From dfc990884e960f912ab7c45d7fa87680999b7232 Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Fri, 2 Jun 2017 12:13:58 +0200
Subject: [PATCH] Fix event render see BT#11972

---
 main/inc/lib/agenda.lib.php | 242 +++++++++++++++++++++---------------
 1 file changed, 139 insertions(+), 103 deletions(-)

diff --git a/main/inc/lib/agenda.lib.php b/main/inc/lib/agenda.lib.php
index bc27eb372b..c168da342a 100644
--- a/main/inc/lib/agenda.lib.php
+++ b/main/inc/lib/agenda.lib.php
@@ -1250,14 +1250,20 @@ class Agenda
                                 $this->getCourseEvents(
                                     $start,
                                     $end,
-                                    $courseInfo
+                                    $courseInfo,
+                                    0,
+                                    0,
+                                    $user_id
                                 );
                             }
                         } else {
                             $this->getCourseEvents(
                                 $start,
                                 $end,
-                                $courseInfo
+                                $courseInfo,
+                                0,
+                                0,
+                                $user_id
                             );
                         }
                     }
@@ -1643,38 +1649,42 @@ class Agenda
         if (empty($courseInfo)) {
             return array();
         }
-        $course_id = $courseInfo['real_id'];
+        $courseId = $courseInfo['real_id'];
 
-        if (empty($course_id)) {
+        if (empty($courseId)) {
             return array();
         }
 
         $session_id = intval($session_id);
         $user_id = intval($user_id);
         $groupList = GroupManager::get_group_list(null, $courseInfo['code']);
-
-        $group_name_list = array();
+        $groupNameList = array();
         if (!empty($groupList)) {
             foreach ($groupList as $group) {
-                $group_name_list[$group['id']] = $group['name'];
+                $groupNameList[$group['id']] = $group['name'];
             }
         }
 
-        $group_memberships = [];
+        if (api_is_platform_admin() || api_is_allowed_to_edit()) {
+            $isAllowToEdit = true;
+        } else {
+            $isAllowToEdit = CourseManager::is_course_teacher(api_get_user_id(), $courseInfo['code']);
+        }
+
+        $groupMemberships = [];
+
         if (!empty($groupId)) {
-            $group_memberships = array($groupId);
+            $groupMemberships = array($groupId);
         } else {
-            if (api_is_allowed_to_edit()) {
-                // Getting all groups
-                $groupList = GroupManager::get_group_list(null, $courseInfo['code']);
+            if ($isAllowToEdit) {
                 if (!empty($groupList)) {
-                    $group_memberships = array_column($groupList, 'id');
+                    $groupMemberships = array_column($groupList, 'id');
                 }
             } else {
                 // get only related groups from user
-                $group_memberships = GroupManager::get_group_ids(
-                    $course_id,
-                    $user_id
+                $groupMemberships = GroupManager::get_group_ids(
+                    $courseId,
+                    api_get_user_id()
                 );
             }
         }
@@ -1682,94 +1692,127 @@ class Agenda
         $tlb_course_agenda = Database::get_course_table(TABLE_AGENDA);
         $tbl_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
 
-        if (!empty($groupId)) {
-            if (empty($user_id)) {
-                $where_condition = "( ip.to_group_id IN (0, ".implode(", ", $group_memberships).") ) ";
-            } else {
-                $where_condition = "( ip.to_user_id = $user_id OR ip.to_user_id IS NULL OR (ip.to_group_id IN (0, ".implode(", ", $group_memberships).")) ) ";
-            }
+        if (empty($session_id)) {
+            $sessionCondition = "
+            (
+                agenda.session_id = 0 AND (ip.session_id IS NULL OR ip.session_id = 0)
+            ) ";
+        } else {
+            $sessionCondition = "
+            (
+                agenda.session_id = $session_id AND
+                ip.session_id = $session_id
+            ) ";
+        }
+
+        //var_dump($courseInfo['code']);
+
+        if ($isAllowToEdit) {
+            // No group filter was asked
+            if (empty($groupId)) {
+                if (empty($user_id)) {
+                    // Show all events not added in group
+                    $userCondition = ' (ip.to_group_id IS NULL OR ip.to_group_id = 0) ';
+                    // admin see only his stuff
+                    if ($this->type === 'personal') {
+                        $userCondition = " (ip.to_user_id = ".api_get_user_id()." AND (ip.to_group_id IS NULL OR ip.to_group_id = 0) ) ";
+                        $userCondition .= " OR ( (ip.to_user_id = 0 OR ip.to_user_id is NULL)  AND (ip.to_group_id IS NULL OR ip.to_group_id = 0) ) ";
+                    }
+
+                    if (!empty($groupMemberships)) {
+                        // Show events sent to selected groups
+                        $userCondition .= " OR (ip.to_user_id = 0 OR ip.to_user_id is NULL) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+                    }
 
