DRH can see user informatio see BT#7064

main/attendance/attendance_calendar.php

@@ -20,9 +20,11 @@ if (!$is_locked_attendance || api_is_platform_admin()) {
         echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_list&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('back.png',get_lang('AttendanceCalendar'),'',ICON_SIZE_MEDIUM).'</a>';
     } else {
         echo '<a href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('back.png',get_lang('AttendanceSheet'),'',ICON_SIZE_MEDIUM).'</a>';
-
-        echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_add&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('add.png',get_lang('AddDateAndTime'),'',ICON_SIZE_MEDIUM).'</a>';
-        echo '<a onclick="javascript:if(!confirm(\''.get_lang('AreYouSureToDeleteAllDates').'\')) return false;" href="index.php?'.api_get_cidreq().'&action=calendar_all_delete&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('clean.png',get_lang('CleanCalendar'),'',ICON_SIZE_MEDIUM).'</a>';
+        if (api_is_allowed_to_edit()) {
+            echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_add&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('add.png',get_lang('AddDateAndTime'),'',ICON_SIZE_MEDIUM).'</a>';
+            echo '<a onclick="javascript:if(!confirm(\''.get_lang('AreYouSureToDeleteAllDates').'\')) return false;" href="index.php?'.api_get_cidreq().'&action=calendar_all_delete&attendance_id='.$attendance_id.$param_gradebook.'">'.
+                Display::return_icon('clean.png',get_lang('CleanCalendar'),'',ICON_SIZE_MEDIUM).'</a>';
+        }
     }
     echo '</div>';
 }
@@ -48,7 +50,12 @@ if ($error_checkdate) {
 
 if (isset($action) && $action == 'calendar_add') {
     // calendar add form
-    $form = new FormValidator('attendance_calendar_add','POST','index.php?action=calendar_add&attendance_id='.$attendance_id.$param_gradebook.'&'.api_get_cidreq(),'');
+    $form = new FormValidator(
+        'attendance_calendar_add',
+        'POST',
+        'index.php?action=calendar_add&attendance_id=' . $attendance_id . $param_gradebook . '&' . api_get_cidreq(),
+        ''
+    );
     $form->addElement('header', get_lang('AddADateTime'));
     $form->addElement('date_time_picker', 'date_time');
     $defaults['date_time'] = date('Y-m-d H:i', api_strtotime(api_get_local_time()));
@@ -93,10 +100,17 @@ if (isset($action) && $action == 'calendar_add') {
     if (!empty($attendance_calendar)) {
         foreach ($attendance_calendar as $calendar) {
             echo '<div class="attendance-calendar-row">';
-            if ((isset($action) && $action == 'calendar_edit') && (isset($calendar_id) && $calendar_id == $calendar['id'])) {
+            if ((isset($action) && $action == 'calendar_edit') &&
+                (isset($calendar_id) && $calendar_id == $calendar['id'])
+            ) {
                 // calendar edit form
                 echo '<div class="attendance-calendar-edit">';
-                $form = new FormValidator('attendance_calendar_edit','POST','index.php?action=calendar_edit&attendance_id='.$attendance_id.'&calendar_id='.$calendar_id.'&'.api_get_cidreq().$param_gradebook,'');
+                $form = new FormValidator(
+                    'attendance_calendar_edit',
+                    'POST',
+                    'index.php?action=calendar_edit&attendance_id=' . $attendance_id . '&calendar_id=' . $calendar_id . '&' . api_get_cidreq() . $param_gradebook,
+                    ''
+                );
                 $form->addElement('date_time_picker', 'date_time', '', array('form_name'=>'attendance_calendar_edit'), 5);
                 $defaults['date_time'] = $calendar['date_time'];
                 $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"');
@@ -107,10 +121,15 @@ if (isset($action) && $action == 'calendar_add') {
             } else {
                 echo Display::return_icon('lp_calendar_event.png', get_lang('DateTime')).' '.substr($calendar['date_time'], 0, strlen($calendar['date_time'])- 3) .'&nbsp;';
                 if (!$is_locked_attendance || api_is_platform_admin()) {
-                    echo '<span style="margin-left:20px;">';
-                    echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_edit&calendar_id='.intval($calendar['id']).'&attendance_id='.$attendance_id.$param_gradebook.'">'.Display::return_icon('edit.png', get_lang('Edit'), array('style'=>'vertical-align:middle'), ICON_SIZE_SMALL).'</a>&nbsp;';
-                    echo '<a onclick="javascript:if(!confirm(\''.get_lang('AreYouSureToDelete').'\')) return false;" href="index.php?'.api_get_cidreq().$param_gradebook.'&action=calendar_delete&calendar_id='.intval($calendar['id']).'&attendance_id='.$attendance_id.'">'.Display::return_icon('delete.png', get_lang('Delete'), array('style'=>'vertical-align:middle'), ICON_SIZE_SMALL).'</a>';
-                    echo '</span>';
+                    if (api_is_allowed_to_edit()) {
+                        echo '<span style="margin-left:20px;">';
+                        echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_edit&calendar_id='.intval($calendar['id']).'&attendance_id='.$attendance_id.$param_gradebook.'">'.
+                            Display::return_icon('edit.png', get_lang('Edit'), array('style'=>'vertical-align:middle'), ICON_SIZE_SMALL).'</a>&nbsp;';
+                        echo '<a onclick="javascript:if(!confirm(\''.get_lang('AreYouSureToDelete').'\')) return false;" href="index.php?'.api_get_cidreq().$param_gradebook.'&action=calendar_delete&calendar_id='.intval($calendar['id']).'&attendance_id='.$attendance_id.'">'.
+                            Display::return_icon('delete.png', get_lang('Delete'), array('style'=>'vertical-align:middle'), ICON_SIZE_SMALL).'</a>';
+                        echo '</span>';
+                    }
+
                 }
             }
             echo '</div>';

