Fixing session access permissions + fixing some typos in session_manager.lib.php

13 years ago · cdc3e051b1
parent 61ca6c16bf
commit cdc3e051b1
5 changed files with 97 additions and 76 deletions
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -28,8 +28,6 @@ define('ANONYMOUS', 6);
 * the teacher through HTMLPurifier */
 define('COURSEMANAGERLOWSECURITY', 10);

-
-
 // Table of status
 $_status_list[COURSEMANAGER]    = 'teacher';        // 1
 $_status_list[SESSIONADMIN]     = 'session_admin';  // 3
@ -52,7 +50,9 @@ define('COURSE_VISIBILITY_OPEN_WORLD', 3);
 // SESSION VISIBILITY CONSTANTS
 define('SESSION_VISIBLE_READ_ONLY', 1);
 define('SESSION_VISIBLE', 2);
-define('SESSION_INVISIBLE', 3);
+define('SESSION_INVISIBLE', 3); // not available
+define('SESSION_AVAILABLE', 4);
+

 define('SUBSCRIBE_ALLOWED', 1);
 define('SUBSCRIBE_NOT_ALLOWED', 0);
@ -1685,13 +1685,13 @@ function api_get_session_name($session_id) {
 function api_get_session_info($session_id) {
    $data = array();
    if (!empty($session_id)) {
-        $sesion_id = intval(Database::escape_string($session_id));
+        $session_id = intval($session_id);
        $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
        $sql = "SELECT * FROM $tbl_session WHERE id = $session_id";
        $result = Database::query($sql);

-        if (Database::num_rows($result)>0) {
-            $data = Database::fetch_array($result, 'ASSOC');
+        if (Database::num_rows($result)>0) {            
+            $data = Database::fetch_array($result, 'ASSOC');            
        }
    }
    return $data;
@ -1705,28 +1705,60 @@ function api_get_session_info($session_id) {
 function api_get_session_visibility($session_id) {
    $visibility = 0; //means that the session is still available
    if (!empty($session_id)) {
-        $sesion_id = intval(Database::escape_string($session_id));
+        $session_id = intval($session_id);
        $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);

        $is_coach = api_is_coach();
-
        $condition_date_end = "";
+        
        if ($is_coach) {
+            //@todo use api_get_utc_datetime()
            $condition_date_end = " AND (CURDATE() > (SELECT adddate(date_end,nb_days_access_after_end) FROM $tbl_session WHERE id = $session_id) AND date_end != '0000-00-00') ";
        } else {
-            $condition_date_end = " AND (date_end < CURDATE() AND date_end != '0000-00-00') ";
+            $condition_date_end = " ";
        }

-        $sql = "SELECT visibility FROM $tbl_session
-                WHERE id = $session_id $condition_date_end "; // session is old and is not unlimited
-
+        $sql = "SELECT visibility, date_start, date_end FROM $tbl_session
+                WHERE id = $session_id $condition_date_end ";
        $result = Database::query($sql);

