/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $charset, $_admins_list; $is_admin = in_array($user_id, $_admins_list); $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous = true; } $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for students (not teachers nor other admins) if (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]) { if (!$user_is_anonymous) { if (api_global_admin_can_edit_admin($user_id)) { $result .= '<a href="user_list.php?action=login_as&user_id=' . $user_id . '&sec_token=' . $_SESSION['sec_token'] . '">' . Display::return_icon('login_as.png', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' '; } else { $result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> '; } if (api_is_platform_admin(true)) { $editProfileUrl = Display::getProfileEditionLink($user_id, true); if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="' . $editProfileUrl . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}"); } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id) || $current_user_status_label == $statusname[STUDENT_BOSS]) { $result .= Display::url(Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL), "dashboard_add_users_to_user.php?user={$user_id}"); } if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= Display::url(Display::return_icon('course_add.gif', get_lang('AssignCourses')), "dashboard_add_courses_to_user.php?user={$user_id}"); $result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}"); } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '&modal_size=lg" class="agenda_opener ajax">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; $deleteAllowed = !api_get_configuration_value('deny_delete_users'); if ($deleteAllowed) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . $_SESSION['sec_token'] . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }
<div class="label"><?php echo get_lang('MyApiKey'); ?> </div> <div class="formw"> <input type="text" name="api_key_generate" id="id_api_key_generate" size="40" value="<?php echo $array_list_key[$num]; ?> "/> </div> </div> <?php } break; case 'active_user': if (api_is_platform_admin() && api_global_admin_can_edit_admin($_GET['user_id'])) { $user_id = intval($_GET['user_id']); $status = intval($_GET['status']); if (!empty($user_id)) { $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "UPDATE {$user_table} SET active='" . $status . "' WHERE user_id='" . $user_id . "'"; $result = Database::query($sql); //Send and email if account is active if ($status == 1) { $user_info = api_get_user_info($user_id); $recipient_name = api_get_person_name($user_info['firstname'], $user_info['lastname'], null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '[' . api_get_setting('platform.site_name') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('platform.site_name'); $email_admin = api_get_setting('admin.administrator_email'); $sender_name = api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname'), null, PERSON_NAME_EMAIL_ADDRESS); $emailbody = get_lang('Dear') . " " . stripslashes($recipient_name) . ",\n\n"; $emailbody .= sprintf(get_lang('YourAccountOnXHasJustBeenApprovedByOneOfOurAdministrators'), api_get_setting('platform.site_name')) . "\n";
/** * Checks if user can login as another user * * @param int $loginAsUserId the user id to log in * @param int $userId my user id * @return bool */ function api_can_login_as($loginAsUserId, $userId = null) { if (empty($userId)) { $userId = api_get_user_id(); } if ($loginAsUserId == $userId) { return false; } if (empty($loginAsUserId)) { return false; } if ($loginAsUserId != strval(intval($loginAsUserId))) { return false; } // Check if the user to login is an admin if (api_is_platform_admin_by_id($loginAsUserId)) { // Only super admins can login to admin accounts if (!api_global_admin_can_edit_admin($loginAsUserId)) { return false; } } $userInfo = api_get_user_info($userId); $isDrh = function () use($loginAsUserId) { if (api_is_drh()) { if (api_drh_can_access_all_session_content()) { $users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id()); $userList = array(); foreach ($users as $user) { $userList[] = $user['user_id']; } if (in_array($loginAsUserId, $userList)) { return true; } } else { if (api_is_drh() && UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())) { return true; } } } return false; }; return api_is_platform_admin() || api_is_session_admin() && $userInfo['status'] == 5 || $isDrh(); }
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $_admins_list, $delete_user_available, $app; $is_admin = false; $userId = api_get_user_id(); if (is_array($_admins_list)) { $is_admin = in_array($user_id, $_admins_list); } $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous = true; } $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for // students (not teachers nor other admins), and only if all options // match to say this user has the permission to do so // $_configuration['login_as_forbidden_globally'], defined in // configuration.php, is the master key to these conditions global $_configuration; if (empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]))) { if (!$user_is_anonymous) { if ($app['security']->isGranted('ROLE_GLOBAL_ADMIN')) { // everything looks good, show "login as" link if ($user_id != $userId) { $result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if this user in particular can't be edited, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if anonymous user but other users show the option, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } // Else don't show anything, because the option is not available at all //$result .= Display::url('<i class="icon-key icon-large"></i>', 'roles'); if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' '; } else { $result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } else { if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }
function api_protect_super_admin($admin_id_to_check, $my_user_id = null, $allow_session_admin = false) { if (api_global_admin_can_edit_admin($admin_id_to_check, $my_user_id, $allow_session_admin)) { return true; } else { api_not_allowed(); } }
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $delete_user_available; $userId = api_get_user_id(); $is_admin = $row['is_admin']; $user_is_anonymous = $row['is_anonymous']; $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for // students (not teachers nor other admins), and only if all options // match to say this user has the permission to do so // $_configuration['login_as_forbidden_globally'], defined in // configuration.php, is the master key to these conditions if (Container::getSecurity()->isGranted('ROLE_GLOBAL_ADMIN')) { // everything looks good, show "login as" link if ($user_id != $userId) { $result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if this user in particular can't be edited, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } //var_dump($row['groups']); if (api_is_platform_admin()) { if ($row['groups']->containsKey('drh') || $is_admin) { $result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } else { if ($row['groups']->containsKey('session_admin')) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }