chamilo
diff --git a/‎config/authentication.dist.yaml‎
Lines changed: 2 additions & 2 deletions b/‎config/authentication.dist.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎public/documentation/installation_guide.html‎
Lines changed: 22 additions & 6 deletions b/‎public/documentation/installation_guide.html‎
Lines changed: 22 additions & 6 deletions
diff --git a/‎src/CoreBundle/Controller/Api/DownloadSelectedDocumentsAction.php‎
Lines changed: 4 additions & 0 deletions b/‎src/CoreBundle/Controller/Api/DownloadSelectedDocumentsAction.php‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/CoreBundle/Helpers/ResourceAclHelper.php‎
Lines changed: 101 additions & 0 deletions b/‎src/CoreBundle/Helpers/ResourceAclHelper.php‎
Lines changed: 101 additions & 0 deletions
diff --git a/‎src/CoreBundle/Helpers/ResourceFileHelper.php‎
Lines changed: 14 additions & 8 deletions b/‎src/CoreBundle/Helpers/ResourceFileHelper.php‎
Lines changed: 14 additions & 8 deletions
diff --git a/‎src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php‎
Lines changed: 3 additions & 69 deletions b/‎src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php‎
Lines changed: 3 additions & 69 deletions
diff --git a/‎translations/messages.es.po‎
Lines changed: 1 addition & 1 deletion b/‎translations/messages.es.po‎
Lines changed: 1 addition & 1 deletion
@@ -77,8 +77,8 @@ parameters:
                 referrals: false
                 dn_string: '{user_identifier}'
                 query_string: null
-                base_dn: 'DC=cblue,DC=be'
-                search_dn: 'CN=admin,dc=cblue,dc=be'
+                base_dn: 'DC=chamilo,DC=org'
+                search_dn: 'CN=admin,dc=chamilo,dc=org'
                 search_password: 'pass'
                 filter: null
                 uid_key: 'uid'
 
@@ -40,7 +40,7 @@ <h2>1. Requirements</h2>
       <li>xml</li>
       <li>zip</li>
       <li>zlib</li>
-      <li>ldap (optional, but mandatory in dev env)</li>
+      <li>ldap</li>
       <li>redis (optional)</li>
       <li>xapian (optional)</li>
   </ul>
@@ -96,7 +96,15 @@ <h3>2.5. Installation wizard</h3>
     <h3>2.6. Sessions and Redis</h3>
     <a id="web-install-sessions" class="anchor"></a>
       In this beta version, there are known issues with sessions not getting updated fast enough, which can be solved (temporarily) by using a Redis server. Check the command line instructions for more about this. This is a temporary situation that we expect to fix before the stable release.
-
+   
+    <h3>2.7. Clean up</h3>h3>
+    <a id="web-cleanup" class="anchor"></a>
+    As recommended by the installer's last page, make sure you change permissions on the config/ dir and the .env file, and you delete the public/main/install/ folder.
+    <pre>
+        sudo chown -R root: config/ .env
+        sudo rm -r public/main/install/
+    </pre>
+    
   <h2>3. Command line installation</h2>
   <a id="cli-install" class="anchor"></a>
 
