$userid = api_get_user_id();
/* MAIN DISPLAY SECTION */
$groupId = api_get_group_id();
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
// Note: This has to be validated that it is an existing forum.
$current_forum = get_forum_information($my_forum);
if (empty($current_forum)) {
api_not_allowed();
}
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
$is_group_tutor = false;
if (!empty($groupId)) {
//Group info & group category info
$group_properties = GroupManager::get_group_properties($groupId);
//User has access in the group?
$user_has_access_in_group = GroupManager::user_has_access($userid, $groupId, GroupManager::GROUP_TOOL_FORUM);
$is_group_tutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupId);
//Course
if (!api_is_allowed_to_edit(false, true) and ($current_forum_category && $current_forum_category['visibility'] == 0 or $current_forum['visibility'] == 0 or !$user_has_access_in_group)) {
api_not_allowed();
}
} else {
//Course
if (!api_is_allowed_to_edit(false, true) and ($current_forum_category && $current_forum_category['visibility'] == 0 or $current_forum['visibility'] == 0)) {
api_not_allowed();
}
}
/* Header and Breadcrumbs */
$my_search = isset($_GET['search']) ? $_GET['search'] : '';
$my_action = isset($_GET['action']) ? $_GET['action'] : '';
$gradebook = null;
$tool_name = get_lang('StudentPublications');
$group_id = api_get_group_id();
$userInfo = api_get_user_info($studentId);
$courseInfo = api_get_course_info();
if (empty($userInfo) || empty($courseInfo)) {
api_not_allowed(true);
}
// Only a teachers page.
if (!empty($group_id)) {
$group_properties = GroupManager::get_group_properties($group_id);
$show_work = false;
if (api_is_allowed_to_edit(false, true)) {
$show_work = true;
} else {
// you are not a teacher
$show_work = GroupManager::user_has_access($user_id, $group_id, GroupManager::GROUP_TOOL_WORK);
}
if (!$show_work) {
api_not_allowed();
}
$interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq=' . $group_id, 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']);
} else {
if (!api_is_allowed_to_edit(false, true)) {
api_not_allowed(true);
}
}
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications'));
$interbreadcrumb[] = array('url' => '#', 'name' => $userInfo['complete_name']);
Display::display_header(null);
echo '<div class="actions">';
$tool_name = get_lang('StudentPublications');
$group_id = api_get_group_id();
$userInfo = api_get_user_info($studentId);
$courseInfo = api_get_course_info();
if (empty($userInfo) || empty($courseInfo)) {
api_not_allowed(true);
}
// Only a teachers page.
if (!empty($group_id)) {
$group_properties = GroupManager::get_group_properties($group_id);
$show_work = false;
if (api_is_allowed_to_edit(false, true)) {
$show_work = true;
} else {
// you are not a teacher
$show_work = GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_WORK);
}
if (!$show_work) {
api_not_allowed();
}
$interbreadcrumb[] = array('url' => '../group/group.php?' . api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?' . api_get_cidreq(), 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']);
} else {
if (!(api_is_allowed_to_edit() || api_is_coach())) {
api_not_allowed(true);
}
}
$action = isset($_GET['action']) ? $_GET['action'] : null;
switch ($action) {
case 'export_to_pdf':
exportAllWork($studentId, $courseInfo, 'pdf');
// Note: This can be speed up if we transform the $forum_list
// to an array that uses the forum_category as the key.
