Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Statistics / Behavioural Statistics] Fix permission issue where users were allowed to see statistics from sites they don't have access to. #5252

Merged
merged 10 commits into from
Jan 14, 2020
Merged

[Statistics / Behavioural Statistics] Fix permission issue where users were allowed to see statistics from sites they don't have access to. #5252

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
80fce82
[Statistics / Behavioural Statistics] Fix permission issue where user…
Sep 27, 2019
cf7cf9d
fixed to match code standards
Sep 28, 2019
fe452de
Update modules/statistics/php/stats_behavioural.class.inc
racostas Sep 30, 2019
5d6a8be
Update modules/statistics/php/stats_behavioural.class.inc
racostas Sep 30, 2019
d97eab2
Update modules/statistics/php/stats_behavioural.class.inc
racostas Sep 30, 2019
f880620
Update modules/statistics/php/stats_behavioural.class.inc
racostas Sep 30, 2019
f506f29
Update modules/statistics/php/stats_behavioural.class.inc
racostas Oct 1, 2019
c9ee102
Update modules/statistics/php/stats_behavioural.class.inc
racostas Oct 1, 2019
c835747
code standards fix
Oct 1, 2019
7d7d640
Restriction to "allowed sites to the current user" included during th…
Oct 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 28 additions & 15 deletions modules/statistics/php/stats_behavioural.class.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,17 @@ class Stats_Behavioural extends \NDB_Form
{
parent::setup();

$DB =& \Database::singleton();
$factory = \NDB_Factory::singleton();
$DB = $factory->database();
$user = $factory->user();

//SITES
if ($user->hasPermission('access_all_profiles')) {
$list_of_sites = \Utility::getSiteList();
} else {
$list_of_sites = $user->getStudySites();
}
$sitesString = implode(",", array_keys($list_of_sites));

$centers = $DB->pselect(
"SELECT CONCAT('C', CenterID) as ID,
Expand All @@ -72,7 +82,8 @@ class Stats_Behavioural extends \NDB_Form
Name as ShortName
FROM psc
WHERE CenterID <> '1'
AND Study_site = 'Y'",
AND Study_site = 'Y'
AND CenterID IN (" . $sitesString . ")",
array()
);

Expand Down Expand Up @@ -142,6 +153,7 @@ class Stats_Behavioural extends \NDB_Form
AND s.Current_stage <> 'Recycling Bin'
AND f.CommentID NOT LIKE 'DDE%'
AND s.CenterID <> '1'
AND s.CenterID IN (" . $sitesString . ")
$suproject_query
$Param_Project
GROUP by s.ID, s.CenterID, VLabel, f.Data_Entry",
Expand Down Expand Up @@ -199,20 +211,21 @@ class Stats_Behavioural extends \NDB_Form
}
// DDE STATS
$result = $DB->pselect(
"SELECT s.CenterID,
f.Data_Entry as Data_Entry,
s.visit_label as VLabel,
COUNT(s.CandID) as val
"SELECT s.CenterID,
f.Data_Entry as Data_Entry,
s.visit_label as VLabel,
COUNT(s.CandID) as val
FROM session as s
JOIN candidate as c ON (s.CandID=c.CandID)
JOIN flag as f ON (f.SessionID=s.ID)
WHERE s.Active='Y'
AND s.Current_stage <> 'Recycling Bin'
AND f.CommentID LIKE 'DDE%'
AND c.Active='Y'
AND s.CenterID <> '1'
$suproject_query
$Param_Project
JOIN candidate as c ON(s.CandID=c.CandID)
JOIN flag as f ON(f.SessionID=s.ID)
WHERE s.Active = 'Y'
AND s.Current_stage <> 'Recycling Bin'
AND f.CommentID LIKE 'DDE%'
AND c.Active = 'Y'
AND s.CenterID <> '1'
AND s.CenterID IN(" . $sitesString . ")
$suproject_query
$Param_Project
GROUP BY s.CenterID, VLabel, f.Data_Entry",
$this->params ?? array()
);
Expand Down