require_once 'work.lib.php'; $id = isset($_GET['id']) ? intval($_GET['id']) : null; $work = get_work_data_by_id($id); if (empty($id) || empty($work)) { api_not_allowed(); } $interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications')); $my_folder_data = get_work_data_by_id($work['parent_id']); $course_info = api_get_course_info(); allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']); if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) { if (api_is_allowed_to_edit(null, true)) { $url_dir = 'work_list_all.php?id=' . $my_folder_data['id']; } else { $url_dir = 'work_list.php?id=' . $my_folder_data['id']; } $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']); $interbreadcrumb[] = array('url' => '#', 'name' => $work['title']); if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) { $tpl = new Template(); $tpl->assign('work', $work); $template = $tpl->get_template('work/view.tpl'); $content = $tpl->fetch($template); $tpl->assign('content', $content); $tpl->display_one_col_template(); } else { api_not_allowed(true); } } else { api_not_allowed(true); }
$sql = "DELETE FROM {$TSTDPUBASG} WHERE c_id = {$course_id} AND publication_id ='{$delete_dir_id}'"; Database::query($sql); $link_info = is_resource_in_course_gradebook(api_get_course_id(), 3, $delete_dir_id, api_get_session_id()); $link_id = $link_info['id']; if ($link_info !== false) { remove_resource_from_course_gradebook($link_id); } Display::display_confirmation_message(get_lang('DirDeleted') . ': ' . $work_to_delete['title']); } else { Display::display_warning_message(get_lang('ResourceLockedByGradebook')); } } /* DELETE WORK COMMAND */ if ($action == 'delete' && $item_id) { $file_deleted = false; $is_author = user_is_author($item_id); $work_data = get_work_data_by_id($item_id); $locked = api_resource_is_locked_by_gradebook($work_data['parent_id'], LINK_STUDENTPUBLICATION); if ($is_allowed_to_edit && $locked == false || ($locked == false and $is_author && api_get_course_setting('student_delete_own_publication') == 1 && $work_data['qualificator_id'] == 0)) { //we found the current user is the author $queryString1 = "SELECT url, contains_file FROM " . $work_table . " WHERE c_id = {$course_id} AND id = {$item_id}"; $result1 = Database::query($queryString1); $row = Database::fetch_array($result1); if (Database::num_rows($result1) > 0) { $queryString2 = "UPDATE " . $work_table . " SET active = 2 WHERE c_id = {$course_id} AND id = {$item_id}"; $queryString3 = "DELETE FROM " . $TSTDPUBASG . " WHERE c_id = {$course_id} AND publication_id = {$item_id}"; Database::query($queryString2); Database::query($queryString3); api_item_property_update($_course, 'work', $item_id, 'DocumentDeleted', $user_id); $work = $row['url']; if ($row['contains_file'] == 1) {
/** * Get the file contents for an assigment * @param int $id * @param array $course_info * @param int Session ID * @return array|bool */ function getFileContents($id, $course_info, $sessionId = 0) { $id = intval($id); if (empty($course_info) || empty($id)) { return false; } if (empty($sessionId)) { $sessionId = api_get_session_id(); } $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (!empty($course_info['real_id'])) { $sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"'; $result = Database::query($sql); if ($result && Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url']; $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId); allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']); if (empty($item_info)) { api_not_allowed(); } /* field show_score in table course : 0 => New documents are visible for all users 1 => New documents are only visible for the teacher(s) field visibility in table item_property : 0 => eye closed, invisible for all students 1 => eye open field accepted in table c_student_publication : 0 => eye closed, invisible for all students 1 => eye open ( We should have visibility == accepted, otherwise there is an inconsistency in the Database) field value in table c_course_setting : 0 => Allow learners to delete their own publications = NO 1 => Allow learners to delete their own publications = YES +------------------+-------------------------+------------------------+ |Can download work?| doc visible for all = 0 | doc visible for all = 1| +------------------+-------------------------+------------------------+ | visibility = 0 | editor only | editor only | | | | | +------------------+-------------------------+------------------------+ | visibility = 1 | editor | editor | | | + owner of the work | + any student | +------------------+-------------------------+------------------------+ (editor = teacher + admin + anybody with right api_is_allowed_to_edit) */ $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1); $doc_visible_for_all = ($course_info['show_score'] == 1); $is_editor = api_is_allowed_to_edit(true, true, true); $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']); if ($is_editor || ($student_is_owner_of_work) || ($doc_visible_for_all && $work_is_visible) ) { $title = $row['title']; if (array_key_exists('filename', $row) && !empty($row['filename'])) { $title = $row['filename']; } $title = str_replace(' ', '_', $title); event_download($title); if (Security::check_abs_path( $full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/') ) { return array( 'path' => $full_file_name, 'title' => $title ); } } } } return false; }
