From cc02afc1f6697c5486bf913d3d34ddfbd6a14781 Mon Sep 17 00:00:00 2001 From: Julio Date: Fri, 24 Nov 2017 11:42:36 +0100 Subject: [PATCH] Add setting "allow_session_admin_read_careers" see BT#12861 - Setting allows session admins to get "read" access to careers. - Rework careers.php to use Display::addFlash --- main/admin/career_dashboard.php | 26 +-- main/admin/career_diagram.php | 3 +- main/admin/careers.php | 160 +++++++++++------- main/admin/index.php | 4 +- main/inc/lib/career.lib.php | 15 +- main/install/configuration.dist.php | 3 + .../default/admin/career_dashboard.tpl | 18 +- 7 files changed, 147 insertions(+), 82 deletions(-) diff --git a/main/admin/career_dashboard.php b/main/admin/career_dashboard.php index 9dfd3bbd1b..98a2201b97 100755 --- a/main/admin/career_dashboard.php +++ b/main/admin/career_dashboard.php @@ -8,7 +8,10 @@ $cidReset = true; require_once __DIR__.'/../inc/global.inc.php'; -api_protect_admin_script(); + +$allowCareer = api_get_configuration_value('allow_session_admin_read_careers'); + +api_protect_admin_script($allowCareer); $this_section = SECTION_PLATFORM_ADMIN; @@ -74,15 +77,18 @@ $actionLeft .= Display::url( ), 'careers.php' ); -$actionLeft .= Display::url( - Display::return_icon( - 'promotion.png', - get_lang('Promotions'), - null, - ICON_SIZE_MEDIUM - ), - 'promotions.php' -); + +if (api_is_platform_admin()) { + $actionLeft .= Display::url( + Display::return_icon( + 'promotion.png', + get_lang('Promotions'), + null, + ICON_SIZE_MEDIUM + ), + 'promotions.php' + ); +} $actions = Display::toolbarAction('toolbar-career', array($actionLeft)); $html .= $form->returnForm(); diff --git a/main/admin/career_diagram.php b/main/admin/career_diagram.php index 42ceda94b9..0e591d0d87 100644 --- a/main/admin/career_diagram.php +++ b/main/admin/career_diagram.php @@ -25,7 +25,8 @@ if (api_get_configuration_value('allow_career_diagram') == false) { $this_section = SECTION_PLATFORM_ADMIN; -api_protect_admin_script(); +$allowCareer = api_get_configuration_value('allow_session_admin_read_careers'); +api_protect_admin_script($allowCareer); $htmlHeadXtra[] = api_get_js('jsplumb2.js'); diff --git a/main/admin/careers.php b/main/admin/careers.php index 264de07fc7..00b8271bcb 100755 --- a/main/admin/careers.php +++ b/main/admin/careers.php @@ -12,9 +12,10 @@ require_once __DIR__.'/../inc/global.inc.php'; $this_section = SECTION_PLATFORM_ADMIN; -api_protect_admin_script(); +$allowCareer = api_get_configuration_value('allow_session_admin_read_careers'); +api_protect_admin_script($allowCareer); -//Add the JS needed to use the jqgrid +// Add the JS needed to use the jqgrid $htmlHeadXtra[] = api_get_jqgrid_js(); // setting breadcrumbs @@ -43,8 +44,7 @@ if ($action == 'add') { $tool_name = get_lang('Careers'); } -// The header. -Display::display_header($tool_name); + //jqgrid will use this URL to do the selects $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_careers'; @@ -87,38 +87,32 @@ if ($allow) { $diagramLink = ''.get_lang('Diagram').''; } -//With this function we can add actions to the jgrid (edit, delete, etc) -$action_links = 'function action_formatter(cellvalue, options, rowObject) { - return \''.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).''. - $diagramLink. - ' '.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).''. - ' '.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).''. - '\'; -}'; -?> - -'.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).''. + $diagramLink. + ' '.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).''. + ' '.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).''. + '\'; + }'; +} else { + $actionLinks = "function action_formatter(cellvalue, options, rowObject) { + return '".$diagramLink."'; + }"; +} + + $career = new Career(); +$content = ''; + +$listUrl = api_get_self(); // Action handling: Add switch ($action) { case 'add': + api_protect_admin_script(); + if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true) ) { @@ -126,30 +120,34 @@ switch ($action) { } Session::write('notebook_view', 'creation_date'); - $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']); + $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']); $form = $career->return_form($url, 'add'); // The validation or display if ($form->validate()) { if ($check) { $values = $form->exportValues(); - $res = $career->save($values); + $res = $career->save($values); if ($res) { - echo Display::return_message(get_lang('ItemAdded'), 'confirmation'); + Display::addFlash( + Display::return_message(get_lang('ItemAdded'), 'confirmation') + ); } } - $career->display(); + header('Location: '.$listUrl); + exit; } else { - echo '
