chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix permissions for DRH see BT#9609

Browse Source
1.9.x
Julio Montoya 11 years ago
parent 6455684115
commit acd19ea361
2 changed files with 11 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/announcements/announcements.inc.php
  2. 24
      main/announcements/announcements.php

7
main/announcements/announcements.inc.php
Unescape View File

@ -152,7 +152,7 @@ class AnnouncementManager
* Displays one specific announcement
* @param int $announcement_id, the id of the announcement you want to display
*/
public static function display_announcement($announcement_id)
public static function display_announcement($announcement_id, $allowToEdit)
{
if ($announcement_id != strval(intval($announcement_id))) {
return false;
@ -164,7 +164,7 @@ class AnnouncementManager
$course_id = api_get_course_int_id();
if (api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
if ($allowToEdit) {
$sql_query = " SELECT announcement.*, toolitemproperties.*
FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties
WHERE announcement.id = toolitemproperties.ref
@ -174,7 +174,6 @@ class AnnouncementManager
toolitemproperties.c_id = $course_id
ORDER BY display_order DESC";
} else {
$group_list = GroupManager::get_group_ids($course_id, api_get_user_id());
if (empty($group_list)) {
$group_list[] = 0;
@ -212,7 +211,7 @@ class AnnouncementManager
echo "<table height=\"100\" width=\"100%\" cellpadding=\"5\" cellspacing=\"0\" class=\"data_table\">";
echo "<tr><td><h2>" . $title . "</h2></td></tr>";
if (api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
if ($allowToEdit) {
$modify_icons = "<a href=\"" . api_get_self() . "?" . api_get_cidreq() . "&action=modify&id=" . $announcement_id . "\">" . Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL) . "</a>";
if ($result['visibility'] == 1) {
$image_visibility = "visible";

24
main/announcements/announcements.php
Unescape View File

@ -40,6 +40,11 @@ $allowToEdit = (
$sessionId = api_get_session_id();
$drhHasAccessToSessionContent = api_get_configuration_value('drh_can_access_all_session_content');
if (!empty($sessionId)) {
$allowToEdit = $allowToEdit && api_is_allowed_to_session_edit(false, true);
}
if (!empty($sessionId) && $drhHasAccessToSessionContent) {
$allowToEdit = $allowToEdit || api_is_drh();
}
@ -87,9 +92,7 @@ $safe_newContent = isset($_POST['newContent']) ? $_POST['newContent'] : null;
$content_to_modify = $title_to_modify = '';
if (!empty($_POST['To'])) {
if (api_get_session_id() != 0 &&
api_is_allowed_to_session_edit(false, true) == false
) {
if (!$allowToEdit) {
api_not_allowed(true);
}
$display_form = true;
@ -132,7 +135,7 @@ $origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null;
if (((!empty($_GET['action']) && $_GET['action'] == 'add') && $_GET['origin'] == "") ||
(!empty($_GET['action']) && $_GET['action'] == 'edit') || !empty($_POST['To'])
) {
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true) == false) {
if (api_get_session_id() != 0 && !$allowToEdit) {
api_not_allowed(true);
}
$display_form = true;
@ -206,9 +209,6 @@ if ($allowToEdit) {
// change visibility -> studentview -> course manager view
if (!isset($_GET['isStudentView']) || $_GET['isStudentView']!='false') {
if (isset($_GET['id']) AND $_GET['id'] AND isset($_GET['action']) AND $_GET['action']=="showhide") {
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
}
if (!api_is_course_coach() || api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $_GET['id'])) {
if ($ctok == $_GET['sec_token']) {
AnnouncementManager::change_visibility_announcement($_course, $_GET['id']);
@ -221,9 +221,6 @@ if ($allowToEdit) {
/* Delete announcement */
if (!empty($_GET['action']) && $_GET['action']=='delete' && isset($_GET['id'])) {
$id = intval($_GET['id']);
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false, true) == false) {
api_not_allowed();
}
if (!api_is_course_coach() || api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $id)) {
// tooledit : visibility = 2 : only visible for platform administrator
@ -262,10 +259,6 @@ if ($allowToEdit) {
/* Modify announcement */
if (!empty($_GET['action']) and $_GET['action']=='modify' AND isset($_GET['id'])) {
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
}
$display_form = true;
// RETRIEVE THE CONTENT OF THE ANNOUNCEMENT TO MODIFY
@ -981,7 +974,6 @@ if ($display_announcement_list) {
} else {
Display::display_warning_message(get_lang('NoAnnouncements'));
}
} else {
$iterator = 1;
$bottomAnnouncement = $announcement_number;
@ -1087,7 +1079,7 @@ if ($display_announcement_list) {
} // end: if ($displayAnnoucementList)
if (isset($_GET['action']) && $_GET['action'] == 'view') {
AnnouncementManager::display_announcement($announcement_id);
AnnouncementManager::display_announcement($announcement_id, $allowToEdit);
}
/* FOOTER */

Write Preview
Loading…
Cancel
Save