if (!api_is_drh()) { api_not_allowed(true); } } else { api_protect_admin_script(); } // Database table definitions $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN); $table_user = Database::get_main_table(TABLE_MAIN_USER); $database = Database::get_main_database(); $userId = isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : ''; $userInfo = api_get_user_info($userId); if (empty($userInfo)) { api_not_allowed(true); } $userIsFollowed = UserManager::is_user_followed_by_drh($userId, api_get_user_id()); if (api_drh_can_access_all_session_content()) { $students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id(), false, 0, null, null, 'desc', null, null, null, null, null, STUDENT); if (empty($students)) { api_not_allowed(true); } $userIdList = array(); foreach ($students as $student) { $userIdList[] = $student['user_id']; } if (!in_array($userId, $userIdList)) { api_not_allowed(true); } } else { if (!$userIsFollowed) { api_not_allowed(true);
/** * Check if the $fromUser can comment the $toUser skill issue * @param Chamilo\UserBundle\Entity\User $fromUser * @param Chamilo\UserBundle\Entity\User $toUser * @return boolean */ public static function userCanAddFeedbackToUser(User $fromUser, User $toUser) { if (api_is_platform_admin()) { return true; } $entityManager = Database::getManager(); $userRepo = $entityManager->getRepository('ChamiloUserBundle:User'); $fromUserStatus = $fromUser->getStatus(); switch ($fromUserStatus) { case SESSIONADMIN: if (api_get_setting('allow_session_admins_to_manage_all_sessions') === 'true') { if ($toUser->getCreatorId() === $fromUser->getId()) { return true; } } $sessionAdmins = $userRepo->getSessionAdmins($toUser); foreach ($sessionAdmins as $sessionAdmin) { if ($sessionAdmin->getId() !== $fromUser->getId()) { continue; } return true; } break; case STUDENT_BOSS: $studentBosses = $userRepo->getStudentBosses($toUser); foreach ($studentBosses as $studentBoss) { if ($studentBoss->getId() !== $fromUser->getId()) { continue; } return true; } case DRH: return UserManager::is_user_followed_by_drh($toUser->getId(), $fromUser->getId()); } return false; }
/** * Checks if user can login as another user * * @param int $loginAsUserId the user id to log in * @param int $userId my user id * @return bool */ function api_can_login_as($loginAsUserId, $userId = null) { if (empty($userId)) { $userId = api_get_user_id(); } if ($loginAsUserId == $userId) { return false; } if (empty($loginAsUserId)) { return false; } if ($loginAsUserId != strval(intval($loginAsUserId))) { return false; } // Check if the user to login is an admin if (api_is_platform_admin_by_id($loginAsUserId)) { // Only super admins can login to admin accounts if (!api_global_admin_can_edit_admin($loginAsUserId)) { return false; } } $userInfo = api_get_user_info($userId); $isDrh = function () use($loginAsUserId) { if (api_is_drh()) { if (api_drh_can_access_all_session_content()) { $users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id()); $userList = array(); foreach ($users as $user) { $userList[] = $user['user_id']; } if (in_array($loginAsUserId, $userList)) { return true; } } else { if (api_is_drh() && UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())) { return true; } } } return false; }; return api_is_platform_admin() || api_is_session_admin() && $userInfo['status'] == 5 || $isDrh(); }
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), api_get_course_info()); if (api_is_drh() && !api_is_platform_admin()) { if (!empty($student_id)) { if (api_drh_can_access_all_session_content()) { //@todo securize drh with student id /*$users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id()); $userList = array(); foreach ($users as $user) { $userList[] = $user['user_id']; } if (!in_array($student_id, $userList)) { api_not_allowed(true); }*/ } else { if (!$isDrhOfCourse) { if (api_is_drh() && !UserManager::is_user_followed_by_drh($student_id, api_get_user_id())) { api_not_allowed(true); } } } } } Display::display_header($nameTools); if (isset($message)) { echo $message; } $token = Security::get_token(); if (!empty($student_id)) { // Actions bar echo '<div class="actions">'; echo '<a href="javascript: window.history.go(-1);" ">' . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . '</a>';