diff --git a/main/group/group_space.php b/main/group/group_space.php
index 8960f903a9..968174f464 100755
--- a/main/group/group_space.php
+++ b/main/group/group_space.php
@@ -101,20 +101,12 @@ if (isset($_GET['action'])) {
 
 /*	Main Display Area */
 
-$course_code = api_get_course_id();
-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
-    api_get_user_id(),
-    $course_code
-);
-
-// Edit the group.
-
 $edit_url = '';
-if (api_is_allowed_to_edit(false, true) or
+if (api_is_allowed_to_edit(false, true) ||
     GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())
 ) {
     $my_origin = isset($origin) ? $origin : '';
-    $edit_url =  '<a href="'.api_get_path(WEB_CODE_PATH).'group/settings.php?cidReq='.api_get_course_id().'&origin='.$my_origin.'&gidReq='.api_get_group_id().'">'.
+    $edit_url =  '<a href="'.api_get_path(WEB_CODE_PATH).'group/settings.php?'.api_get_cidreq().'&origin='.$my_origin.'">'.
         Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>';
 }
 
diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php
index ae6d584f33..029e7be288 100755
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@@ -1113,17 +1113,17 @@ class CourseManager
      *    Is the user subscribed in the real course or linked courses?
      *
      * @param int the id of the user
-     * @param array info about the course (comes from course table, see database lib)
+     * @param int $courseId
      * @deprecated linked_courses definition doesn't exists
      * @return true if the user is registered in the real course or linked courses, false otherwise
      */
-    public static function is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id = '')
+    public static function is_user_subscribed_in_real_or_linked_course($user_id, $courseId, $session_id = '')
     {
         if ($user_id != strval(intval($user_id))) {
             return false;
         }
 
-        $course_code = Database::escape_string($course_code);
+        $courseId = intval($courseId);
 
         if ($session_id == '') {
             $result = Database::fetch_array(
@@ -1135,7 +1135,7 @@ class CourseManager
                     WHERE
                         course_user.user_id = '$user_id' AND
                         course_user.relation_type<>" . COURSE_RELATION_TYPE_RRHH . " AND
-                        ( course.code = '$course_code')"
+                        ( course.id = '$courseId')"
                 )
             );
             return !empty($result);
@@ -1160,7 +1160,7 @@ class CourseManager
                 FROM " . Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . "
                 WHERE session_id='" . $session_id . "'
                 AND user_id = '$user_id' AND status = 2
-                AND course_code='$course_code'"))
+                AND c_id ='$courseId'"))
         ) {
             return true;
         }
diff --git a/main/tracking/userLog.php b/main/tracking/userLog.php
index c496c04057..b58baaef20 100755
--- a/main/tracking/userLog.php
+++ b/main/tracking/userLog.php
@@ -59,7 +59,7 @@ Display::display_header($nameTools,"Tracking");
 /*	Constants and variables */
 
 $is_allowedToTrack = $is_courseAdmin;
-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id);
+$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $courseId);
 
 // Database Table Definitions
 $TABLECOURSUSER	        	= Database::get_main_table(TABLE_MAIN_COURSE_USER);
diff --git a/main/tracking/userlogCSV.php b/main/tracking/userlogCSV.php
index e49047863d..a554aa6dd0 100755
--- a/main/tracking/userlogCSV.php
+++ b/main/tracking/userlogCSV.php
@@ -50,7 +50,7 @@ $nameTools = get_lang('ToolName');
 $is_allowedToTrack = $is_courseAdmin;
 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
     $user_id,
-    $course_id
+    $courseId
 );
 
 // Database Table Definitions
diff --git a/main/work/download_comment_file.php b/main/work/download_comment_file.php
index becd18ddb9..e98198eae2 100755
--- a/main/work/download_comment_file.php
+++ b/main/work/download_comment_file.php
@@ -31,7 +31,8 @@ if (!empty($workData)) {
     }
 
