Fix create course permission, improve api_is_allowed_to_create_course see #8475

9 years ago · b45215f417
parent a1a7dfcd94
commit b45215f417
4 changed files with 33 additions and 32 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -608,7 +608,7 @@ if ($form->validate()) {
        $values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH);
    }

-    if (api_get_setting('allow_registration_as_teacher') == 'false') {
+    if (api_get_setting('allow_registration_as_teacher') === 'false') {
        $values['status'] = STUDENT;
    }

@ -621,7 +621,7 @@ if ($form->validate()) {
    }

    if ($user_already_registered_show_terms &&
-        api_get_setting('allow_terms_conditions') == 'true'
+        api_get_setting('allow_terms_conditions') === 'true'
    ) {
        $user_id = $_SESSION['term_and_condition']['user_id'];
        $is_admin = UserManager::is_admin($user_id);
@ -761,7 +761,6 @@ if ($form->validate()) {

            /* If the account has to be approved then we set the account to inactive,
            sent a mail to the platform admin and exit the page.*/
-
            if (api_get_setting('allow_registration') === 'approval') {
                $TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
                // 1. set account inactive
@ -833,14 +832,21 @@ if ($form->validate()) {
                    $bossList = array_column($bossList, 'boss_id');
                    $currentUserInfo = api_get_user_info($user_id);
                    foreach ($bossList as $bossId) {
-                        $subjectEmail = sprintf(get_lang('UserXSignedTheAgreement'), $currentUserInfo['complete_name']);
+                        $subjectEmail = sprintf(
+                            get_lang('UserXSignedTheAgreement'),
+                            $currentUserInfo['complete_name']
+                        );
                        $contentEmail = sprintf(
                            get_lang('UserXSignedTheAgreementTheY'),
                            $currentUserInfo['complete_name'],
                            api_get_local_time($time)
                        );

-                        MessageManager::send_message_simple($bossId, $subjectEmail, $contentEmail);
+                        MessageManager::send_message_simple(
+                            $bossId,
+                            $subjectEmail,
+                            $contentEmail
+                        );
                    }
                }
            }
@ -855,10 +861,11 @@ if ($form->validate()) {
    $_user['mail'] = $values['email'];
    $_user['language'] = $values['language'];
    $_user['user_id'] = $user_id;
+    Session::write('_user', $_user);
+
    $is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1;
-    $usersCanCreateCourse = api_get_setting('allow_users_to_create_courses') === 'true';
+    $usersCanCreateCourse = api_is_allowed_to_create_course();

-    Session::write('_user', $_user);
    Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);

    // Stats
--- a/main/create_course/add_course.php
+++ b/main/create_course/add_course.php
@ -15,9 +15,14 @@
 // Flag forcing the "current course" reset.
 $cidReset = true;

-// Including the global initialization file.
 require_once '../inc/global.inc.php';

+// Check access rights.
+if (!api_is_allowed_to_create_course()) {
+    api_not_allowed(true);
+    exit;
+}
+
 // Section for the tabs.
 $this_section = SECTION_COURSES;

@ -48,16 +53,6 @@ $tool_name = $course_validation_feature ? get_lang('CreateCourseRequest') : get_

 $tpl = new Template($tool_name);

-if (api_get_setting('allow_users_to_create_courses') === 'false' && !api_is_platform_admin()) {
-    api_not_allowed(true);
-}
-
-// Check access rights.
-if (!api_is_allowed_to_create_course()) {
-    api_not_allowed(true);
-    exit;
-}
-
 // Build the form.
 $form = new FormValidator('add_course');

--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@ -2446,6 +2446,15 @@ function api_is_allowed_to_create_course()
        return true;
    }

+    // Teachers can only create courses
+    if (api_is_teacher()) {
+        if (api_get_setting('allow_users_to_create_courses') === 'true') {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
    return Session::read('is_allowedCreateCourse');
 }

--- a/main/inc/lib/userportal.lib.php
+++ b/main/inc/lib/userportal.lib.php
@ -198,7 +198,7 @@ class IndexManager
                    $show_course_link = true;
                }

-                if (api_get_setting('allow_users_to_create_courses') === 'true') {
+                if (api_is_allowed_to_create_course()) {
                    $show_create_link = true;
                }
            }
@ -1022,22 +1022,12 @@ class IndexManager
        $show_create_link = false;
        $show_course_link = false;

-        if (!api_is_anonymous()) {
-            if (api_get_setting('allow_users_to_create_courses') === 'true') {
-                $show_create_link = true;
-            } else {
-                if (api_is_allowed_to_create_course()) {
-                    $show_create_link = true;
-                }
-            }
+        if (api_is_allowed_to_create_course()) {
+            $show_create_link = true;
        }

-        if (api_is_course_admin() || api_is_allowed_to_create_course()) {
+        if (api_get_setting('allow_students_to_browse_courses') === 'true') {
            $show_course_link = true;
-        } else {
-            if (api_get_setting('allow_students_to_browse_courses') === 'true') {
-                $show_course_link = true;
-            }
        }

        // My account section