Behaviour: add a View Behaviour Records_myself permission (#1868)

GibbonEdu · Nov 2, 2024 · 4969192 · 4969192
1 parent a03d457
commit 4969192
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 46 deletions.
diff --git a/CHANGEDB.php b/CHANGEDB.php
@@ -881,4 +881,6 @@
 INSERT INTO `gibbonPermission` (`gibbonRoleID` ,`gibbonActionID`) VALUES (004, (SELECT gibbonActionID FROM gibbonAction JOIN gibbonModule ON (gibbonAction.gibbonModuleID=gibbonModule.gibbonModuleID) WHERE gibbonModule.name='Activities' AND gibbonAction.name='View Activities_myChildren'));end
 ALTER TABLE gibbonMessengerReceipt ADD `unsubscribeKey` varchar(50) DEFAULT NULL AFTER `nameListStudent`;end
 UPDATE gibbonAction SET `URLList`='mailingListRecipients_manage.php, mailingListRecipients_manage_add.php, mailingListRecipients_manage_edit.php, mailingListRecipients_manage_delete.php' WHERE name='Manage Mailing List Recipients' AND gibbonModuleID=(SELECT gibbonModuleID FROM gibbonModule WHERE name='Messenger');end
+INSERT INTO `gibbonAction` (`gibbonModuleID`, `name`, `precedence`, `category`, `description`, `helpURL`, `URLList`, `entryURL`, `entrySidebar`, `menuShow`, `defaultPermissionAdmin`, `defaultPermissionTeacher`, `defaultPermissionStudent`, `defaultPermissionParent`, `defaultPermissionSupport`, `categoryPermissionStaff`, `categoryPermissionStudent`, `categoryPermissionParent`, `categoryPermissionOther`) VALUES ((SELECT gibbonModuleID FROM gibbonModule WHERE name='Behaviour'), 'View Behaviour Records_myself', '0', 'Behaviour Records', 'View basic details of behaviour records about themselves.', 'teachers/people/behaviour/', 'behaviour_view.php,behaviour_view_details.php', 'behaviour_view.php', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'Y', 'N', 'N');end
+
 ";
diff --git a/modules/Behaviour/behaviour_view.php b/modules/Behaviour/behaviour_view.php
@@ -77,6 +77,11 @@
 
             $table = DataTable::create('behaviour');
             $table->setTitle( __('My Children'));
+        } else if ($highestAction == 'View Behaviour Records_myself') {
+            $students = $studentGateway->selectActiveStudentByPerson($session->get('gibbonSchoolYearID'), $session->get('gibbonPersonID'))->toDataSet();
+
+            $table = DataTable::create('behaviour');
+            $table->setTitle( __('Behaviour'));
 
         } else if ($highestAction == 'View Behaviour Records_my') {
 

diff --git a/modules/Behaviour/behaviour_view_details.php b/modules/Behaviour/behaviour_view_details.php
@@ -39,47 +39,53 @@
 } else {
     //Get action with highest precendence
     $highestAction = getHighestGroupedAction($guid, $_GET['q'], $connection2);
-    if ($highestAction == false) {
+    if (empty($highestAction)) {
         $page->addError(__('The highest grouped action cannot be determined.'));
     } else {
         $gibbonPersonID = $_GET['gibbonPersonID'] ?? '';
 
         $page->breadcrumbs
-            ->add(__('View Behaviour Records'), 'behaviour_manage.php')
+            ->add(__('View Behaviour Records'), 'behaviour_view.php')
             ->add(__('View Student Record'));
 
