chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix agenda permissions see BT#12161

Browse Source 
Change Agenda class to set type in constructor.
pull/2487/head
jmontoyaa 8 years ago
parent 8a0bbd5e86
commit ef4b199621
15 changed files with 114 additions and 113 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 29
      main/calendar/agenda.php
  2. 11
      main/calendar/agenda_js.php
  3. 4
      main/calendar/agenda_list.php
  4. 3
      main/calendar/ical_export.php
  5. 3
      main/cron/import_csv.php
  6. 21
      main/inc/ajax/agenda.ajax.php
  7. 3
      main/inc/lib/add_course.lib.inc.php
  8. 63
      main/inc/lib/agenda.lib.php
  9. 5
      main/inc/lib/system_announcements.lib.php
  10. 8
      main/inc/lib/webservices/Rest.php
  11. 53
      main/template/default/agenda/month.tpl
  12. 3
      main/work/work.lib.php
  13. 5
      plugin/bbb/listing.php
  14. 3
      plugin/openmeetings/listing.php
  15. 13
      tests/main/admin/calendar.lib.test.php

29
main/calendar/agenda.php
Unescape View File

@ -31,7 +31,6 @@ if (empty($action)) {
$group_id = api_get_group_id();
$groupInfo = GroupManager::get_group_properties($group_id);
$eventId = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
$type = $event_type = isset($_GET['type']) ? $_GET['type'] : null;
@ -82,37 +81,29 @@ $nameTools = get_lang('Agenda');
Event::event_access_tool(TOOL_CALENDAR_EVENT);
// permission stuff - also used by loading from global in agenda.inc.php
$is_allowed_to_edit = api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous());
$agenda = new Agenda();
$agenda->type = $type;
$actions = $agenda->displayActions('calendar');
if ($type === 'fromjs') {
$id_list = explode('_', $eventId);
$eventId = $id_list[1];
$event_type = $id_list[0];
}
if (!api_is_allowed_to_edit(null, true) && $event_type === 'course') {
$agenda = new Agenda($event_type);
$allowToEdit = $agenda->getIsAllowedToEdit();
$actions = $agenda->displayActions('calendar');
if (!$allowToEdit && $event_type === 'course') {
api_not_allowed(true);
}
if ($event_type === 'course') {
$agendaUrl = api_get_path(WEB_CODE_PATH).'calendar/agenda_js.php?'.api_get_cidreq().'&type=course';
} else {
$agendaUrl = api_get_path(WEB_CODE_PATH).'calendar/agenda_js.php?&type='.$event_type;
}
$course_info = api_get_course_info();
$agenda->type = $event_type;
$content = null;
if (api_is_allowed_to_edit(false, true) ||
(api_get_course_setting('allow_user_edit_agenda') &&
!api_is_anonymous() &&
api_is_allowed_to_session_edit(false, true)) ||
GroupManager::user_has_access(api_get_user_id(), $groupInfo['iid'], GroupManager::GROUP_TOOL_CALENDAR) &&
GroupManager::is_tutor_of_group(api_get_user_id(), $groupInfo['iid'])
) {
if ($allowToEdit) {
switch ($action) {
case 'add':
$actionName = get_lang('Add');
@ -158,7 +149,10 @@ if (api_is_allowed_to_edit(false, true) ||
}
$message = Display::return_message(get_lang('AddSuccess'), 'confirmation');
if ($sendEmail) {
$message .= Display::return_message(get_lang('AdditionalMailWasSentToSelectedUsers'), 'confirmation');
$message .= Display::return_message(
get_lang('AdditionalMailWasSentToSelectedUsers'),
'confirmation'
);
}
Display::addFlash($message);
header("Location: $agendaUrl");
@ -220,6 +214,7 @@ if (api_is_allowed_to_edit(false, true) ||
}
$usersToSend = isset($values['users_to_send']) ? $values['users_to_send'] : '';
// Editing normal event.
$agenda->editEvent(
$eventId,

11
main/calendar/agenda_js.php
Unescape View File

@ -46,8 +46,7 @@ if (isset($_REQUEST['cidReq']) && !empty($_REQUEST['cidReq'])) {
api_protect_course_group(GroupManager::GROUP_TOOL_CALENDAR);
$agenda = new Agenda();
$agenda->type = $type;
$agenda = new Agenda($type);
$is_group_tutor = false;
$session_id = api_get_session_id();
@ -82,15 +81,11 @@ switch ($type) {
break;
case 'course':
api_protect_course_script(true);
$allowToEdit = $agenda->getIsAllowedToEdit();
$this_section = SECTION_COURSES;
if (api_is_allowed_to_edit()) {
if ($allowToEdit) {
$can_add_events = 1;
}
if (!empty($group_id)) {
if ($is_group_tutor) {
$can_add_events = 1;
}
}
break;
case 'personal':
if (api_is_anonymous()) {

