Esempio n. 1
0
    if (!api_is_drh()) {
        api_not_allowed(true);
    }
} else {
    api_protect_admin_script();
}
// Database table definitions
$table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$database = Database::get_main_database();
$userId = isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : '';
$userInfo = api_get_user_info($userId);
if (empty($userInfo)) {
    api_not_allowed(true);
}
$userIsFollowed = UserManager::is_user_followed_by_drh($userId, api_get_user_id());
if (api_drh_can_access_all_session_content()) {
    $students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id(), false, 0, null, null, 'desc', null, null, null, null, null, STUDENT);
    if (empty($students)) {
        api_not_allowed(true);
    }
    $userIdList = array();
    foreach ($students as $student) {
        $userIdList[] = $student['user_id'];
    }
    if (!in_array($userId, $userIdList)) {
        api_not_allowed(true);
    }
} else {
    if (!$userIsFollowed) {
        api_not_allowed(true);
Esempio n. 2
0
 /**
  * Check if the $fromUser can comment the $toUser skill issue 
  * @param Chamilo\UserBundle\Entity\User $fromUser
  * @param Chamilo\UserBundle\Entity\User $toUser
  * @return boolean
  */
 public static function userCanAddFeedbackToUser(User $fromUser, User $toUser)
 {
     if (api_is_platform_admin()) {
         return true;
     }
     $entityManager = Database::getManager();
     $userRepo = $entityManager->getRepository('ChamiloUserBundle:User');
     $fromUserStatus = $fromUser->getStatus();
     switch ($fromUserStatus) {
         case SESSIONADMIN:
             if (api_get_setting('allow_session_admins_to_manage_all_sessions') === 'true') {
                 if ($toUser->getCreatorId() === $fromUser->getId()) {
                     return true;
                 }
             }
             $sessionAdmins = $userRepo->getSessionAdmins($toUser);
             foreach ($sessionAdmins as $sessionAdmin) {
                 if ($sessionAdmin->getId() !== $fromUser->getId()) {
                     continue;
                 }
                 return true;
             }
             break;
         case STUDENT_BOSS:
             $studentBosses = $userRepo->getStudentBosses($toUser);
             foreach ($studentBosses as $studentBoss) {
                 if ($studentBoss->getId() !== $fromUser->getId()) {
                     continue;
                 }
                 return true;
             }
         case DRH:
             return UserManager::is_user_followed_by_drh($toUser->getId(), $fromUser->getId());
     }
     return false;
 }
Esempio n. 3
0
/**
 * Checks if user can login as another user
 *
 * @param int $loginAsUserId the user id to log in
 * @param int $userId my user id
 * @return bool
 */
function api_can_login_as($loginAsUserId, $userId = null)
{
    if (empty($userId)) {
        $userId = api_get_user_id();
    }
    if ($loginAsUserId == $userId) {
        return false;
    }
    if (empty($loginAsUserId)) {
        return false;
    }
    if ($loginAsUserId != strval(intval($loginAsUserId))) {
        return false;
    }
    // Check if the user to login is an admin
    if (api_is_platform_admin_by_id($loginAsUserId)) {
        // Only super admins can login to admin accounts
        if (!api_global_admin_can_edit_admin($loginAsUserId)) {
            return false;
        }
    }
    $userInfo = api_get_user_info($userId);
    $isDrh = function () use($loginAsUserId) {
        if (api_is_drh()) {
            if (api_drh_can_access_all_session_content()) {
                $users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id());
                $userList = array();
                foreach ($users as $user) {
                    $userList[] = $user['user_id'];
                }
                if (in_array($loginAsUserId, $userList)) {
                    return true;
                }
            } else {
                if (api_is_drh() && UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())) {
                    return true;
                }
            }
        }
        return false;
    };
    return api_is_platform_admin() || api_is_session_admin() && $userInfo['status'] == 5 || $isDrh();
}
Esempio n. 4
0
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), api_get_course_info());
if (api_is_drh() && !api_is_platform_admin()) {
    if (!empty($student_id)) {
        if (api_drh_can_access_all_session_content()) {
            //@todo securize drh with student id
            /*$users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id());
              $userList = array();
              foreach ($users as $user) {
                  $userList[] = $user['user_id'];
              }
              if (!in_array($student_id, $userList)) {
                  api_not_allowed(true);
              }*/
        } else {
            if (!$isDrhOfCourse) {
                if (api_is_drh() && !UserManager::is_user_followed_by_drh($student_id, api_get_user_id())) {
                    api_not_allowed(true);
                }
            }
        }
    }
}
Display::display_header($nameTools);
if (isset($message)) {
    echo $message;
}
$token = Security::get_token();
if (!empty($student_id)) {
    // Actions bar
    echo '<div class="actions">';
    echo '<a href="javascript: window.history.go(-1);" ">' . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . '</a>';