     $work = get_work_data_by_id($workData['work_id']);
-    allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $courseInfo['real_id']);
+
+    protectWork($courseInfo, $work['parent_id']);
 
     if (user_is_author($workData['work_id']) ||
         $courseInfo['show_score'] == 0 &&
diff --git a/main/work/downloadfolder.inc.php b/main/work/downloadfolder.inc.php
index dc832f9612..b229d6b016 100755
--- a/main/work/downloadfolder.inc.php
+++ b/main/work/downloadfolder.inc.php
@@ -92,8 +92,7 @@ if (api_is_allowed_to_edit() || api_is_coach()) {
 
 } else {
     $courseInfo = api_get_course_info();
-
-    allowOnlySubscribedUser(api_get_user_id(), $work_id, $courseInfo['real_id']);
+    protectWork($courseInfo, $work_id);
 
     $userCondition = null;
 
diff --git a/main/work/edit.php b/main/work/edit.php
index b8a6ce744d..431719d01c 100755
--- a/main/work/edit.php
+++ b/main/work/edit.php
@@ -36,7 +36,7 @@ if (empty($parent_data)) {
 
 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
     $user_id,
-    $course_code,
+    $course_id,
     $session_id
 );
 
diff --git a/main/work/upload.php b/main/work/upload.php
index edfa4cd6d5..74730970bf 100755
--- a/main/work/upload.php
+++ b/main/work/upload.php
@@ -28,19 +28,11 @@ if (empty($work_id)) {
     api_not_allowed(true);
 }
 
-$workInfo = get_work_data_by_id($work_id);
-
-if (empty($workInfo)) {
-    api_not_allowed(true);
-}
+protectWork($course_info, $work_id);
 
-if ($workInfo['active'] != 1) {
-    api_not_allowed(true);
-}
-
-allowOnlySubscribedUser($user_id, $work_id, $course_id);
+$workInfo = get_work_data_by_id($work_id);
 
-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id);
+$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id, $session_id);
 $is_course_member = $is_course_member || api_is_platform_admin();
 
 if ($is_course_member == false || api_is_invitee()) {
diff --git a/main/work/upload_from_template.php b/main/work/upload_from_template.php
index 72bb694632..7742908bff 100755
--- a/main/work/upload_from_template.php
+++ b/main/work/upload_from_template.php
@@ -29,19 +29,16 @@ if (empty($work_id)) {
     api_not_allowed(true);
 }
 
-$workInfo = get_work_data_by_id($work_id);
-
-if (empty($workInfo)) {
-    api_not_allowed(true);
-}
+protectWork($course_info, $work_id);
 
-allowOnlySubscribedUser($user_id, $work_id, $course_id);
+$workInfo = get_work_data_by_id($work_id);
 
 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
     $user_id,
-    $course_code,
+    $course_id,
     $session_id
 );
+
 $is_course_member = $is_course_member || api_is_platform_admin();
 
 if ($is_course_member == false) {
diff --git a/main/work/view.php b/main/work/view.php
index a62ba76a9a..94dee32c2e 100755
--- a/main/work/view.php
+++ b/main/work/view.php
@@ -22,11 +22,13 @@ $interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPubl
 $my_folder_data = get_work_data_by_id($work['parent_id']);
 $courseInfo = api_get_course_info();
 
-allowOnlySubscribedUser(
+/*allowOnlySubscribedUser(
     api_get_user_id(),
     $work['parent_id'],
     $courseInfo['real_id']
-);
+);*/
+
+protectWork(api_get_course_info(), $work['parent_id']);
 
 $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
     api_get_user_id(),
diff --git a/main/work/work.lib.php b/main/work/work.lib.php
index 9bc9e4ef34..015d8afcaa 100755
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@@ -1386,6 +1386,13 @@ function getWorkListStudent(
         if ($isSubscribed == false) {
             continue;
         }
+
+        $visibility = api_get_item_visibility($courseInfo, 'work', $work['id'], $session_id);
+
+        if ($visibility != 1) {
+            continue;
+        }
+
         $work['type'] = Display::return_icon('work.png');
         $work['expires_on'] = empty($work['expires_on']) ? null : api_get_local_time($work['expires_on']);
 