@@ -106,7 +114,7 @@ <h3>3.1. Software stack</h3>
 <pre>
 sudo -s
 apt update && apt -y upgrade
-apt -y install apache2 libapache2-mod-php8.3 mariadb-client mariadb-server redis-server php8.3-{bcmath,curl,exif,gd,iconv,intl,mbstring,mysql,opcache,soap,xml,zip,redis}
+apt -y install apache2 libapache2-mod-php8.3 mariadb-client mariadb-server redis-server php8.3-{bcmath,curl,exif,gd,iconv,intl,ldap,mbstring,mysql,opcache,soap,xml,zip,redis}
 a2enmod rewrite
 cd /var/www/
 mkdir chamilo
@@ -116,7 +124,7 @@ <h3>3.1. Software stack</h3>
 rm chamilo2.0.0-beta.1.tar.gz
 cd chamilo
 touch .env
-chown -R www-data: var .env
+chown -R www-data: var/ config/ .env
 mysql -u root -e "GRANT ALL PRIVILEGES ON chamilo.* TO chamilo@localhost IDENTIFIED BY '[choose a password here]'";
 mysql -u root -e "FLUSH PRIVILEGES;"
 mysql_secure_installation
@@ -179,7 +187,7 @@ <h3>3.3. Web server</h3>
 systemctl restart apache2</pre>
     <h3>3.4. Files permissions</h3>
     <a id="cli-install-permissions" class="anchor"></a>
-    Make sure the following files and folders are writeable by the web server. Set permissions to 0770 for example:
+    Make sure the following files and folders are writeable by the web server during the installation. Set permissions to 0770 or the owner to www-data, for example:
     <ul>
         <li>var/</li>
         <li>config/</li>
@@ -202,6 +210,14 @@ <h3>3.6. Installation wizard</h3>
     You should now be able to direct your browser to your URL (e.g. <em>[http://my.chamilo.local]</em>).<br>
     Chamilo will pick it up from there and offer the installation wizard to help guide you through the rest of the process.
 
+    <h3>3.7. Clean up</h3>h3>
+    <a id="cli-cleanup" class="anchor"></a>
+    As recommended by the installer's last page, make sure you change permissions on the config/ dir and the .env file, and you delete the public/main/install/ folder.
+    <pre>
+        sudo chown -R root: config/ .env
+        sudo rm -r public/main/install/
+    </pre>
+
   <h2>4. Command line upgrade from 1.11.*</h2>
   <a id="cli-upgrade" class="anchor"></a>
     <h3>4.1. Database</h3>
@@ -263,7 +279,7 @@ <h4>6.2.1. WampServer</h4>
         <a href="https://www.wampserver.com/">Download</a> and install WampServer (accept default options if in doubt).<br>
         Restart WampServer to make these changes effective.<br>
         Open http://localhost/ in your browser. If the WampServer welcome screen with server configuration info appears, it means WampServer is working.<br>
-        Click on the WampServer icon in your status bar and go to PHP -&gt; Extensions. Make sure all the following extensions are enabled: php_curl, php_gd, php_intl, php_mbstring, php_mysqli, php_soap, php_xml, php_zip<br>
+        Click on the WampServer icon in your status bar and go to PHP -&gt; Extensions. Make sure all the following extensions are enabled: php_curl, php_gd, php_intl, php_ldap, php_mbstring, php_mysqli, php_soap, php_xml, php_zip<br>
         Edit C:\wamp64\bin\php\php8.3\php.ini, locate ";extension=sodium" and remove the ";" from the beginning of the line.<br>
         Also, update the "memory_limit" setting from "128M" to "2048M" and a few other settings as shown below.<br>
 <pre>
 
@@ -77,6 +77,10 @@ function () use ($documents, $zipName): void {
                     $this->addNodeToZip($zip, $node);
                 }
 
+                if (0 === count($zip->files)) {
+                    $zip->addFile('.empty', '');
+                }
+
                 $zip->finish();
             },
             Response::HTTP_CREATED
 
