Student followup: Add session visibility validation BT#12723

chamilo · Jul 9, 2021 · 738a369 · 738a369
1 parent adb5b52
commit 738a369
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 13 deletions.
diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
@@ -2784,6 +2784,7 @@ function api_get_session_info($id)
  * @param int  $session_id
  * @param int  $courseId
  * @param bool $ignore_visibility_for_admins
+ * @param int  $userId
  *
  * @return int
  *             0 = session still available,

diff --git a/plugin/studentfollowup/StudentFollowUpPlugin.php b/plugin/studentfollowup/StudentFollowUpPlugin.php
@@ -105,15 +105,14 @@ public static function getPermissions($studentId, $currentUserId)
             $showPrivate = true;
         } else {
             $isDrh = api_is_drh();
-            $isCareTaker = false;
             $isDrhRelatedViaPost = false;
             $isCourseCoach = false;
             $isDrhRelatedToSession = false;
 
-            // Only admins and DRH that follow the user
+            // Only admins and DRH that follow the user.
             $isAdmin = api_is_platform_admin();
 
-            // Check if user is care taker
+            // Check if user is care taker.
             if ($isDrh) {
                 $criteria = [
                     'user' => $studentId,
@@ -126,11 +125,12 @@ public static function getPermissions($studentId, $currentUserId)
                 }
             }
 
-            // Check if course session coach
+            // Student sessions.
             $sessions = SessionManager::get_sessions_by_user($studentId, false, true);
             if (!empty($sessions)) {
                 foreach ($sessions as $session) {
                     $sessionId = $session['session_id'];
+                    // Check if the current user is following that session.
                     $sessionDrhInfo = SessionManager::getSessionFollowedByDrh(
                         $currentUserId,
                         $sessionId
@@ -139,21 +139,31 @@ public static function getPermissions($studentId, $currentUserId)
                         $isDrhRelatedToSession = true;
                         break;
                     }
-                    foreach ($session['courses'] as $course) {
-                        $coachList = SessionManager::getCoachesByCourseSession(
-                            $sessionId,
-                            $course['real_id']
-                        );
-                        if (!empty($coachList) && in_array($currentUserId, $coachList)) {
-                            $isCourseCoach = true;
-                            break 2;
+
+                    // Check if teacher is coach between the date limits.
+                    $visibility = api_get_session_visibility(
+                        $sessionId,
+                        null,
+                        true,
+                        $currentUserId
+                    );
+
+                    if (SESSION_AVAILABLE === $visibility && isset($session['courses']) && !empty($session['courses'])) {
+                        foreach ($session['courses'] as $course) {
+                            $coachList = SessionManager::getCoachesByCourseSession(
+                                $sessionId,
+                                $course['real_id']
+                            );
+                            if (!empty($coachList) && in_array($currentUserId, $coachList)) {
+                                $isCourseCoach = true;
+                                break 2;
+                            }
                         }
                     }
                 }
             }
 
             $isCareTaker = $isDrhRelatedViaPost && $isDrhRelatedToSession;
-
             $isAllow = $isAdmin || $isCareTaker || $isDrhRelatedToSession || $isCourseCoach;
             $showPrivate = $isAdmin || $isCareTaker;
         }