Dev/10.1.0

fuel/app/classes/controller/api/admin.php

@@ -69,13 +69,20 @@ public function post_user($user_id)
 		return \Service_User::update_user($user_id, $user);
 	}
 
-	public function get_widget_search(string $input)
+	public function get_instance_search(string $input, string $page_number)
 	{
 		$input = trim($input);
 		$input = urldecode($input);
+		$page_number = (int) $page_number;
 		//no need to search if for some reason an empty string is passed
-		if ($input == '') return [];
-		return \Materia\Widget_Instance_Manager::get_search($input);
+		if ($input == '')
+		{
+			return [
+				'pagination' => [],
+				'next_page'  => $page_number
+			];
+		}
+		return \Materia\Widget_Instance_Manager::get_paginated_instance_search($input, $page_number);
 	}
 
 	public function get_extra_attempts(string $inst_id)

fuel/app/classes/materia/api/v1.php

@@ -64,10 +64,10 @@ static public function widget_instances_get($inst_ids = null, bool $deleted = fa
  *
  * @return array of objects containing total_num_pages and widget instances that are visible to the user.
  */
-	static public function widget_paginate_instances_get($page_number = 0)
+	static public function widget_paginate_user_instances_get($page_number = 0)
 	{
 		if (\Service_User::verify_session() !== true) return Msg::no_login();
-		$data = Widget_Instance_Manager::get_paginated_for_user(\Model_User::find_current_id(), $page_number);
+		$data = Widget_Instance_Manager::get_paginated_instances_for_user(\Model_User::find_current_id(), $page_number);
 		return $data;
 	}
 
@@ -218,7 +218,7 @@ static public function widget_instance_new($widget_id=null, $name=null, $qset=nu
 	 * @param int     $close_at
 	 * @param int     $attempts
 	 * @param bool    $guest_access
-	 * @param bool 	  $is_student_made
+	 * @param bool 	  $is_student_made // NOT USED
 	 *
 	 * @return array An associative array with details about the save
 	 */
@@ -237,6 +237,10 @@ static public function widget_instance_update($inst_id=null, $name=null, $qset=n
 		// student made widgets are locked forever
 		if ($inst->is_student_made)
 		{
+			if ($guest_access === false)
+			{
+				return new Msg('Student-made widgets must stay in guest access mode.', 'Student Made', 'error', false);
+			}
 			$attempts = -1;
 			$guest_access = true;
 		}
@@ -328,36 +332,42 @@ static public function widget_instance_update($inst_id=null, $name=null, $qset=n
 		}
 		if ($guest_access !== null)
 		{
-			if ($inst->guest_access != $guest_access)
-			{
-				$activity = new Session_Activity([
-					'user_id' => \Model_User::find_current_id(),
-					'type'    => Session_Activity::TYPE_EDIT_WIDGET_SETTINGS,
-					'item_id' => $inst_id,
-					'value_1' => 'Guest Access',
-					'value_2' => $guest_access
-				]);
-				$activity->db_store();
-			}
-			$inst->guest_access = $guest_access;
-			// when disabling guest mode on a widget, make sure no students have access to that widget
-			if ( ! $guest_access)
+			// if the user is a student and they're not the owner, they can't do anything
+			// if the user is a student and they're the owner, they're allowed to set it to guest access
+			if (($inst->user_id == \Model_User::find_current_id() && $guest_access) || ! Perm_Manager::is_student(\Model_User::find_current_id()))
 			{
-				$access = Perm_Manager::get_all_users_explicit_perms($inst_id, Perm::INSTANCE)['widget_user_perms'];
-				foreach ($access as $user_id => $user_perms)
+				if ($inst->guest_access != $guest_access)
 				{
-					if (Perm_Manager::is_student($user_id))
+					$activity = new Session_Activity([
+						'user_id' => \Model_User::find_current_id(),
+						'type'    => Session_Activity::TYPE_EDIT_WIDGET_SETTINGS,
+						'item_id' => $inst_id,
+						'value_1' => 'Guest Access',
+						'value_2' => $guest_access
+					]);
+					$activity->db_store();
+				}
+				$inst->guest_access = $guest_access;
+				// when disabling guest mode on a widget, make sure no students have access to that widget
+				if ( ! $guest_access)
+				{
+					$access = Perm_Manager::get_all_users_explicit_perms($inst_id, Perm::INSTANCE)['widget_user_perms'];
+					foreach ($access as $user_id => $user_perms)
 					{
-						\Model_Notification::send_item_notification(\Model_user::find_current_id(), $user_id, Perm::INSTANCE, $inst_id, 'disabled', null);
-						Perm_Manager::clear_user_object_perms($inst_id, Perm::INSTANCE, $user_id);
+						if (Perm_Manager::is_student($user_id) && $user_id != $inst->user_id)
+						{
+							\Model_Notification::send_item_notification(\Model_user::find_current_id(), $user_id, Perm::INSTANCE, $inst_id, 'disabled', null);
+							Perm_Manager::clear_user_object_perms($inst_id, Perm::INSTANCE, $user_id);
+						}
 					}
 				}
 			}
 		}
 
