Add setting "allow_session_admin_read_careers" see BT#12861

- Setting allows session admins to get "read" access to careers. - Rework careers.php to use Display::addFlash
8 years ago · cc02afc1f6
parent 2ca5df06b6
commit cc02afc1f6
7 changed files with 147 additions and 82 deletions
--- a/main/admin/career_dashboard.php
+++ b/main/admin/career_dashboard.php
@ -8,7 +8,10 @@

 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
-api_protect_admin_script();
+
+$allowCareer = api_get_configuration_value('allow_session_admin_read_careers');
+
+api_protect_admin_script($allowCareer);

 $this_section = SECTION_PLATFORM_ADMIN;

@ -74,15 +77,18 @@ $actionLeft .= Display::url(
    ),
    'careers.php'
 );
-$actionLeft .= Display::url(
-    Display::return_icon(
-        'promotion.png',
-        get_lang('Promotions'),
-        null,
-        ICON_SIZE_MEDIUM
-    ),
-    'promotions.php'
-);
+
+if (api_is_platform_admin()) {
+    $actionLeft .= Display::url(
+        Display::return_icon(
+            'promotion.png',
+            get_lang('Promotions'),
+            null,
+            ICON_SIZE_MEDIUM
+        ),
+        'promotions.php'
+    );
+}

 $actions = Display::toolbarAction('toolbar-career', array($actionLeft));
 $html .= $form->returnForm();
--- a/main/admin/career_diagram.php
+++ b/main/admin/career_diagram.php
@ -25,7 +25,8 @@ if (api_get_configuration_value('allow_career_diagram') == false) {

 $this_section = SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+$allowCareer = api_get_configuration_value('allow_session_admin_read_careers');
+api_protect_admin_script($allowCareer);

 $htmlHeadXtra[] = api_get_js('jsplumb2.js');

--- a/main/admin/careers.php
+++ b/main/admin/careers.php
@ -12,9 +12,10 @@ require_once __DIR__.'/../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;

-api_protect_admin_script();
+$allowCareer = api_get_configuration_value('allow_session_admin_read_careers');
+api_protect_admin_script($allowCareer);

-//Add the JS needed to use the jqgrid
+// Add the JS needed to use the jqgrid
 $htmlHeadXtra[] = api_get_jqgrid_js();

 // setting breadcrumbs
@ -43,8 +44,7 @@ if ($action == 'add') {
    $tool_name = get_lang('Careers');
 }

-// The header.
-Display::display_header($tool_name);
+

 //jqgrid will use this URL to do the selects
 $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_careers';
@ -87,38 +87,32 @@ if ($allow) {
    $diagramLink = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/career_diagram.php?id=\'+options.rowId+\'">'.get_lang('Diagram').'</a>';
 }

-//With this function we can add actions to the jgrid (edit, delete, etc)
-$action_links = 'function action_formatter(cellvalue, options, rowObject) {
-    return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).'</a>'.
-    $diagramLink.
-    '&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;"  href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).'</a>'.
-    '&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;"  href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>'.
-    '\';
-}';
-?>
-<script>
-$(function() {
-<?php
-    // grid definition see the $career->display() function
-    echo Display::grid_js(
-        'careers',
-        $url,
-        $columns,
-        $column_model,
-        $extra_params,
-        array(),
-        $action_links,
-        true
-    );
-?>
-});
-</script>
-<?php
+// With this function we can add actions to the jgrid (edit, delete, etc)
+if (api_is_platform_admin()) {
+    $actionLinks = 'function action_formatter(cellvalue, options, rowObject) {
+        return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).'</a>'.
+            $diagramLink.
+            '&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;"  href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).'</a>'.
+            '&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;"  href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>'.
+            '\';
+    }';
+} else {
+    $actionLinks = "function action_formatter(cellvalue, options, rowObject) {
+        return '".$diagramLink."';
+    }";
+}
+
+
 $career = new Career();
+$content = '';
+
+$listUrl = api_get_self();

 // Action handling: Add
 switch ($action) {
    case 'add':
+        api_protect_admin_script();
+
        if (api_get_session_id() != 0 &&
            !api_is_allowed_to_session_edit(false, true)
        ) {
@ -126,30 +120,34 @@ switch ($action) {
        }
        Session::write('notebook_view', 'creation_date');