         $search = $_GET['search'] ?? '';
         if (!empty($search)) {
             $page->navigator->addSearchResultsAction(Url::fromModuleRoute('Behaviour', 'behaviour_view.php')->withQueryParam('search', $search));
         }
-        try {
-            if ($highestAction == 'View Behaviour Records_all') {
-                $data = array('gibbonPersonID' => $gibbonPersonID, 'gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'));
-                $sql = "SELECT gibbonPerson.gibbonPersonID, gibbonStudentEnrolmentID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup FROM gibbonPerson JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID)  JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID) JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID) WHERE status='Full' AND (dateStart IS NULL OR dateStart<='".date('Y-m-d')."') AND (dateEnd IS NULL  OR dateEnd>='".date('Y-m-d')."') AND gibbonPerson.gibbonPersonID=:gibbonPersonID AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID";
-            } else if ($highestAction == 'View Behaviour Records_myChildren') {
-                $data = array('gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'), 'gibbonPersonID' => $session->get('gibbonPersonID'), 'gibbonPersonID2' => $gibbonPersonID);
-                $sql = "SELECT gibbonPerson.gibbonPersonID, gibbonStudentEnrolmentID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup FROM gibbonPerson JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID) JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID) JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID) JOIN gibbonFamilyChild ON (gibbonPerson.gibbonPersonID=gibbonFamilyChild.gibbonPersonID) JOIN gibbonFamily ON (gibbonFamilyChild.gibbonFamilyID=gibbonFamily.gibbonFamilyID) JOIN gibbonFamilyAdult ON (gibbonFamilyAdult.gibbonFamilyID=gibbonFamily.gibbonFamilyID AND childDataAccess='Y') WHERE gibbonFamilyAdult.gibbonPersonID=:gibbonPersonID AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID AND gibbonPerson.status='Full' AND (dateStart IS NULL OR dateStart<='".date('Y-m-d')."') AND (dateEnd IS NULL  OR dateEnd>='".date('Y-m-d')."') AND gibbonPerson.gibbonPersonID=:gibbonPersonID2 ORDER BY surname, preferredName";
-            } else if ($highestAction == 'View Behaviour Records_my') {
-                $data = ['gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'), 'gibbonPersonIDCreator' => $session->get('gibbonPersonID'), 'gibbonPersonID' => $gibbonPersonID, 'today' => date('Y-m-d')];               
-                $sql = "SELECT gibbonPerson.gibbonPersonID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup
-                 FROM gibbonBehaviour 
-                 JOIN gibbonPerson ON (gibbonBehaviour.gibbonPersonID=gibbonPerson.gibbonPersonID)
-                 JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID)
-                 JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID)
-                 JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID)
-                 WHERE gibbonBehaviour.gibbonPersonIDCreator=:gibbonPersonIDCreator AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID AND gibbonPerson.status='Full' AND (dateStart IS NULL OR dateStart<=:today) AND (dateEnd IS NULL OR dateEnd>=:today) AND gibbonPerson.gibbonPersonID=:gibbonPersonID
-                GROUP BY gibbonPerson.gibbonPersonID, yearGroup, formGroup
-                ORDER BY surname, preferredName";
-            } else {
-                return;
-            }
 
-            $result = $connection2->prepare($sql);
-            $result->execute($data);
+        if ($highestAction == 'View Behaviour Records_myself' && $gibbonPersonID != $session->get('gibbonPersonID')) {
+            $page->addError(__('You do not have access to this action.'));
+            return;
+        }
+
 