 		if ($embedded_only !== null)
 		{
-			if ($inst->embedded_only != $embedded_only)
+			// if current user is student, they cannot change embedded_only
+			if ($inst->embedded_only != $embedded_only && ! Perm_Manager::is_student(\Model_User::find_current_id()))
 			{
 				$activity = new Session_Activity([
 					'user_id' => \Model_User::find_current_id(),
@@ -367,8 +377,9 @@ static public function widget_instance_update($inst_id=null, $name=null, $qset=n
 					'value_2' => $embedded_only
 				]);
 				$activity->db_store();
+
+				$inst->embedded_only = $embedded_only;
 			}
-			$inst->embedded_only = $embedded_only;
 		}
 
 		try
@@ -662,11 +673,12 @@ static public function guest_widget_instance_scores_get($inst_id, $play_id)
 	 */
 	static public function play_logs_get($inst_id, $semester = 'all', $year = 'all', $page_number=1)
 	{
-	if ( ! Util_Validator::is_valid_hash($inst_id)) return Msg::invalid_input($inst_id);
+		if ( ! Util_Validator::is_valid_hash($inst_id)) return Msg::invalid_input($inst_id);
 		if (\Service_User::verify_session() !== true) return Msg::no_login();
 		if ( ! static::has_perms_to_inst($inst_id, [Perm::VISIBLE, Perm::FULL])) return Msg::no_perm();
+		$is_student = ! \Service_User::verify_session(['basic_author', 'super_user']);
 
-		$data = Session_Play::get_by_inst_id_paginated($inst_id, $semester, $year, $page_number);
+		$data = Session_Play::get_by_inst_id_paginated($inst_id, $semester, $year, $page_number, $is_student);
 		return $data;
 	}
 
@@ -881,23 +893,39 @@ static public function semester_date_ranges_get()
 		return Utils::get_date_ranges();
 	}
 
-	static public function users_search($search)
+	/**
+	 * Paginated search for users that match input
+	 *
+	 * @param string Search query
+	 * @param string Page number
+	 * @return array List of users
+	 */
+	static public function users_search($input, $page_number = 0)
 	{
 		if (\Service_User::verify_session() !== true) return Msg::no_login();
 
-		$user_objects = \Model_User::find_by_name_search($search);
-		$user_arrays = [];
+		$items_per_page = 50;
+		$offset = $items_per_page * $page_number;
+
+		// query DB for only a single page + 1 item
+		$displayable_items = \Model_User::find_by_name_search($input, $offset, $items_per_page + 1);
+
+		$has_next_page = sizeof($displayable_items) > $items_per_page ? true : false;
+
+		if ($has_next_page) array_pop($displayable_items);
 
-		// scrub the user models with to_array
-		if (count($user_objects))
+		foreach ($displayable_items as $key => $person)
 		{
-			foreach ($user_objects as $key => $person)
-			{
-				$user_arrays[$key] = $person->to_array();
-			}
+			$displayable_items[$key] = $person->to_array();
 		}
 
-		return $user_arrays;
+		$data = [
+			'pagination' => $displayable_items,
+		];
+
+		if ($has_next_page) $data['next_page'] = $page_number + 1;
+
+		return $data;
 	}
 	/**
 	 * Gets information about the current user

fuel/app/classes/materia/perm/manager.php

@@ -38,7 +38,7 @@ static public function is_super_user()
 		// The session caching has been removed due to issues related to the cache when the role is added or revoked
 		// Ideally we can still find a way to cache this and make it more performant!!
 		return (\Fuel::$is_cli === true && ! \Fuel::$is_test) || self::does_user_have_role([\Materia\Perm_Role::SU]);
-		
+
 	}
 
