/** * _setUpAjaxList * * @access public * @return void */ function _setUpAjaxList() { // Set up Columns $columns = array(array("Course.id", "", "", "hidden"), array("Course.course", __("Course", true), "15em", "action", "Course Home"), array("Course.title", __("Title", true), "auto", "action", "Course Home"), array("Course.creator_id", "", "", "hidden"), array("Course.record_status", __("Status", true), "5em", "map", array("A" => __("Active", true), "I" => __("Inactive", true))), array("Course.creator", __("Created by", true), "10em", "action", "View Creator")); // put all the joins together $joinTables = array(); // super admins if (User::hasPermission('functions/superadmin')) { $extraFilters = ''; // faculty admins } else { if (User::hasPermission('controllers/departments')) { // includes both FacultyAdmin'd and Instructed courses (outside admin fac) $adminList = User::getMyDepartmentsCourseList('list'); $adminKeys = array_keys($adminList); $instrList = $this->Course->getCourseByInstructor($this->Auth->user('id')); $instrKeys = Set::extract('/Course/id', $instrList); $extraFilters = array('Course.id' => array_merge($adminKeys, $instrKeys)); // instructors } else { $extraFilters = array('Instructor.id' => $this->Auth->user('id')); } } // Set up actions $warning = __("Are you sure you want to delete this course permanently?", true); $actions = array(array(__("Course Home", true), "", "", "", "home", "Course.id"), array(__("View Record", true), "", "", "", "view", "Course.id"), array(__("Edit Course", true), "", "", "", "edit", "Course.id"), array(__("Delete Course", true), $warning, "", "", "delete", "Course.id"), array(__("View Creator", true), "", "", "users", "view", "Course.creator_id")); $recursive = 0; $this->AjaxList->setUp($this->Course, $columns, $actions, 'Course.course', 'Course.course', $joinTables, $extraFilters, $recursive); }
/** * surveyAccess * * @param mixed $survey * * @access public * @return void */ function surveyAccess($survey) { // instructor if (!User::hasPermission('controllers/departments')) { $instructorIds = array($this->Auth->user('id')); // admins } else { // course ids $courseIds = array_keys(User::getMyDepartmentsCourseList('list')); // instructors $instructors = $this->UserCourse->findAllByCourseId($courseIds); $instructorIds = Set::extract($instructors, '/UserCourse/user_id'); // add the user's id array_push($instructorIds, $this->Auth->user('id')); } return in_array($survey['Survey']['creator_id'], $instructorIds) || User::hasPermission('functions/superadmin'); }
/** * View an email template * @param <type> $id template id */ function view($id) { $this->set('title_for_layout', __('View Email Template', true)); //title for view // retrieving the requested email template $template = $this->EmailTemplate->findById($id); // check to see if $id is valid - numeric & is a email template if (!is_numeric($id) || empty($template)) { $this->Session->setFlash(__('Error: Invalid ID.', true)); $this->redirect('index'); return; } // check for permissions if the email template is not public if ($template['EmailTemplate']['availability'] != '1' && !User::hasPermission('functions/superadmin')) { // instructor if (!User::hasPermission('controllers/departments')) { $instructorIds = array($this->Auth->user('id')); // admins } else { // course ids $courseIds = array_keys(User::getMyDepartmentsCourseList('list')); // instructors $instructors = $this->UserCourse->findAllByCourseId($courseIds); $instructorIds = Set::extract($instructors, '/UserCourse/user_id'); // add the user's id array_push($instructorIds, $this->Auth->user('id')); } // creator's id be in the array of accessible user ids if (!in_array($template['EmailTemplate']['creator_id'], $instructorIds)) { $this->Session->setFlash(__('Error: You do not have permission to vie this email template', true)); $this->redirect('index'); } } $this->data = $this->EmailTemplate->findById($id); $this->set('readonly', true); }
/** * delete * * @param mixed $id * * @access public * @return void */ function delete($id) { // retrieving the requested rubric $eval = $this->Rubric->getEventSub($id); // check to see if $id is valid - numeric & is a rubric if (!is_numeric($id) || empty($eval)) { $this->Session->setFlash(__('Error: Invalid ID.', true)); $this->redirect('index'); return; } if (!User::hasPermission('functions/superadmin')) { // instructor if (!User::hasPermission('controllers/departments')) { $instructorIds = array($this->Auth->user('id')); // admins } else { // course ids $courseIds = array_keys(User::getMyDepartmentsCourseList('list')); // instructors $instructors = $this->UserCourse->findAllByCourseId($courseIds); $instructorIds = Set::extract($instructors, '/UserCourse/user_id'); // add the user's id array_push($instructorIds, $this->Auth->user('id')); } // creator id must be in the array of accessible user ids if (!in_array($eval['Rubric']['creator_id'], $instructorIds)) { $this->Session->setFlash(__('Error: You do not have permission to delete this rubric', true)); $this->redirect('index'); return; } } // Deny Deleting evaluations in use: if ($this->Rubric->getEventCount($id)) { $this->Session->setFlash(__('This evaluation is in use. Please remove all the events assosiated with this evaluation first.', true), 'error'); } else { if ($this->Rubric->delete($id, true)) { $this->Session->setFlash(__('The rubric was deleted successfully.', true), 'good'); } } $this->redirect('index'); }
/** * getAccessibleCourses * * @access public * @return list of course ids */ function getAccessibleCourses() { if (User::hasPermission('functions/user/admin')) { return array_keys(User::getMyDepartmentsCourseList('list')); } else { return array_keys(User::getMyCourseList()); } }
/** * delete * * @param mixed $id * * @access public * @return void */ function delete($id) { if (!User::hasPermission('controllers/mixevals')) { $this->Session->setFlash(__('You do not have permission to delete mixed evaluations', true)); $this->redirect('/home'); return; } // retrieving the requested mixed evaluation $eval = $this->Mixeval->find('first', array('conditions' => array('id' => $id), 'contain' => array('Event'))); // check to see if $id is valid - numeric & is a mixed evaluation if (!is_numeric($id) || empty($eval)) { $this->Session->setFlash(__('Invalid ID.', true)); $this->redirect('index'); return; } if (!User::hasPermission('functions/superadmin')) { // instructor if (!User::hasPermission('controllers/departments')) { $instructorIds = array($this->Auth->user('id')); // admins } else { // course ids $courseIds = array_keys(User::getMyDepartmentsCourseList('list')); // instructors $instructors = $this->UserCourse->findAllByCourseId($courseIds); $instructorIds = Set::extract($instructors, '/UserCourse/user_id'); // add the user's id array_push($instructorIds, $this->Auth->user('id')); } // creator's id be in the array of accessible user ids if (!in_array($eval['Mixeval']['creator_id'], $instructorIds)) { $this->Session->setFlash(__('Error: You do not have permission to delete this evaluation', true)); $this->redirect('index'); return; } } // Deny Deleting evaluations in use: $this->Mixeval->id = $id; $data = $this->Mixeval->read(); $inUse = 0 < count($data['Event']); if ($inUse) { $message = __("This evaluation is now in use, and can NOT be deleted.<br />", true); $message .= __("Please remove all the events associated with this evaluation first.", true); $this->Session->setFlash($message); $this->redirect('index'); // exit; } else { if ($this->Mixeval->delete($id)) { $this->Session->setFlash(__('The Mixed Evaluation was removed successfully.', true), 'good'); $this->redirect('index'); } else { $this->Session->setFlash($this->Mixeval->errorMessage, 'error'); } } }