chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix course/group/session access for DRH and session coaches see BT#16069

Browse Source
pull/2999/head
Julio Montoya 7 years ago
parent 90f9864dea
commit aeb2230bc7
4 changed files with 49 additions and 47 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      main/group/group_space.php
  2. 22
      main/inc/lib/api.lib.php
  3. 28
      main/inc/lib/groupmanager.lib.php
  4. 20
      main/wiki/index.php

26
main/group/group_space.php
Unescape View File

@ -44,17 +44,17 @@ if (!GroupManager::userHasAccessToBrowse($user_id, $current_group, api_get_sessi
* User wants to register in this group
*/
if (!empty($_GET['selfReg']) &&
GroupManager :: is_self_registration_allowed($user_id, $current_group)
GroupManager::is_self_registration_allowed($user_id, $current_group)
) {
GroupManager::subscribe_users($user_id, $current_group);
Display::addFlash(Display::return_message(get_lang('GroupNowMember'), 'normal'));
Display::addFlash(Display::return_message(get_lang('GroupNowMember')));
}
/*
* User wants to unregister from this group
*/
if (!empty($_GET['selfUnReg']) &&
GroupManager :: is_self_unregistration_allowed($user_id, $current_group)
GroupManager::is_self_unregistration_allowed($user_id, $current_group)
) {
GroupManager::unsubscribe_users($user_id, $current_group);
Display::addFlash(
@ -84,9 +84,9 @@ echo '<a href="'.api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq()
* Register to group
*/
$subscribe_group = '';
if (GroupManager :: is_self_registration_allowed($user_id, $current_group)) {
if (GroupManager::is_self_registration_allowed($user_id, $current_group)) {
$subscribe_group = '<a class="btn btn-default" href="'.api_get_self().'?selfReg=1&group_id='.$current_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.
get_lang("RegIntoGroup").'</a>';
get_lang('RegIntoGroup').'</a>';
}
/*
@ -95,7 +95,7 @@ if (GroupManager :: is_self_registration_allowed($user_id, $current_group)) {
$unsubscribe_group = '';
if (GroupManager :: is_self_unregistration_allowed($user_id, $current_group)) {
$unsubscribe_group = '<a class="btn btn-default" href="'.api_get_self().'?selfUnReg=1" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.
get_lang("StudentUnsubscribe").'</a>';
get_lang('StudentUnsubscribe').'</a>';
}
echo '&nbsp;</div>';
@ -103,7 +103,7 @@ echo '&nbsp;</div>';
$edit_url = '';
if (api_is_allowed_to_edit(false, true) ||
GroupManager::is_tutor_of_group(api_get_user_id(), $current_group)
GroupManager::is_tutor_of_group($user_id, $current_group)
) {
$edit_url = '<a href="'.api_get_path(WEB_CODE_PATH).'group/settings.php?'.api_get_cidreq().'">'.
Display::return_icon('edit.png', get_lang('EditGroup'), '', ICON_SIZE_SMALL).'</a>';
@ -117,17 +117,13 @@ if (!empty($current_group['description'])) {
echo '<p>'.Security::remove_XSS($current_group['description']).'</p>';
}
/*
* Group Tools
*/
//if (GroupManager::userHasAccessToBrowse($user_id, $this_group, $session_id)) {
// If the user is subscribed to the group or the user is a tutor of the group then
if (api_is_allowed_to_edit(false, true) ||
GroupManager::is_user_in_group(api_get_user_id(), $current_group)
GroupManager::userHasAccessToBrowse($user_id, $current_group, api_get_session_id())
) {
$actions_array = [];
// Link to the forum of this group
$forums_of_groups = get_forums_of_group($current_group);
if (is_array($forums_of_groups)) {
if ($current_group['forum_state'] != GroupManager::TOOL_NOT_AVAILABLE) {
foreach ($forums_of_groups as $key => $value) {
@ -227,8 +223,6 @@ if (api_is_allowed_to_edit(false, true) ||
}
} else {
$actions_array = [];
// Link to the forum of this group
$forums_of_groups = get_forums_of_group($current_group);
if (is_array($forums_of_groups)) {
if ($current_group['forum_state'] == GroupManager::TOOL_PUBLIC) {
foreach ($forums_of_groups as $key => $value) {