 	/**
@@ -351,10 +351,10 @@ static public function remove_users_from_roles_system_only(Array $user_ids = [],
 					->execute();
 			}
 		}
+
 		return $success;
 	}
 
-
 	/*
 	 **********************  User to Object Rights  ***************************************
 	 */

fuel/app/classes/materia/session/play.php

@@ -213,7 +213,7 @@ public function resume($play_id)
 	 *  Must be fast because it can be asked to retrieve large data sets
 	 *
 	 */
-	public static function get_by_inst_id($inst_id, $semester='all', $year='all')
+	public static function get_by_inst_id($inst_id, $semester='all', $year='all', $is_student=false)
 	{
 		if ($semester != 'all' && $year != 'all')
 		{
@@ -230,7 +230,23 @@ public static function get_by_inst_id($inst_id, $semester='all', $year='all')
 
 		if (is_null($plays))
 		{
-			$query = \DB::select(
+			// if user is student, do not query user information
+			if ($is_student)
+			{
+				$query = \DB::select(
+					's.id',
+					['s.created_at', 'time'],
+					['s.is_complete', 'done'],
+					['s.percent', 'perc'],
+					['s.elapsed', 'elapsed'],
+					['s.qset_id', 'qset_id']
+				)
+				->from(['log_play', 's'])
+				->where('s.inst_id', $inst_id);
+			}
+			else
+			{
+				$query = \DB::select(
 					's.id',
 					['s.created_at', 'time'],
 					['s.is_complete', 'done'],
@@ -246,6 +262,7 @@ public static function get_by_inst_id($inst_id, $semester='all', $year='all')
 				->join(['users', 'u'], 'LEFT OUTER')
 					->on('u.id', '=', 's.user_id')
 				->where('s.inst_id', $inst_id);
+			}
 
 			if (isset($date))
 			{
@@ -256,14 +273,28 @@ public static function get_by_inst_id($inst_id, $semester='all', $year='all')
 
 			\Cache::set('play-logs.'.$inst_id.'.'.$cache_id, $plays);
 		}
+		else
+		{
+			// if user is student, do not show user information
+			if ($is_student)
+			{
+				foreach ($plays as &$play)
+				{
+					$play['user_id'] = 0;
+					unset($play['first']);
+					unset($play['last']);
+					unset($play['username']);
+				}
+			}
+		}
 
 		return $plays;
 	}
 
-	public static function get_by_inst_id_paginated($inst_id, $semester='all', $year='all', $page_number=1)
+	public static function get_by_inst_id_paginated($inst_id, $semester='all', $year='all', $page_number=1, $is_student=false)
 	{
 		$items_per_page = 100;
-		$data = self::get_by_inst_id($inst_id, $semester, $year);
+		$data = self::get_by_inst_id($inst_id, $semester, $year, $is_student);
 		$total_num_pages = ceil(sizeof($data) / $items_per_page);
 		$offset = $items_per_page * ($page_number - 1);
 		$page = array_slice($data, $offset, $items_per_page);
@@ -327,6 +358,8 @@ public function get_by_id($play_id=0)
 				$this->elapsed     = $r['elapsed'];
 				$this->context_id  = $r['context_id'];
 				$this->semester    = $r['semester'];
+				$this->auth        = $r['auth'];
+				$this->environment_data     = $r['environment_data'];
 				return true;
 			}
 		}

fuel/app/classes/materia/widget/instance.php

@@ -467,6 +467,10 @@ public function duplicate(int $owner_id, string $new_name = null, bool $copy_exi
 		 // update name
 		if ( ! empty($new_name)) $duplicate->name = $new_name;
 
+		// is_embedded and embedded_only should default to false for new instances (since the new instance won't have the play history requisite for is_embedded)
+		$duplicate->is_embedded = false;
+		$duplicate->embedded_only = false;
+
 		// these values aren't saved to the db - but the frontend will make use of them
 		$duplicate->clean_name  = \Inflector::friendly_title($duplicate->name, '-', true);
 		$base_url               = "{$duplicate->id}/{$duplicate->clean_name}";