chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Block access for unauthorised users

Browse Source
pull/2495/head
jmontoyaa 8 years ago
parent 0dfbbb90d2
commit cdaf3abee9
6 changed files with 48 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      main/gradebook/certificate_report.php
  2. 9
      main/mySpace/course.php
  3. 12
      main/mySpace/index.php
  4. 17
      main/mySpace/session.php
  5. 14
      main/mySpace/teachers.php
  6. 4
      main/tracking/exams.php

11
main/gradebook/certificate_report.php
Unescape View File

@ -14,10 +14,17 @@ $cidReset = true;
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_TRACKING;
api_block_anonymous_users(); api_block_anonymous_users();
$is_allowedToTrack = api_is_platform_admin(true) || api_is_student_boss();
if (!$is_allowedToTrack) {
api_not_allowed(true);
}
$this_section = SECTION_TRACKING;
$interbreadcrumb[] = [ $interbreadcrumb[] = [
"url" => api_is_student_boss() ? "#" : api_get_path(WEB_CODE_PATH)."mySpace/index.php?".api_get_cidreq(), "url" => api_is_student_boss() ? "#" : api_get_path(WEB_CODE_PATH)."mySpace/index.php?".api_get_cidreq(),
"name" => get_lang("MySpace"), "name" => get_lang("MySpace"),

9
main/mySpace/course.php
Unescape View File

@ -15,6 +15,13 @@ $this_section = SECTION_TRACKING;
$sessionId = isset($_GET['session_id']) ? intval($_GET['session_id']) : null; $sessionId = isset($_GET['session_id']) ? intval($_GET['session_id']) : null;
api_block_anonymous_users(); api_block_anonymous_users();
$allowToTrack = api_is_platform_admin(true, true) || api_is_teacher();
if (!$allowToTrack) {
api_not_allowed(true);
}
$interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')]; $interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')];
if (isset($_GET["id_session"]) && $_GET["id_session"] != "") { if (isset($_GET["id_session"]) && $_GET["id_session"] != "") {
@ -58,7 +65,7 @@ Display :: display_header(get_lang('Courses'));
$user_id = 0; $user_id = 0;
$a_courses = []; $a_courses = [];
$menu_items = []; $menu_items = [];
if (api_is_drh() || api_is_session_admin() || api_is_platform_admin()) { if (api_is_platform_admin(true, true)) {
$title = ''; $title = '';
if (empty($sessionId)) { if (empty($sessionId)) {
if (isset($_GET['user_id'])) { if (isset($_GET['user_id'])) {

12
main/mySpace/index.php
Unescape View File

@ -36,12 +36,16 @@ $is_session_admin = api_is_session_admin();
$title = ''; $title = '';
$skipData = api_get_configuration_value('tracking_skip_generic_data'); $skipData = api_get_configuration_value('tracking_skip_generic_data');
// Access control // Access control
api_block_anonymous_users(); api_block_anonymous_users();
/*
if (!$export_csv) { $allowToTrack = api_is_platform_admin(true, true) ||
Display :: display_header($nameTools); api_is_allowed_to_create_course();
} */
if (!$allowToTrack) {
api_not_allowed(true);
}
if ($is_session_admin) { if ($is_session_admin) {
header('location:session.php'); header('location:session.php');

17
main/mySpace/session.php
Unescape View File

@ -15,9 +15,6 @@ api_block_anonymous_users();
$this_section = SECTION_TRACKING; $this_section = SECTION_TRACKING;
api_block_anonymous_users(); api_block_anonymous_users();
$htmlHeadXtra[] = api_get_jqgrid_js();
$interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')];
Display::display_header(get_lang('Sessions'));
$export_csv = false; $export_csv = false;
@ -25,15 +22,23 @@ if (isset($_GET['export']) && $_GET['export'] == 'csv') {
$export_csv = true; $export_csv = true;
} }
/* MAIN CODE */
if (isset($_GET['id_coach']) && $_GET['id_coach'] != '') { if (isset($_GET['id_coach']) && $_GET['id_coach'] != '') {
$id_coach = intval($_GET['id_coach']); $id_coach = intval($_GET['id_coach']);
} else { } else {
$id_coach = api_get_user_id(); $id_coach = api_get_user_id();
} }
if (api_is_drh() || api_is_session_admin() || api_is_platform_admin()) { $allowToTrack = api_is_platform_admin(true, true) || api_is_teacher();
if (!$allowToTrack) {
api_not_allowed(true);
}
$htmlHeadXtra[] = api_get_jqgrid_js();
$interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')];
Display::display_header(get_lang('Sessions'));
if (api_is_platform_admin(true, true)) {
$a_sessions = SessionManager::get_sessions_followed_by_drh(api_get_user_id()); $a_sessions = SessionManager::get_sessions_followed_by_drh(api_get_user_id());
if (!api_is_session_admin()) { if (!api_is_session_admin()) {

14
main/mySpace/teachers.php
Unescape View File

@ -9,15 +9,21 @@ $cidReset = true;
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
api_block_anonymous_users();
$allowToTrack = api_is_platform_admin(true, true) ||
api_is_allowed_to_create_course();
if (!$allowToTrack) {
api_not_allowed(true);
}
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false; $export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
$keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null; $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null;
$active = isset($_GET['active']) ? intval($_GET['active']) : 1; $active = isset($_GET['active']) ? intval($_GET['active']) : 1;
$sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null; $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null;
$nameTools = get_lang('Teachers'); $nameTools = get_lang('Teachers');
api_block_anonymous_users();
$this_section = SECTION_TRACKING; $this_section = SECTION_TRACKING;
$interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')]; $interbreadcrumb[] = ["url" => "index.php", "name" => get_lang('MySpace')];

4
main/tracking/exams.php
Unescape View File

@ -12,10 +12,10 @@ $toolTable = Database::get_course_table(TABLE_TOOL_LIST);
$quizTable = Database::get_course_table(TABLE_QUIZ_TEST); $quizTable = Database::get_course_table(TABLE_QUIZ_TEST);
$this_section = SECTION_TRACKING; $this_section = SECTION_TRACKING;
$is_allowedToTrack = $is_courseAdmin || $is_platformAdmin || $is_session_general_coach || $is_sessionAdmin; $is_allowedToTrack = $is_courseAdmin || api_is_platform_admin(true) || $is_session_general_coach;
if (!$is_allowedToTrack) { if (!$is_allowedToTrack) {
api_not_allowed(); api_not_allowed(true);
} }
$exportToXLS = false; $exportToXLS = false;

Write Preview
Loading…
Cancel
Save