-            if (empty($session_id)) {
-                $sessionCondition = "
-                (
-                    agenda.session_id = 0 AND (ip.session_id IS NULL OR ip.session_id = 0)
-                ) ";
+                    //var_dump($this->type);
+                    if ($this->type === 'personal') {
+                        //$userCondition .= " OR (ip.to_user_id = ".api_get_user_id()." )  ";
+                    }
+                } else {
+                    // Show events of requested user in no group
+                    $userCondition = " (ip.to_user_id = $user_id AND (ip.to_group_id IS NULL OR ip.to_group_id = 0)) ";
+                    // Show events sent to selected groups
+                    if (!empty($groupMemberships)) {
+                        $userCondition .= " OR (ip.to_user_id = $user_id) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+                    }
+                }
             } else {
-                $sessionCondition = "
-                (
-                    agenda.session_id = $session_id AND
-                    ip.session_id = $session_id
-                ) ";
+                // Show only selected groups (depending of user status)
+                $userCondition = " (ip.to_user_id = 0 OR ip.to_user_id is NULL) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+
+                if (!empty($groupMemberships)) {
+                    // Show send to $user_id in selected groups
+                    $userCondition .= " OR (ip.to_user_id = $user_id) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+                }
             }
 
-            $sql = "SELECT DISTINCT
-                        agenda.*,
-                        ip.visibility,
-                        ip.to_group_id,
-                        ip.insert_user_id,
-                        ip.ref,
-                        to_user_id
-                    FROM $tlb_course_agenda agenda
-                    INNER JOIN $tbl_property ip
-                    ON (
-                        agenda.id = ip.ref AND 
-                        agenda.c_id = ip.c_id AND 
-                        ip.tool = '".TOOL_CALENDAR_EVENT."'
-                    )
-                    WHERE
-                        $where_condition AND
-                        ip.visibility = '1' AND
-                        agenda.c_id = $course_id AND                        
-                        $sessionCondition
-                    ";
+            /*// No user filter
+            if (empty($user_id)) {
+                //$userCondition .= ' OR (ip.to_group_id IS NULL OR ip.to_group_id = 0) ';
+            } else {
+                // Show send to $user_id in course
+                $userCondition .= " AND (ip.to_user_id = $user_id AND (ip.to_group_id IS NULL OR ip.to_group_id = 0)) ";
+                if (!empty($groupMemberships)) {
+                    // Show send to $user_id in selected groups
+                    $userCondition .= " OR (ip.to_user_id = $user_id) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+                }
+            }*/
         } else {
-            $visibilityCondition = " ip.visibility='1' AND ";
-
-            if (api_is_allowed_to_edit()) {
-                if (empty($user_id)) {
-                    $where_condition = '';
+            // No group filter was asked
+            if (empty($groupId)) {
+                // Show events sent to everyone and no group
+                $userCondition = ' ( (ip.to_user_id = 0 OR ip.to_user_id is NULL) AND (ip.to_group_id IS NULL OR ip.to_group_id = 0) ';
+
+                // Show events sent to selected groups
+                if (!empty($groupMemberships)) {
+                    $userCondition .= " OR (ip.to_user_id = 0 OR ip.to_user_id is NULL) AND (ip.to_group_id IN (".implode(", ", $groupMemberships)."))) ";
                 } else {
-                    $where_condition = " (ip.to_user_id = ".$user_id.") AND (ip.to_group_id IS NULL OR ip.to_group_id = 0) AND ";
+                    $userCondition .= " ) ";
                 }
-                $visibilityCondition = " (ip.visibility IN ('1', '0')) AND ";
+
+                $userCondition .= " OR (ip.to_user_id = ".api_get_user_id()." AND (ip.to_group_id IS NULL OR ip.to_group_id = 0)) ";
             } else {
-                // Show my items and also items sent to everyone
-                $where_condition = " ( (ip.to_user_id = ".api_get_user_id()." OR (ip.to_user_id = 0 or ip.to_user_id is NULL)) AND (ip.to_group_id IS NULL OR ip.to_group_id = 0)) AND ";
+                if (!empty($groupMemberships)) {
+                    // Show send to everyone - and only selected groups
+                    $userCondition = " (ip.to_user_id = 0 OR ip.to_user_id is NULL) AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
+                }
             }
 
-            if (empty($session_id)) {
-                $sessionCondition = "
-                (
-                    agenda.session_id = 0 AND
-                    (ip.session_id IS NULL OR ip.session_id = 0)
-                ) ";
+            // Show sent to only me and no group
+            if (!empty($groupMemberships)) {
+                $userCondition .= " OR (ip.to_user_id = ".api_get_user_id().") AND (ip.to_group_id IN (".implode(", ", $groupMemberships).")) ";
             } else {
-                $sessionCondition = "
-                (
-                    agenda.session_id = $session_id AND
-                    ip.session_id = $session_id
-                ) ";
+                // Show sent to only me and selected groups
             }
+        }
 