-        $url  = api_get_self().'?action='.Security::remove_XSS($_GET['action']);
+        $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']);
        $form = $career->return_form($url, 'add');

        // The validation or display
        if ($form->validate()) {
            if ($check) {
                $values = $form->exportValues();
-                $res    = $career->save($values);
+                $res = $career->save($values);
                if ($res) {
-                    echo Display::return_message(get_lang('ItemAdded'), 'confirmation');
+                    Display::addFlash(
+                        Display::return_message(get_lang('ItemAdded'), 'confirmation')
+                    );
                }
            }
-            $career->display();
+            header('Location: '.$listUrl);
+            exit;
        } else {
-            echo '<div class="actions">';
-            echo '<a href="'.api_get_self().'">'.
+            $content .= '<div class="actions">';
+            $content .= '<a href="'.api_get_self().'">'.
                Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
-            echo '</div>';
+            $content .= '</div>';
            $form->addElement('hidden', 'sec_token');
            $form->setConstants(array('sec_token' => $token));
-            $form->display();
+            $content .= $form->returnForm();
        }
        break;
    case 'edit':
+        api_protect_admin_script();
        // Action handling: Editing
        $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']);
        $form = $career->return_form($url, 'edit');
@ -162,56 +160,98 @@ switch ($action) {
                $old_status = $career->get_status($values['id']);
                $res = $career->update($values);
                if ($res) {
-                    echo Display::return_message(get_lang('CareerUpdated'), 'confirmation');
+                    Display::addFlash(
+                        Display::return_message(get_lang('CareerUpdated'), 'confirmation')
+                    );
                    if ($values['status'] && !$old_status) {
-                        echo Display::return_message(
-                            sprintf(get_lang('CareerXUnarchived'), $values['name']),
-                            'confirmation',
-                            false
+                        Display::addFlash(
+                            Display::return_message(
+                                sprintf(get_lang('CareerXUnarchived'), $values['name']),
+                                'confirmation',
+                                false
+                            )
                        );
                    } elseif (!$values['status'] && $old_status) {
-                        echo Display::return_message(
-                            sprintf(get_lang('CareerXArchived'), $values['name']),
-                            'confirmation',
-                            false
+                        Display::addFlash(
+                            Display::return_message(
+                                sprintf(get_lang('CareerXArchived'), $values['name']),
+                                'confirmation',
+                                false
+                            )
                        );
                    }
                }
            }
-            $career->display();
+            header('Location: '.$listUrl);
+            exit;
        } else {
-            echo '<div class="actions">';
-            echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
-            echo '</div>';
+            $content .= '<div class="actions">';
+            $content .= '<a href="'.api_get_self().'">'.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
+            $content .= '</div>';
            $form->addElement('hidden', 'sec_token');
            $form->setConstants(array('sec_token' => $token));
-            $form->display();
+            $content .= $form->returnForm();
        }
        break;
    case 'delete':
+        api_protect_admin_script();
        // Action handling: delete
        if ($check) {
            $res = $career->delete($_GET['id']);
            if ($res) {
-                echo Display::return_message(get_lang('ItemDeleted'), 'confirmation');
+                Display::addFlash(
+                    Display::return_message(get_lang('ItemDeleted'), 'confirmation')
+                );
            }
        }
-        $career->display();
+        header('Location: '.$listUrl);
+        exit;
        break;
    case 'copy':
+        api_protect_admin_script();
        if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
-            api_not_allowed();
+            api_not_allowed(true);
        }
        if ($check) {
            $res = $career->copy($_GET['id'], true); //copy career and promotions inside
            if ($res) {
-                echo Display::return_message(get_lang('ItemCopied'), 'confirmation');
+                Display::addFlash(
+                    Display::return_message(get_lang('ItemCopied'), 'confirmation')
+                );
            }
        }
-        $career->display();
+
+        header('Location: '.$listUrl);
+        exit;
        break;
    default:
-        $career->display();
+        $content = $career->display();
        break;
 }
-Display :: display_footer();
+
+// The header.
+Display::display_header($tool_name);
+
+?>
+<script>
+    $(function() {
+        <?php
+        // grid definition see the $career->display() function
+        echo Display::grid_js(
+            'careers',
+            $url,
+            $columns,
+            $column_model,
+            $extra_params,
+            array(),
+            $actionLinks,
+            true
+        );
+        ?>
+    });
+</script>
+<?php
+
+echo $content;
+
+Display::display_footer();
--- a/main/admin/index.php
+++ b/main/admin/index.php
@ -330,7 +330,9 @@ if (api_is_global_platform_admin()) {
    );
 }