-        } catch (PDOException $e) {
+        if ($highestAction == 'View Behaviour Records_all') {
+            $data = array('gibbonPersonID' => $gibbonPersonID, 'gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'));
+            $sql = "SELECT gibbonPerson.gibbonPersonID, gibbonStudentEnrolmentID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup FROM gibbonPerson JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID)  JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID) JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID) WHERE status='Full' AND (dateStart IS NULL OR dateStart<='".date('Y-m-d')."') AND (dateEnd IS NULL  OR dateEnd>='".date('Y-m-d')."') AND gibbonPerson.gibbonPersonID=:gibbonPersonID AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID";
+        } else if ($highestAction == 'View Behaviour Records_myChildren') {
+            $data = array('gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'), 'gibbonPersonID' => $session->get('gibbonPersonID'), 'gibbonPersonID2' => $gibbonPersonID);
+            $sql = "SELECT gibbonPerson.gibbonPersonID, gibbonStudentEnrolmentID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup FROM gibbonPerson JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID) JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID) JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID) JOIN gibbonFamilyChild ON (gibbonPerson.gibbonPersonID=gibbonFamilyChild.gibbonPersonID) JOIN gibbonFamily ON (gibbonFamilyChild.gibbonFamilyID=gibbonFamily.gibbonFamilyID) JOIN gibbonFamilyAdult ON (gibbonFamilyAdult.gibbonFamilyID=gibbonFamily.gibbonFamilyID AND childDataAccess='Y') WHERE gibbonFamilyAdult.gibbonPersonID=:gibbonPersonID AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID AND gibbonPerson.status='Full' AND (dateStart IS NULL OR dateStart<='".date('Y-m-d')."') AND (dateEnd IS NULL  OR dateEnd>='".date('Y-m-d')."') AND gibbonPerson.gibbonPersonID=:gibbonPersonID2 ORDER BY surname, preferredName";
+        } else if ($highestAction == 'View Behaviour Records_my') {
+            $data = ['gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'), 'gibbonPersonIDCreator' => $session->get('gibbonPersonID'), 'gibbonPersonID' => $gibbonPersonID, 'today' => date('Y-m-d')];               
+            $sql = "SELECT gibbonPerson.gibbonPersonID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup
+                FROM gibbonBehaviour 
+                JOIN gibbonPerson ON (gibbonBehaviour.gibbonPersonID=gibbonPerson.gibbonPersonID)
+                JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID)
+                JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID)
+                JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID)
+                WHERE gibbonBehaviour.gibbonPersonIDCreator=:gibbonPersonIDCreator AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID AND gibbonPerson.status='Full' AND (dateStart IS NULL OR dateStart<=:today) AND (dateEnd IS NULL OR dateEnd>=:today) AND gibbonPerson.gibbonPersonID=:gibbonPersonID
+            GROUP BY gibbonPerson.gibbonPersonID, yearGroup, formGroup
+            ORDER BY surname, preferredName";
+        } else if ($highestAction == 'View Behaviour Records_myself') {
+            $data = array('gibbonPersonID' => $session->get('gibbonPersonID'), 'gibbonSchoolYearID' => $session->get('gibbonSchoolYearID'));
+            $sql = "SELECT gibbonPerson.gibbonPersonID, gibbonStudentEnrolmentID, surname, preferredName, gibbonYearGroup.nameShort AS yearGroup, gibbonFormGroup.nameShort AS formGroup FROM gibbonPerson JOIN gibbonStudentEnrolment ON (gibbonPerson.gibbonPersonID=gibbonStudentEnrolment.gibbonPersonID)  JOIN gibbonYearGroup ON (gibbonStudentEnrolment.gibbonYearGroupID=gibbonYearGroup.gibbonYearGroupID) JOIN gibbonFormGroup ON (gibbonStudentEnrolment.gibbonFormGroupID=gibbonFormGroup.gibbonFormGroupID) WHERE status='Full' AND (dateStart IS NULL OR dateStart<='".date('Y-m-d')."') AND (dateEnd IS NULL  OR dateEnd>='".date('Y-m-d')."') AND gibbonPerson.gibbonPersonID=:gibbonPersonID AND gibbonStudentEnrolment.gibbonSchoolYearID=:gibbonSchoolYearID";
+        } else {
+            return;
         }
 
+
+        $result = $pdo->select($sql, $data);
+
         if ($result->rowCount() != 1) {
             $page->addError(__('The selected record does not exist, or you do not have access to it.'));
         } else {

diff --git a/modules/Behaviour/moduleFunctions.php b/modules/Behaviour/moduleFunctions.php
@@ -45,6 +45,14 @@ function getBehaviourRecord(ContainerInterface $container, $gibbonPersonID, $gib
 
     $schoolYears = $studentGateway->selectAllStudentEnrolmentsByPerson($gibbonPersonID)->fetchAll();
 
+    $highestViewAction = getHighestGroupedAction($guid, $_GET['q'], $connection2);
+    $viewingSelf = $session->get('gibbonPersonID') == $gibbonPersonID;
+
+    if ($highestViewAction == 'View Behaviour Records_my' && !$viewingSelf) {
+        echo Format::alert(__('You do not have access to this action.'));
+        return;
+    }
+
     if (empty($schoolYears)) {
         $output .= "<div class='error'>";
         $output .= __('There are no records to display.');
@@ -63,8 +71,10 @@ function getBehaviourRecord(ContainerInterface $container, $gibbonPersonID, $gib
             $table = DataTable::createPaginated('behaviour'.$schoolYear['gibbonSchoolYearID'], $criteria);
             $table->setTitle($schoolYear['name']);
 
