From f751c54bbaf938d6f341fdc812c91e9667457fed Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Fri, 16 Sep 2022 12:17:52 +0200
Subject: [PATCH] Admin: Add configuration setting
 'course_visibility_change_only_admin' to prevent teachers from changing
 course visibility - refs BT#20214

---
 main/course_info/infocours.php      | 86 ++++++++++++++++-------------
 main/install/configuration.dist.php |  3 +
 2 files changed, 51 insertions(+), 38 deletions(-)

diff --git a/main/course_info/infocours.php b/main/course_info/infocours.php
index 385660b940..1808e13462 100755
--- a/main/course_info/infocours.php
+++ b/main/course_info/infocours.php
@@ -216,48 +216,52 @@ $form->addHtml('</div>');
 
 // COURSE ACCESS
 $group = [];
-$group[] = $form->createElement(
-    'radio',
-    'visibility',
-    get_lang('CourseAccess'),
-    get_lang('OpenToTheWorld'),
-    COURSE_VISIBILITY_OPEN_WORLD
-);
-$group[] = $form->createElement(
-    'radio',
-    'visibility',
-    null,
-    get_lang('OpenToThePlatform'),
-    COURSE_VISIBILITY_OPEN_PLATFORM
-);
-$group[] = $form->createElement('radio', 'visibility', null, get_lang('Private'), COURSE_VISIBILITY_REGISTERED);
-$group[] = $form->createElement(
-    'radio',
-    'visibility',
-    null,
-    get_lang('CourseVisibilityClosed'),
-    COURSE_VISIBILITY_CLOSED
-);
-
-// The "hidden" visibility is only available to portal admins
-if (api_is_platform_admin()) {
+$groupElement = '';
+$visibilityChangeable = !api_get_configuration_value('course_visibility_change_only_admin');
+if ($visibilityChangeable) {
+    $group[] = $form->createElement(
+        'radio',
+        'visibility',
+        get_lang('CourseAccess'),
+        get_lang('OpenToTheWorld'),
+        COURSE_VISIBILITY_OPEN_WORLD
+    );
     $group[] = $form->createElement(
         'radio',
         'visibility',
         null,
-        get_lang('CourseVisibilityHidden'),
-        COURSE_VISIBILITY_HIDDEN
+        get_lang('OpenToThePlatform'),
+        COURSE_VISIBILITY_OPEN_PLATFORM
+    );
+    $group[] = $form->createElement('radio', 'visibility', null, get_lang('Private'), COURSE_VISIBILITY_REGISTERED);
+    $group[] = $form->createElement(
+        'radio',
+        'visibility',
+        null,
+        get_lang('CourseVisibilityClosed'),
+        COURSE_VISIBILITY_CLOSED
     );
-}
 
-$groupElement = $form->addGroup(
-    $group,
-    '',
-    [get_lang('CourseAccess'), get_lang('CourseAccessConfigTip')],
-    null,
-    null,
-    true
-);
+    // The "hidden" visibility is only available to portal admins
+    if (api_is_platform_admin()) {
+        $group[] = $form->createElement(
+            'radio',
+            'visibility',
+            null,
+            get_lang('CourseVisibilityHidden'),
+            COURSE_VISIBILITY_HIDDEN
+        );
+    }
+
+    $groupElement = $form->addGroup(
+        $group,
+        '',
+        [get_lang('CourseAccess'), get_lang('CourseAccessConfigTip')],
+        null,
+        null,
+        true
+    );
+}
 
 $url = api_get_path(WEB_CODE_PATH)."auth/inscription.php?c=$course_code&e=1";
 $url = Display::url($url, $url);
@@ -1107,7 +1111,11 @@ if ($form->validate() && is_settings_editable()) {
         );
     }
 
-    $visibility = $updateValues['visibility'];
+    if ($visibilityChangeable && isset($updateValues['visibility'])) {
+        $visibility = $updateValues['visibility'];
+    } else {
+        $visibility = $_course['visibility'];
+    }
     $deletePicture = isset($updateValues['delete_picture']) ? $updateValues['delete_picture'] : '';
 
     if ($deletePicture) {
@@ -1161,7 +1169,6 @@ if ($form->validate() && is_settings_editable()) {
         'category_code' => $updateValues['category_code'],
         'department_name' => $updateValues['department_name'],
         'department_url' => $updateValues['department_url'],
-        'visibility' => $updateValues['visibility'],
         'subscribe' => $updateValues['subscribe'],
         'unsubscribe' => $updateValues['unsubscribe'],
         'legal' => $updateValues['legal'],
@@ -1169,6 +1176,9 @@ if ($form->validate() && is_settings_editable()) {
         'registration_code' => $updateValues['course_registration_password'],
         'show_score' => $updateValues['show_score'],
     ];
+    if ($visibilityChangeable && isset($updateValues['visibility'])) {
+        $params['visibility'] = $visibility;
+    }
     $table = Database::get_main_table(TABLE_MAIN_COURSE);
     Database::update($table, $params, ['id = ?' => $courseId]);
     CourseManager::saveSettingChanges($_course, $params);
diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
index b44392ecc1..9863d7ca3c 100755
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@@ -2287,6 +2287,9 @@ INSERT INTO `extra_field` (`extra_field_type`, `field_type`, `variable`, `displa
 // Disable tab to add classes in course session for non-admins
 //$_configuration['session_classes_tab_disable'] = false;
 
+// Disable the possibility for teachers to edit course visibility
+//$_configuration['course_visibility_change_only_admin'] = false;
+
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email