if (!api_is_drh()) {
api_not_allowed(true);
}
} else {
api_protect_admin_script();
}
// Database table definitions
$table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$database = Database::get_main_database();
$userId = isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : '';
$userInfo = api_get_user_info($userId);
if (empty($userInfo)) {
api_not_allowed(true);
}
$userIsFollowed = UserManager::is_user_followed_by_drh($userId, api_get_user_id());
if (api_drh_can_access_all_session_content()) {
$students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id(), false, 0, null, null, 'desc', null, null, null, null, null, STUDENT);
if (empty($students)) {
api_not_allowed(true);
}
$userIdList = array();
foreach ($students as $student) {
$userIdList[] = $student['user_id'];
}
if (!in_array($userId, $userIdList)) {
api_not_allowed(true);
}
} else {
if (!$userIsFollowed) {
api_not_allowed(true);
/**
* Check if the $fromUser can comment the $toUser skill issue
* @param Chamilo\UserBundle\Entity\User $fromUser
* @param Chamilo\UserBundle\Entity\User $toUser
* @return boolean
*/
public static function userCanAddFeedbackToUser(User $fromUser, User $toUser)
{
if (api_is_platform_admin()) {
return true;
}
$entityManager = Database::getManager();
$userRepo = $entityManager->getRepository('ChamiloUserBundle:User');
$fromUserStatus = $fromUser->getStatus();
switch ($fromUserStatus) {
case SESSIONADMIN:
if (api_get_setting('allow_session_admins_to_manage_all_sessions') === 'true') {
if ($toUser->getCreatorId() === $fromUser->getId()) {
return true;
}
}
$sessionAdmins = $userRepo->getSessionAdmins($toUser);
foreach ($sessionAdmins as $sessionAdmin) {
if ($sessionAdmin->getId() !== $fromUser->getId()) {
continue;
}
return true;
}
break;
case STUDENT_BOSS:
$studentBosses = $userRepo->getStudentBosses($toUser);
foreach ($studentBosses as $studentBoss) {
if ($studentBoss->getId() !== $fromUser->getId()) {
continue;
}
return true;
}
case DRH:
return UserManager::is_user_followed_by_drh($toUser->getId(), $fromUser->getId());
}
return false;
}
/**
* Checks if user can login as another user
*
* @param int $loginAsUserId the user id to log in
* @param int $userId my user id
* @return bool
*/
function api_can_login_as($loginAsUserId, $userId = null)
{
if (empty($userId)) {
$userId = api_get_user_id();
}
if ($loginAsUserId == $userId) {
return false;
}
if (empty($loginAsUserId)) {
return false;
}
if ($loginAsUserId != strval(intval($loginAsUserId))) {
return false;
}
// Check if the user to login is an admin
if (api_is_platform_admin_by_id($loginAsUserId)) {
// Only super admins can login to admin accounts
if (!api_global_admin_can_edit_admin($loginAsUserId)) {
return false;
}
}
$userInfo = api_get_user_info($userId);
$isDrh = function () use($loginAsUserId) {
if (api_is_drh()) {
if (api_drh_can_access_all_session_content()) {
$users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id());
$userList = array();
foreach ($users as $user) {
$userList[] = $user['user_id'];
}
if (in_array($loginAsUserId, $userList)) {
return true;
}
} else {
if (api_is_drh() && UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())) {
return true;
}
}
}
return false;
};
return api_is_platform_admin() || api_is_session_admin() && $userInfo['status'] == 5 || $isDrh();
}
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), api_get_course_info());
if (api_is_drh() && !api_is_platform_admin()) {
if (!empty($student_id)) {
if (api_drh_can_access_all_session_content()) {
//@todo securize drh with student id
/*$users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id());
$userList = array();
foreach ($users as $user) {
$userList[] = $user['user_id'];
}
if (!in_array($student_id, $userList)) {
api_not_allowed(true);
}*/
} else {
if (!$isDrhOfCourse) {
if (api_is_drh() && !UserManager::is_user_followed_by_drh($student_id, api_get_user_id())) {
api_not_allowed(true);
}
}
}
}
}
Display::display_header($nameTools);
if (isset($message)) {
echo $message;
}
$token = Security::get_token();
if (!empty($student_id)) {
// Actions bar
echo '<div class="actions">';
echo '<a href="javascript: window.history.go(-1);" ">' . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . '</a>';