@@ -0,0 +1,101 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Helpers;
+
+use Chamilo\CoreBundle\Entity\ResourceLink;
+use Chamilo\CoreBundle\Security\Authorization\Voter\ResourceNodeVoter;
+use Laminas\Permissions\Acl\Acl;
+use Laminas\Permissions\Acl\Resource\GenericResource;
+use Laminas\Permissions\Acl\Role\GenericRole;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Security\Acl\Permission\MaskBuilder;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+readonly class ResourceAclHelper
+{
+    public function __construct(
+        private Security $security,
+    ) { }
+
+    public function isAllowed(
+        string $attribute,
+        ResourceLink $resourceLink,
+        iterable $rights,
+        bool $allowAnonsToView,
+    ): bool {
+        // Creating roles
+        $anon = new GenericRole('IS_AUTHENTICATED_ANONYMOUSLY');
+        $userRole = new GenericRole('ROLE_USER');
+        $student = new GenericRole('ROLE_STUDENT');
+        $teacher = new GenericRole('ROLE_TEACHER');
+        $studentBoss = new GenericRole('ROLE_STUDENT_BOSS');
+
+        $currentStudent = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT);
+        $currentTeacher = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_TEACHER);
+
+        $currentStudentGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT);
+        $currentTeacherGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_TEACHER);
+
+        $currentStudentSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);
+        $currentTeacherSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
+
+        // Setting Simple ACL.
+        $acl = (new Acl())
+            ->addRole($anon)
+            ->addRole($userRole)
+            ->addRole($student)
+            ->addRole($teacher)
+            ->addRole($studentBoss)
+
+            ->addRole($currentStudent)
+            ->addRole($currentTeacher, ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT)
+
+            ->addRole($currentStudentSession)
+            ->addRole($currentTeacherSession, ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT)
+
+            ->addRole($currentStudentGroup)
+            ->addRole($currentTeacherGroup, ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT)
+        ;
+
+        // Add a security resource.
+        $acl->addResource(new GenericResource((string) $resourceLink->getId()));
+
+        // Check all the right this link has.
+        // Set rights from the ResourceRight.
+        foreach ($rights as $right) {
+            $acl->allow($right->getRole(), null, (string) $right->getMask());
+        }
+
+        // Anons can see.
+        if ($allowAnonsToView) {
+            $acl->allow($anon, null, (string) ResourceNodeVoter::getReaderMask());
+        }
+
+        // Asked mask
+        $mask = new MaskBuilder();
+        $mask->add($attribute);
+
+        $askedMask = (string) $mask->get();
+
+        if ($this->security->getToken() instanceof NullToken) {
+            return (bool) $acl->isAllowed('IS_AUTHENTICATED_ANONYMOUSLY', $resourceLink->getId(), $askedMask);
+        }
+
+        $user = $this->security->getUser();
+
+        $roles = $user instanceof UserInterface ? $user->getRoles() : [];
+
+        foreach ($roles as $role) {
+            if ($acl->isAllowed($role, $resourceLink->getId(), $askedMask)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
@@ -6,31 +6,37 @@
 
 namespace Chamilo\CoreBundle\Helpers;
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\ResourceFile;
 use Chamilo\CoreBundle\Entity\ResourceNode;
 use Chamilo\CoreBundle\Settings\SettingsManager;
 
 class ResourceFileHelper
 {
+    private bool $accessUrlSpecificFiles;
+    private ?AccessUrl $currentAccessUrl;
+
     public function __construct(
-        private readonly SettingsManager $settingsManager,
-        private readonly AccessUrlHelper $accessUrlHelper,
-    ) {}
+        SettingsManager $settingsManager,
+        AccessUrlHelper $accessUrlHelper,
+    ) {
+        $this->accessUrlSpecificFiles = $accessUrlHelper->isMultiple()
+            && 'true' === $settingsManager->getSetting('document.access_url_specific_files');
+
+        $this->currentAccessUrl = $accessUrlHelper->getCurrent();
+    }
 
     public function resolveResourceFileByAccessUrl(ResourceNode $resourceNode): ?ResourceFile
     {
         if (!$resourceNode->hasResourceFile()) {
             return null;
         }
 
-        $accessUrlSpecificFiles = 'true' === $this->settingsManager->getSetting('document.access_url_specific_files', true)
-            && $this->accessUrlHelper->isMultiple();
-
         $resourceFile = null;
         $resourceFiles = $resourceNode->getResourceFiles();
 
-        if ($accessUrlSpecificFiles) {
-            $currentUrl = $this->accessUrlHelper->getCurrent()?->getUrl();
+        if ($this->accessUrlSpecificFiles) {
+            $currentUrl = $this->currentAccessUrl?->getUrl();
 
             foreach ($resourceFiles as $file) {
                 if ($file->getAccessUrl() && $file->getAccessUrl()->getUrl() === $currentUrl) {
 