-            $sql = "SELECT DISTINCT
-                        agenda.*,
-                        ip.visibility,
-                        ip.to_group_id,
-                        ip.insert_user_id,
-                        ip.ref,
-                        to_user_id
-                    FROM $tlb_course_agenda agenda
-                    INNER JOIN $tbl_property ip
-                    ON (agenda.id = ip.ref AND agenda.c_id = ip.c_id AND ip.tool='".TOOL_CALENDAR_EVENT."' )
-                    WHERE
-                        $where_condition
-                        $visibilityCondition
-                        agenda.c_id = $course_id AND
-                        $sessionCondition
-                    ";
+        if (api_is_allowed_to_edit()) {
+            $visibilityCondition = " (ip.visibility IN ('1', '0'))  ";
+        } else {
+            $visibilityCondition = " (ip.visibility = '1') ";
         }
 
-        $dateCondition = null;
+        $sql = "SELECT DISTINCT
+                    agenda.*,
+                    ip.visibility,
+                    ip.to_group_id,
+                    ip.insert_user_id,
+                    ip.ref,
+                    to_user_id
+                FROM $tlb_course_agenda agenda
+                INNER JOIN $tbl_property ip
+                ON (
+                    agenda.id = ip.ref AND 
+                    agenda.c_id = ip.c_id AND 
+                    ip.tool = '".TOOL_CALENDAR_EVENT."'
+                )
+                WHERE
+                    $sessionCondition AND
+                    ($userCondition) AND
+                    $visibilityCondition AND
+                    agenda.c_id = $courseId
+        ";
+        $dateCondition = '';
         if (!empty($start) && !empty($end)) {
             $dateCondition .= "AND (
                  agenda.start_date BETWEEN '".$start."' AND '".$end."' OR
@@ -1787,7 +1830,7 @@ class Agenda
 
         $coachCanEdit = false;
         if (!empty($session_id)) {
-            $coachCanEdit = api_is_coach($session_id, $course_id) || api_is_platform_admin();
+            $coachCanEdit = api_is_coach($session_id, $courseId) || api_is_platform_admin();
         }
 
         if (Database::num_rows($result)) {
@@ -1806,7 +1849,7 @@ class Agenda
                 $eventId = $row['ref'];
                 $items = $this->getUsersAndGroupSubscribedToEvent(
                     $eventId,
-                    $course_id,
+                    $courseId,
                     $this->sessionId
                 );
                 $group_to_array = $items['groups'];
@@ -1816,7 +1859,6 @@ class Agenda
                     $courseInfo
                 );
                 $event['attachment'] = '';
-
                 if (!empty($attachmentList)) {
                     foreach ($attachmentList as $attachment) {
                         $has_attachment = Display::return_icon(
@@ -1824,7 +1866,7 @@ class Agenda
                             get_lang('Attachment')
                         );
                         $user_filename = $attachment['filename'];
-                        $url = api_get_path(WEB_CODE_PATH).'calendar/download.php?file='.$attachment['path'].'&course_id='.$course_id.'&'.api_get_cidreq();
+                        $url = api_get_path(WEB_CODE_PATH).'calendar/download.php?file='.$attachment['path'].'&course_id='.$courseId.'&'.api_get_cidreq();
                         $event['attachment'] .= $has_attachment.
                             Display::url(
                                 $user_filename,
@@ -1836,7 +1878,7 @@ class Agenda
                 $event['title'] = $row['title'];
                 $event['className'] = 'course';
                 $event['allDay'] = 'false';
-                $event['course_id'] = $course_id;
+                $event['course_id'] = $courseId;
                 $event['borderColor'] = $event['backgroundColor'] = $this->event_course_color;
 
                 $sessionInfo = [];
@@ -1896,7 +1938,7 @@ class Agenda
                     $sent_to = array();
                     if (!empty($group_to_array)) {
                         foreach ($group_to_array as $group_item) {
-                            $sent_to[] = $group_name_list[$group_item];
+                            $sent_to[] = $groupNameList[$group_item];
                         }
                     }
                     $sent_to = implode('@@', $sent_to);
@@ -1937,9 +1979,7 @@ class Agenda
 
                 //Event sent to everyone!
                 if (empty($event['sent_to'])) {
-                    $event['sent_to'] = '<div class="label_tag notice">'.get_lang(
-                            'Everyone'
-                        ).'</div>';
+                    $event['sent_to'] = '<div class="label_tag notice">'.get_lang('Everyone').'</div>';
                 }
 
                 $event['description'] = $row['content'];
@@ -1947,12 +1987,8 @@ class Agenda
                 $event['real_id'] = $row['id'];
                 $event['allDay'] = isset($row['all_day']) && $row['all_day'] == 1 ? $row['all_day'] : 0;
                 $event['parent_event_id'] = $row['parent_event_id'];
-                $event['has_children'] = $this->hasChildren(
-                    $row['id'],
-                    $course_id
-                ) ? 1 : 0;
+                $event['has_children'] = $this->hasChildren($row['id'], $courseId) ? 1 : 0;
                 $event['comment'] = $row['comment'];
-
                 $this->events[] = $event;
             }
         }