Add configuration "allow_private_skills" see BT#12902

- Skills can only visible for admins, teachers (related to a user via a course)
  and HRM users (if related to a user).
- Add new function to handle permissions in the skill tool
- Use Skill::isAllow() to block pages.

Author: jmontoyaa

main/admin/index.php

@@ -407,7 +407,7 @@
     $blocks['settings']['search_form'] = null;
 
     // Skills
-    if (api_get_setting('allow_skills_tool') == 'true') {
+    if (Skill::isToolAvailable()) {
         $blocks['skills']['icon'] = Display::return_icon(
             'skill-badges.png',
             get_lang('Skills'),

main/admin/skill_badge.php

@@ -11,9 +11,9 @@
 
 $this_section = SECTION_PLATFORM_ADMIN;
 
-if (!api_is_platform_admin() || api_get_setting('allow_skills_tool') !== 'true') {
-    api_not_allowed(true);
-}
+api_protect_admin_script();
+Skill::isAllow();
+
 $backpack = 'https://backpack.openbadges.org/';
 
 $configBackpack = api_get_setting('openbadges_backpack');
@@ -33,10 +33,11 @@
         'list_badges.png',
         get_lang('ManageSkills'),
         null,
-        ICON_SIZE_MEDIUM),
+        ICON_SIZE_MEDIUM
+    ),
     api_get_path(WEB_CODE_PATH).'admin/skill_list.php',
     ['title' => get_lang('ManageSkills')]
-    );
+);
 
 $tpl = new Template(get_lang('Badges'));
 $tpl->assign('backpack', $backpack);

main/admin/skill_badge_create.php

@@ -13,21 +13,18 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-if (!api_is_platform_admin() || api_get_setting('allow_skills_tool') !== 'true') {
-    api_not_allowed(true);
-}
+api_protect_admin_script();
+Skill::isAllow();
 
 $this_section = SECTION_PLATFORM_ADMIN;
 
 $skillId = intval($_GET['id']);
-
 $objSkill = new Skill();
 $skill = $objSkill->get($skillId);
 
 $htmlHeadXtra[] = '<link  href="'.api_get_path(WEB_LIBRARY_JS_PATH).'badge-studio/media/css/core.css" rel="stylesheet">';
 
 // Add badge studio paths
-
 $badgeStudio = [
     'core' => api_get_path(WEB_LIBRARY_JS_PATH).'badge-studio/',
     'media' => api_get_path(WEB_LIBRARY_JS_PATH).'badge-studio/media/',
@@ -45,13 +42,12 @@
         'id' => $skillId
     );
 
-    if ((isset($_FILES['image']) && $_FILES['image']['error'] == 0) || !empty($_POST['badge_studio_image'])) {
+    if ((isset($_FILES['image']) && $_FILES['image']['error'] == 0) ||
+        !empty($_POST['badge_studio_image'])
+    ) {
         $dirPermissions = api_get_permissions_for_new_directories();
-
         $fileName = sha1($_POST['name']);
-
         $badgePath = api_get_path(SYS_UPLOAD_PATH).'badges/';
-
         $existsBadgesDirectory = is_dir($badgePath);
 
         if (!$existsBadgesDirectory) {
@@ -68,7 +64,6 @@
             }
 
             $skillImagePath = sprintf("%s%s.png", $badgePath, $fileName);
-
             if (!empty($_POST['badge_studio_image'])) {
                 $badgeImage = base64_decode(preg_replace('#^data:image/\w+;base64,#i', '', $_POST['badge_studio_image']));
                 file_put_contents($skillImagePath, $badgeImage);

main/admin/skill_badge_list.php

@@ -13,9 +13,8 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-if (!api_is_platform_admin() || api_get_setting('allow_skills_tool') !== 'true') {
-    api_not_allowed(true);
-}
+api_protect_admin_script();
+Skill::isAllow();
 
 $this_section = SECTION_PLATFORM_ADMIN;
 

main/admin/skill_create.php

@@ -16,10 +16,7 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 $interbreadcrumb[] = array("url" => 'index.php', "name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[] = array('url' => 'skill_list.php', 'name' => get_lang('ManageSkills'));
@@ -49,7 +46,6 @@
 $allGradebooks = $objGradebook->find('all');
 
