Version 16.126.4

swad_ID.c

@@ -414,17 +414,24 @@ bool ID_ICanSeeOtherUsrIDs (const struct UsrData *UsrDat)
    switch (Gbl.Usrs.Me.LoggedRole)
      {
       case Rol_TEACHER:
-	 /* If I am a teacher of current course,
+	 /* Check 1: I can see the IDs of users who do not exist in database */
-	    I only can see the user's IDs of students from current course */
+         if (UsrDat->UsrCod <= 0)	// User does not exist (when creating a new user)
-	 return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT &&	// A student
+            return true;
-	         UsrDat->Accepted) ||	// who has accepted inscription in course
+
-	        (
+	 /* Check 2: I can see the IDs of confirmed students */
-	        (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||	// A student
+         if (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT &&	// A student
-	         UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) &&	// or a teacher
+	     UsrDat->Accepted)					// who accepted registration
-	        !UsrDat->Password[0] &&	// who has no password (never logged)
+            return true;
-	        !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
+
-	        !UsrDat->FirstName[0]	// and who has no first name (nobody filled user's first name)
+         /* Check 3: I can see the IDs of users with user's data empty */
-                );
+         if (!UsrDat->Password[0] &&	// User has no password (never logged)
+	     !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
+	     !UsrDat->Surname2[0] &&	// and who has no surname 2 (nobody filled user's surname 2)
+	     !UsrDat->FirstName[0])	// and who has no first name (nobody filled user's first name)
+            // Warning: I could view simultaneously ID and email (if filled)
+            return true;
+
+         return false;
       case Rol_DEG_ADM:
       case Rol_CTR_ADM:
       case Rol_INS_ADM:

swad_action.c

@@ -2470,13 +2470,13 @@ struct Act_Actions Act_Actions[Act_NUM_ACTIONS] =
    /* ActCnfID_Std	*/{1569,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ConfirmOtherUsrID		,NULL},
    /* ActCnfID_Tch	*/{1570,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ConfirmOtherUsrID		,NULL},
 
-   /* ActFrmIDsOth	*/{1447,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ShowFormOthIDs		,NULL},
+   /* ActFrmIDsOth	*/{1447,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ShowFormOthIDs		,NULL},
    /* ActFrmIDsStd	*/{1448,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ShowFormOthIDs		,NULL},
    /* ActFrmIDsTch	*/{1449,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_ShowFormOthIDs		,NULL},
-   /* ActRemID_Oth	*/{1450,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_RemoveOtherUsrID		,NULL},
+   /* ActRemID_Oth	*/{1450,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_RemoveOtherUsrID		,NULL},
    /* ActRemID_Std	*/{1451,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_RemoveOtherUsrID		,NULL},
    /* ActRemID_Tch	*/{1452,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_RemoveOtherUsrID		,NULL},
-   /* ActNewID_Oth	*/{1453,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_NewOtherUsrID		,NULL},
+   /* ActNewID_Oth	*/{1453,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_NewOtherUsrID		,NULL},
    /* ActNewID_Std	*/{1454,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_NewOtherUsrID		,NULL},
    /* ActNewID_Tch	*/{1455,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,ID_NewOtherUsrID		,NULL},
 
@@ -2487,13 +2487,13 @@ struct Act_Actions Act_Actions[Act_NUM_ACTIONS] =
    /* ActChgPwdStd	*/{1468,-1,TabUnk,ActLstStd		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,Pwd_UpdateOtherPwd1		,Pwd_UpdateOtherPwd2		,NULL},
    /* ActChgPwdTch	*/{1469,-1,TabUnk,ActLstTch		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,Pwd_UpdateOtherPwd1		,Pwd_UpdateOtherPwd2		,NULL},
 
-   /* ActFrmMaiOth	*/{1475,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_ShowFormOthEmail		,NULL},
+   /* ActFrmMaiOth	*/{1475,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_ShowFormOthEmail		,NULL},
    /* ActFrmMaiStd	*/{1476,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_ShowFormOthEmail		,NULL},
    /* ActFrmMaiTch	*/{1477,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_ShowFormOthEmail		,NULL},
-   /* ActRemMaiOth	*/{1478,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_RemoveOtherUsrEmail	,NULL},
+   /* ActRemMaiOth	*/{1478,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_RemoveOtherUsrEmail	,NULL},
    /* ActRemMaiStd	*/{1479,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_RemoveOtherUsrEmail	,NULL},
    /* ActRemMaiTch	*/{1480,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_RemoveOtherUsrEmail	,NULL},
-   /* ActNewMaiOth	*/{1481,-1,TabUnk,ActLstOth		,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_NewOtherUsrEmail		,NULL},
+   /* ActNewMaiOth	*/{1481,-1,TabUnk,ActLstOth		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_NewOtherUsrEmail		,NULL},
    /* ActNewMaiStd	*/{1482,-1,TabUnk,ActLstStd		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_NewOtherUsrEmail		,NULL},
    /* ActNewMaiTch	*/{1483,-1,TabUnk,ActLstTch		,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL				,Mai_NewOtherUsrEmail		,NULL},
 

