public function isAllowedToDownload($requestedUrl)
{
if (!$this->isModuleAllowed()) {
return false;
}
if (claro_is_in_a_course()) {
if (!claro_is_course_allowed()) {
pushClaroMessage('course not allowed', 'debug');
return false;
} else {
if (claro_is_in_a_group()) {
if (!claro_is_group_allowed()) {
pushClaroMessage('group not allowed', 'debug');
return false;
} else {
return true;
}
} else {
return $this->isDocumentDownloadableInCourse($requestedUrl);
}
}
} else {
return false;
}
}
require '../inc/claro_init_global.inc.php';
require_once get_path('incRepositorySys') . '/lib/group.lib.inc.php';
require_once dirname(__FILE__) . '/../messaging/lib/permission.lib.php';
$toolNameList = claro_get_tool_name_list();
$toolRepository = get_path('clarolineRepositoryWeb');
$dialogBox = new DialogBox();
if (!claro_is_in_a_course() || !claro_is_course_allowed()) {
claro_disp_auth_form(true);
}
// block if !claro_is_in_a_group()
// accept if claro_is_group_allowed()
if (!claro_is_allowed_to_edit()) {
if (!claro_is_in_a_group()) {
claro_redirect('group.php');
exit;
} elseif (!claro_is_group_allowed() && !(isset($_REQUEST['selfReg']) || isset($_REQUEST['doReg']))) {
claro_redirect('group.php');
exit;
}
}
// use viewMode
claro_set_display_mode_available(true);
/********************
* CONNECTION SECTION
*********************/
$is_allowedToManage = claro_is_allowed_to_edit();
/*
* DB tables definition
*/
$tbl_cdb_names = claro_sql_get_course_tbl();
$tbl_mdb_names = claro_sql_get_main_tbl();
} elseif (false !== $topicSettingList) {
$forumSettingList = get_forum_settings($topicSettingList['forum_id']);
$forumId = $forumSettingList['forum_id'];
} else {
$forumSettingList = get_forum_settings($forumId);
}
$incrementViewCount = 'show' == $cmd ? true : false;
//init anonymity status
if (get_conf('clfrm_anonymity_enabled') == 'TRUE') {
$anonymityStatus = $forumSettingList['anonymity'];
} else {
$anonymityStatus = 'forbidden';
}
//check access rights
$is_postAllowed = !claro_is_current_user_enrolment_pending() && claro_is_course_member() && $forumSettingList['forum_access'] != 0 && (!$topicId || !$topicSettingList['topic_status']) || claro_is_allowed_to_edit() ? true : false;
$is_viewAllowed = !is_null($forumSettingList['idGroup']) && !($forumSettingList['idGroup'] == claro_get_current_group_id() || claro_is_in_a_group() || claro_is_group_allowed()) && !claro_is_allowed_to_edit() ? false : true;
// NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking
// attempt like rewriting the request without $cidReq. If we are in group
// forum and the group of the concerned forum isn't the same as the session
// one, something weird is happening, indeed ...
if (!isset($_REQUEST['submit']) && !$is_postAllowed && 'show' != $cmd || !$is_viewAllowed) {
$dialogBox->error(get_lang('Not allowed'));
} else {
//handle user commands
if ('exDelete' == $cmd) {
if (delete_post($postId, $topicSettingList['topic_id'], $forumSettingList['forum_id'])) {
$dialogBox->success('Post successfully deleted');
} else {
$dialogBox->error('Error while deleting post');
}
$cmd = 'show';
require '../inc/claro_init_global.inc.php';
require_once get_path('incRepositorySys') . '/lib/fileManage.lib.php';
$_course = claro_get_current_course_data();
function is_parent_path($parentPath, $childPath)
{
// convert the path for operating system harmonize
$parentPath = realpath($parentPath);
$childPath = realpath($parentPath . $childPath);
if ($childPath !== false) {
// verify if the file exists and if the file is under parent path
return preg_match('|^' . preg_quote($parentPath) . '|', $childPath);
} else {
return false;
}
}
if (claro_is_in_a_group() && claro_is_group_allowed()) {
$_group = claro_get_current_group_data();
$courseDir = claro_get_course_path() . '/group/' . claro_get_current_group_data('directory');
ClaroBreadCrumbs::getInstance()->prepend(get_lang('Documents and Links'), 'document.php');
ClaroBreadCrumbs::getInstance()->prepend(get_lang('Groups'), '../group/group.php');
} else {
$courseDir = claro_get_course_path() . '/document';
ClaroBreadCrumbs::getInstance()->prepend(get_lang('Documents and Links'), 'document.php');
}
$noPHP_SELF = true;
$baseWorkDir = get_path('coursesRepositorySys') . $courseDir;
if (!empty($_REQUEST['cmd'])) {
$cmd = $_REQUEST['cmd'];
} else {
$cmd = null;
}
$refresh_display_rate = get_conf('refresh_display_rate', 10);
/*============================================================================
CHAT INIT
============================================================================*/
// THE CHAT NEEDS A TEMP FILE TO RECORD CONVERSATIONS.