 // This procedure is for check if there is already a Skill with no Parent (Root by default)
-
 $isAlreadyRootSkill = false;
 
 foreach ($allSkills as $checkedSkill) {

main/admin/skill_edit.php

@@ -16,10 +16,7 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 $interbreadcrumb[] = array("url" => 'index.php', "name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[] = array('url' => 'skill_list.php', 'name' => get_lang('ManageSkills'));

main/admin/skill_list.php

@@ -14,10 +14,7 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 $action = isset($_GET['action']) ? $_GET['action'] : 'list';
 $skillId = isset($_GET['id']) ? intval($_GET['id']) : 0;
@@ -115,7 +112,7 @@
         //no break
     default:
         $interbreadcrumb[] = array("url" => 'index.php', "name" => get_lang('PlatformAdmin'));
-        
+
         $toolbar = Display::url(
             Display::return_icon(
                 'add.png',
@@ -125,7 +122,7 @@
             api_get_path(WEB_CODE_PATH).'admin/skill_create.php',
             ['title' => get_lang('CreateSkill')]
             );
-        
+
         $toolbar .= Display::url(
             Display::return_icon(
                 'wheel_skill.png',
@@ -135,7 +132,7 @@
             api_get_path(WEB_CODE_PATH).'admin/skills_wheel.php',
             ['title' => get_lang('SkillsWheel')]
             );
-              
+
         $toolbar .= Display::url(
             Display::return_icon(
                 'edit-skill.png',
@@ -145,7 +142,7 @@
             api_get_path(WEB_CODE_PATH).'admin/skill_badge_list.php',
             ['title' => get_lang('BadgesManagement')]
             );
-        
+
         $toolbar .= Display::url(
             Display::return_icon(
                 'import_csv.png',
@@ -155,7 +152,7 @@
             api_get_path(WEB_CODE_PATH).'admin/skills_import.php',
             ['title' => get_lang('ImportSkillsListCSV')]
             );
-        
+
         $extraField = new ExtraField('skill');
         $arrayVals = $extraField->get_handler_field_info_by_tags('tags');
         $tags = [];

main/admin/skills.php

@@ -11,10 +11,7 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 //Adds the JS needed to use the jqgrid
 $htmlHeadXtra[] = api_get_js('jquery.jsPlumb.all.js');

main/admin/skills_gradebook.php

@@ -11,31 +11,24 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 //Adds the JS needed to use the jqgrid
 $htmlHeadXtra[] = api_get_jqgrid_js();
 
 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'display';
 
-
 // setting breadcrumbs
-
 $tool_name = get_lang('SkillsAndGradebooks');
 $interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
 if ($action == 'add_skill') {
     $interbreadcrumb[] = array('url' => 'skills_gradebook.php', 'name' => get_lang('SkillsAndGradebooks'));
     $tool_name = get_lang('Add');
 }
 
-
 Display::display_header($tool_name);
 
 //jqgrid will use this URL to do the selects
-
 $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_gradebooks';
 
 //The order is important you need to check the the $column variable in the model.ajax.php file
@@ -84,13 +77,13 @@
 
 //With this function we can add actions to the jgrid (edit, delete, etc)
 $action_links = 'function action_formatter(cellvalue, options, rowObject) {
-                        //certificates
-                        if (rowObject[4] == 1) {
-                            return \'<a href="?action=add_skill&id=\'+options.rowId+\'">'.Display::return_icon('add.png', get_lang('AddSkill'), '', ICON_SIZE_SMALL).'</a>'.'\';
-                        } else {
-                            return \''.Display::return_icon('add_na.png', get_lang('YourGradebookFirstNeedsACertificateInOrderToBeLinkedToASkill'), '', ICON_SIZE_SMALL).''.'\';
-                        }
-                 }';
+    //certificates
+    if (rowObject[4] == 1) {
+        return \'<a href="?action=add_skill&id=\'+options.rowId+\'">'.Display::return_icon('add.png', get_lang('AddSkill'), '', ICON_SIZE_SMALL).'</a>'.'\';
+    } else {
+        return \''.Display::return_icon('add_na.png', get_lang('YourGradebookFirstNeedsACertificateInOrderToBeLinkedToASkill'), '', ICON_SIZE_SMALL).''.'\';
+    }
+}';
 ?>
 <script>
 $(function() {
@@ -120,7 +113,6 @@
             }
         }
         $form->display();
-        //echo Display::tag('h2',$gradebook_info['name']);
         break;
 }
 Display::display_footer();

main/admin/skills_profile.php

@@ -12,24 +12,19 @@
 $this_section = SECTION_PLATFORM_ADMIN;
 
 api_protect_admin_script();
-
-if (api_get_setting('allow_skills_tool') != 'true') {
-    api_not_allowed();
-}
+Skill::isAllow();
 
 $interbreadcrumb[] = array(
     'url' => 'index.php',
     "name" => get_lang('PlatformAdmin'),
 );
 
-$skill           = new Skill();
-$skill_profile   = new SkillProfile();
-$skill_rel_user  = new SkillRelUser();
+$skill = new Skill();
+$skill_profile = new SkillProfile();
+$skill_rel_user = new SkillRelUser();
 
 $url = api_get_path(WEB_AJAX_PATH).'skill.ajax.php';
-
 $tpl = new Template(get_lang('Skills'));
-
 $form = new FormValidator('profile_search');
 
 $form->addElement('header', get_lang('SearchSkills'));