@@ -1410,12 +1417,6 @@ function getWorkListStudent(
             $work['feedback'] = ' '.Display::label($count.' '.get_lang('Feedback'), 'info');
         }
 
-        /*$score = getTotalWorkScore($workList);
-
-        if (!is_null($score) && !empty($score)) {
-            $work['title'] .= ' '.Display::return_icon('rate_work.png', get_lang('Score'));
-        }*/
-
         $lastWork = getLastWorkStudentFromParentByUser($userId, $work['id'], $courseInfo);
 
         if (!empty($lastWork)) {
@@ -1453,8 +1454,9 @@ function getWorkListTeacher(
     $getCount = false
 ) {
     $workTable = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
-    $workTableAssignment  = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
+    $workTableAssignment = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
 
+    $courseInfo = api_get_course_info();
     $course_id = api_get_course_int_id();
     $session_id = api_get_session_id();
     $condition_session = api_get_session_condition($session_id);
@@ -1483,7 +1485,8 @@ function getWorkListTeacher(
         }
         $sql = " $select
                 FROM $workTable w
-                LEFT JOIN $workTableAssignment a ON (a.publication_id = w.id AND a.c_id = w.c_id)
+                LEFT JOIN $workTableAssignment a
+                ON (a.publication_id = w.id AND a.c_id = w.c_id)
                 WHERE
                     w.c_id = $course_id
                     $condition_session AND
@@ -1526,10 +1529,29 @@ function getWorkListTeacher(
                 'success'
             );
 
+            $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $session_id);
+
+            if ($visibility == 1) {
+                $icon = 'visible.png';
+                $text = get_lang('Visible');
+                $action = 'invisible';
+                $class = '';
+            } else {
+                $icon = 'invisible.png';
+                $text = get_lang('invisible');
+                $action = 'visible';
+                $class = 'muted';
+            }
+
+            $visibilityLink = Display::url(
+                Display::return_icon($icon, $text, array(), ICON_SIZE_SMALL),
+                api_get_path(WEB_CODE_PATH).'work/work.php?id='.$workId.'&action='.$action.'&'.api_get_cidreq()
+            );
+
             if (empty($work['title'])) {
                 $work['title'] = basename($work['url']);
             }
-            $work['title'] = Display::url($work['title'], $url.'&id='.$workId);
+            $work['title'] = Display::url($work['title'], $url.'&id='.$workId, ['class' => $class]);
             $work['title'] .= ' '.Display::label(get_count_work($work['id']), 'success');
             $work['sent_date'] = api_get_local_time($work['sent_date']);
 
@@ -1572,7 +1594,7 @@ function getWorkListTeacher(
                 $deleteLink = null;
                 $editLink = null;
             }
-            $work['actions'] = $downloadLink.$editLink.$deleteLink;
+            $work['actions'] = $visibilityLink.$downloadLink.$editLink.$deleteLink;
             $works[] = $work;
         }
     }
@@ -2739,6 +2761,7 @@ function allowOnlySubscribedUser($userId, $workId, $courseId)
     if (api_is_platform_admin() || api_is_allowed_to_edit()) {
         return true;
     }
+
     if (userIsSubscribedToWork($userId, $workId, $courseId) == false) {
         api_not_allowed(true);
     }
@@ -4828,3 +4851,49 @@ function getWorkCreatedByUser($user_id, $courseId, $sessionId)
 
