From b74301c24d8727b73e3a3ea6d2102a4d059e8c60 Mon Sep 17 00:00:00 2001 From: jmontoyaa Date: Fri, 19 May 2017 12:21:05 +0200 Subject: [PATCH] Block group category CRUD if inside session see BT#12671 --- main/group/group.php | 20 ++++++++++++-------- main/group/group_category.php | 8 +++++++- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/main/group/group.php b/main/group/group.php index 55228234e5..d8f4d3040a 100755 --- a/main/group/group.php +++ b/main/group/group.php @@ -22,6 +22,8 @@ $is_allowed_in_course = api_is_allowed_in_course(); $userId = api_get_user_id(); $this_section = SECTION_COURSES; $current_course_tool = TOOL_GROUP; +$course_id = api_get_course_int_id(); +$sessionId = api_get_session_id(); // Notice for unauthorized people. api_protect_course_script(true); @@ -37,7 +39,6 @@ $(document).ready( function() { }); '; $nameTools = get_lang('GroupManagement'); -$course_id = api_get_course_int_id(); /* * Self-registration and un-registration @@ -161,10 +162,14 @@ if (api_is_allowed_to_edit(false, true)) { exit; break; case 'delete_category': - GroupManager :: delete_category($my_get_id); - Display::addFlash(Display::return_message(get_lang('CategoryDeleted'))); - header("Location: $currentUrl"); - exit; + if (empty($sessionId)) { + GroupManager::delete_category($my_get_id); + Display::addFlash( + Display::return_message(get_lang('CategoryDeleted')) + ); + header("Location: $currentUrl"); + exit; + } break; } } @@ -182,7 +187,7 @@ if (api_is_allowed_to_edit(false, true)) { $actionsLeft .= ''. Display::return_icon('add-groups.png', get_lang('NewGroupCreate'), '', ICON_SIZE_MEDIUM).''; - if (api_get_setting('allow_group_categories') === 'true') { + if (api_get_setting('allow_group_categories') === 'true' && empty($sessionId)) { $actionsLeft .= ''. Display::return_icon('new_folder.png', get_lang('AddCategory'), '', ICON_SIZE_MEDIUM).''; } else { @@ -210,7 +215,6 @@ $actionsRight = GroupManager::getSearchForm(); $toolbar = Display::toolbarAction('toolbar-groups', array($actionsLeft, $actionsRight)); $group_cats = GroupManager::get_categories(api_get_course_id()); echo $toolbar; - echo UserManager::getUserSubscriptionTab(3); /* List all categories */ @@ -234,7 +238,7 @@ if (api_get_setting('allow_group_categories') === 'true') { $label = Display::label(count($group_list).' '.get_lang('ExistingGroups'), 'info'); $actions = null; - if (api_is_allowed_to_edit(false, true) && !empty($categoryId)) { + if (api_is_allowed_to_edit(false, true) && !empty($categoryId) && empty($sessionId)) { // Edit $actions .= ''. Display::return_icon('edit.png', get_lang('EditGroup'), '', ICON_SIZE_SMALL).''; diff --git a/main/group/group_category.php b/main/group/group_category.php index 52b5d3dd19..9a1aca62af 100755 --- a/main/group/group_category.php +++ b/main/group/group_category.php @@ -2,7 +2,7 @@ /* For licensing terms, see /license.txt */ /** - * @package chamilo.group + * @package chamilo.group */ require_once __DIR__.'/../inc/global.inc.php'; @@ -12,6 +12,8 @@ $current_course_tool = TOOL_GROUP; // Notice for unauthorized people. api_protect_course_script(true); +$sessionId = api_get_session_id(); + if (!api_is_allowed_to_edit(false, true) || !(isset($_GET['id']) || isset($_POST['id']) || @@ -21,6 +23,10 @@ if (!api_is_allowed_to_edit(false, true) || api_not_allowed(true); } +if (!empty($sessionId)) { + api_not_allowed(true); +} + /** * Function to check the given max number of members per group */