mirror of https://github.com/acanas/swad-core.git
Version 16.126.4
This commit is contained in:
parent
0652a91ed6
commit
1770339e5c
27
swad_ID.c
27
swad_ID.c
|
@ -414,17 +414,24 @@ bool ID_ICanSeeOtherUsrIDs (const struct UsrData *UsrDat)
|
|||
switch (Gbl.Usrs.Me.LoggedRole)
|
||||
{
|
||||
case Rol_TEACHER:
|
||||
/* If I am a teacher of current course,
|
||||
I only can see the user's IDs of students from current course */
|
||||
return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT && // A student
|
||||
UsrDat->Accepted) || // who has accepted inscription in course
|
||||
(
|
||||
(UsrDat->RoleInCurrentCrsDB == Rol_STUDENT || // A student
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) && // or a teacher
|
||||
!UsrDat->Password[0] && // who has no password (never logged)
|
||||
/* Check 1: I can see the IDs of users who do not exist in database */
|
||||
if (UsrDat->UsrCod <= 0) // User does not exist (when creating a new user)
|
||||
return true;
|
||||
|
||||
/* Check 2: I can see the IDs of confirmed students */
|
||||
if (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT && // A student
|
||||
UsrDat->Accepted) // who accepted registration
|
||||
return true;
|
||||
|
||||
/* Check 3: I can see the IDs of users with user's data empty */
|
||||
if (!UsrDat->Password[0] && // User has no password (never logged)
|
||||
!UsrDat->Surname1[0] && // and who has no surname 1 (nobody filled user's surname 1)
|
||||
!UsrDat->FirstName[0] // and who has no first name (nobody filled user's first name)
|
||||
);
|
||||
!UsrDat->Surname2[0] && // and who has no surname 2 (nobody filled user's surname 2)
|
||||
!UsrDat->FirstName[0]) // and who has no first name (nobody filled user's first name)
|
||||
// Warning: I could view simultaneously ID and email (if filled)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
case Rol_DEG_ADM:
|
||||
case Rol_CTR_ADM:
|
||||
case Rol_INS_ADM:
|
||||
|
|
|
@ -2470,13 +2470,13 @@ struct Act_Actions Act_Actions[Act_NUM_ACTIONS] =
|
|||
/* ActCnfID_Std */{1569,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ConfirmOtherUsrID ,NULL},
|
||||
/* ActCnfID_Tch */{1570,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ConfirmOtherUsrID ,NULL},
|
||||
|
||||
/* ActFrmIDsOth */{1447,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ShowFormOthIDs ,NULL},
|
||||
/* ActFrmIDsOth */{1447,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ShowFormOthIDs ,NULL},
|
||||
/* ActFrmIDsStd */{1448,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ShowFormOthIDs ,NULL},
|
||||
/* ActFrmIDsTch */{1449,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_ShowFormOthIDs ,NULL},
|
||||
/* ActRemID_Oth */{1450,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_RemoveOtherUsrID ,NULL},
|
||||
/* ActRemID_Oth */{1450,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_RemoveOtherUsrID ,NULL},
|
||||
/* ActRemID_Std */{1451,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_RemoveOtherUsrID ,NULL},
|
||||
/* ActRemID_Tch */{1452,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_RemoveOtherUsrID ,NULL},
|
||||
/* ActNewID_Oth */{1453,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_NewOtherUsrID ,NULL},
|
||||
/* ActNewID_Oth */{1453,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_NewOtherUsrID ,NULL},
|
||||