4
main/calendar/agenda_list.php
Unescape View File

@ -13,10 +13,8 @@ $interbreadcrumb[] = array(
);
$currentCourseId = api_get_course_int_id();
$agenda = new Agenda();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
$agenda->setType($type);
$agenda = new Agenda($type);
$events = $agenda->getEvents(
null,
null,

3
main/calendar/ical_export.php
Unescape View File

@ -31,8 +31,7 @@ $id = explode('_', $_GET['id']);
$type = $id[0];
$id = $id[1];
$agenda = new Agenda();
$agenda->type = $type; //course,admin or personal
$agenda = new Agenda($type);
if (isset($_GET['course_id'])) {
$course_info = api_get_course_info_by_id($_GET['course_id']);
if (!empty($course_info)) {

3
main/cron/import_csv.php
Unescape View File

@ -887,7 +887,7 @@ class ImportCsv
"Ready to insert events"
);
$agenda = new Agenda();
$agenda = new Agenda('course');
$extraFieldValue = new ExtraFieldValue('calendar_event');
$extraFieldName = $this->extraFieldIdNameList['calendar_event'];
@ -946,7 +946,6 @@ class ImportCsv
$courseInfo = api_get_course_info_by_id($event['course_id']);
$agenda->set_course($courseInfo);
$agenda->setType('course');
$agenda->setSessionId($event['session_id']);
$agenda->setSenderId($event['sender_id']);
$agenda->setIsAllowedToEdit(true);

21
main/inc/ajax/agenda.ajax.php
Unescape View File

@ -19,25 +19,17 @@ if ($type == 'course') {
api_protect_course_script(true);
}
$group_id = api_get_group_id();
$is_group_tutor = GroupManager::is_tutor_of_group(api_get_user_id(), $group_id);
$agenda = new Agenda();
$agenda->setType($type);
$agenda = new Agenda($type);
switch ($action) {
case 'add_event':
if ((!api_is_allowed_to_edit(null, true) && !$is_group_tutor) && $type == 'course') {
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$add_as_announcement = isset($_REQUEST['add_as_annonuncement']) ? $_REQUEST['add_as_annonuncement'] : null;
$comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : null;
$userToSend = isset($_REQUEST['users_to_send']) ? $_REQUEST['users_to_send'] : array();
if ($type === 'course') {
$agenda->set_course(api_get_course_info());
}
echo $agenda->addEvent(
$_REQUEST['start'],
$_REQUEST['end'],
@ -53,7 +45,7 @@ switch ($action) {
);
break;
case 'edit_event':
if (!api_is_allowed_to_edit(null, true) && $type == 'course') {
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$id_list = explode('_', $_REQUEST['id']);
@ -68,7 +60,7 @@ switch ($action) {
);
break;
case 'delete_event':
if (!api_is_allowed_to_edit(null, true) && $type == 'course') {
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$id_list = explode('_', $_REQUEST['id']);
@ -77,7 +69,7 @@ switch ($action) {
$agenda->deleteEvent($id, $deleteAllEventsFromSerie);
break;
case 'resize_event':
if (!api_is_allowed_to_edit(null, true) && $type == 'course') {
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$minute_delta = $_REQUEST['minute_delta'];
@ -86,7 +78,7 @@ switch ($action) {
$agenda->resizeEvent($id, $minute_delta);
break;
case 'move_event':
if (!api_is_allowed_to_edit(null, true) && $type == 'course') {
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$minute_delta = $_REQUEST['minute_delta'];
@ -117,7 +109,6 @@ switch ($action) {
$groupId,
$userId
);
echo $events;
break;
case 'get_user_agenda':

3
main/inc/lib/add_course.lib.inc.php
Unescape View File

@ -912,8 +912,7 @@ class AddCourse
}
}
$agenda = new Agenda();
$agenda->setType('course');
$agenda = new Agenda('course');
$agenda->set_course($courseInfo);
$agenda->addEvent(
$now,