swad_changelog.h

@@ -187,19 +187,21 @@
 // TODO: Fix bug when creating a new attendance event: if title is repeated, form is cleared
 // TODO: Fix bug: When registering an administrator, the user's name changes are ignored
 
-// TODO: When creating a new user, the ID should be visible
+// TODO: Warning: now a teacher can view ID and email of empty users (uswers without password and name). How to avoid this while allowing teacher editing empty users?
 
 /*****************************************************************************/
 /****************************** Public constants *****************************/
 /*****************************************************************************/
 
-#define Log_PLATFORM_VERSION	"SWAD 16.126.2 (2017-01-27)"
+#define Log_PLATFORM_VERSION	"SWAD 16.126.4 (2017-01-27)"
 #define CSS_FILE		"swad16.123.css"
 #define JS_FILE			"swad16.123.js"
 
 // Number of lines (includes comments but not blank lines) has been got with the following command:
 // nl swad*.c swad*.h css/swad*.css py/swad*.py js/swad*.js soap/swad*?.h sql/swad*.sql | tail -1
 /*
+        Version 16.126.4: Jan 27, 2017	Code refactoring related to permissions to view/change another user's data. (212105 lines)
+        Version 16.126.3: Jan 27, 2017	Fixed bug in search of user, reported by Javier Fernández Baldomero. (212086 lines)
         Version 16.126.2: Jan 27, 2017	When creating a new user, the record card don't have contextual icons. (212083 lines)
         Version 16.126.1: Jan 27, 2017	A teacher can create and register a new teacher directly in a course. (212080 lines)
         Version 16.126:   Jan 27, 2017	Code refactoring related to permissions to view/change another user's data. (212086 lines)

swad_mail.c

@@ -1807,11 +1807,9 @@ void Mai_WriteFootNoteEMail (Txt_Language_t Language)
 /**************** Check if I can see another user's email ********************/
 /*****************************************************************************/
 
-bool Mai_ICanSeeEmail (const struct UsrData *UsrDat)
+bool Mai_ICanSeeOtherUsrEmail (const struct UsrData *UsrDat)
   {
-   bool ItsMe = (UsrDat->UsrCod == Gbl.Usrs.Me.UsrDat.UsrCod);
+   if (UsrDat->UsrCod == Gbl.Usrs.Me.UsrDat.UsrCod)	// It's me
-
-   if (ItsMe)
       return true;
 
    /* Check if I have permission to see another user's email */
@@ -1820,17 +1818,28 @@ bool Mai_ICanSeeEmail (const struct UsrData *UsrDat)
       case Rol_STUDENT:
 	 /* If I am a student of current course,
 	    I only can see the user's email of teachers from current course */
-	 return (UsrDat->Accepted &&
+	 return (UsrDat->RoleInCurrentCrsDB == Rol_TEACHER &&
-	         UsrDat->RoleInCurrentCrsDB == Rol_TEACHER);
+	         UsrDat->Accepted);
       case Rol_TEACHER:
-	 /* If I am a teacher of current course,
+	 /* Check 1: I can see the email of users who do not exist in database */
-	    I only can see the user's email of students or teachers from current course */
+         if (UsrDat->UsrCod <= 0)	// User does not exist (if in the future email is used to create a new user)
-	 return ((UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||
+            return true;
-	          UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) &&	// A student or a teacher
+
-	         (UsrDat->Accepted ||				// who has accepted inscription in course
+	 /* Check 2: I can see the email of confirmed students and teachers */
-	          !UsrDat->Email[0] ||				// or whose email is empty
+         if ((UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||	// A student
-	          !UsrDat->Surname1[0] ||			// or whose surname 1 is empty
+              UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) &&	// or a teacher
-	          !UsrDat->FirstName[0]));			// or whose first name is empty
+	     UsrDat->Accepted)					// who accepted registration
+            return true;
+
+         /* Check 3: I can see the IDs of users with user's data empty */
+         if (!UsrDat->Password[0] &&	// User has no password (never logged)
+	     !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
+	     !UsrDat->Surname2[0] &&	// and who has no surname 2 (nobody filled user's surname 2)
+	     !UsrDat->FirstName[0])	// and who has no first name (nobody filled user's first name)
+            // Warning: I could view simultaneously ID and email (if filled)
+            return true;
+
+         return false;
       case Rol_DEG_ADM:
 	 /* If I am an administrator of current degree,
 	    I only can see the user's email of users from current degree */