/* ActNewID_Std */{1454,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_NewOtherUsrID ,NULL},
|
||||
/* ActNewID_Tch */{1455,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,ID_NewOtherUsrID ,NULL},
|
||||
|
||||
|
@ -2487,13 +2487,13 @@ struct Act_Actions Act_Actions[Act_NUM_ACTIONS] =
|
|||
/* ActChgPwdStd */{1468,-1,TabUnk,ActLstStd ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,Pwd_UpdateOtherPwd1 ,Pwd_UpdateOtherPwd2 ,NULL},
|
||||
/* ActChgPwdTch */{1469,-1,TabUnk,ActLstTch ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,Pwd_UpdateOtherPwd1 ,Pwd_UpdateOtherPwd2 ,NULL},
|
||||
|
||||
/* ActFrmMaiOth */{1475,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_ShowFormOthEmail ,NULL},
|
||||
/* ActFrmMaiOth */{1475,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_ShowFormOthEmail ,NULL},
|
||||
/* ActFrmMaiStd */{1476,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_ShowFormOthEmail ,NULL},
|
||||
/* ActFrmMaiTch */{1477,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_ShowFormOthEmail ,NULL},
|
||||
/* ActRemMaiOth */{1478,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_RemoveOtherUsrEmail ,NULL},
|
||||
/* ActRemMaiOth */{1478,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_RemoveOtherUsrEmail ,NULL},
|
||||
/* ActRemMaiStd */{1479,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_RemoveOtherUsrEmail ,NULL},
|
||||
/* ActRemMaiTch */{1480,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_RemoveOtherUsrEmail ,NULL},
|
||||
/* ActNewMaiOth */{1481,-1,TabUnk,ActLstOth ,0x1E0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_NewOtherUsrEmail ,NULL},
|
||||
/* ActNewMaiOth */{1481,-1,TabUnk,ActLstOth ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_NewOtherUsrEmail ,NULL},
|
||||
/* ActNewMaiStd */{1482,-1,TabUnk,ActLstStd ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_NewOtherUsrEmail ,NULL},
|
||||
/* ActNewMaiTch */{1483,-1,TabUnk,ActLstTch ,0x1F0,0x1E0,0x1E0,Act_CONT_NORM,Act_THIS_WINDOW,NULL ,Mai_NewOtherUsrEmail ,NULL},
|
||||
|
||||
|
|
|
@ -187,19 +187,21 @@
|
|||
// TODO: Fix bug when creating a new attendance event: if title is repeated, form is cleared
|
||||
// TODO: Fix bug: When registering an administrator, the user's name changes are ignored
|
||||
|
||||
// TODO: When creating a new user, the ID should be visible
|
||||
// TODO: Warning: now a teacher can view ID and email of empty users (uswers without password and name). How to avoid this while allowing teacher editing empty users?
|
||||
|
||||
/*****************************************************************************/
|
||||
/****************************** Public constants *****************************/
|
||||
/*****************************************************************************/
|
||||
|
||||
#define Log_PLATFORM_VERSION "SWAD 16.126.2 (2017-01-27)"
|
||||
#define Log_PLATFORM_VERSION "SWAD 16.126.4 (2017-01-27)"
|
||||
#define CSS_FILE "swad16.123.css"
|
||||
#define JS_FILE "swad16.123.js"
|
||||
|
||||
// Number of lines (includes comments but not blank lines) has been got with the following command:
|
||||
// nl swad*.c swad*.h css/swad*.css py/swad*.py js/swad*.js soap/swad*?.h sql/swad*.sql | tail -1
|
||||
/*
|
||||
Version 16.126.4: Jan 27, 2017 Code refactoring related to permissions to view/change another user's data. (212105 lines)