-            if ($schoolYear['gibbonSchoolYearID'] == $session->get('gibbonSchoolYearID')) {
-                if (isActionAccessible($guid, $connection2, '/modules/Behaviour/behaviour_manage.php')) {
+            $canManageBehaviour = isActionAccessible($guid, $connection2, '/modules/Behaviour/behaviour_manage.php');
+
+            if (!$viewingSelf && $schoolYear['gibbonSchoolYearID'] == $session->get('gibbonSchoolYearID')) {
+                if ($canManageBehaviour) {
                     $table->addHeaderAction('add', __('Add'))
                         ->setURL('/modules/Behaviour/behaviour_manage_add.php')
                         ->addParam('gibbonPersonID', $gibbonPersonID)
@@ -85,19 +95,21 @@ function getBehaviourRecord(ContainerInterface $container, $gibbonPersonID, $gib
 
             $table->addMetaData('hidePagination', true);
 
-            $table->addExpandableColumn('comment')
-                ->format(function($behaviour) {
-                    $output = '';
-                    if (!empty($behaviour['comment'])) {
-                        $output .= '<strong>'.__('Incident').'</strong><br/>';
-                        $output .= nl2br($behaviour['comment']).'<br/>';
-                    }
-                    if (!empty($behaviour['followup'])) {
-                        $output .= '<br/><strong>'.__('Follow Up').'</strong><br/>';
-                        $output .= nl2br($behaviour['followup']).'<br/>';
-                    }
-                    return $output;
-                });
+            if ($highestViewAction == 'View Behaviour Records_all') {
+                $table->addExpandableColumn('comment')
+                    ->format(function($behaviour) {
+                        $output = '';
+                        if (!empty($behaviour['comment'])) {
+                            $output .= '<strong>'.__('Incident').'</strong><br/>';
+                            $output .= nl2br($behaviour['comment']).'<br/>';
+                        }
+                        if (!empty($behaviour['followup'])) {
+                            $output .= '<br/><strong>'.__('Follow Up').'</strong><br/>';
+                            $output .= nl2br($behaviour['followup']).'<br/>';
+                        }
+                        return $output;
+                    });
+            }
 
             $table->addColumn('date', __('Date'))
                 ->context('primary')
@@ -125,7 +137,7 @@ function getBehaviourRecord(ContainerInterface $container, $gibbonPersonID, $gib
                 $table->addColumn('descriptor', __('Descriptor'))->context('primary');
             }
 
-            if ($enableLevels == 'Y') {
+            if ($highestViewAction == 'View Behaviour Records_all' && $enableLevels == 'Y') {
                 $table->addColumn('level', __('Level'))->width('15%');
             }
 
@@ -137,17 +149,18 @@ function getBehaviourRecord(ContainerInterface $container, $gibbonPersonID, $gib
                     return Format::name($person['titleCreator'], $person['preferredNameCreator'], $person['surnameCreator'], 'Staff');
                 });
 
-            if (isActionAccessible($guid, $connection2, '/modules/Behaviour/behaviour_manage.php') && $schoolYear['gibbonSchoolYearID'] == $session->get('gibbonSchoolYearID')) {
-                $highestAction = getHighestGroupedAction($guid, '/modules/Behaviour/behaviour_manage.php', $connection2);
+            if ($canManageBehaviour && $schoolYear['gibbonSchoolYearID'] == $session->get('gibbonSchoolYearID')) {
+                $highestManageAction = getHighestGroupedAction($guid, '/modules/Behaviour/behaviour_manage.php', $connection2);
 
                 $table->addActionColumn()
                     ->addParam('gibbonPersonID', $gibbonPersonID)
                     ->addParam('gibbonFormGroupID', '')
                     ->addParam('gibbonYearGroupID', '')
                     ->addParam('type', '')
                     ->addParam('gibbonBehaviourID')
-                    ->format(function ($person, $actions) use ($session, $highestAction) {
-                        if ($highestAction == 'Manage Behaviour Records_all' || $highestAction == 'Manage Behaviour Records_my') {
+                    ->format(function ($person, $actions) use ($session, $highestManageAction) {
+                        if ($highestManageAction == 'Manage Behaviour Records_all'
+                        || ($highestManageAction == 'Manage Behaviour Records_my' && $person['gibbonPersonIDCreator'] == $session->get('gibbonPersonID'))) {
                             $actions->addAction('edit', __('Edit'))
                                 ->setURL('/modules/Behaviour/behaviour_manage_edit.php');
                         }