Merge pull request #5093 from christianbeeznest/majorel-21208-2

User: Fix usergroup add user behavior for default visibility settings - refs BT#21208

Author: NicoDucou

main/admin/add_users_to_usergroup.php

@@ -25,6 +25,7 @@
 
 // setting the name of the tool
 $tool_name = get_lang('SubscribeUsersToClass');
+$showAllStudentByDefault = api_get_configuration_value('usergroup_add_user_show_all_student_by_default');
 
 $htmlHeadXtra[] = '
 <script>
@@ -35,6 +36,11 @@
     });
 });
 
+function activeUsers(originalUrl) {
+    var searchValue = document.getElementById("first_letter_user").value;
+    window.location.href = originalUrl + "&firstLetterUser=" + encodeURIComponent(searchValue);
+}
+
 function add_user_to_session (code, content) {
     document.getElementById("user_to_add").value = "";
     document.getElementById("ajax_list_users_single").innerHTML = "";
@@ -87,7 +93,7 @@ function change_select(reset) {
     if (reset) {
         document.formulaire["first_letter_user"].value = "";
 
-        if ('.(api_get_configuration_value('usergroup_add_user_show_all_student_by_default') ? 0 : 1).') {
+        if ('.($showAllStudentByDefault ? 0 : 1).') {
             document.formulaire["form_sent"].value = "1";
 
             return;
@@ -129,10 +135,10 @@ function change_select(reset) {
 
 $first_letter_user = '';
 
-if (isset($_POST['form_sent']) && $_POST['form_sent']) {
+if ((isset($_POST['form_sent']) && $_POST['form_sent']) || isset($_REQUEST['firstLetterUser'])) {
     $form_sent = $_POST['form_sent'];
     $elements_posted = $_POST['elements_in_name'] ?? null;
-    $first_letter_user = $_POST['firstLetterUser'];
+    $first_letter_user = Security::remove_XSS($_REQUEST['firstLetterUser']);
 
     if (!is_array($elements_posted)) {
         $elements_posted = [];
@@ -247,7 +253,9 @@ function change_select(reset) {
 }
 
 $activeUser = isset($_REQUEST['active_users']) ? (int) $_REQUEST['active_users'] : null;
-$conditions['active'] = $activeUser;
+if (1 === $activeUser) {
+    $conditions['active'] = $activeUser;
+}
 
 $filterData = [];
 if ($searchForm->validate()) {
@@ -268,7 +276,7 @@ function change_select(reset) {
 foreach ($list_in as $listedUserId) {
     $userInfo = api_get_user_info($listedUserId);
 
-    if (isset($activeUser) && ((int) $activeUser != $userInfo['active'])) {
+    if (1 === $activeUser && empty($userInfo['active'])) {
         $hideElementsIn[] = $listedUserId;
         continue;
     }
@@ -279,9 +287,7 @@ function change_select(reset) {
 $user_with_any_group = !empty($_REQUEST['user_with_any_group']);
 $user_list = [];
 
-if (!empty($conditions)) {
-    $user_list = UserManager::getUserListLike($conditions, $order, true, 'OR');
-}
+$user_list = UserManager::getUserListLike($conditions, $order, true, 'OR');
 
 if ($user_with_any_group) {
     $new_user_list = [];
@@ -306,17 +312,16 @@ function change_select(reset) {
             continue;
         }
 
-        if (isset($activeUser) && ((int) $activeUser != $item['active'])) {
-            continue;
-        }
-
         if (!in_array($item['user_id'], $list_in)) {
             $elements_not_in[$item['user_id']] = formatCompleteName($item, $orderListByOfficialCode);
         }
     }
 }
 
-if (api_get_configuration_value('usergroup_add_user_show_all_student_by_default')
+if (!$showAllStudentByDefault && !isset($_POST['firstLetterUser']) && !isset($_REQUEST['active_users'])) {
+    $elements_not_in = [];
+}
+if ($showAllStudentByDefault
     && empty($elements_not_in)
     && empty($first_letter_user)
 ) {
@@ -362,13 +367,13 @@ function formatCompleteName(array $userInfo, bool $orderListByOfficialCode): str
 echo '<a href="'.api_get_self().'?id='.$id.'&action=export">'.
     Display::return_icon('export_csv.png', get_lang('Export'), [], ICON_SIZE_MEDIUM).'</a>';
 
-$newUrl = api_get_self().'?id='.$id.'&active_users=1';
-$buttonLabel = get_lang('OnlyShowActiveUsers');
-if ($activeUser) {
-    $buttonLabel = get_lang('ShowAllUsers') ;
-    $newUrl = api_get_self().'?id='.$id;
-}
-echo '<a href="' . htmlspecialchars($newUrl) . '" class="btn btn-default">' . $buttonLabel . '</a>';
+$isActiveUser = !empty($activeUser);
+$activeUsersParam = $isActiveUser ? '0' : '1';
+$newUrl = api_get_self() . '?id=' . $id . '&active_users=' . $activeUsersParam;
+$buttonLabelKey = $isActiveUser ? 'ShowAllUsers' : 'OnlyShowActiveUsers';
+$buttonLabel = get_lang($buttonLabelKey);
+
+echo '<a href="#" onclick="activeUsers(\'' . htmlspecialchars($newUrl) . '\'); return false;" class="btn btn-default">' . $buttonLabel . '</a>';
 
 echo '</div>';
 

main/inc/lib/usermanager.lib.php

@@ -2407,6 +2407,13 @@ public static function getUserListLike(
 
         $sql_query .= ' WHERE 1 = 1 ';
         if (count($conditions) > 0) {
+
+            $andActive = "";
+            if (isset($conditions['active'])) {
+                $andActive = " AND active = " . (int) $conditions['active'];
+                unset($conditions['active']);
+            }
+
             $temp_conditions = [];
             foreach ($conditions as $field => $value) {
                 $field = Database::escape_string($field);
@@ -2418,12 +2425,13 @@ public static function getUserListLike(
                 }
             }
             if (!empty($temp_conditions)) {
-                $sql_query .= ' AND '.implode(' '.$condition.' ', $temp_conditions);
+                $sql_query .= ' AND ('.implode(' '.$condition.' ', $temp_conditions).') ';
             }
 
             if (api_is_multiple_url_enabled()) {
                 $sql_query .= ' AND auru.access_url_id = '.api_get_current_access_url_id();
             }
+            $sql_query .= $andActive;
         } else {
             if (api_is_multiple_url_enabled()) {
                 $sql_query .= ' AND auru.access_url_id = '.api_get_current_access_url_id();
@@ -8216,7 +8224,7 @@ private static function getGravatar(
     * @param int user_id id of the user for whom we need the hash
     *
     * @return string containing the hash
-    */ 
+    */
     public static function generateUserHash(int $user_id): string
     {
         $currentUserId = api_get_user_id();
@@ -8235,7 +8243,7 @@ public static function generateUserHash(int $user_id): string
     * @param string hash    hash that is to be decrypted
     *
     * @return string
-    */ 
+    */
     public static function decryptUserHash(string $hash): string
     {
         $currentUserId = api_get_user_id();