|
||||
Version 16.126.3: Jan 27, 2017 Fixed bug in search of user, reported by Javier Fernández Baldomero. (212086 lines)
|
||||
Version 16.126.2: Jan 27, 2017 When creating a new user, the record card don't have contextual icons. (212083 lines)
|
||||
Version 16.126.1: Jan 27, 2017 A teacher can create and register a new teacher directly in a course. (212080 lines)
|
||||
Version 16.126: Jan 27, 2017 Code refactoring related to permissions to view/change another user's data. (212086 lines)
|
||||
|
|
37
swad_mail.c
37
swad_mail.c
|
@ -1807,11 +1807,9 @@ void Mai_WriteFootNoteEMail (Txt_Language_t Language)
|
|||
/**************** Check if I can see another user's email ********************/
|
||||
/*****************************************************************************/
|
||||
|
||||
bool Mai_ICanSeeEmail (const struct UsrData *UsrDat)
|
||||
bool Mai_ICanSeeOtherUsrEmail (const struct UsrData *UsrDat)
|
||||
{
|
||||
bool ItsMe = (UsrDat->UsrCod == Gbl.Usrs.Me.UsrDat.UsrCod);
|
||||
|
||||
if (ItsMe)
|
||||
if (UsrDat->UsrCod == Gbl.Usrs.Me.UsrDat.UsrCod) // It's me
|
||||
return true;
|
||||
|
||||
/* Check if I have permission to see another user's email */
|
||||
|
@ -1820,17 +1818,28 @@ bool Mai_ICanSeeEmail (const struct UsrData *UsrDat)
|
|||
case Rol_STUDENT:
|
||||
/* If I am a student of current course,
|
||||
I only can see the user's email of teachers from current course */
|
||||
return (UsrDat->Accepted &&
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER);
|
||||
return (UsrDat->RoleInCurrentCrsDB == Rol_TEACHER &&
|
||||
UsrDat->Accepted);
|
||||
case Rol_TEACHER:
|
||||
/* If I am a teacher of current course,
|
||||
I only can see the user's email of students or teachers from current course */
|
||||
return ((UsrDat->RoleInCurrentCrsDB == Rol_STUDENT ||
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) && // A student or a teacher
|
||||
(UsrDat->Accepted || // who has accepted inscription in course
|
||||
!UsrDat->Email[0] || // or whose email is empty
|
||||
!UsrDat->Surname1[0] || // or whose surname 1 is empty
|
||||
!UsrDat->FirstName[0])); // or whose first name is empty
|
||||
/* Check 1: I can see the email of users who do not exist in database */
|
||||
if (UsrDat->UsrCod <= 0) // User does not exist (if in the future email is used to create a new user)
|
||||
return true;
|
||||
|
||||
/* Check 2: I can see the email of confirmed students and teachers */
|
||||
if ((UsrDat->RoleInCurrentCrsDB == Rol_STUDENT || // A student
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) && // or a teacher
|
||||
UsrDat->Accepted) // who accepted registration
|
||||
return true;
|
||||
|
||||
/* Check 3: I can see the IDs of users with user's data empty */
|
||||
if (!UsrDat->Password[0] && // User has no password (never logged)
|
||||
!UsrDat->Surname1[0] && // and who has no surname 1 (nobody filled user's surname 1)
|
||||
!UsrDat->Surname2[0] && // and who has no surname 2 (nobody filled user's surname 2)
|
||||
!UsrDat->FirstName[0]) // and who has no first name (nobody filled user's first name)
|
||||
// Warning: I could view simultaneously ID and email (if filled)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
case Rol_DEG_ADM:
|
||||
/* If I am an administrator of current degree,
|
||||
I only can see the user's email of users from current degree */