swad_mail.h

@@ -95,6 +95,6 @@ void Mai_CreateFileNameMail (void);
 void Mai_WriteWelcomeNoteEMail (struct UsrData *UsrDat);
 void Mai_WriteFootNoteEMail (Txt_Language_t Language);
 
-bool Mai_ICanSeeEmail (const struct UsrData *UsrDat);
+bool Mai_ICanSeeOtherUsrEmail (const struct UsrData *UsrDat);
 
 #endif

swad_photo.c

@@ -140,17 +140,12 @@ bool Pho_ICanChangeOtherUsrPhoto (const struct UsrData *UsrDat)
    switch (Gbl.Usrs.Me.LoggedRole)
      {
       case Rol_TEACHER:
-	 /* If I am a teacher in current course,
+	 /* Check 1: I can change the photo of confirmed students */
-	    I only can change the photo of students from current course */
+         if (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT &&	// A student
-	 return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT &&	// A student
+	     UsrDat->Accepted)					// who accepted registration
-	         UsrDat->Accepted) ||	// who has accepted inscription in course
+            return true;
-	        (
+
-	        (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||	// A student
+         return false;
-	         UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) &&	// or a teacher
-	        !UsrDat->Password[0] &&	// who has no password (never logged)
-	        !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
-	        !UsrDat->FirstName[0]	// and who has no first name (nobody filled user's first name)
-                );
       case Rol_DEG_ADM:
       case Rol_CTR_ADM:
       case Rol_INS_ADM:

swad_record.c

@@ -2701,7 +2701,7 @@ static void Rec_ShowEmail (struct UsrData *UsrDat,const char *ClassForm)
 	    ClassForm,Txt_Email);
    if (UsrDat->Email[0])
      {
-      if (Mai_ICanSeeEmail (UsrDat))
+      if (Mai_ICanSeeOtherUsrEmail (UsrDat))
 	{
 	 fprintf (Gbl.F.Out,"<a href=\"mailto:%s\"",
 		  UsrDat->Email);
@@ -2961,13 +2961,17 @@ static void Rec_ShowSurname1 (struct UsrData *UsrDat,
 	              "</td>"
 		      "<td class=\"REC_C2_BOT REC_DAT_BOLD LEFT_MIDDLE\">");
    if (ICanEdit)
+     {
       fprintf (Gbl.F.Out,"<input type=\"text\""
 	                 " id=\"Surname1\" name=\"Surname1\""
 			 " maxlength=\"%u\" value=\"%s\""
-			 " class=\"REC_C2_BOT_INPUT\""
+			 " class=\"REC_C2_BOT_INPUT\"",
-                         " required=\"required\" />",
 	       Usr_MAX_LENGTH_USR_NAME_OR_SURNAME,
 	       UsrDat->Surname1);
+      if (TypeOfView == Rec_SHA_MY_RECORD_FORM)
+         fprintf (Gbl.F.Out," required=\"required\"");
+      fprintf (Gbl.F.Out," />");
+     }
    else if (UsrDat->Surname1[0])
       fprintf (Gbl.F.Out,"<strong>%s</strong>",UsrDat->Surname1);
    fprintf (Gbl.F.Out,"</td>"
@@ -3030,13 +3034,17 @@ static void Rec_ShowFirstName (struct UsrData *UsrDat,
 		      "<td colspan=\"2\""
 		      " class=\"REC_C2_BOT REC_DAT_BOLD LEFT_MIDDLE\">");
    if (ICanEdit)
+     {
       fprintf (Gbl.F.Out,"<input type=\"text\""
 	                 " id=\"FirstName\" name=\"FirstName\""
                          " maxlength=\"%u\" value=\"%s\""
-			 " class=\"REC_C2_BOT_INPUT\""
+			 " class=\"REC_C2_BOT_INPUT\"",
-                         " required=\"required\" />",
 	       Usr_MAX_LENGTH_USR_NAME_OR_SURNAME,
 	       UsrDat->FirstName);
+      if (TypeOfView == Rec_SHA_MY_RECORD_FORM)
+         fprintf (Gbl.F.Out," required=\"required\"");
+      fprintf (Gbl.F.Out," />");
+     }
    else if (UsrDat->FirstName[0])
       fprintf (Gbl.F.Out,"<strong>%s</strong>",UsrDat->FirstName);
    fprintf (Gbl.F.Out,"</td>"