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications')); $my_folder_data = get_work_data_by_id($work['parent_id']); $courseInfo = api_get_course_info(); protectWork(api_get_course_info(), $work['parent_id']); $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), $courseInfo); if (user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach()) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) { if (api_is_allowed_to_edit() || api_is_coach() || api_is_drh()) { $url_dir = 'work_list_all.php?id=' . $my_folder_data['id']; } else { $url_dir = 'work_list.php?id=' . $my_folder_data['id']; } $userInfo = api_get_user_info($work['user_id']); $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']); $interbreadcrumb[] = array('url' => '#', 'name' => $userInfo['complete_name']); $interbreadcrumb[] = array('url' => '#', 'name' => $work['title']); if ($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || (api_is_allowed_to_edit() || api_is_coach()) || user_is_author($id) || $isDrhOfCourse) { $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null; $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : null; if ($page == 'edit') { $url = api_get_path(WEB_CODE_PATH) . 'work/edit.php?id=' . $my_folder_data['id'] . '&item_id=' . $work['id'] . '&' . api_get_cidreq(); } else { $url = api_get_path(WEB_CODE_PATH) . 'work/view.php?id=' . $work['id'] . '&' . api_get_cidreq(); } switch ($action) { case 'send_comment': if (isset($_FILES["file"])) { $_POST['file'] = $_FILES["file"]; } addWorkComment(api_get_course_info(), api_get_user_id(), $my_folder_data, $work, $_POST); Display::addFlash(Display::return_message(get_lang('CommentCreated'))); header('Location: ' . $url);
) { if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) { $url_dir = 'work_list_all.php?id='.$my_folder_data['id']; } else { $url_dir = 'work_list.php?id='.$my_folder_data['id']; } $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']); $interbreadcrumb[] = array('url' => '#','name' => $work['title']); //|| api_is_drh() if (($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 ) || (api_is_allowed_to_edit() || api_is_coach()) || user_is_author($id) || $isDrhOfCourse ) { $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null; switch ($action) { case 'send_comment': if (isset($_FILES["file"])) { $_POST['file'] = $_FILES["file"]; } addWorkComment( api_get_course_info(), api_get_user_id(), $my_folder_data, $work, $_POST );
$class = 'save'; // fix the Ok button when we see the tool in the learn path $form->addButtonUpdate($text); $form->setDefaults($defaults); $error_message = null; $_course = api_get_course_info(); $currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/'; $succeed = false; if ($form->validate()) { if ($student_can_edit_in_session && $check) { /* * SPECIAL CASE ! For a work edited */ //Get the author ID for that document from the item_property table $item_to_edit_id = intval($_POST['item_to_edit']); $is_author = user_is_author($item_to_edit_id); if ($is_author) { $work_data = get_work_data_by_id($item_to_edit_id); if (!empty($_POST['title'])) { $title = isset($_POST['title']) ? $_POST['title'] : $work_data['title']; } $description = isset($_POST['description']) ? $_POST['description'] : $work_data['description']; $add_to_update = null; if ($is_allowed_to_edit && $_POST['qualification'] != '') { $add_to_update = ', qualificator_id =' . "'" . api_get_user_id() . "', "; $add_to_update .= ' qualification = ' . "'" . Database::escape_string($_POST['qualification']) . "',"; $add_to_update .= ' date_of_qualification = ' . "'" . api_get_utc_datetime() . "'"; if (isset($_POST['send_email'])) { $url = api_get_path(WEB_CODE_PATH) . 'work/view.php?' . api_get_cidreq() . '&id=' . $item_to_edit_id; $subject = sprintf(get_lang('ThereIsANewWorkFeedback'), $work_item['title']); $message = sprintf(get_lang('ThereIsANewWorkFeedbackInWorkXHere'), $work_item['title'], $url);
* but this code will hopefully be replaced soon by an Apache URL * rewrite mechanism. * * @package chamilo.work */ //require_once '../inc/global.inc.php'; require_once 'work.lib.php'; // Course protection api_protect_course_script(true); $commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null; if (empty($commentId)) { api_not_allowed(true); } $workData = getWorkComment($commentId); $courseInfo = api_get_course_info(); if (!empty($workData)) { if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) { api_not_allowed(true); } $work = get_work_data_by_id($workData['work_id']); protectWork($courseInfo, $work['parent_id']); if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) { if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) { DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']); } } else { api_not_allowed(true); } } else { api_not_allowed(true); }
1 => Allow learners to delete their own publications = YES +------------------+------------------------------+----------------------------+ |Can download work?| doc visible for all = 0 | doc visible for all = 1| +------------------+------------------------------+----------------------------+ | visibility = 0 | editor only | editor only | | | | | +------------------+------------------------------+----------------------------+ | visibility = 1 | editor | editor | | | + owner of the work | + any student | +------------------+------------------------------+----------------------------+ (editor = teacher + admin + anybody with right api_is_allowed_to_edit) */ $work_is_visible = $item_info['visibility'] == 1 && $row['accepted'] == 1; $doc_visible_for_all = $course_info['show_score'] == 1; $is_editor = api_is_allowed_to_edit(true, true, true); $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']); if ($is_editor || $student_is_owner_of_work || $doc_visible_for_all && $work_is_visible) { $title = str_replace(' ', '_', $row['title']); event_download($title); if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) { DocumentManager::file_send_for_download($full_file_name, true, $title); } } else { api_not_allowed(); } } } else { api_not_allowed(); } exit;
} $workData = getWorkComment($commentId); $courseInfo = api_get_course_info(); if (!empty($workData)) { if ( empty($workData['file_path']) || (isset($workData['file_path']) && !file_exists($workData['file_path'])) ) { api_not_allowed(true); } $work = get_work_data_by_id($workData['work_id']); allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $courseInfo['real_id']); if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 ) { if (Security::check_abs_path( $workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/' ) ) { DocumentManager::file_send_for_download( $workData['file_path'], true, $workData['file_name_to_show'] ); }