$temp_zip_file = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip";
$zip_folder = new PclZip($temp_zip_file);
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
//Put the files in the zip
//2 possibilities: admins get all files and folders in the selected folder (except for the deleted ones)
//normal users get only visible files that are in visible folders
//admins are allowed to download invisible files
$files = array();
$course_id = api_get_course_int_id();
if (api_is_allowed_to_edit()) {
//Search for all files that are not deleted => visibility != 2
$sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file\n FROM {$tbl_student_publication} AS work INNER JOIN {$prop_table} AS props\n ON (\n props.c_id = {$course_id} AND\n work.c_id = {$course_id} AND\n work.id = props.ref\n )\n \t\t\tWHERE props.tool='work' AND\n \t\t\t work.parent_id = {$work_id} AND\n \t\t\t work.filetype = 'file' AND\n \t\t\t props.visibility<>'2' AND\n \t\t\t work.active = 1 AND\n \t\t\t work.post_group_id = {$groupId}\n ";
} else {
$courseInfo = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work_id, $courseInfo['real_id']);
$userCondition = null;
// All users
if ($courseInfo['show_score'] == 0) {
// Do another filter
} else {
// Only teachers
$userCondition = " AND props.insert_user_id = " . api_get_user_id();
}
//for other users, we need to create a zipfile with only visible files and folders
$sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file\n FROM {$tbl_student_publication} AS work INNER JOIN {$prop_table} AS props\n ON (props.c_id = {$course_id} AND\n work.c_id = {$course_id} AND\n work.id = props.ref)\n WHERE\n props.tool='work' AND\n work.accepted = 1 AND\n work.active = 1 AND\n work.parent_id = {$work_id} AND\n work.filetype = 'file' AND\n props.visibility = '1' AND\n work.post_group_id = {$groupId}\n {$userCondition}\n ";
}
$query = Database::query($sql);
//add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
$user_info = api_get_user_info($not_deleted_file['insert_user_id']);
<?php
/* For licensing terms, see /license.txt */
$language_file = array('exercice', 'work', 'document', 'admin');
//require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
require_once 'work.lib.php';
$id = isset($_GET['id']) ? intval($_GET['id']) : null;
$work = get_work_data_by_id($id);
if (empty($id) || empty($work)) {
api_not_allowed();
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']);
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (api_is_allowed_to_edit(null, true)) {
$url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id=' . $my_folder_data['id'];
}
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) {
$tpl = new Template();
$tpl->assign('work', $work);
$template = $tpl->get_template('work/view.tpl');
$content = $tpl->fetch($template);
$tpl->assign('content', $content);
$tpl->display_one_col_template();
/**
* @param array $courseInfo
* @param int $workId
* @return bool
*/
function protectWork($courseInfo, $workId)
{
$userId = api_get_user_id();
$groupId = api_get_group_id();
$sessionId = api_get_session_id();
$workData = get_work_data_by_id($workId);
if (empty($workData) || empty($courseInfo)) {
api_not_allowed(true);
}
if (api_is_platform_admin() || api_is_allowed_to_edit()) {
return true;
}
$workId = $workData['id'];
if ($workData['active'] != 1) {
api_not_allowed(true);
}
$visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
if ($visibility != 1) {
api_not_allowed(true);
}
allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
if (!empty($groupId)) {
$showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK);
if (!$showWork) {
api_not_allowed(true);
}
}
}
/**
* Get the file contents for an assigment
* @param int $id
* @param array $course_info
* @param int Session ID
* @return array|bool
*/
function getFileContents($id, $course_info, $sessionId = 0)
{
$id = intval($id);
if (empty($course_info) || empty($id)) {
return false;
}
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM '.$tbl_student_publication.'
WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
api_not_allowed();
}
/*
field show_score in table course :
0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
field visibility in table item_property :
0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication :
0 => eye closed, invisible for all students
1 => eye open
( We should have visibility == accepted, otherwise there is an
inconsistency in the Database)
field value in table c_course_setting :
0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
+------------------+-------------------------+------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+-------------------------+------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+-------------------------+------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+-------------------------+------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
$doc_visible_for_all = ($course_info['show_score'] == 1);
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor ||
($student_is_owner_of_work) ||
($doc_visible_for_all && $work_is_visible)
) {
$title = $row['title'];
if (array_key_exists('filename', $row) && !empty($row['filename'])) {
$title = $row['filename'];
}
$title = str_replace(' ', '_', $title);
event_download($title);
if (Security::check_abs_path(
$full_file_name,
api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
) {
return array(
'path' => $full_file_name,
'title' => $title
);
}
}
}
}
return false;
}
$session_id = api_get_session_id();
$course_code = api_get_course_id();
$course_info = api_get_course_info();
$group_id = api_get_group_id();
if (empty($work_id)) {
api_not_allowed(true);
}
$workInfo = get_work_data_by_id($work_id);
if (empty($workInfo)) {
api_not_allowed(true);
}
allowOnlySubscribedUser($user_id, $work_id, $course_id);
$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
$user_id,
$course_code,
$session_id
);
$is_course_member = $is_course_member || api_is_platform_admin();
if ($is_course_member == false) {
api_not_allowed(true);
}
$check = Security::check_token('post');
$token = Security::get_token();