@@ -12,6 +12,7 @@
 use Chamilo\CoreBundle\Entity\ResourceRight;
 use Chamilo\CoreBundle\Entity\Session;
 use Chamilo\CoreBundle\Helpers\PageHelper;
+use Chamilo\CoreBundle\Helpers\ResourceAclHelper;
 use Chamilo\CoreBundle\Settings\SettingsManager;
 use Chamilo\CourseBundle\Entity\CDocument;
 use Chamilo\CourseBundle\Entity\CGroup;
@@ -54,6 +55,7 @@ public function __construct(
         private SettingsManager $settingsManager,
         private EntityManagerInterface $entityManager,
         private PageHelper $pageHelper,
+        private readonly ResourceAclHelper $resourceAclHelper,
     ) {}
 
     public static function getReaderMask(): int
@@ -452,75 +454,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
             $rights[] = $resourceRight;
         }
 
-        // Asked mask
-        $mask = new MaskBuilder();
-        $mask->add($attribute);
-
-        $askedMask = (string) $mask->get();
-
-        // Creating roles
-        // @todo move this in a service
-        $anon = new GenericRole('IS_AUTHENTICATED_ANONYMOUSLY');
-        $userRole = new GenericRole('ROLE_USER');
-        $student = new GenericRole('ROLE_STUDENT');
-        $teacher = new GenericRole('ROLE_TEACHER');
-        $studentBoss = new GenericRole('ROLE_STUDENT_BOSS');
-
-        $currentStudent = new GenericRole(self::ROLE_CURRENT_COURSE_STUDENT);
-        $currentTeacher = new GenericRole(self::ROLE_CURRENT_COURSE_TEACHER);
-
-        $currentStudentGroup = new GenericRole(self::ROLE_CURRENT_COURSE_GROUP_STUDENT);
-        $currentTeacherGroup = new GenericRole(self::ROLE_CURRENT_COURSE_GROUP_TEACHER);
-
-        $currentStudentSession = new GenericRole(self::ROLE_CURRENT_COURSE_SESSION_STUDENT);
-        $currentTeacherSession = new GenericRole(self::ROLE_CURRENT_COURSE_SESSION_TEACHER);
-
-        // Setting Simple ACL.
-        $acl = (new Acl())
-            ->addRole($anon)
-            ->addRole($userRole)
-            ->addRole($student)
-            ->addRole($teacher)
-            ->addRole($studentBoss)
-
-            ->addRole($currentStudent)
-            ->addRole($currentTeacher, self::ROLE_CURRENT_COURSE_STUDENT)
-
-            ->addRole($currentStudentSession)
-            ->addRole($currentTeacherSession, self::ROLE_CURRENT_COURSE_SESSION_STUDENT)
-
-            ->addRole($currentStudentGroup)
-            ->addRole($currentTeacherGroup, self::ROLE_CURRENT_COURSE_GROUP_STUDENT)
-        ;
-
-        // Add a security resource.
-        $linkId = (string) $link->getId();
-        $acl->addResource(new GenericResource($linkId));
-
-        // Check all the right this link has.
-        // Set rights from the ResourceRight.
-        foreach ($rights as $right) {
-            $acl->allow($right->getRole(), null, (string) $right->getMask());
-        }
-
-        // Anons can see.
-        if ($allowAnonsToView) {
-            $acl->allow($anon, null, (string) self::getReaderMask());
-        }
-
-        if ($token instanceof NullToken) {
-            return $acl->isAllowed('IS_AUTHENTICATED_ANONYMOUSLY', $linkId, $askedMask);
-        }
-
-        $roles = $user instanceof UserInterface ? $user->getRoles() : [];
-
-        foreach ($roles as $role) {
-            if ($acl->isAllowed($role, $linkId, $askedMask)) {
-                return true;
-            }
-        }
-
-        return false;
+        return $this->resourceAclHelper->isAllowed($attribute, $link, $rights, $allowAnonsToView);
     }
 
     /**
 
@@ -23835,7 +23835,7 @@ msgid "Learning path by author"
 msgstr "Lección por autor"
 
 msgid "Import assignments from base course"
-msgstr "Importar los tareas del curso base"
+msgstr "Importar las tareas del curso base"
 
 msgid "Redirect to the platform home page"
 msgstr "Redirigir a la página de inicio de la plataforma"