working on "manage reviews"

controllers/multiuser.php

@@ -17,7 +17,8 @@ static function manage() {
 				"students_access" => sanitize_text_field($_POST['students_access']), 
 				"gradebook_access" => sanitize_text_field($_POST['gradebook_access']), 
 				"no_mycourses" => $no_mycourses, "mass_enroll_access" => sanitize_text_field($_POST['mass_enroll_access']),
-				"help_access" => sanitize_text_field($_POST['help_access']), "plugins_access" => sanitize_text_field($_POST['plugins_access']));
+				"help_access" => sanitize_text_field($_POST['help_access']), "plugins_access" => sanitize_text_field($_POST['plugins_access']),
+				'reviews_access' => sanitize_text_field($_POST['reviews_access']));
 
 			update_option('namaste_role_settings', serialize($role_settings));	
 			do_action('namaste-role-settings-saved', $_POST['role_key']);

controllers/reviews.php

@@ -1,6 +1,49 @@
 <?php
 // student reviews on courses
 class NamasteLMSReviews {
+	// admin management of reviews
+	public static function manage() {
+		global $wpdb;
+
+		// approve a review
+		if(!empty($_POST['approve']) and check_admin_referer('namaste_reviews')) {
+			if(class_exists('NamastePROReviews') and method_exists(['NamastePROReviews', 'has_access'])) NamastePROReviews :: has_access($_POST['id']);
+
+			$wpdb->query($wpdb->prepare("UPDATE ".NAMASTE_COURSE_REVIEWS." SET is_approved=1 WHERE id=%d", intval($_POST['id']) ));
+		}
+
+		// delete a review
+		if(!empty($_POST['del']) and check_admin_referer('namaste_reviews')) {
+			if(class_exists('NamastePROReviews') and method_exists(['NamastePROReviews', 'has_access'])) NamastePROReviews :: has_access($_POST['id']);
+
+			$wpdb->query($wpdb->prepare("DELETE FROM ".NAMASTE_COURSE_REVIEWS." WHERE id=%d", intval($_POST['id']) ));
+		}
+
+		// list reviews
+		$course_filter = $status_filter = '';
+
+		if(!empty($_GET['course_id'])) $course_filter = $wpdb->prepare(" AND course_id=%d ", intval($_GET['course_id']));
+		if(isset($_GET['status']) and $_GET['status'] !== '') $status_filter = $wpdb->prepare(" AND is_approved=%d ", intval($_GET['status']));	
+
+		$offset = empty($_GET['offset']) ? 0 : intval($_GET['offset']);
+		$limit = 20;
+
+		$reviews = $wpdb->get_results($wpdb->prepare("SELECT tR.*, tP.post_title as course_name, tU.display_name as user_name 
+			FROM ".NAMASTE_COURSE_REVIEWS." tR JOIN {$wpdb->posts} tP ON tP.ID = tR.course_id AND tP.post_type = 'namaste_course'
+			JOIN {$wpdb->users} tU ON tU.ID = tR.student_id
+			WHERE 1 $course_filter $status_filter ORDER BY tR.id DESC LIMIT %d, %d", $offset, $limit));	
+
+		// add filter to allow Pro to reduce by class
+		$reviews = apply_filters('namaste-filter-reviews', $reviews);	
+
+		// select courses for the drop-down
+		$_course = new NamasteLMSCourseModel();
+		$courses = $_course->select();
+
+		if(@file_exists(get_stylesheet_directory().'/namaste/reviews.html.php')) include get_stylesheet_directory().'/namaste/reviews.html.php';
+		else include(NAMASTE_PATH."/views/reviews.html.php");
+	} // end manage			
+
 	// submits a review 
 	// access for the student is checked before calling the function
 	public static function submit($vars) {

models/namaste-model.php

@@ -279,10 +279,11 @@ static function install($update = false) {
 
    // main menu
    static function menu() {   	  	
-
+   	global $wpdb;
+
 		$namaste_cap = current_user_can('namaste_manage') ? 'namaste_manage' : 'namaste';   	
 		$use_grading_system = get_option('namaste_use_grading_system');
-		$homework_menu = $students_menu = $certificates_menu = $gradebook_menu = $settings_menu = $massenroll_menu = $help_menu = $plugins_menu = true;
+		$homework_menu = $students_menu = $certificates_menu = $gradebook_menu = $settings_menu = $massenroll_menu = $help_menu = $plugins_menu = $reviews_menu = true;
 		if(!current_user_can('administrator') and current_user_can('namaste_manage')) {
 			// perform these checks only for managers that are not admins, otherwise it's pointless use of resourses
 			global $user_ID, $wp_roles;
@@ -305,6 +306,7 @@ static function menu() {
 			$settings_menu = NamasteLMSMultiUser :: item_access('settings_access', $role_settings, $user, $enabled_roles);			
 			$help_menu = NamasteLMSMultiUser :: item_access('help_access', $role_settings, $user, $enabled_roles);
 			$plugins_menu = NamasteLMSMultiUser :: item_access('plugins_access', $role_settings, $user, $enabled_roles);
+			$reviews_menu = NamasteLMSMultiUser :: item_access('reviews_access', $role_settings, $user, $enabled_roles);
 		}
 