|
||||
|
|
|
@ -95,6 +95,6 @@ void Mai_CreateFileNameMail (void);
|
|||
void Mai_WriteWelcomeNoteEMail (struct UsrData *UsrDat);
|
||||
void Mai_WriteFootNoteEMail (Txt_Language_t Language);
|
||||
|
||||
bool Mai_ICanSeeEmail (const struct UsrData *UsrDat);
|
||||
bool Mai_ICanSeeOtherUsrEmail (const struct UsrData *UsrDat);
|
||||
|
||||
#endif
|
||||
|
|
17
swad_photo.c
17
swad_photo.c
|
@ -140,17 +140,12 @@ bool Pho_ICanChangeOtherUsrPhoto (const struct UsrData *UsrDat)
|
|||
switch (Gbl.Usrs.Me.LoggedRole)
|
||||
{
|
||||
case Rol_TEACHER:
|
||||
/* If I am a teacher in current course,
|
||||
I only can change the photo of students from current course */
|
||||
return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT && // A student
|
||||
UsrDat->Accepted) || // who has accepted inscription in course
|
||||
(
|
||||
(UsrDat->RoleInCurrentCrsDB == Rol_STUDENT || // A student
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) && // or a teacher
|
||||
!UsrDat->Password[0] && // who has no password (never logged)
|
||||
!UsrDat->Surname1[0] && // and who has no surname 1 (nobody filled user's surname 1)
|
||||
!UsrDat->FirstName[0] // and who has no first name (nobody filled user's first name)
|
||||
);
|
||||
/* Check 1: I can change the photo of confirmed students */
|
||||
if (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT && // A student
|
||||
UsrDat->Accepted) // who accepted registration
|
||||
return true;
|
||||
|
||||
return false;
|
||||
case Rol_DEG_ADM:
|
||||
case Rol_CTR_ADM:
|
||||
case Rol_INS_ADM:
|
||||
|
|
|
@ -2701,7 +2701,7 @@ static void Rec_ShowEmail (struct UsrData *UsrDat,const char *ClassForm)
|
|||
ClassForm,Txt_Email);
|
||||
if (UsrDat->Email[0])
|
||||
{
|
||||
if (Mai_ICanSeeEmail (UsrDat))
|
||||
if (Mai_ICanSeeOtherUsrEmail (UsrDat))
|
||||
{
|
||||
fprintf (Gbl.F.Out,"<a href=\"mailto:%s\"",
|
||||
UsrDat->Email);
|
||||
|
@ -2961,13 +2961,17 @@ static void Rec_ShowSurname1 (struct UsrData *UsrDat,
|
|||
"</td>"
|
||||
"<td class=\"REC_C2_BOT REC_DAT_BOLD LEFT_MIDDLE\">");
|
||||
if (ICanEdit)
|
||||
{
|
||||
fprintf (Gbl.F.Out,"<input type=\"text\""
|
||||
" id=\"Surname1\" name=\"Surname1\""
|
||||
" maxlength=\"%u\" value=\"%s\""
|
||||
" class=\"REC_C2_BOT_INPUT\""
|
||||
" required=\"required\" />",
|
||||
" class=\"REC_C2_BOT_INPUT\"",
|
||||
Usr_MAX_LENGTH_USR_NAME_OR_SURNAME,
|
||||
UsrDat->Surname1);
|
||||
if (TypeOfView == Rec_SHA_MY_RECORD_FORM)
|
||||
fprintf (Gbl.F.Out," required=\"required\"");
|
||||
fprintf (Gbl.F.Out," />");
|
||||
}
|
||||
else if (UsrDat->Surname1[0])
|
||||
fprintf (Gbl.F.Out,"<strong>%s</strong>",UsrDat->Surname1);
|
||||
fprintf (Gbl.F.Out,"</td>"
|
||||
|
@ -3030,13 +3034,17 @@ static void Rec_ShowFirstName (struct UsrData *UsrDat,
|
|||
"<td colspan=\"2\""
|
||||
" class=\"REC_C2_BOT REC_DAT_BOLD LEFT_MIDDLE\">");
|
||||
if (ICanEdit)
|
||||
{
|
||||
fprintf (Gbl.F.Out,"<input type=\"text\""
|
||||
" id=\"FirstName\" name=\"FirstName\""
|
||||
" maxlength=\"%u\" value=\"%s\""
|
||||
" class=\"REC_C2_BOT_INPUT\""
|
||||
" required=\"required\" />",
|
||||
" class=\"REC_C2_BOT_INPUT\"",
|
||||
Usr_MAX_LENGTH_USR_NAME_OR_SURNAME,
|
||||
UsrDat->FirstName);
|
||||
if (TypeOfView == Rec_SHA_MY_RECORD_FORM)
|
||||
fprintf (Gbl.F.Out," required=\"required\"");
|
||||