-        if (Database::num_rows($result)>0) {
+        if (Database::num_rows($result) > 0 ) {
            $row = Database::fetch_array($result, 'ASSOC');
            $visibility = $row['visibility'];
+            
+            //I don't care the field visibility
+            if ($row['date_start'] == '0000-00-00' && $row['date_end'] == '0000-00-00') {
+                $visibility = SESSION_AVAILABLE;    
+            } else {
+                $time = time();
+                
+                //If datestart is set
+                if (!empty($row['date_start']) && $row['date_start'] != '0000-00-00') {
+                    $row['date_start'] = $row['date_start'].' 00:00:00';   
+                    if ($time > api_strtotime($row['date_start'])) {
+                        $visibility = SESSION_AVAILABLE;
+                    } else {
+                        $visibility = SESSION_INVISIBLE;
+                    }
+                }
+                
+                //if date_end is set
+                if (!empty($row['date_end']) && $row['date_end'] != '0000-00-00') {                    
+                    $row['date_end'] = $row['date_end'].' 00:00:00';
+                    //only if date_start said that it was ok
+                    if ($visibility == SESSION_AVAILABLE) {
+                        $visibility = $row['visibility'];
+                        /*
+                        if ($time < api_strtotime($row['date_end'])) {
+                            $visibility = $row['visibility'];
+                        } else {
+                            $visibility = $row['visibility'];
+                        }*/                 
+                    }
+                }                
+            }
        } else {
-            $visibility = 0;
+            $visibility = SESSION_INVISIBLE;
        }
    }
    return $visibility;
@ -1738,11 +1770,12 @@ function api_get_session_visibility($session_id) {
 * @param string    Chamilo course code
 * @param int       user id
 * @return int      0= Session available (in date), SESSION_VISIBLE_READ_ONLY = 1, SESSION_VISIBLE = 2, SESSION_INVISIBLE = 3
+ * @deprecated
 */
 function api_get_session_visibility_by_user($session_id, $course_code, $user_id) {
    $visibility = 0; // Means that the session is still available.
    if (!empty($session_id) && !empty($user_id)){
-        $sesion_id      = intval(Database::escape_string($session_id));
+        $session_id      = intval($session_id);
        $user_id        = intval(Database::escape_string($user_id));
        $course_code    = Database::escape_string($course_code);
        $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION_REL_COURSE_REL_USER);
@ -1795,7 +1828,6 @@ function api_get_session_condition($session_id, $and = true, $with_base_content
    } else {
        $condition_session = $condition_add." session_id = $session_id ";
    }
-
    return $condition_session;
 }

@ -2368,23 +2400,24 @@ function api_is_allowed_to_session_edit($tutor = false, $coach = false) {
            // I'm in a session and I'm a student
            $session_id = api_get_session_id();
            // Get the session visibility
-            $session_visibility = api_get_session_visibility($session_id);  // if 0 the session is still available.
-            if ($session_visibility != 0) {
+            $session_visibility = api_get_session_visibility($session_id);  // if 5 the session is still available.
+            
                //@todo We could load the session_rel_course_rel_user permission to increase the level of detail.
                //echo api_get_user_id();
                //echo api_get_course_id();

-                switch ($session_visibility) {
-                    case SESSION_VISIBLE_READ_ONLY: // 1
-                        return false;
-                    case SESSION_VISIBLE:           // 2
-                        return true;
-                    case SESSION_INVISIBLE:         // 3
-                        return false;
-                }
-            } else {
-                return true;
+            switch ($session_visibility) {
+                case SESSION_VISIBLE_READ_ONLY: // 1
+                    return false;
+                case SESSION_VISIBLE:           // 2
+                    return true;
+                case SESSION_INVISIBLE:         // 3
+                    return false;
+                case SESSION_AVAILABLE:         //5
+                    return true;
+                    
            }
+            
        }
    }
 }
--- a/main/inc/lib/sessionmanager.lib.php
+++ b/main/inc/lib/sessionmanager.lib.php
@ -287,8 +287,7 @@ class SessionManager {
 				if ($session['date_end'] == '0000-00-00') {
 					$session['date_end'] = '';
 				}
-
-
+                
 				switch ($session['visibility']) {
 					case SESSION_VISIBLE_READ_ONLY: //1
 						$session['visibility'] =  get_lang('ReadOnly');
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -1867,17 +1867,9 @@ class UserManager {
 		$personal_course_list_sql = '';

 		//Courses in which we suscribed out of any session
-		/*$personal_course_list_sql = "SELECT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i,
-											course.tutor_name t, course.course_language l, course_rel_user.status s, course_rel_user.sort sort,
-											course_rel_user.user_course_cat user_course_cat
-											FROM    ".$tbl_course."       course,".$main_course_user_table."   course_rel_user
-											WHERE course.code = course_rel_user.course_code"."
-											AND   course_rel_user.user_id = '".$user_id."'
-											ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC,i";*/
-
 		$tbl_user_course_category = Database :: get_user_personal_table(TABLE_USER_COURSE_CATEGORY);