main/attendance/attendance_controller.php

@@ -212,10 +212,12 @@ class AttendanceController
     }
 
     /**
-     * It's used for controlling attendace sheet (list, add),
+     * It's used for controlling attendance sheet (list, add),
      * render to attendance_sheet view
-     * @param string action
-     * @param int	 attendance id
+     * @param string $action
+     * @param int	 $attendance_id
+     * @param int $student_id
+     * @param bool $edit
      */
     public function attendance_sheet($action, $attendance_id, $student_id = 0, $edit = true)
     {
@@ -230,8 +232,14 @@ class AttendanceController
             $filter_type = $_REQUEST['filter'];
         }
 
+        $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
+            api_get_user_id(),
+            api_get_course_info()
+        );
+
         if ($edit == true) {
-            if (api_is_allowed_to_edit(null, true)) {
+
+            if (api_is_allowed_to_edit(null, true) || $isDrhOfCourse) {
                 $data['users_presence'] = $attendance->get_users_attendance_sheet($attendance_id);
             }
         } else {
@@ -242,11 +250,12 @@ class AttendanceController
             }
 
             if (api_is_allowed_to_edit(null, true) ||
-                api_is_coach(api_get_session_id(), api_get_course_id())
+                api_is_coach(api_get_session_id(), api_get_course_id()) ||
+                $isDrhOfCourse
             ) {
-                $data['users_presence']  = $attendance->get_users_attendance_sheet($attendance_id);
+                $data['users_presence'] = $attendance->get_users_attendance_sheet($attendance_id);
             } else {
-                $data['users_presence']  = $attendance->get_users_attendance_sheet($attendance_id, $user_id);
+                $data['users_presence'] = $attendance->get_users_attendance_sheet($attendance_id, $user_id);
             }
 