fprintf (Gbl.F.Out," />");
|
||||
}
|
||||
else if (UsrDat->FirstName[0])
|
||||
fprintf (Gbl.F.Out,"<strong>%s</strong>",UsrDat->FirstName);
|
||||
fprintf (Gbl.F.Out,"</td>"
|
||||
|
|
41
swad_user.c
41
swad_user.c
|
@ -834,13 +834,19 @@ bool Usr_ICanChangeOtherUsrData (const struct UsrData *UsrDat)
|
|||
switch (Gbl.Usrs.Me.LoggedRole)
|
||||
{
|
||||
case Rol_TEACHER:
|
||||
/* If I am a teacher of current course,
|
||||
I only can change the user's data of empty users from current course */
|
||||
return (UsrDat->RoleInCurrentCrsDB == Rol_STUDENT || // A student
|
||||
UsrDat->RoleInCurrentCrsDB == Rol_TEACHER) && // or a teacher
|
||||
!UsrDat->Password[0] && // who has no password (never logged)
|
||||
/* Check 1: I can change data of users who do not exist in database */
|
||||
if (UsrDat->UsrCod <= 0) // User does not exist (when creating a new user)
|
||||
return true;
|
||||
|
||||
/* Check 2: I change data of users with user's data empty */
|
||||
if (!UsrDat->Password[0] && // User has no password (never logged)
|
||||
!UsrDat->Surname1[0] && // and who has no surname 1 (nobody filled user's surname 1)
|
||||
!UsrDat->FirstName[0]; // and who has no first name (nobody filled user's first name)
|
||||
!UsrDat->Surname2[0] && // and who has no surname 2 (nobody filled user's surname 2)
|
||||
!UsrDat->FirstName[0]) // and who has no first name (nobody filled user's first name)
|
||||
// Warning: I could view simultaneously ID and email (if filled)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
case Rol_DEG_ADM:
|
||||
case Rol_CTR_ADM:
|
||||
case Rol_INS_ADM:
|
||||
|
@ -3609,7 +3615,8 @@ static void Usr_WriteEmail (struct UsrData *UsrDat,const char *BgColor)
|
|||
|
||||
if (UsrDat->Email[0])
|
||||
{
|
||||
ShowEmail = Mai_ICanSeeEmail (UsrDat);
|
||||
ShowEmail = Mai_ICanSeeOtherUsrEmail (UsrDat);
|
||||
if (ShowEmail)
|
||||
sprintf (MailLink,"mailto:%s",UsrDat->Email);
|
||||
}
|
||||
else
|
||||
|
@ -4254,6 +4261,7 @@ void Usr_SearchListUsrs (Rol_Role_t Role)
|
|||
const char *QueryFields =
|
||||
"DISTINCT usr_data.UsrCod,"
|
||||
"usr_data.EncryptedUsrCod,"
|
||||
"usr_data.Password,"
|
||||
"usr_data.Surname1,"
|
||||
"usr_data.Surname2,"
|
||||
"usr_data.FirstName,"
|
||||
|
@ -4264,15 +4272,16 @@ void Usr_SearchListUsrs (Rol_Role_t Role)
|
|||
/*
|
||||
row[ 0]: usr_data.UsrCod
|
||||
row[ 1]: usr_data.EncryptedUsrCod
|
||||
row[ 2]: usr_data.Surname1
|
||||
row[ 3]: usr_data.Surname2
|
||||
row[ 4]: usr_data.FirstName
|
||||
row[ 5]: usr_data.Sex
|
||||
row[ 6]: usr_data.Photo
|
||||
row[ 7]: usr_data.PhotoVisibility
|
||||
row[ 8]: usr_data.InsCod
|
||||
row[ 9]: crs_usr.Role (only if Scope == Sco_SCOPE_CRS)
|
||||
row[10]: crs_usr.Accepted (only if Scope == Sco_SCOPE_CRS)
|
||||
row[ 2]: usr_data.Password (used to check if a teacher can edit user's data)
|
||||
row[ 3]: usr_data.Surname1
|
||||
row[ 4]: usr_data.Surname2
|
||||
row[ 5]: usr_data.FirstName
|
||||
row[ 6]: usr_data.Sex
|
||||
row[ 7]: usr_data.Photo
|
||||
row[ 8]: usr_data.PhotoVisibility
|
||||
row[ 9]: usr_data.InsCod
|
||||
row[10]: crs_usr.Role (only if Scope == Sco_SCOPE_CRS)
|
||||
row[11]: crs_usr.Accepted (only if Scope == Sco_SCOPE_CRS)
|
||||
*/
|
||||
const char *OrderQuery = "candidate_users.UsrCod=usr_data.UsrCod"
|
||||
" ORDER BY "
|
||||
|
|
Loading…
Reference in New Issue