check visibility of courseware structual elements on course overview page, fixes #4588

Closes #4588 Merge request studip/studip!3400

check visibility of courseware structual elements on course overview page, fixes #4588
2fb0e9fe · Jan-Hendrik Willms · 1cb077d6 · 2fb0e9fe
Commit 2fb0e9fe authored 8 months ago by Jan-Hendrik Willms
--- a/app/controllers/contents/courseware.php
+++ b/app/controllers/contents/courseware.php
@@ -171,6 +171,46 @@ class Contents_CoursewareController extends CoursewareController
        $this->sem_courses  = $this->getCoursewareCourses($sem_key);
    }

+    public function pdf_export_action($element_id, $with_children): void
+    {
+        $element = \Courseware\StructuralElement::findOneById($element_id);
+
+        $this->render_pdf($element->pdfExport($this->user, $with_children), trim($element->title).'.pdf');
+    }
+
+    /**
+     * To display the shared courseware
+     *
+     * @param string $entry_element_id the shared struct element id
+     */
+    public function shared_content_courseware_action($entry_element_id): void
+    {
+        global $user;
+
+        $navigation = new Navigation(_('Geteiltes Lernmaterial'), 'dispatch.php/contents/courseware/shared_content_courseware/' . $entry_element_id);
+        Navigation::addItem('/contents/courseware/shared_content_courseware', $navigation);
+        Navigation::activateItem('/contents/courseware/shared_content_courseware');
+
+        $this->entry_element_id = $entry_element_id;
+
+        $struct = \Courseware\StructuralElement::findOneBySQL(
+            "id = ? AND range_type = 'user'",
+            [$this->entry_element_id]
+        );
+
+        if (!$struct) {
+            throw new Trails\Exception(404, _('Der geteilte Inhalt kann nicht gefunden werden.'));
+        }
+
+        if (!$struct->canRead($user) && !$struct->canEdit($user)) {
+            throw new AccessDeniedException();
+        }
+
+        $this->user_id = $struct->owner_id;
+
+        $this->setCoursewareSidebar();
+    }
+
    /**
     * Return list of coursewares grouped by semester_id
     *
@@ -199,12 +239,17 @@ class Contents_CoursewareController extends CoursewareController
        $courses = new SimpleCollection($courses);

        if (!Config::get()->MY_COURSES_ENABLE_STUDYGROUPS) {
-            $courses = $courses->filter(function ($a) {
-                return !$a->isStudygroup();
+            $courses = $courses->filter(function (Course $course) {
+                return !$course->isStudygroup();
            });
        }

-        if ($sem_key != 'all') {
+        // Filter courses with enabled and visible courseware
+        $courses = $courses->filter(function (Course $course) {
+            return $this->isCoursewareEnabledAndVisible($course);
+        });
+
+        if ($sem_key !== 'all') {
            $semester = Semester::find($sem_key);

            $courses = $courses->filter(function ($a) use ($semester) {
@@ -218,13 +263,15 @@ class Contents_CoursewareController extends CoursewareController

            foreach ($courses as $course) {
                $element = StructuralElement::getCoursewareCourse($course->id);
-                if (!empty($element) && $this->isCoursewareEnabled($course->id)) {
-                    $element['payload'] = json_decode($element['payload'], true);
-                    $coursewares[] = $element;
+                if (!$element || !$element->canRead(User::findCurrent())) {
+                    continue;
                }
+
+                $element['payload'] = json_decode($element['payload'], true);
+                $coursewares[] = $element;
            }

-            if (empty($coursewares)) {
+            if (!$coursewares) {
                return [];
            }