63
main/inc/lib/agenda.lib.php
Unescape View File

@ -21,11 +21,12 @@ class Agenda
/**
* Constructor
* @param string $type
* @param int $senderId Optional The user sender ID
* @param int $courseId Opitonal. The course ID
* @param int $sessionId Optional The session ID
*/
public function __construct($senderId = 0, $courseId = 0, $sessionId = 0)
public function __construct($type, $senderId = 0, $courseId = 0, $sessionId = 0)
{
// Table definitions
$this->tbl_global_agenda = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
@ -33,15 +34,56 @@ class Agenda
$this->tbl_course_agenda = Database::get_course_table(TABLE_AGENDA);
$this->table_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT);
// Setting the course object if we are in a course
$courseInfo = api_get_course_info_by_id($courseId);
if (!empty($courseInfo)) {
$this->course = $courseInfo;
}
$this->setSessionId($sessionId ?: api_get_session_id());
$this->setType($type);
$this->setSenderId($senderId ?: api_get_user_id());
$this->setIsAllowedToEdit(api_is_allowed_to_edit(null, true));
$this->events = array();
$isAllowToEdit = false;
switch ($type) {
case 'course':
$sessionId = $sessionId ?: api_get_session_id();
$this->setSessionId($sessionId);
// Setting the course object if we are in a course
$courseInfo = api_get_course_info_by_id($courseId);
if (!empty($courseInfo)) {
$this->set_course($courseInfo);
}
// Check if teacher
if (empty($sessionId)) {
$isAllowToEdit = api_is_allowed_to_edit(false, true);
} else {
$isAllowToEdit = api_is_allowed_to_session_edit(false, true);
}
// Check
if (api_get_course_setting('allow_user_edit_agenda') && api_is_allowed_in_course()) {
$isAllowToEdit = true;
}
$groupId = api_get_group_id();
if (!empty($groupId)) {
$groupInfo = GroupManager::get_group_properties($groupId);
$isGroupAccess = GroupManager::user_has_access(api_get_user_id(), $groupInfo['iid'], GroupManager::GROUP_TOOL_CALENDAR) &&
GroupManager::is_tutor_of_group(api_get_user_id(), $groupInfo['iid']);
if ($isGroupAccess) {
$isAllowToEdit = true;
} else {
$isAllowToEdit = false;
}
}
break;
case 'admin':
$isAllowToEdit = api_is_platform_admin();
break;
case 'personal':
$isAllowToEdit = !api_is_anonymous();
break;
}
$this->setIsAllowedToEdit($isAllowToEdit);
$this->events = [];
// Event colors
$this->event_platform_color = 'red'; //red
@ -1711,8 +1753,7 @@ class Agenda
}
$event['editable'] = false;
if (api_is_allowed_to_edit() && $this->type == 'course') {
if ($this->getIsAllowedToEdit() && $this->type == 'course') {
$event['editable'] = true;
if (!empty($session_id)) {
if ($coachCanEdit == false) {

5
main/inc/lib/system_announcements.lib.php
Unescape View File

@ -404,8 +404,7 @@ class SystemAnnouncementManager
}
if ($add_to_calendar) {
$agenda = new Agenda();
$agenda->setType('admin');
$agenda = new Agenda('admin');
$agenda->addEvent(
$date_start,
$date_end,
@ -738,7 +737,7 @@ class SystemAnnouncementManager
MessageManager::send_message_simple($row['user_id'], $title, $content);
$message_sent = true;
}
// Minor validation to clean up the attachment files in the announcement
if (!empty($_FILES)) {
$attachments = $_FILES;

8
main/inc/lib/webservices/Rest.php
Unescape View File

@ -422,8 +422,12 @@ class Rest extends WebService
{
$sessionId = $this->session ? $this->session->getId() : 0;
$agenda = new Agenda($this->user->getId(), $this->course->getId(), $sessionId);
$agenda->setType('course');
$agenda = new Agenda(
'course',
$this->user->getId(),
$this->course->getId(),
$sessionId
);
$result = $agenda->parseAgendaFilter(null);
$start = new DateTime(api_get_utc_datetime(), new DateTimeZone('UTC'));