// THIS FILE IS STORED IN THE COURSE DIRECTORY
$curChatRep = $coursePath . '/chat/';
// IN CASE OF AN UPGRADE THE DIRECTORY MAY NOT EXIST
// A PREVIOUS CHECK (AND CREATE IF NEEDED) IS THUS NECESSARY
if (!is_dir($curChatRep)) {
mkdir($curChatRep, CLARO_FILE_PERMISSIONS);
}
// DETERMINE IF THE CHAT SYSTEM WILL WORK
// EITHER AT THE COURSE LEVEL OR THE GROUP LEVEL
if (claro_is_in_a_group()) {
if (claro_is_group_allowed()) {
$groupContext = TRUE;
$courseContext = FALSE;
$is_allowedToManage = $is_allowedToManage || claro_is_group_tutor();
$is_allowedToStore = $is_allowedToStore || claro_is_group_tutor();
$is_allowedToReset = $is_allowedToReset || claro_is_group_tutor();
$activeChatFile = $curChatRep . $courseId . '.' . $groupId . '.chat.html';
$onflySaveFile = $curChatRep . $courseId . '.' . $groupId . '.tmpChatArchive.html';
$exportFile = $coursePath . '/group/' . claro_get_current_group_data('directory') . '/';
} else {
die('<center>' . get_lang('You are not a member of this group') . '</center>');
}
} else {
$groupContext = FALSE;
$courseContext = TRUE;
$activeChatFile = $curChatRep . $courseId . '.chat.html';
// is added to give admin status to tutor
// && !claro_is_course_manager())
// is added to let course admin, tutor of current group, use student mode
if (!claro_is_user_authenticated() || !claro_is_in_a_course()) {
claro_disp_auth_form(true);
} elseif ($forumSettingList) {
$forum_name = stripslashes($forumSettingList['forum_name']);
$forum_post_allowed = $forumSettingList['forum_access'] != 0 ? true : false;
$forum_type = $forumSettingList['forum_type'];
$forum_groupId = $forumSettingList['idGroup'];
$forum_cat_id = $forumSettingList['cat_id'];
/*
* Check if the topic isn't attached to a group, or -- if it is attached --,
* check the user is allowed to see the current group forum.
*/
if (!$forum_post_allowed || !is_null($forumSettingList['idGroup']) && (!claro_is_in_a_group() || !claro_is_group_allowed() || $forumSettingList['idGroup'] != claro_get_current_group_id())) {
// NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking
// attempt like rewriting the request without $cidReq. If we are in group
// forum and the group of the concerned forum isn't the same as the session
// one, something weird is happening, indeed ...
$allowed = FALSE;
$dialogBox->error(get_lang('Not allowed'));
} else {
if (isset($_REQUEST['submit'])) {
// Either valid user/pass, or valid session. continue with post.. but first:
// Check that, if this is a private forum, the current user can post here.
