function get_rubric($id) { // verify access to object if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION[id], $id, 'assessment_worksheet')) { page_fail(UNAUTHORIZED); } // select required fields from rubric and rubric_result $rubric = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('rubric' => array('name', 'threshold', 'threshold_desc'), 'rubric_description' => array('outstanding_desc', 'expected_desc', 'marginal_desc', 'unacceptable_desc'), 'rubric_results' => 'total_students'), 'joins' => array("INNER JOIN assessment_worksheet ON assessment_worksheet.fk_rubric = rubric.id", "INNER JOIN rubric_description ON rubric.fk_description = rubric_description.id", "INNER JOIN rubric_results ON assessment_worksheet.fk_rubric_results = rubric_results.id"), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}")))); $row = $rubric->get_row_assoc(); if (is_null($row)) { page_fail(NOT_FOUND); } // select competencies $comps = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('competency_results' => array('id', 'competency_desc', 'outstanding_tally', 'expected_tally', 'marginal_tally', 'unacceptable_tally', 'pass_fail_type', 'comment')), 'aliases' => array('competency_results.competency_desc' => 'description'), 'joins' => array("INNER JOIN rubric_results ON rubric_results.id = competency_results.fk_rubric_results", "INNER JOIN assessment_worksheet ON assessment_worksheet.fk_rubric_results = rubric_results.id"), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}")))); if ($comps->is_empty()) { page_fail(NOT_FOUND); } // prepare json object $cs = array(); $comps->for_each_assoc(function ($row) use(&$cs) { $cs[] = $row; }); $row['competency'] = $cs; return json_encode($row); }
function get_wkst($id) { // verify access to worksheet if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION['id'], $id, 'assessment_worksheet')) { page_fail(UNAUTHORIZED); } // select required data from db $query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('assessment_worksheet' => array('id', 'activity', 'objective', 'instrument', 'course_of_action'), 'abet_assessment' => 'id', 'course' => array('title', 'course_number'), 'abet_characteristic' => array('level', 'program_specifier', 'description'), 'abet_criterion' => array('rank', 'description')), 'joins' => array('INNER JOIN abet_assessment ON assessment_worksheet.fk_assessment = abet_assessment.id', 'LEFT OUTER JOIN course ON assessment_worksheet.fk_course = course.id', 'LEFT OUTER JOIN abet_characteristic ON abet_assessment.fk_characteristic = abet_characteristic.id', 'INNER JOIN abet_criterion ON abet_assessment.fk_criterion = abet_criterion.id'), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}")))); if ($query->is_empty()) { page_fail(NOT_FOUND); } $row = $query->get_row_assoc(); // query the assessment personnel via the acl $assess = new ABETAssessment($row['abet_assessment.id']); $faculty = $assess->get_acl(); // build object for client $obj = new stdClass(); $obj->id = $row['assessment_worksheet.id']; $obj->faculty = count($faculty) == 0 ? "n/a" : implode(', ', array_map(function ($x) { return $x->full_name; }, $faculty)); $obj->criterion = "{$row['rank']} {$row['abet_criterion.description']}"; if (!is_null($row['level'])) { $obj->characteristic = "{$row['level']} {$row['abet_characteristic.description']}"; if (!is_null($row['program_specifier']) && $row['program_specifier'] != '') { $obj->characteristic .= " {$row['program_specifier']}"; } } else { $obj->characteristic = null; } if (!is_null($row['title'])) { $obj->course = "{$row['course_number']}: {$row['title']}"; $obj->activity = null; } else { $obj->course = null; $obj->activity = !is_null($row['activity']) && $row['activity'] != '' ? $row['activity'] : 'not specified'; } $obj->objective = $row['objective']; $obj->instrument = $row['instrument']; $obj->course_of_action = $row['course_of_action']; return json_encode($obj); }
<script src="scripts/assessment.js" type="text/javascript"></script> <script src="scripts/characteristics.js" type="text/javascript"></script> <script src="scripts/course.js" type="text/javascript"></script> <?php } ?> <link rel="stylesheet" href="stylesheets/abet.css" /> <link rel="stylesheet" href="stylesheets/tree.css" /> <link rel="stylesheet" href="stylesheets/confirm.css" /> <script type="text/javascript"> user = "******"; read_only = <?php echo abet_is_observer() ? 'true' : 'false'; ?> ; </script> </head> <body> <div class="top_bar"> <a href="loadHome" class="nav_button internal"><h1>ABET</h1></a> <input type="text" placeholder="search" class="search" id="search"></input> <div class="top_icons"> <img id="notif" src="resources/notif.png" class="icon"></img> <img id="sett" src="resources/settings.png" class="icon"></img> </div> <div id="search_results" class="popup results"> Press enter to search </div>