swad_user.c

@@ -834,13 +834,19 @@ bool Usr_ICanChangeOtherUsrData (const struct UsrData *UsrDat)
    switch (Gbl.Usrs.Me.LoggedRole)
      {
       case Rol_TEACHER:
-	 /* If I am a teacher of current course,
+	 /* Check 1: I can change data of users who do not exist in database */
-	    I only can change the user's data of empty users from current course */
+         if (UsrDat->UsrCod <= 0)	// User does not exist (when creating a new user)
-	 return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||	// A student
+            return true;
-	         UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) &&	// or a teacher
+
-	         !UsrDat->Password[0] &&	// who has no password (never logged)
+         /* Check 2: I change data of users with user's data empty */
-	         !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
+         if (!UsrDat->Password[0] &&	// User has no password (never logged)
-	         !UsrDat->FirstName[0];		// and who has no first name (nobody filled user's first name)
+	     !UsrDat->Surname1[0] &&	// and who has no surname 1 (nobody filled user's surname 1)
+	     !UsrDat->Surname2[0] &&	// and who has no surname 2 (nobody filled user's surname 2)
+	     !UsrDat->FirstName[0])	// and who has no first name (nobody filled user's first name)
+            // Warning: I could view simultaneously ID and email (if filled)
+            return true;
+
+         return false;
       case Rol_DEG_ADM:
       case Rol_CTR_ADM:
       case Rol_INS_ADM:
@@ -3609,8 +3615,9 @@ static void Usr_WriteEmail (struct UsrData *UsrDat,const char *BgColor)
 
    if (UsrDat->Email[0])
      {
-      ShowEmail = Mai_ICanSeeEmail (UsrDat);
+      ShowEmail = Mai_ICanSeeOtherUsrEmail (UsrDat);
-      sprintf (MailLink,"mailto:%s",UsrDat->Email);
+      if (ShowEmail)
+         sprintf (MailLink,"mailto:%s",UsrDat->Email);
      }
    else
       ShowEmail = false;
@@ -4254,6 +4261,7 @@ void Usr_SearchListUsrs (Rol_Role_t Role)
    const char *QueryFields =
       "DISTINCT usr_data.UsrCod,"
       "usr_data.EncryptedUsrCod,"
+      "usr_data.Password,"
       "usr_data.Surname1,"
       "usr_data.Surname2,"
       "usr_data.FirstName,"
@@ -4264,15 +4272,16 @@ void Usr_SearchListUsrs (Rol_Role_t Role)
    /*
    row[ 0]: usr_data.UsrCod
    row[ 1]: usr_data.EncryptedUsrCod
-   row[ 2]: usr_data.Surname1
+   row[ 2]: usr_data.Password (used to check if a teacher can edit user's data)
-   row[ 3]: usr_data.Surname2
+   row[ 3]: usr_data.Surname1
-   row[ 4]: usr_data.FirstName
+   row[ 4]: usr_data.Surname2
-   row[ 5]: usr_data.Sex
+   row[ 5]: usr_data.FirstName
-   row[ 6]: usr_data.Photo
+   row[ 6]: usr_data.Sex
-   row[ 7]: usr_data.PhotoVisibility
+   row[ 7]: usr_data.Photo
-   row[ 8]: usr_data.InsCod
+   row[ 8]: usr_data.PhotoVisibility
-   row[ 9]: crs_usr.Role	(only if Scope == Sco_SCOPE_CRS)
+   row[ 9]: usr_data.InsCod
-   row[10]: crs_usr.Accepted	(only if Scope == Sco_SCOPE_CRS)
+   row[10]: crs_usr.Role	(only if Scope == Sco_SCOPE_CRS)
+   row[11]: crs_usr.Accepted	(only if Scope == Sco_SCOPE_CRS)
    */
    const char *OrderQuery = "candidate_users.UsrCod=usr_data.UsrCod"
 			    " ORDER BY "