22
main/inc/lib/api.lib.php
Unescape View File

@ -9008,7 +9008,29 @@ function api_protect_course_group($tool, $showHeader = true)
{
$groupId = api_get_group_id();
if (!empty($groupId)) {
if (api_is_platform_admin()) {
return true;
}
if (api_is_allowed_to_edit(false, true, true)) {
return true;
}
$userId = api_get_user_id();
$sessionId = api_get_session_id();
if (!empty($sessionId)) {
if (api_is_coach($sessionId, api_get_course_int_id())) {
return true;
}
if (api_is_drh()) {
if (SessionManager::isUserSubscribedAsHRM($sessionId, $userId)) {
return true;
}
}
}
$groupInfo = GroupManager::get_group_properties($groupId);
// Group doesn't exists

28
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -1966,8 +1966,8 @@ class GroupManager
return false;
}
$user_id = intval($user_id);
$group_id = intval($groupInfo['id']);
$user_id = (int) $user_id;
$group_id = (int) $groupInfo['id'];
$table = Database::get_course_table(TABLE_GROUP_TUTOR);
@ -1979,9 +1979,9 @@ class GroupManager
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
return true;
} else {
return false;
}
return false;
}
/**
@ -2002,12 +2002,16 @@ class GroupManager
public static function is_user_in_group($user_id, $groupInfo)
{
$member = self::is_subscribed($user_id, $groupInfo);
if ($member) {
return true;
}
$tutor = self::is_tutor_of_group($user_id, $groupInfo);
if ($member || $tutor) {
if ($tutor) {
return true;
} else {
return false;
}
return false;
}
/**
@ -2073,7 +2077,7 @@ class GroupManager
}
// Course admin also have access to everything
if (api_is_allowed_to_edit()) {
if (api_is_allowed_to_edit(false, true, true)) {
return true;
}
@ -2118,10 +2122,6 @@ class GroupManager
return false;
}
if (api_is_allowed_to_edit(false, true)) {
return true;
}
$status = $groupInfo[$key];
switch ($status) {
@ -2183,9 +2183,7 @@ class GroupManager
}
$groupId = $groupInfo['iid'];
$tutors = self::get_subscribed_tutors($groupInfo, true);
if (in_array($userId, $tutors)) {
if (self::is_tutor_of_group($userId, $groupInfo)) {
return true;
}

20
main/wiki/index.php
Unescape View File

@ -22,7 +22,6 @@ $current_course_tool = TOOL_WIKI;
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
$condition_session = api_get_session_condition($session_id);
$course_id = api_get_course_int_id();
$groupId = api_get_group_id();
// additional style information
@ -55,29 +54,18 @@ api_protect_course_script();
api_block_anonymous_users();
api_protect_course_group(GroupManager::GROUP_TOOL_WIKI);
/* TRACKING */
Event::event_access_tool(TOOL_WIKI);
if ($groupId) {
$group_properties = GroupManager::get_group_properties($groupId);
$interbreadcrumb[] = [
"url" => api_get_path(WEB_CODE_PATH)."group/group.php?".api_get_cidreq(),
"name" => get_lang('Groups'),
'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
'name' => get_lang('Groups'),
];
$interbreadcrumb[] = [
"url" => api_get_path(WEB_CODE_PATH)."group/group_space.php?".api_get_cidreq(),
"name" => get_lang('GroupSpace').' '.Security::remove_XSS($group_properties['name']),
'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
'name' => get_lang('GroupSpace').' '.Security::remove_XSS($group_properties['name']),
];
//ensure this tool in groups whe it's private or deactivated
if ($group_properties['wiki_state'] == 0) {
api_not_allowed();
} elseif ($group_properties['wiki_state'] == 2) {
if (!api_is_allowed_to_edit(false, true) and
!GroupManager :: is_user_in_group(api_get_user_id(), $group_properties)
) {
api_not_allowed();
}
}
}
$is_allowed_to_edit = api_is_allowed_to_edit(false, true);

Write Preview
Loading…
Cancel
Save