 		// if a manager has no access to the settings page, let's turn the to-do into the main menu
@@ -323,9 +325,18 @@ static function menu() {
 			add_submenu_page('namaste_options', __("Certificates", 'namaste'), __("Certificates", 'namaste'), 'namaste_manage', 'namaste_certificates', array('NamasteLMSCertificatesController', "manage"));
 			add_submenu_page(NULL, __("Students Earned Certificate", 'namaste'), __("Students Earned Certificate", 'namaste'), 'namaste_manage', 'namaste_student_certificates', array('NamasteLMSCertificatesController', "student_certificates"));			
 		}
+
+		if($reviews_menu) {
+			// display only if there's at least one review in the system
+			$has_reviews = $wpdb->get_var("SELECT id FROM ".NAMASTE_COURSE_REVIEWS." WHERE id>0 LIMIT 1");
+			if($has_reviews) add_submenu_page('namaste_options', __("Student Reviews", 'namaste'), __("Student Reviews", 'namaste'), 'namaste_manage', 'namaste_reviews', ['NamasteLMSReviews', 'manage']);
+		}     
+
+
 		if($gradebook_menu and !empty($use_grading_system)) add_submenu_page('namaste_options', __("Gradebook", 'namaste'), __("Gradebook", 'namaste'), 'namaste_manage', 'namaste_gradebook', array('NamasteLMSGradebookController', "manage"));
-		if($settings_menu) add_submenu_page('namaste_options', __("Namaste! Settings", 'namaste'), __("Settings", 'namaste'), 'namaste_manage', 'namaste_options', array(__CLASS__, "options"));     
-
+		if($settings_menu) add_submenu_page('namaste_options', __("Namaste! Settings", 'namaste'), __("Settings", 'namaste'), 'namaste_manage', 'namaste_options', array(__CLASS__, "options"));
+
+
 		if(class_exists('WP_Experience_API')) {
 			add_submenu_page('namaste_options', __("xAPI / Tin Can", 'namaste'), __("xAPI / Tin Can", 'namaste'), 'manage_options', 'namaste_xapi', array('NamasteXAPI', "options"));        
 		}		

views/multiuser.html.php

@@ -48,6 +48,11 @@
 				<option value="no" <?php if(!empty($settings['gradebook_access']) and $settings['gradebook_access'] == 'no') echo "selected"?>><?php _e('No access to gradebook','namaste')?></option>
 			</select></p>
 
+			<p><label><?php _e('Reviews access:', 'namaste')?></label> <select name="reviews_access">
+				<option value="all" <?php if(!empty($settings['reviews_access']) and $settings['reviews_access'] == 'all') echo "selected"?>><?php _e('Access reviews','namaste')?></option>				
+				<option value="no" <?php if(!empty($settings['reviews_access']) and $settings['reviews_access'] == 'no') echo "selected"?>><?php _e('No access to reviews','namaste')?></option>
+			</select></p>
+
 			<p><label><?php _e('Settings page access:', 'namaste')?></label> <select name="settings_access">
 				<option value="all" <?php if(!empty($settings['settings_access']) and $settings['settings_access'] == 'all') echo "selected"?>><?php _e('Manage settings','namaste')?></option>
 				<option value="no" <?php if(!empty($settings['settings_access']) and $settings['settings_access'] == 'no') echo "selected"?>><?php _e('No access to manage settings','namaste')?></option>				
@@ -69,7 +74,7 @@
 
 			<p><?php printf(__('If you have <a href="%s" target="_blank">Namaste! PRO</a> all the above settings will also comply with any class (user group) limitations.', 'namaste'), 'http://namaste-lms.org/pro.php')?></p>
 
-			<p><input type="submit" value="<?php _e('Save configuration for this role','namaste')?>" name="config_role"></p>
+			<p><input type="submit" value="<?php _e('Save configuration for this role','namaste')?>" name="config_role" class="button button-primary"></p>
 		<?php endif;?>
 		</div>
 		<?php wp_nonce_field('namaste_role_settings');?>

views/reviews.html.php

@@ -0,0 +1,44 @@
+<h1><?php _e('Student Reviews on Courses', 'namaste');?></h1>
+
+<div class="wrap">
+	<form method="get"  action="admin.php">
+		<div class="postbox namaste-form namaste-box">
+			<p><label><?php _e('Filter by course', 'namaste');?></label> <select name="course_id">
+				<option value=""><?php _e('All courses', 'namaste');?></option>
+				<?php foreach($courses as $course):?>
+					<option value="<?php echo $course->ID?>" <?php if(!empty($_GET['course_id']) and $_GET['course_id'] == $course->ID) echo 'selected';?>><?php echo stripslashes($course->post_title);?></option>
+				<?php endforeach;?>
+			</select></p>
+
+			<p><label><?php _e('Filter by status', 'namaste');?></label> <select name="status">
+				<option value=""><?php _e("Any status", 'namaste');?></option>
+				<option value="1" <?php if(!empty($_GET['status']) and $_GET['status'] == 1) echo 'selected';?>><?php _e('Approved', 'namaste');?></option>
+				<option value="0" <?php if(isset($_GET['status']) and $_GET['status'] === "0") echo 'selected';?>><?php _e('Pending approval', 'namaste');?></option>
+			</select></p>
+
+			<p><input type="submit" value="<?php _e('Filter courses', 'namaste');?>" class="button button-primary"></p>
+		</div>
+
+		<input type="hidden" name="page" value="namaste_reviews">
+	</form>
+
+	<?php if(count($reviews)):?>
+		<table class="widefat">
+			<thead>
+				<tr>
+					<th><?php _e('Course', 'namaste');?></th>
+					<th><?php _e('Student', 'namaste');?></th>
+					<th><?php _e('Rating and Review', 'namaste');?></th>
+					<th><?php _e('Action', 'namaste');?></th>
+				</tr>			
+			</thead>
+
+			<tbody>
+					NYI			
+			</tbody>
+		</table>	
+
+	<?php else:?>
+		<p><?php _e('No reviews found.', 'namaste');?></p>
+	<?php endif;?>
+</div>