             $data['faults']  = $attendance->get_faults_of_user($user_id, $attendance_id);
@@ -257,7 +266,6 @@ class AttendanceController
         $data['next_attendance_calendar_datetime'] = $attendance->get_next_attendance_calendar_datetime($attendance_id);
 
         if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
-
             if (isset($_POST['hidden_input'])) {
                 foreach ($_POST['hidden_input'] as $cal_id) {
                     $users_present = array();

main/attendance/attendance_list.php

@@ -25,7 +25,12 @@ if ($attendance->get_number_of_attendances() == 0) {
     $attendance->set_description(get_lang('Attendances'));
     $attendance->attendance_add();
 }
-$table = new SortableTable('attendance_list', array('Attendance', 'get_number_of_attendances'), array('Attendance', 'get_attendance_data'), $default_column);
+$table = new SortableTable(
+    'attendance_list',
+    array('Attendance', 'get_number_of_attendances'),
+    array('Attendance', 'get_attendance_data'),
+    $default_column
+);
 $table->set_additional_parameters($parameters);
 $table->set_header(0, '', false, array('style'=>'width:20px;'));
 $table->set_header(1, get_lang('Name'), true );

main/attendance/attendance_sheet.php

@@ -8,23 +8,36 @@
  * @package chamilo.attendance
  */
 
-// protect a course script
+// Protect a course script
 api_protect_course_script(true);
 
+$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
+    api_get_user_id(),
+    api_get_course_info()
+);
+
 if (api_is_allowed_to_edit(null, true) ||
-    api_is_coach(api_get_session_id(), api_get_course_id())
+    api_is_coach(api_get_session_id(), api_get_course_id()) ||
+    $isDrhOfCourse
 ) {
     $param_gradebook = '';
     if (isset($_SESSION['gradebook'])) {
         $param_gradebook = '&gradebook='.$_SESSION['gradebook'];
     }
 
-    $form = new FormValidator('filter', 'post', 'index.php?action=attendance_sheet_list&'.api_get_cidreq().$param_gradebook.'&attendance_id='.$attendance_id, null, array('class' => 'form-search pull-left'));
+    $form = new FormValidator(
+        'filter',
+        'post',
+        'index.php?action=attendance_sheet_list&' . api_get_cidreq() . $param_gradebook . '&attendance_id=' . $attendance_id,
+        null,
+        array('class' => 'form-search pull-left')
+    );
+
     $values = array(
-        'all'           => get_lang('All'),
-        'today'         => get_lang('Today'),
-        'all_done'      => get_lang('AllDone'),
-        'all_not_done'  => get_lang('AllNotDone')
+        'all' => get_lang('All'),
+        'today' => get_lang('Today'),
+        'all_done' => get_lang('AllDone'),
+        'all_not_done' => get_lang('AllNotDone')
     );
     $today = api_convert_and_format_date(null, DATE_FORMAT_SHORT);
     $exists_attendance_today = false;

main/inc/lib/attendance.lib.php

@@ -142,7 +142,7 @@ class Attendance
 		while ($attendance = Database::fetch_row($res)) {
 
 			$student_param = '';
-			if (api_is_drh() && ($_GET['student_id'])) {
+			if (api_is_drh() && $_GET['student_id']) {
 				$student_param = '&student_id='.Security::remove_XSS($_GET['student_id']);
 			}
 
@@ -152,11 +152,17 @@ class Attendance
 				$session_star = api_get_session_image(api_get_session_id(), $user_info['status']);
 			}
 			if ($attendance[5] == 1) {
-				if (api_is_allowed_to_edit(null, true)) {
-					//Link to edit
+
+				$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
+					api_get_user_id(),
+					api_get_course_info()
+				);
+
+				if (api_is_allowed_to_edit(null, true) || $isDrhOfCourse) {
+					// Link to edit
 					$attendance[1] = '<a href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance[0].$param_gradebook.$student_param.'">'.$attendance[1].'</a>'.$session_star;
 				} else {
-					//Link to view
+					// Link to view
 					$attendance[1] = '<a href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list_no_edit&attendance_id='.$attendance[0].$param_gradebook.$student_param.'">'.$attendance[1].'</a>'.$session_star;
 				}