Prevent session admins to see all users - refs BT#9324

Author: ywarnier

main/admin/add_users_to_session.php

@@ -95,7 +95,10 @@ function search_users($needle, $type)
             $order_clause = ' ORDER BY official_code, firstname, lastname, username';
         }
 
-        if (api_is_session_admin() && api_get_setting('allow_session_admins_to_manage_all_users')  == 'false') {
+        if (api_is_session_admin()
+            && isset($_configuration['prevent_session_admins_to_manage_all_users'])
+            && $_configuration['prevent_session_admins_to_manage_all_users'] == 'true'
+        ) {
             $order_clause = " AND user.creator_id = " . api_get_user_id() . $order_clause;
         }
 

main/admin/user_list.php

@@ -446,7 +446,11 @@ function get_user_data($from, $number_of_items, $column, $direction) {
     $from 	= intval($from);
     $number_of_items = intval($number_of_items);
 
-    if (api_is_session_admin() && api_get_setting('allow_session_admins_to_manage_all_users')  == 'false') {
+    global $_configuration;
+    if (api_is_session_admin()
+        && isset($_configuration['prevent_session_admins_to_manage_all_users'])
+        && $_configuration['prevent_session_admins_to_manage_all_users'] == 'true'
+    ) {
         $sql .= " WHERE u.creator_id = " . api_get_user_id();
     }
 

main/install/configuration.dist.php

@@ -287,5 +287,5 @@
 // Allows a comment field in the course calendar events. Requires DB change
 //$_configuration['allow_agenda_event_comment'] = false;
 // Filters administration users lists by the session admin who created them.
-// Change to 'false' to restrict the visibility
-//$_configuration['allow_session_admins_to_manage_all_users'] = true;
+// Change to true to restrict the visibility
+//$_configuration['prevent_session_admins_to_manage_all_users'] = false;