-		$personal_course_list_sql = "SELECT   course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, course.tutor_name t, 
+		$personal_course_list_sql = "SELECT   course.code, course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, course.tutor_name t, 
 		                                      course.course_language l, course_rel_user.status s, course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat, 
 		                                      course.id as course_id
 			                         FROM ".$tbl_course_user." course_rel_user
@ -1905,9 +1897,9 @@ class UserManager {
 						WHERE id_session=id AND id_user=$user_id AND relation_type<>".SESSION_RELATION_TYPE_RRHH."
 						AND (date_start <= CURDATE() AND date_end >= CURDATE() OR date_start='0000-00-00')
 						ORDER BY date_start, date_end, name";
-		$result = Database::query($sessions_sql);
-		$sessions=Database::store_result($result);
-		$sessions = array_merge($sessions , Database::store_result($result));
+		$result     = Database::query($sessions_sql);
+		$sessions   = Database::store_result($result);
+		$sessions   = array_merge($sessions , Database::store_result($result));


 		// get the list of sessions where the user is subscribed as student where visibility = SESSION_VISIBLE_READ_ONLY = 1  SESSION_VISIBLE = 2
@ -1918,9 +1910,10 @@ class UserManager {
 								relation_type<>".SESSION_RELATION_TYPE_RRHH." AND
 								(date_end <= CURDATE() AND date_end<>'0000-00-00') AND (visibility = ".SESSION_VISIBLE_READ_ONLY." || visibility = ".SESSION_VISIBLE.")
 								ORDER BY date_start, date_end, name";
-		$result_out_date = Database::query($sessions_out_date_sql);
-		$sessions_out_date=Database::store_result($result_out_date);
-		$sessions = array_merge($sessions , $sessions_out_date);
+        
+		$result_out_date    = Database::query($sessions_out_date_sql);
+		$sessions_out_date  = Database::store_result($result_out_date);
+		$sessions           = array_merge($sessions , $sessions_out_date);

 		// get the list of sessions where the user is subscribed as coach in a course
 		$sessions_sql = "SELECT DISTINCT id, name, date_start, date_end, DATE_SUB(date_start, INTERVAL nb_days_access_before_beginning DAY), ADDDATE(date_end, INTERVAL nb_days_access_after_end DAY)
@ -1936,9 +1929,7 @@ class UserManager {
 			ORDER BY date_start, date_end, name";

 		$result = Database::query($sessions_sql);
-
 		$session_is_coach = Database::store_result($result);
-
 		$sessions = array_merge($sessions, $session_is_coach);

 		// get the list of sessions where the user is subscribed as coach
@ -1956,7 +1947,7 @@ class UserManager {
 		if (api_is_allowed_to_create_course()) {
 			foreach($sessions as $enreg) {
 				$id_session = $enreg['id'];
-				$personal_course_list_sql = "SELECT DISTINCT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, 
+				$personal_course_list_sql = "SELECT DISTINCT course.code, course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, 
 				                            ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." t, email, course.course_language l, 1 sort, 
 				                               category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name,  course.id as course_id
 					FROM $tbl_session_course_user as session_course_user
@ -1982,7 +1973,7 @@ class UserManager {
 		foreach ($sessions as $enreg) {
 			$id_session = $enreg['id'];
 			// this query is very similar to the above query, but it will check the session_rel_course_user table if there are courses registered to our user or not
-			$personal_course_list_sql = "SELECT DISTINCT  course.id as course_id, course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, CONCAT(user.lastname,' ',user.firstname) t, email, 
+			$personal_course_list_sql = "SELECT DISTINCT course.code, course.id as course_id, course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, CONCAT(user.lastname,' ',user.firstname) t, email, 
 			                             course.course_language l, 1 sort, category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name, " .
                                        "IF((session_course_user.id_user = 3 AND session_course_user.status=2),'2', '5')
 										FROM $tbl_session_course_user as session_course_user
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -1028,20 +1028,26 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
 		else $is_allowed_in_course = false;
 	}

