Learnpath: Prevent edit authors,authorlp, authorlpitem, price for non…

… admin - BT#17943
chamilo · Dec 10, 2020 · 477c6b3 · 477c6b3
1 parent b4cded0
commit 477c6b3
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 8 deletions.
diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php
@@ -7437,7 +7437,13 @@ public function display_edit_item(
                 $res_step = Database::query($sql);
                 $row_step = Database::fetch_array($res_step, 'ASSOC');
                 $return .= $this->display_manipulate($item_id, $row['item_type']);
-                $return .= $this->display_document_form('edit', $item_id, $row_step, $excludeExtraFields);
+                $return .= $this->display_document_form(
+                    'edit',
+                    $item_id,
+                    $row_step,
+                    null,
+                    $excludeExtraFields
+                );
                 break;
             case TOOL_QUIZ:
                 $return .= $this->display_manipulate($item_id, $row['item_type']);
@@ -7449,11 +7455,11 @@ public function display_edit_item(
                 break;
             case TOOL_STUDENTPUBLICATION:
                 $return .= $this->display_manipulate($item_id, $row['item_type']);
-                $return .= $this->display_student_publication_form('edit', $item_id, $row);
+                $return .= $this->display_student_publication_form('edit', $item_id, $row,null,$excludeExtraFields);
                 break;
             case TOOL_FORUM:
                 $return .= $this->display_manipulate($item_id, $row['item_type']);
-                $return .= $this->display_forum_form('edit', $item_id, $row);
+                $return .= $this->display_forum_form('edit', $item_id, $row, $excludeExtraFields);
                 break;
             case TOOL_THREAD:
                 $return .= $this->display_manipulate($item_id, $row['item_type']);
@@ -7944,7 +7950,12 @@ public function display_hotpotatoes_form($action = 'add', $id = 0, $extra_info =
      *
      * @return string HTML form
      */
-    public function display_forum_form($action = 'add', $id = 0, $extra_info = '')
+    public function display_forum_form(
+        $action = 'add',
+        $id = 0,
+        $extra_info = '',
+        $excludeExtraFields = []
+    )
     {
         $course_id = api_get_course_int_id();
         $tbl_forum = Database::get_course_table(TABLE_FORUM);
@@ -8098,7 +8109,7 @@ public function display_forum_form($action = 'add', $id = 0, $extra_info = '')
 
         if ('edit' === $action) {
             $extraField = new ExtraField('lp_item');
-            $extraField->addElements($form, $id);
+            $extraField->addElements($form, $id, $excludeExtraFields);
         }
 
         if ($action == 'add') {
@@ -9631,7 +9642,8 @@ public function display_student_publication_form(
         $action = 'add',
         $id = 0,
         $extra_info = '',
-        $item = null
+        $item = null,
+        $excludeExtraFields = []
     ) {
         $course_id = api_get_course_int_id();
         $tbl_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
@@ -9760,7 +9772,7 @@ public function display_student_publication_form(
 
         if ('edit' === $action) {
             $extraField = new ExtraField('lp_item');
-            $extraField->addElements($form, $id);
+            $extraField->addElements($form, $id, $excludeExtraFields);
         }
 
         if ($action === 'add') {

diff --git a/main/lp/lp_admin_view.php b/main/lp/lp_admin_view.php
@@ -29,6 +29,17 @@
 $submit = isset($_POST['submit_button']) ? $_POST['submit_button'] : null;
 $_course = api_get_course_info();
 
+$excludeExtraFields = [
+    'authors',
+    'authorlp',
+    'authorlpitem',
+    'price',
+];
+if (api_is_platform_admin() ) {
+    // Only admins can edit this items
+    $excludeExtraFields = [];
+}
+
 if (!$is_allowed_to_edit || $isStudentView) {
     header('location:lp_controller.php?action=view&lp_id='.$learnpath_id);
     exit;
@@ -271,7 +282,10 @@ function confirmation(name) {
                 'confirm'
             );
         } else {
-            echo $learnPath->display_edit_item($_GET['id']);
+            echo $learnPath->display_edit_item(
+                $_GET['id'],
+                $excludeExtraFields
+            );
         }
         break;
     case 'delete_item':