/*------------------------------------------------------------------------
PREPARE THE DATA
------------------------------------------------------------------------*/
// SUBJECT
$subject = trim($subject);
if (!claro_is_tool_allowed()) {
if (!claro_is_in_a_course()) {
claro_disp_auth_form(true);
} else {
claro_die(get_lang("Not allowed"));
}
}
// display mode
claro_set_display_mode_available(TRUE);
// check and set user access level for the tool
// set admin mode and groupId
$is_allowedToAdmin = claro_is_allowed_to_edit();
if (claro_is_in_a_group() && claro_is_group_allowed()) {
// group context
$groupId = (int) claro_get_current_group_id();
} elseif (claro_is_in_a_group() && !claro_is_group_allowed()) {
claro_die(get_lang("Not allowed"));
} elseif (claro_is_course_allowed()) {
// course context
$groupId = 0;
} else {
claro_disp_auth_form();
}
// require wiki files
require_once "lib/class.wiki.php";
require_once "lib/class.wikistore.php";
require_once "lib/class.wikipage.php";
require_once "lib/lib.requestfilter.php";
require_once "lib/lib.wikisql.php";
require_once "lib/lib.javascript.php";
require_once "lib/lib.wikidisplay.php";
function printInit($selection = "*")
{
global $uidReset, $cidReset, $gidReset, $tidReset, $uidReq, $cidReq, $gidReq, $tidReq, $tlabelReq, $_user, $_course, $_groupUser, $_courseTool, $_SESSION, $_claro_local_run;
if ($_claro_local_run) {
echo "local init runned";
} else {
echo '<font color="red"> local init never runned during this script </font>';
}
echo '
<table width="100%" border="1" cellspacing="4" cellpadding="1" bordercolor="#808080" bgcolor="#C0C0C0" lang="en">
<TR>';
if ($selection == "*" or strstr($selection, "u")) {
echo '
<TD valign="top" >
<strong>User</strong> :
(_uid) : ' . var_export(claro_get_current_user_id(), 1) . ' |
(session[_uid]) : ' . var_export($_SESSION["_uid"], 1) . '
<br />
reset = ' . var_export($uidReset, 1) . ' |
req = ' . var_export($uidReq, 1) . '<br />
_user : <pre>' . var_export($_user, 1) . '</pre>
<br />is_platformAdmin :' . var_export(claro_is_platform_admin(), 1) . '
<br />is_allowedCreateCourse :' . var_export(claro_is_allowed_to_create_course(), 1) . '
</TD>';
}
if ($selection == "*" or strstr($selection, "c")) {
echo "\n <TD valign=\"top\" >\n <strong>Course</strong> : (_cid)" . var_export(claro_get_current_course_id(), 1) . "\n <br />\n reset = " . var_export($cidReset, 1) . " | req = " . var_export($cidReq, 1) . "\n <br />\n _course : <pre>" . var_export($_course, 1) . "</pre>\n <br />\n _groupProperties :\n <PRE>\n " . var_export(claro_get_current_group_properties_data(), 1) . "\n </PRE>\n </TD>";
}
echo '
</TR>
<TR>';
if ($selection == "*" or strstr($selection, "g")) {
echo '<TD valign="top" ><strong>Group</strong> : (_gid) ' . var_export(claro_get_current_group_id(), 1) . '<br />
reset = ' . var_export($GLOBALS['gidReset'], 1) . ' | req = ' . var_export($gidReq, 1) . "<br />\n _group :<pre>" . var_export(claro_get_current_group_data(), 1) . "</pre></TD>";
}
if ($selection == "*" or strstr($selection, "t")) {
echo '<TD valign="top" ><strong>Tool</strong> : (_tid)' . var_export(claro_get_current_tool_id(), 1) . '<br />
reset = ' . var_export($tidReset, 1) . ' |
req = ' . var_export($tidReq, 1) . '|
req = ' . var_export($tlabelReq, 1) . '
<br />
_tool :' . var_export(get_init('_tool'), 1) . "</TD>";
}
echo "</TR>";
if ($selection == "*" or strstr($selection, "u") && strstr($selection, "c")) {
echo '<TR><TD valign="top" colspan="2"><strong>Course-User</strong>';
if (claro_is_user_authenticated()) {
echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
}
if (claro_is_in_a_course()) {
echo ' in ' . var_export(claro_get_current_course_id(), 1) . '<br />';
}
if (claro_is_user_authenticated() && claro_get_current_course_id()) {
echo '_courseUser : <pre>' . var_export(getInit('_courseUser'), 1) . '</pre>';