-	// requires testing!!!
 	// check the session visibility
 	if (!empty($is_allowed_in_course)) {        
 		$my_session_id = api_get_session_id();
+        
 		//if I'm in a session
 		//var_dump($is_platformAdmin, $is_courseTutor,api_is_coach());
-		if ($my_session_id!=0)
+		if ($my_session_id != 0) {
 			if (!$is_platformAdmin) {
 				// admin and session coach are *not* affected to the invisible session mode
 				// the coach is not affected because he can log in some days after the end date of a session
-				$session_visibility = api_get_session_visibility($my_session_id);
-				if ($session_visibility==SESSION_INVISIBLE)
-					$is_allowed_in_course =false;
+				$session_visibility = api_get_session_visibility($my_session_id);                  
+                
+                switch ($session_visibility) {                    
+                    case SESSION_INVISIBLE:
+                        $is_allowed_in_course =false;
+                        break;                    
+                }
+                //checking date
 			}
+        }

 	}

--- a/main/session/index.php
+++ b/main/session/index.php
@ -34,12 +34,16 @@ $session_info   = SessionManager::fetch($session_id);
 $session_list   = SessionManager::get_sessions_by_coach(api_get_user_id());
 $course_list    = SessionManager::get_course_list_by_session_id($session_id);

-
 //Getting all sessions where I'm subscribed
 $new_session_list = UserManager::get_personal_session_course_list(api_get_user_id());

+$user_course_list = array();
+foreach($new_session_list as $session_item) {
+    $user_course_list[] = $session_item['k'];
+}
+
 $my_session_list = array();
-$final_array = array();
+$final_array     = array();

 if (!empty($new_session_list)) {
 	foreach($new_session_list as $item) {
@ -48,7 +52,7 @@ if (!empty($new_session_list)) {
 			$final_array[$my_session_id]['name'] = $item['session_name'];

 			//Get all courses by session where I'm subscribed
-			$my_course_list = UserManager::get_courses_list_by_session(api_get_user_id(), $my_session_id);
+			$my_course_list = UserManager::get_courses_list_by_session(api_get_user_id(), $my_session_id);            
 			 
 			foreach ($my_course_list as $my_course) {
 				$course = array();
@ -100,7 +104,6 @@ if (!api_is_allowed_to_session_edit()) {
 		
 Display::display_header(get_lang('Session'));

-
 $session_select = array();
 foreach ($session_list as $item) {
    $session_select[$item['id']] =  $item['name'];
@ -116,24 +119,10 @@ if (count($session_select) > 1) {
    $form->display();
 }

-//Listing LPs from all courses
-/*
-$lps = array();
-if (!empty($course_list)) {
-    foreach ($course_list as $item) {    
-        $list       = new LearnpathList(api_get_user_id(),$item['code']);
-        $flat_list  = $list->get_flat_list();        
-        $lps[$item['code']] = $flat_list;
-        foreach ($flat_list as $item) {        
-            //var_dump(get_week_from_day($item['publicated_on']));	
-        }    
-    }
-}*/
-
 if (empty($session_id)) {
    $user_list  = UserManager::get_user_list();
 } else {        
-    $user_list = SessionManager::get_users_by_session($session_id);        
+    $user_list  = SessionManager::get_users_by_session($session_id);        
 }

 //Final data to be show
@ -217,7 +206,8 @@ foreach($final_array as $session_data) {
            }
        }
    }
-}  
+}
+
 $my_real_array = msort($my_real_array, 'date','asc');

 if (!empty($new_exercises)) {
@ -252,8 +242,10 @@ echo $dates.'<br />';
 $new_course_list = array();
 if (!empty($course_list)) {
    foreach($course_list as $course_data) {
-        $course_data['title'] = Display::url($course_data['title'], api_get_course_url($course_data['code'], $session_id));
-        $new_course_list[] = array('title'=>$course_data['title']); 
+        if (in_array($course_data['code'], $user_course_list)) {
+            $course_data['title'] = Display::url($course_data['title'], api_get_course_url($course_data['code'], $session_id));
+            $new_course_list[] = array('title'=> $course_data['title']); 
+        }        
    }
 }