53
main/template/default/agenda/month.tpl
Unescape View File

@ -21,37 +21,34 @@ function clean_user_select() {
var region_value = '{{ region_value }}';
$(document).ready(function() {
var date = new Date();
// Reset button.
$("button[type=reset]").click(function() {
$("#session_id").find('option').removeAttr("selected");
});
$("#dialog-form").dialog({
autoOpen: false,
modal : false,
width : 580,
height : 480,
zIndex: 20000 // added because of qtip2
autoOpen : false,
modal : false,
width : 580,
height : 480,
zIndex : 20000 // added because of qtip2
});
$("#simple-dialog-form").dialog({
autoOpen: false,
modal : false,
width : 580,
height : 480,
zIndex: 20000 // added because of qtip2
autoOpen : false,
modal : false,
width : 580,
height : 480,
zIndex : 20000 // added because of qtip2
});
var title = $("#title"),
content = $( "#content" ),
allFields = $( [] ).add( title ).add( content ), tips = $(".validateTips");
content = $("#content"),
allFields = $([]).add( title ).add( content ), tips = $(".validateTips");
$("#select_form_id_search").change(function() {
var temp ="&user_id="+$("#select_form_id_search").val();
var position =String(window.location).indexOf("&user");
var url_length = String(window.location).length;
var url = String(window.location).substring(0,position)+temp;
if (position > 0) {
window.location.replace(url);
@ -120,8 +117,11 @@ $(document).ready(function() {
if (diffDays > 1) {
$('#start_date').html('');
var clone = end.clone();
var end_date_value = clone.subtract(1, 'days').format('{{ js_format_date }}');
var end_date_value = '';
if (end.hasTime()) {
var clone = end.clone();
end_date_value = clone.subtract(1, 'days').format('{{ js_format_date }}');
}
$('#end_date').html(start_date_value + " - " + end_date_value);
} else if (diffDays == 0) {
var start_date_value = start.format('ll');
@ -178,7 +178,6 @@ $(document).ready(function() {
}
var temp = "&user_id="+user_id;
var position = String(window.location).indexOf("&user");
var url_length = String(window.location).length;
var url = String(window.location).substring(0, position)+temp;
/*if (position > 0) {
window.location.replace(url);
@ -186,19 +185,16 @@ $(document).ready(function() {
url = String(window.location)+temp;
window.location.replace(url);
}*/
} else {
/* calendar.fullCalendar("refetchEvents");
calendar.fullCalendar("rerenderEvents");*/
}
$("#title").val('');
$("#content").val('');
$("#comment").val('');
calendar.fullCalendar("refetchEvents");
calendar.fullCalendar("rerenderEvents");
calendar.fullCalendar('refetchEvents');
calendar.fullCalendar('rerenderEvents');
$("#dialog-form").dialog("close");
$("#dialog-form").dialog('close');
}
});
}
@ -246,8 +242,12 @@ $(document).ready(function() {
var start = calEvent.start;
var end = calEvent.end;
var diffDays = moment(end).diff(start, 'days');
var clone = end.clone();
var endDateMinusOne = clone.subtract(1, 'days').format('{{ js_format_date }}');
var endDateMinusOne = '';
if (end.hasTime()) {
var clone = end.clone();
endDateMinusOne = clone.subtract(1, 'days').format('{{ js_format_date }}');
}
var startDateToString = start.format("{{ js_format_date }}");
// Edit event.
@ -363,7 +363,6 @@ $(document).ready(function() {
});
},
{% endif %}
'{{ "Edit"|get_lang }}' : function() {
url = "{{ _p.web_main }}calendar/agenda.php?action=edit&type=fromjs&id=" + calEvent.id+'&course_id='+calEvent.course_id+"";
window.location.href = url;

3
main/work/work.lib.php
Unescape View File

@ -3934,9 +3934,8 @@ function updatePublicationAssignment($workId, $params, $courseInfo, $groupId)
$agendaId = agendaExistsForWork($workId, $courseInfo);
// Add/edit agenda
$agenda = new Agenda();
$agenda = new Agenda('course');
$agenda->set_course($courseInfo);
$agenda->type = 'course';
if (!empty($agendaId)) {
// add_to_calendar is set but it doesnt exists then invalidate

5
plugin/bbb/listing.php
Unescape View File

@ -36,13 +36,10 @@ if ($conferenceManager) {
switch ($action) {
case 'add_to_calendar':
if ($bbb->isGlobalConference()) {
return false;
}
$courseInfo = api_get_course_info();
$agenda = new Agenda();
$agenda->type = 'course';
$agenda = new Agenda('course');
$id = intval($_GET['id']);
$title = sprintf($plugin->get_lang('VideoConferenceXCourseX'), $id, $courseInfo['name']);
$content = Display::url($plugin->get_lang('GoToTheVideoConference'), $_GET['url']);

3
plugin/openmeetings/listing.php
Unescape View File

@ -24,8 +24,7 @@ if ($teacher) {
switch ($action) {
case 'add_to_calendar':
$course_info = api_get_course_info();
$agenda = new Agenda();
$agenda->type = 'course';
$agenda = new Agenda('course');
$id = intval($_GET['id']);
$title = sprintf(get_lang('VideoConferenceXCourseX'), $id, $course_info['name']);

13
tests/main/admin/calendar.lib.test.php
Unescape View File

@ -12,19 +12,6 @@ class TestCalendar extends UnitTestCase
//var_dump($res);
}
public function testStoreNewAgendaItem(){
global $_user;
$res_store = store_new_agenda_item();
$this->assertTrue(is_numeric($res_store));
//delete the new agenda item in the database
if (is_numeric($res_store)) {
$res_delete = delete_agenda_item($res_store);
$this->assertTrue(is_numeric($res_store));
}
}
public function testAddWeek(){
$timestamp=12;
$num=1;

Write Preview
Loading…
Cancel
Save