Improve function is_lp_visible_for_student see BT#15881

chamilo · Jul 16, 2019 · a348c8f · a348c8f
1 parent 514b3c7
commit a348c8f
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 86 deletions.
diff --git a/main/document/download_scorm.php b/main/document/download_scorm.php
@@ -29,7 +29,7 @@
 }
 
 // If is visible for the current user
-if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id())) {
+if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id(), $_course)) {
     api_not_allowed();
 }
 

diff --git a/main/inc/lib/course_home.lib.php b/main/inc/lib/course_home.lib.php
@@ -140,7 +140,7 @@ public static function show_tool_3column($cat, $userId = null)
                     !learnpath::is_lp_visible_for_student(
                         $lpId,
                         api_get_user_id(),
-                        api_get_course_id(),
+                        api_get_course_info(),
                         api_get_session_id()
                     )
                 ) {
@@ -352,7 +352,7 @@ public static function show_tool_2column($course_tool_category)
                         !learnpath::is_lp_visible_for_student(
                             $lpId,
                             api_get_user_id(),
-                            api_get_course_id(),
+                            api_get_course_info(),
                             api_get_session_id()
                         )
                     ) {
@@ -679,7 +679,7 @@ public static function get_tools_category(
                         $add = learnpath::is_lp_visible_for_student(
                             $lpId,
                             $userId,
-                            $courseInfo['code'],
+                            $courseInfo,
                             $sessionId
                         );
                     }
@@ -868,7 +868,7 @@ public static function show_tools_category($all_tools_list)
                         !learnpath::is_lp_visible_for_student(
                             $lpId,
                             api_get_user_id(),
-                            api_get_course_id(),
+                            api_get_course_info(),
                             api_get_session_id()
                         )
                     ) {

diff --git a/main/inc/lib/display.lib.php b/main/inc/lib/display.lib.php
@@ -1725,7 +1725,7 @@ public static function show_notification($courseInfo, $loadAjax = true)
             }
 
             if ($notification['tool'] == TOOL_LEARNPATH) {
-                if (!learnpath::is_lp_visible_for_student($notification['ref'], $user_id, $course_code)) {
+                if (!learnpath::is_lp_visible_for_student($notification['ref'], $user_id, $courseInfo)) {
                     continue;
                 }
             }

diff --git a/main/inc/lib/groupmanager.lib.php b/main/inc/lib/groupmanager.lib.php
@@ -2233,24 +2233,26 @@ public static function get_user_group_name($user_id)
      * Get all groups where a specific user is subscribed.
      *
      * @param int $user_id
+     * @param int $courseId
      *
      * @return array
      */
-    public static function getAllGroupPerUserSubscription($user_id)
+    public static function getAllGroupPerUserSubscription($user_id, $courseId = 0)
     {
         $table_group_user = Database::get_course_table(TABLE_GROUP_USER);
         $table_tutor_user = Database::get_course_table(TABLE_GROUP_TUTOR);
         $table_group = Database::get_course_table(TABLE_GROUP);
-        $user_id = intval($user_id);
-        $course_id = api_get_course_int_id();
+        $user_id = (int) $user_id;
+        $courseId = empty($courseId) ? api_get_course_int_id() : (int) $courseId;
+
         $sql = "SELECT DISTINCT g.*
                FROM $table_group g
                LEFT JOIN $table_group_user gu
                ON (gu.group_id = g.iid AND g.c_id = gu.c_id)
                LEFT JOIN $table_tutor_user tu
                ON (tu.group_id = g.iid AND g.c_id = tu.c_id)
                WHERE
-                  g.c_id = $course_id AND
+                  g.c_id = $courseId AND
                   (gu.user_id = $user_id OR tu.user_id = $user_id) ";
         $res = Database::query($sql);
         $groups = [];

diff --git a/main/inc/lib/webservices/Rest.php b/main/inc/lib/webservices/Rest.php
@@ -760,7 +760,7 @@ public function getCourseLearnPaths()
                 if (!learnpath::is_lp_visible_for_student(
                     $lpId,
                     $this->user->getId(),
-                    $this->course->getCode(),
+                    api_get_course_info($this->course->getCode()),
                     $sessionId
                 )) {
                     continue;

diff --git a/main/lp/download.php b/main/lp/download.php
@@ -14,6 +14,7 @@
 
 // Protection
 api_protect_course_script();
+$_course = api_get_course_info();
 
 if (!isset($_course)) {
     api_not_allowed(true);

diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php
@@ -2491,20 +2491,20 @@ public static function isBlockedByPrerequisite(
      * of its prerequisite is completed, considering the time availability and
      * the LP visibility.
      *
-     * @param int  $lp_id
-     * @param int  $student_id
-     * @param null $courseCode
-     * @param int  $sessionId
+     * @param int   $lp_id
+     * @param int   $student_id
+     * @param array $courseInfo
+     * @param int   $sessionId
      *
      * @return bool
      */
     public static function is_lp_visible_for_student(
         $lp_id,
         $student_id,
-        $courseCode = null,
+        $courseInfo = [],
         $sessionId = 0
     ) {
-        $courseInfo = api_get_course_info($courseCode);
+        $courseInfo = empty($courseInfo) ? api_get_course_info() : $courseInfo;
         $lp_id = (int) $lp_id;
         $sessionId = (int) $sessionId;
 
@@ -2516,8 +2516,10 @@ public static function is_lp_visible_for_student(
             $sessionId = api_get_session_id();
         }
 
+        $courseId = $courseInfo['real_id'];
+
         $itemInfo = api_get_item_property_info(
-            $courseInfo['real_id'],
+            $courseId,
             TOOL_LEARNPATH,
             $lp_id,
             $sessionId
@@ -2599,7 +2601,7 @@ public static function is_lp_visible_for_student(
                     if ($userVisibility == 1) {
                         $is_visible = true;
                     } else {
-                        $userGroups = GroupManager::getAllGroupPerUserSubscription($student_id);
+                        $userGroups = GroupManager::getAllGroupPerUserSubscription($student_id, $courseId);
                         if (!empty($userGroups)) {
                             foreach ($userGroups as $groupInfo) {
                                 $groupId = $groupInfo['iid'];

diff --git a/main/lp/learnpathList.class.php b/main/lp/learnpathList.class.php
@@ -152,7 +152,7 @@ public function __construct(
                     $lpVisibility = learnpath::is_lp_visible_for_student(
                         $row->getId(),
                         $user_id,
-                        $course_code
+                        $course_info
                     );
                     if ($lpVisibility === false) {
                         continue;

diff --git a/main/lp/lp_controller.php b/main/lp/lp_controller.php
@@ -895,7 +895,7 @@ function(reponse) {
 
         // Teachers can export to PDF
         if (!$is_allowed_to_edit) {
-            if (!learnpath::is_lp_visible_for_student($_SESSION['oLP']->lp_id, api_get_user_id())) {
+            if (!learnpath::is_lp_visible_for_student($_SESSION['oLP']->lp_id, api_get_user_id(), $_course)) {
                 api_not_allowed();
             }
         }

diff --git a/main/lp/lp_impress.php b/main/lp/lp_impress.php
@@ -19,7 +19,7 @@
 
 // Check if the learning path is visible for student - (LP requisites)
 if (!api_is_allowed_to_edit(null, true) &&
-    !learnpath::is_lp_visible_for_student($lp_id, api_get_user_id())
+    !learnpath::is_lp_visible_for_student($lp_id, api_get_user_id(), api_get_course_info())
 ) {
     api_not_allowed();
 }