @@ function api_mail_html( */ function api_protect_course_group($tool, $showHeader = true) { - $userId = api_get_user_id(); $groupId = api_get_group_id(); - $groupInfo = GroupManager::get_group_properties($groupId); + if (!empty($groupId)) { + $userId = api_get_user_id(); + $groupInfo = GroupManager::get_group_properties($groupId); + + // Group doesn't exists + if (empty($groupInfo)) { + api_not_allowed($showHeader); + } - if (!empty($groupInfo)) { + // Check group access $allow = GroupManager::user_has_access( $userId, $groupInfo['iid'],