}
echo '<br />is_courseMember : ' . var_export(claro_is_course_member(), 1);
echo '<br />is_courseAdmin : ' . var_export(claro_is_course_manager(), 1);
echo '<br />is_courseAllowed : ' . var_export(claro_is_course_allowed(), 1);
echo '<br />is_courseTutor : ' . var_export(claro_is_course_tutor(), 1);
echo '</TD></TR>';
}
echo "";
if ($selection == "*" or strstr($selection, "u") && strstr($selection, "g")) {
echo '<TR><TD valign="top" colspan="2">' . '<strong>Course-Group-User</strong>';
if (claro_is_user_authenticated()) {
echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
}
if (claro_is_in_a_group()) {
echo ' in ' . var_export(claro_get_current_group_id(), 1);
}
if (claro_is_in_a_group()) {
echo '<br />_groupUser:'******'_groupUser'), 1);
}
echo '<br />is_groupMember:' . var_export(claro_is_group_member(), 1) . '<br />is_groupTutor: ' . var_export(claro_is_group_tutor(), 1) . '<br />is_groupAllowed:' . var_export(claro_is_group_allowed(), 1) . '</TD>' . '</tr>';
}
if ($selection == "*" or strstr($selection, "c") && strstr($selection, "t")) {
echo '<tr>
<TD valign="top" colspan="2" ><strong>Course-Tool</strong><br />';
if (claro_get_current_tool_id()) {
echo 'Tool :' . claro_get_current_tool_id();
}
if (claro_is_in_a_course()) {
echo ' in ' . claro_get_current_course_id() . '<br />';
}
if (claro_get_current_tool_id()) {
echo "_courseTool : <pre>" . var_export($_courseTool, 1) . '</pre><br />';
}
echo 'is_toolAllowed : ' . var_export(claro_is_tool_allowed(), 1);
echo "</TD>";
}
echo "</TR></TABLE>";
}
$is_allowedToEdit = claro_is_allowed_to_edit() || claro_is_group_tutor() && !claro_is_course_manager();
// ( claro_is_group_tutor()
// is added to give admin status to tutor
// && !claro_is_course_manager())
// is added to let course admin, tutor of current group, use student mode
$postSettingList = get_post_settings($post_id);
if ($postSettingList && $is_allowedToEdit) {
$topic_id = $postSettingList['topic_id'];
$forumSettingList = get_forum_settings($postSettingList['forum_id']);
$forum_name = stripslashes($forumSettingList['forum_name']);
$forum_cat_id = $forumSettingList['cat_id'];
/*
* Check if the topic isn't attached to a group, or -- if it is attached --,
* check the user is allowed to see the current group forum.
*/
if (!is_null($forumSettingList['idGroup']) && ($forumSettingList['idGroup'] != claro_get_current_group_id() || !claro_is_group_allowed())) {
// NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking
// attempt like rewriting the request without $cidReq. If we are in group
// forum and the group of the concerned forum isn't the same as the session
// one, something weird is happening, indeed ...
$allowed = false;
$dialogBox->error(get_lang('Not allowed'));
} else {
if (isset($_REQUEST['cancel'])) {
claro_redirect('viewtopic.php?topic=' . $topic_id);
exit;
}
if (isset($_REQUEST['submit'])) {
/*-----------------------------------------------------------------
Edit Post
-----------------------------------------------------------------*/
/**
* Check that the user has the privilege required to download the requested file
* @param String $requestedUrl path of the requested file to test
* @return boolean true if the user can download the file
*/
public function isAllowedToDownload($requestedUrl)
{
if (!$this->isModuleAllowed()) {
return false;
}
if (!is_null($this->cid)) {
$courseUserPrivilege = claro_get_course_user_privilege($this->cid, $this->uid);
if (!$courseUserPrivilege['is_courseMember']) {
pushClaroMessage('course not allowed', 'debug');
return false;
} else {
if (claro_is_in_a_group()) {
if (!claro_is_group_allowed()) {
pushClaroMessage('group not allowed', 'debug');
return false;
} else {
return true;
}
} else {
return $this->isDocumentDownloadableInCourse($requestedUrl);
}
}
} else {
return false;
}
}