-if (api_is_platform_admin()) {
+$allowCareer = api_get_configuration_value('allow_session_admin_read_careers');
+
+if (api_is_platform_admin() || ($allowCareer && api_is_session_admin())) {
    // option only visible in development mode. Enable through code if required
    if (is_dir(api_get_path(SYS_TEST_PATH).'datafiller/')) {
        $items[] = array('url' => 'user_move_stats.php', 'label' => get_lang('MoveUserStats'));
--- a/main/inc/lib/career.lib.php
+++ b/main/inc/lib/career.lib.php
@ -75,17 +75,20 @@ class Career extends Model
    }

    /**
-     * Displays the title + grid
+     * Returns HTML the title + grid
+     * @return string
     */
    public function display()
    {
-        echo '<div class="actions" style="margin-bottom:20px">';
-        echo '<a href="career_dashboard.php">'.
+        $html = '<div class="actions" style="margin-bottom:20px">';
+        $html .= '<a href="career_dashboard.php">'.
            Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
-        echo '<a href="'.api_get_self().'?action=add">'.
+        $html .= '<a href="'.api_get_self().'?action=add">'.
                Display::return_icon('new_career.png', get_lang('Add'), '', ICON_SIZE_MEDIUM).'</a>';
-        echo '</div>';
-        echo Display::grid_html('careers');
+        $html .= '</div>';
+        $html .= Display::grid_html('careers');
+
+        return $html;
    }

    /**
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@ -691,3 +691,6 @@ $_configuration['gradebook_badge_sidebar'] = [
 ];*/
 // Hide the session list in Reporting tool. Useful when a course has too many sessions.
 //$_configuration['hide_reporting_session_list'] = false;
+
+// Allow session admin to read careers
+//$_configuration['allow_session_admin_read_careers'] = true;
--- a/main/template/default/admin/career_dashboard.tpl
+++ b/main/template/default/admin/career_dashboard.tpl
@ -6,7 +6,15 @@
    {% for item in data %}
    <div id="career-{{ item.id }}" class="career panel panel-default">
        <div  class="panel-heading">
-            <h4><a href="{{ _p.web }}main/admin/careers.php?action=edit&id={{ item.id }}">{{ item.name }}</a></h4>
+            <h4>
+                {% if _u.is_admin %}
+                    <a href="{{ _p.web }}main/admin/careers.php?action=edit&id={{ item.id }}">
+                    {{ item.name }}
+                    </a>
+                {% else %}
+                    {{ item.name }}
+                {% endif %}
+            </h4>
        </div>
        <div class="panel-body">
            {{ item.description }}
@ -20,7 +28,6 @@
                {% for prom in promotions %}
                    {% set line = prom.sessions|length + 1 %}
                    <tr>
-
                        <td class="promo" rowspan="{{ line }}">
                            <h4 id="promotion-id-{{ prom.id }}">
                                <a title="{{ prom.name }}" href="{{ _p.web }}main/admin/promotions.php?action=edit&id={{ prom.id }}">
@ -45,7 +52,11 @@
                            <td class="courses">
                                <ul>
                                {% for course in session.courses %}
-                                <li><a href="{{ _p.web }}courses/{{ course.directory }}/index.php?id_session={{ sessionid }}" title="{{ course.title }}">{{ course.title }}</a></li>
+                                <li>
+                                    <a href="{{ _p.web }}courses/{{ course.directory }}/index.php?id_session={{ sessionid }}" title="{{ course.title }}">
+                                        {{ course.title }}
+                                    </a>
+                                </li>
                                {% endfor %}
                                </ul>
                            </td>
@ -57,5 +68,4 @@
        </div>
    </div>
    {% endfor %}
-
 {% endblock %}