} header('Content-Type: application/json'); if (!abet_is_authenticated()) { page_fail(UNAUTHORIZED); } if ($_SERVER['REQUEST_METHOD'] != 'GET') { page_fail(BAD_REQUEST); } // output is array of navigation trees $navTrees = array(); $isAdmin = abet_is_admin_authenticated(); // design query to select all navigation for current user $qbInfo = array('tables' => array('abet_assessment' => array('id', 'name'), 'program' => array('id', 'name', 'semester', 'year'), 'abet_criterion' => array('id', 'rank', 'description'), 'abet_characteristic' => array('id', 'level', 'program_specifier', 'short_name'), 'assessment_worksheet' => array('id', 'activity'), 'general_content' => 'id', 'rubric' => 'id', 'course' => 'course_number'), 'joins' => array("INNER JOIN program ON abet_assessment.fk_program = program.id", ($isAdmin ? "RIGHT OUTER" : "INNER") . " JOIN abet_criterion ON abet_assessment.fk_criterion = abet_criterion.id", "LEFT OUTER JOIN abet_characteristic ON abet_assessment.fk_characteristic = abet_characteristic.id", "LEFT OUTER JOIN assessment_worksheet ON abet_assessment.id = assessment_worksheet.fk_assessment", "LEFT OUTER JOIN general_content ON abet_assessment.id = general_content.fk_assessment", "LEFT OUTER JOIN rubric ON assessment_worksheet.fk_rubric = rubric.id", "LEFT OUTER JOIN course ON assessment_worksheet.fk_course = course.id"), 'orderby' => "program.year, program.semester, program.name, abet_criterion.rank, abet_characteristic.level, course.course_number"); // is the user is not an admin and not an observer, restrict their access // according to the ACLs for the given assessments if (!$isAdmin && !abet_is_observer()) { // join on the acl tables to restrict access $qbInfo['joins'][] = "INNER JOIN acl ON abet_assessment.fk_acl = acl.id"; $qbInfo['joins'][] = "INNER JOIN acl_entry ON acl_entry.fk_acl = acl.id AND acl_entry.fk_profile = '{$_SESSION['id']}'"; } // grab all assessments that the user can access, along with their keys $query = new Query(new QueryBuilder(SELECT_QUERY, $qbInfo)); // structure the navigation tree around the heirarchy of assessments to which the // user has access; we present the same navigation structure to all kinds of users $userTools = new stdClass(); $userTools->label = 'Content'; $userTools->children = array(); create_unique_id($userTools, 'top-level', 1); // mappings to remember content organizers as we go through results $mappings = array(); $criteria = array();
// check initial user authentication if (!abet_is_authenticated()) { page_fail(UNAUTHORIZED); } if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!array_key_exists('id', $_GET)) { page_fail(BAD_REQUEST); } // double check access to content if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION['id'], $_GET['id'], 'general_content')) { page_fail(UNAUTHORIZED); } echo get_content($_GET['id']); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (abet_is_observer()) { // observers can't post data page_fail(UNAUTHORIZED); } if (array_key_exists('id', $_POST) && array_key_exists('type', $_POST)) { // make sure user can access general_content entity if (!abet_is_admin_authenticated() && !check_assessment_access($_SESSION['id'], $_POST['id'], 'general_content')) { page_fail(UNAUTHORIZED); } // create new content (single entity) if ($_POST['type'] == 'file' && array_key_exists('file', $_FILES)) { // make sure file data was uploaded correctly if (!is_uploaded_file($_FILES['file']['tmp_name'])) { page_fail_with_reason(SERVER_ERROR, "file upload was unsuccessful"); } echo create_file($_POST['id']);
a file_upload entity as the GET argument. The script checks access to the file before allowing it to be downloaded. */ // check general authentication mode if (!abet_is_authenticated()) { http_response_code(UNAUTHORIZED); header('Content-Type: text/html'); echo "<h1>Access to the specified object is unauthorized.</h1>"; exit; } // check for correct GET variables if (!array_key_exists('id', $_GET)) { http_response_code(BAD_REQUEST); header('Content-Type: text/html'); echo "<h1>Bad request: try again..."; exit; } // check access to specific file resource if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_general_content_item_access($_SESSION['id'], $_GET['id'], 'file_upload', $found)) { header('Content-Type: text/html'); if ($found) { http_response_code(UNAUTHORIZED); echo "<h1>Access to the specified object is unauthorized or it has been removed.</h1>"; } else { http_response_code(NOT_FOUND); echo "<h1>The specified object was not found. It's possible it was removed.</h1>"; } exit; } // call routine to output file file_download($_GET['id']);