Beispiel #1
0
                            }
                        }
                    }
                }
            }
            //successful, maybe, so direct to...
            if (!$system_message) {
                header("Location: manage_student.php");
                exit;
            } else {
                $system_message = "The student has been partially copied. Some errors have occured:<BR>" . $system_message;
            }
        }
    }
}
if (!connectUserDB()) {
    $error_message = $error_message;
    //just to remember we need this
    $system_message = $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//find all of the available schools..
if (!connectIPPDB()) {
    $error_message = $error_message;
    //just to remember we need this
    $system_message = $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
$school_query = "SELECT * FROM school WHERE 1=1";
$school_result = mysql_query($school_query);
if (!$school_result) {
Beispiel #2
0
/** @fn 		getStudentPermission($student_id='')
 *  @brief		Determines user's access to specific student's records
 *  @detail
 *  1. Returns error or null under some circumstances.
 *  2. Otherwise, may return NONE,ERROR,READ,WRITE(READ,WRITE),ASSIGN(READ,WRITE,ASSIGN),ALL(READ,WRITE,ASSIGN,DELETE), or support_list['permission'] or NONE for no permissions.		
 * @param string $student_id
 * @return string|NULL|Ambigous
 * @todo	
 * 1. Rename function because it is a confusing name
 * 2. It can start with get_. Separate words with underscores. Perhaps get_access_to_student_record().
 */
function getStudentPermission($student_id = '')
{
    //returns NONE,ERROR,READ,WRITE(READ,WRITE),ASSIGN(READ,WRITE,ASSIGN),ALL(READ,WRITE,ASSIGN,DELETE),
    //or support_list['permission'] or NONE for no permissions.
    global $error_message, $mysql_user_select_login, $mysql_user_select_password, $mysql_user_table, $mysql_user_append_to_login;
    $error_message = "";
    $permission_level = getPermissionLevel($_SESSION['egps_username']);
    if ($permission_level == NULL) {
        return "ERROR";
    }
    //find the currently logged in persons school code...
    if (!connectUserDB()) {
        $error_message = $error_message;
        //just to remember we need this
        return "ERROR";
    }
    $query = "SELECT * FROM {$mysql_user_table} WHERE (" . $mysql_user_select_login . "='" . $_SESSION['egps_username'] . $mysql_user_append_to_login . "' or " . $mysql_user_select_login . "='" . $_SESSION['egps_username'] . "') and " . $mysql_user_select_password . "='" . $_SESSION['password'] . "' AND aliased_name IS NULL";
    $result = mysql_query($query);
    if (!$result) {
        $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$query}'<BR>";
        return "ERROR";
    }
    $user_row = mysql_fetch_array($result);
    $school_code = $user_row['school_code'];
    if (!connectIPPDB()) {
        $error_message = $error_message;
        //just to remember we need this
        return "ERROR";
    }
    //check if this staff member is local to this student...
    $local_query = "SELECT * FROM school_history WHERE student_id={$student_id} AND school_code='{$school_code}' AND end_date IS NULL";
    $local_result = mysql_query($local_query);
    //ignore errors...
    $is_local_student = FALSE;
    if ($local_result && mysql_num_rows($local_result) > 0) {
        $is_local_student = TRUE;
    }
    //Special case we are the school-based IPP administrator
    //get our school code
    $error_message = "";
    if (!connectIPPDB()) {
        $error_message = $error_message;
        //just to remember we need this
        return NULL;
    }
    $system_query = "SELECT * from support_member WHERE egps_username='******'egps_username'] . "'";
    $system_result = mysql_query($system_query);
    if (!$system_result) {
        $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$system_query}'<BR>";
        return "ERROR";
    } else {
        $system_row = mysql_fetch_array($system_result);
        if ($is_local_student && $system_row['is_local_ipp_administrator'] == 'Y') {
            return "ASSIGN";
        }
    }
    //base our permission on the level we're assigned.
    switch ($permission_level) {
        case 0:
            //Super Admin
        //Super Admin
        case 10:
            //Administrator
            return "ALL";
        case 30:
            //Principal (assign local) special case
            //fall through and return ALL for local students.
        //Principal (assign local) special case
        //fall through and return ALL for local students.
        case 20:
            //Assistant Admin. (view all) special case
            //fall through and return at least read...
        //Assistant Admin. (view all) special case
        //fall through and return at least read...
        case 40:
            //Vice Principal (view local)
        //Vice Principal (view local)
        default:
            //we need to find the permissions from the support list
            //as this user has no inherent permissions...
            $support_query = "SELECT * FROM support_list WHERE egps_username='******'egps_username'] . "' AND student_id={$student_id}";
            $support_result = mysql_query($support_query);
            //if(mysql_num_rows($support_result) <= 0) {
            switch ($permission_level) {
                case 30:
                case 40:
                    //changed as per s. chomistek (2006-03-23)
                    if ($is_local_student) {
                        return "ASSIGN";
                    } else {
                        return "NONE";
                    }
                case 20:
                    //Asst admin special case of read for all
                    if ($is_local_student) {
                        return "ASSIGN";
                    } else {
                        return "READ";
                    }
                    //case 40: //vp special case read local
                    //   if($is_local_student) return "READ";
                    //else return "NONE";
                //case 40: //vp special case read local
                //   if($is_local_student) return "READ";
                //else return "NONE";
                default:
                    //return "NONE";
            }
            //} //else {
            $row = mysql_fetch_array($support_result);
            if ($row['permission'] != '') {
                return $row['permission'];
            }
            return "NONE";
            //}
    }
}