     return $forumList;
 }
+
+/**
+ * @param array $courseInfo
+ * @param int $workId
+ * @return bool
+ */
+function protectWork($courseInfo, $workId)
+{
+    $userId = api_get_user_id();
+    $groupId = api_get_group_id();
+    $sessionId = api_get_session_id();
+    $workData = get_work_data_by_id($workId);
+
+    if (empty($workData) || empty($courseInfo)) {
+        api_not_allowed(true);
+    }
+
+    if (api_is_platform_admin() || api_is_allowed_to_edit()) {
+        return true;
+    }
+
+    $workId = $workData['id'];
+
+    if ($workData['active'] != 1) {
+        api_not_allowed(true);
+    }
+
+    $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
+
+    if ($visibility != 1) {
+        api_not_allowed(true);
+    }
+
+    allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
+
+    if (!empty($groupId)) {
+        $showWork = GroupManager::user_has_access(
+            $userId,
+            $groupId,
+            GroupManager::GROUP_TOOL_WORK
+        );
+        if (!$showWork) {
+            api_not_allowed(true);
+        }
+    }
+}
diff --git a/main/work/work.php b/main/work/work.php
index 12c00baf4a..a617d5ed68 100755
--- a/main/work/work.php
+++ b/main/work/work.php
@@ -14,10 +14,10 @@ api_protect_course_script(true);
 
 require_once 'work.lib.php';
 
-$course_info    = api_get_course_info();
-$course_id      = $course_info['real_id'];
-$user_id 	    = api_get_user_id();
-$id_session     = api_get_session_id();
+$course_info = api_get_course_info();
+$course_id = $course_info['real_id'];
+$user_id = api_get_user_id();
+$id_session = api_get_session_id();
 
 // Section (for the tabs)
 $this_section = SECTION_COURSES;
@@ -79,11 +79,11 @@ if (!empty($group_id)) {
     }
 
     if ($action == 'upload_form') {
-        $interbreadcrumb[] = array('url' => 'work.php','name' => get_lang('UploadADocument'));
+        $interbreadcrumb[] = array('url' => 'work.php?'.api_get_cidreq(),'name' => get_lang('UploadADocument'));
     }
 
     if ($action == 'create_dir') {
-        $interbreadcrumb[] = array('url' => 'work.php','name' => get_lang('CreateAssignment'));
+        $interbreadcrumb[] = array('url' => 'work.php?'.api_get_cidreq(),'name' => get_lang('CreateAssignment'));
     }
 } else {
     if ($origin != 'learnpath') {
@@ -254,6 +254,63 @@ switch ($action) {
             header('Location: '.$currentUrl);
             exit;
         }
+        break;
+    case 'visible':
+        if (!$is_allowed_to_edit) {
+            api_not_allowed();
+        }
+
+        api_item_property_update(
+            $courseInfo,
+            'work',
+            $work_id,
+            'visible',
+            api_get_user_id(),
+            null,
+            null,
+            null,
+            null,
+            $session_id
+        );
+        Display::addFlash(
+            Display::return_message(
+                get_lang('VisibilityChanged'),
+                'confirmation'
+            )
+        );
+
+        header('Location: '.$currentUrl);
+        exit;
+
+        break;
+    case 'invisible':
+        if (!$is_allowed_to_edit) {
+            api_not_allowed();
+        }
+
+        api_item_property_update(
+            $courseInfo,
+            'work',
+            $work_id,
+            'invisible',
+            api_get_user_id(),
+            null,
+            null,
+            null,
+            null,
+            $session_id
+        );
+
+        Display::addFlash(
+            Display::return_message(
+                get_lang('VisibilityChanged'),
+                'confirmation'
+            )
+        );
+
+        header('Location: '.$currentUrl);
+        exit;
+
         break;
     case 'list':
         /*	Display list of student publications */
diff --git a/main/work/work_list.php b/main/work/work_list.php
index c14a96203d..c7b6ceac0a 100755
--- a/main/work/work_list.php
+++ b/main/work/work_list.php
@@ -19,58 +19,35 @@ if (empty($workId)) {
     api_not_allowed(true);
 }
 
-$my_folder_data = get_work_data_by_id($workId);
+$courseInfo = api_get_course_info();
 
-if (empty($my_folder_data)) {
-    api_not_allowed(true);
-}
-
-if ($my_folder_data['active'] != 1) {
-    api_not_allowed(true);
-}
+protectWork($courseInfo, $workId);
 