@@ -233,20 +280,20 @@ class Contents_CoursewareController extends CoursewareController
                'coursewares'   => $coursewares
            ]];
        } else {
-            $all_semesters    = Semester::getAll();
-            $sem_courses      = [];
-
+            $sem_courses = [];
            foreach ($courses as $course) {
                $element = StructuralElement::getCoursewareCourse($course->id);
-                if (!empty($element) && $this->isCoursewareEnabled($course->id)) {
-                    $element['payload'] = json_decode($element['payload'], true);
-
-                    if ($course->duration_time == -1) {
-                        $sem_courses[$this->current_semester->id]['coursewares'][] = $element;
-                    } else {
-                        $end_semester = $course->getEndSemester();
-                        $sem_courses[$end_semester->id]['coursewares'][] = $element;
-                    }
+                if (!$element || !$element->canRead(User::findCurrent())) {
+                    continue;
+                }
+
+                $element['payload'] = json_decode($element['payload'], true);
+
+                if ($course->isOpenEnded()) {
+                    $sem_courses[$this->current_semester->id]['coursewares'][] = $element;
+                } else {
+                    $end_semester = $course->getEndSemester();
+                    $sem_courses[$end_semester->id]['coursewares'][] = $element;
                }
            }

@@ -255,71 +302,36 @@ class Contents_CoursewareController extends CoursewareController
    }

    /**
-     * Returns true if the courseware module is enabled for the passed course
+     * Returns true if the courseware module is enabled and visible for the
+     *  passed course and current user
     *
-     * @param  string  $course_id  the course to check
-     * @return boolean             true if courseware is enabled, false otherwise
+     * @param  Course  $course  the course to check
+     * @return boolean true if courseware is enabled and visible,
+     *                 false otherwise
     */
-    private function isCoursewareEnabled($course_id): bool
+    private function isCoursewareEnabledAndVisible(Course $course): bool
    {
+        // Check if courseware is globally enabled
        $studip_module = PluginManager::getInstance()->getPlugin(CoursewareModule::class);
-
-        if (!$studip_module || !$studip_module->isActivated($course_id)) {
+        if (!$studip_module) {
            return false;
        }

-        return true;
-    }
-
-
-    private function getProjects($purpose): array
-    {
-        $elements = StructuralElement::findProjects($this->user->id, $purpose);
-        foreach($elements as &$element) {
-            $element['payload'] = json_decode($element['payload'], true);
+        // Check if courseware is enabled in course
+        $active_tool = ToolActivation::find([
+            $course->id,
+            $studip_module->getPluginId(),
+        ]);
+        if (!$active_tool) {
+            return false;
        }

-        return $elements;
-    }
-
-
-    public function pdf_export_action($element_id, $with_children): void
-    {
-        $element = \Courseware\StructuralElement::findOneById($element_id);
-
-        $this->render_pdf($element->pdfExport($this->user, $with_children), trim($element->title).'.pdf');
-    }
-
-    /**
-     * To display the shared courseware
-     *
-     * @param string $entry_element_id the shared struct element id
-     */
-    public function shared_content_courseware_action($entry_element_id): void
-    {
-        global $user;
-
-        $navigation = new Navigation(_('Geteiltes Lernmaterial'), 'dispatch.php/contents/courseware/shared_content_courseware/' . $entry_element_id);
-        Navigation::addItem('/contents/courseware/shared_content_courseware', $navigation);
-        Navigation::activateItem('/contents/courseware/shared_content_courseware');
-
-        $this->entry_element_id = $entry_element_id;
-
-        $struct = \Courseware\StructuralElement::findOneBySQL(
-            "id = ? AND range_type = 'user'",
-            [$this->entry_element_id]
+        // Check visibility
+        return $GLOBALS['perm']->have_studip_perm(
+            $active_tool->getVisibilityPermission(),
+            $course->id,
+            User::findCurrent()->id
        );
-
-        if (!$struct) {
-            throw new Trails\Exception(404, _('Der geteilte Inhalt kann nicht gefunden werden.'));
-        }
-
-        if (!$struct->canRead($user) && !$struct->canEdit($user)) {
-            throw new AccessDeniedException();
-        }
-
-        $this->user_id = $struct->owner_id;
-
-        $this->setCoursewareSidebar();
    }
+
 }