'; - echo ''. + $content .= '
'; + $content .= ''. Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).''; - echo '
'; + $content .= '
'; $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); - $form->display(); + $content .= $form->returnForm(); } break; case 'edit': + api_protect_admin_script(); // Action handling: Editing $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']); $form = $career->return_form($url, 'edit'); @@ -162,56 +160,98 @@ switch ($action) { $old_status = $career->get_status($values['id']); $res = $career->update($values); if ($res) { - echo Display::return_message(get_lang('CareerUpdated'), 'confirmation'); + Display::addFlash( + Display::return_message(get_lang('CareerUpdated'), 'confirmation') + ); if ($values['status'] && !$old_status) { - echo Display::return_message( - sprintf(get_lang('CareerXUnarchived'), $values['name']), - 'confirmation', - false + Display::addFlash( + Display::return_message( + sprintf(get_lang('CareerXUnarchived'), $values['name']), + 'confirmation', + false + ) ); } elseif (!$values['status'] && $old_status) { - echo Display::return_message( - sprintf(get_lang('CareerXArchived'), $values['name']), - 'confirmation', - false + Display::addFlash( + Display::return_message( + sprintf(get_lang('CareerXArchived'), $values['name']), + 'confirmation', + false + ) ); } } } - $career->display(); + header('Location: '.$listUrl); + exit; } else { - echo '
'; - echo ''.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).''; - echo '
'; + $content .= '
'; + $content .= ''.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).''; + $content .= '
'; $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); - $form->display(); + $content .= $form->returnForm(); } break; case 'delete': + api_protect_admin_script(); // Action handling: delete if ($check) { $res = $career->delete($_GET['id']); if ($res) { - echo Display::return_message(get_lang('ItemDeleted'), 'confirmation'); + Display::addFlash( + Display::return_message(get_lang('ItemDeleted'), 'confirmation') + ); } } - $career->display(); + header('Location: '.$listUrl); + exit; break; case 'copy': + api_protect_admin_script(); if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) { - api_not_allowed(); + api_not_allowed(true); } if ($check) { $res = $career->copy($_GET['id'], true); //copy career and promotions inside if ($res) { - echo Display::return_message(get_lang('ItemCopied'), 'confirmation'); + Display::addFlash( + Display::return_message(get_lang('ItemCopied'), 'confirmation') + ); } } - $career->display(); + + header('Location: '.$listUrl); + exit; break; default: - $career->display(); + $content = $career->display(); break; } -Display :: display_footer(); + +// The header. +Display::display_header($tool_name); + +?> + + 'user_move_stats.php', 'label' => get_lang('MoveUserStats')); diff --git a/main/inc/lib/career.lib.php b/main/inc/lib/career.lib.php index 0c3922b62c..bf4f9904ae 100755 --- a/main/inc/lib/career.lib.php +++ b/main/inc/lib/career.lib.php @@ -75,17 +75,20 @@ class Career extends Model } /** - * Displays the title + grid + * Returns HTML the title + grid + * @return string */ public function display() { - echo '
'; - echo ''. + $html = '
'; + $html .= ''. Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).''; - echo ''. + $html .= ''. Display::return_icon('new_career.png', get_lang('Add'), '', ICON_SIZE_MEDIUM).''; - echo '
'; - echo Display::grid_html('careers'); + $html .= '
'; + $html .= Display::grid_html('careers'); + + return $html; } /** diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php index 8dffa33aec..d20cdd94d7 100755 --- a/main/install/configuration.dist.php +++ b/main/install/configuration.dist.php @@ -691,3 +691,6 @@ $_configuration['gradebook_badge_sidebar'] = [ ];*/ // Hide the session list in Reporting tool. Useful when a course has too many sessions. //$_configuration['hide_reporting_session_list'] = false; + +// Allow session admin to read careers +//$_configuration['allow_session_admin_read_careers'] = true; diff --git a/main/template/default/admin/career_dashboard.tpl b/main/template/default/admin/career_dashboard.tpl index 35b822bf9e..94ecad6de0 100644 --- a/main/template/default/admin/career_dashboard.tpl +++ b/main/template/default/admin/career_dashboard.tpl @@ -6,7 +6,15 @@ {% for item in data %}
-

{{ item.name }}

+

+ {% if _u.is_admin %} + + {{ item.name }} + + {% else %} + {{ item.name }} + {% endif %} +

{{ item.description }} @@ -20,7 +28,6 @@ {% for prom in promotions %} {% set line = prom.sessions|length + 1 %} -

@@ -45,7 +52,11 @@ @@ -57,5 +68,4 @@

{% endfor %} - {% endblock %}