+$my_folder_data = get_work_data_by_id($workId);
 $work_data = get_work_assignment_by_id($workId);
 $tool_name = get_lang('StudentPublications');
 
 $group_id = api_get_group_id();
-$courseInfo = api_get_course_info();
+
 $htmlHeadXtra[] = api_get_jqgrid_js();
 $url_dir = api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq();
 
-allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
-
 if (!empty($group_id)) {
     $group_properties  = GroupManager :: get_group_properties($group_id);
-    $show_work = false;
-
-    if (api_is_allowed_to_edit(false, true)) {
-        $show_work = true;
-    } else {
-        // you are not a teacher
-        $show_work = GroupManager::user_has_access(
-            $user_id,
-            $group_id,
-            GroupManager::GROUP_TOOL_WORK
-        );
-    }
-
-    if (!$show_work) {
-        api_not_allowed();
-    }
-
-    $interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'group/group.php', 'name' => get_lang('Groups'));
-    $interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?gidReq='.$group_id, 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
+    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
+    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
 }
 
-$interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq(), 'name' => get_lang('StudentPublications'));
-$interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'work/work_list.php?'.api_get_cidreq().'&id='.$workId, 'name' =>  $my_folder_data['title']);
+$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq(), 'name' => get_lang('StudentPublications'));
+$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'work/work_list.php?'.api_get_cidreq().'&id='.$workId, 'name' =>  $my_folder_data['title']);
 
 $documentsAddedInWork = getAllDocumentsFromWorkToString($workId, $courseInfo);
 
 Display :: display_header(null);
 
 echo '<div class="actions">';
-echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq().'&origin='.$origin.'">'.Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).'</a>';
+echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq().'&origin='.$origin.'">'.
+    Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).'</a>';
 if (api_is_allowed_to_session_edit(false, true) && !empty($workId) && !api_is_invitee() ) {
     echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/upload.php?'.api_get_cidreq().'&id='.$workId.'&origin='.$origin.'">';
     echo Display::return_icon('upload_file.png', get_lang('UploadADocument'), '', ICON_SIZE_MEDIUM).'</a>';
@@ -88,7 +65,8 @@ if (!empty($error_message)) {
 }
 
 if (!empty($my_folder_data['description'])) {
-    echo '<p><div><strong>'.get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description']).'</p></div></p>';
+    echo '<p><div><strong>'.get_lang('Description').':</strong><p>'.
+        Security::remove_XSS($my_folder_data['description']).'</p></div></p>';
 }
 
 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
diff --git a/main/work/work_list_others.php b/main/work/work_list_others.php
index 363656a236..fbba47836b 100755
--- a/main/work/work_list_others.php
+++ b/main/work/work_list_others.php
@@ -31,7 +31,7 @@ if ($courseInfo['show_score'] == 1) {
     api_not_allowed(true);
 }
 
-allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
+protectWork($courseInfo, $workId);
 
 $htmlHeadXtra[] = api_get_jqgrid_js();
 
diff --git a/tests/main/work/work.lib.test.php b/tests/main/work/work.lib.test.php
index 20c579a43f..ddf23b8cbd 100755
--- a/tests/main/work/work.lib.test.php
+++ b/tests/main/work/work.lib.test.php
@@ -244,22 +244,6 @@ class TestWork extends UnitTestCase {
 		//var_dump($res);
 	}
 
-	/**
-	 * Checks if the first given directory exists as a subdir of the second given directory
-	 * This function should now be deprecated by Security::check_abs_path()
-	 * @param	string	Subdir
-	 * @param	string	Base dir
-	 * @return	integer	-1 on error, 0 if not subdir, 1 if subdir
-	 */
-
-	function testis_subdir_of() {
-		$path_name = api_get_path(SYS_COURSE_PATH);
-		$subdir=$path_name.'work/testing';
-		$basedir=$path_name;
-		$res=is_subdir_of($subdir,$basedir);
-		$this->assertTrue(is_numeric($res));
-		//var_dump($res);
-	}
 
 	/**
 	* returns all the javascript that is required for easily