if (isset($forum['forum_category']) && $forum['forum_category'] == $forumCategory['cat_id']) {
$show_forum = false;
// SHOULD WE SHOW THIS PARTICULAR FORUM
// you are teacher => show forum
if (api_is_allowed_to_edit(false, true)) {
$show_forum = true;
} else {
// you are not a teacher
// it is not a group forum => show forum
// (invisible forums are already left out see get_forums function)
if ($forum['forum_of_group'] == '0') {
$show_forum = true;
} else {
$show_forum = GroupManager::user_has_access($user_id, $forum['forum_of_group'], GroupManager::GROUP_TOOL_FORUM);
}
}
if ($show_forum) {
$form_count++;
$mywhatsnew_post_info = isset($whatsnew_post_info[$forum['forum_id']]) ? $whatsnew_post_info[$forum['forum_id']] : null;
$html = '<div class="panel panel-default forum">';
$html .= '<div class="panel-body">';
$forum_image = '';
$imgForum = '';
// Showing the image
if (!empty($forum['forum_image'])) {
$image_path = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/upload/forum/images/' . $forum['forum_image'];
$image_size = api_getimagesize($image_path);
$img_attributes = '';
if (!empty($image_size)) {
}
// 2. the forumcategory or forum is locked (locked <>0) and the user is not a course manager
if (!api_is_allowed_to_edit(false, true) and ($current_forum_category['visibility'] && $current_forum_category['locked'] != 0 or $current_forum['locked'] != 0)) {
api_not_allowed();
}
// 3. new threads are not allowed and the user is not a course manager
if (!api_is_allowed_to_edit(false, true) and $current_forum['allow_new_threads'] != 1) {
api_not_allowed();
}
// 4. anonymous posts are not allowed and the user is not logged in
if (!$_user['user_id'] and $current_forum['allow_anonymous'] != 1) {
api_not_allowed();
}
// 5. Check user access
if ($current_forum['forum_of_group'] != 0) {
$show_forum = GroupManager::user_has_access(api_get_user_id(), $current_forum['forum_of_group'], GroupManager::GROUP_TOOL_FORUM);
if (!$show_forum) {
api_not_allowed();
}
}
$session_toolgroup = 0;
if ($origin == 'group') {
$session_toolgroup = intval($_SESSION['toolgroup']);
$group_properties = GroupManager::get_group_properties($session_toolgroup);
$interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq=' . $session_toolgroup, 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?origin=' . $origin . '&gidReq=' . $session_toolgroup . '&forum=' . Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?origin=' . $origin . '&forum=' . Security::remove_XSS($_GET['forum']), 'name' => get_lang('NewTopic'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?gradebook=' . $gradebook, 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?forumcategory=' . $current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']);
/**
* @param int $filter
* @param string $view
* @return string
*/
public function displayActions($view, $filter = 0)
{
$courseInfo = api_get_course_info();
$actionsLeft = '';
$actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_js.php?type={$this->type}'>" . Display::return_icon('calendar.png', get_lang('Calendar'), '', ICON_SIZE_MEDIUM) . "</a>";
$courseCondition = '';
if (!empty($courseInfo)) {
$courseCondition = api_get_cidreq();
}
$actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_list.php?type={$this->type}&" . $courseCondition . "'>" . Display::return_icon('week.png', get_lang('AgendaList'), '', ICON_SIZE_MEDIUM) . "</a>";
$form = '';
if (api_is_allowed_to_edit(false, true) || api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) || GroupManager::user_has_access(api_get_user_id(), api_get_group_id(), GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())) {
$actionsLeft .= Display::url(Display::return_icon('new_event.png', get_lang('AgendaAdd'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=add&type=" . $this->type);
$actionsLeft .= Display::url(Display::return_icon('import_calendar.png', get_lang('ICalFileImport'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=importical&type=" . $this->type);
if ($this->type == 'course') {
if (!isset($_GET['action'])) {
$form = new FormValidator('form-search', 'post', '', '', array(), FormValidator::LAYOUT_INLINE);
$attributes = array('multiple' => false, 'id' => 'select_form_id_search');
$selectedValues = $this->parseAgendaFilter($filter);
$this->showToForm($form, $selectedValues, $attributes);
$form = $form->returnForm();
}
}
}
if (api_is_platform_admin() || api_is_teacher() || api_is_student_boss() || api_is_drh() || api_is_session_admin() || api_is_coach()) {
if ($this->type == 'personal') {
$form = null;
if (!isset($_GET['action'])) {
$form = new FormValidator('form-search', 'get', api_get_self() . '?type=personal&', '', array(), FormValidator::LAYOUT_INLINE);
$sessions = SessionManager::get_sessions_by_user(api_get_user_id());
$form->addHidden('type', 'personal');
$sessions = array_column($sessions, 'session_name', 'session_id');
$sessions = ['0' => get_lang('SelectAnOption')] + $sessions;
$form->addSelect('session_id', get_lang('Session'), $sessions, ['id' => 'session_id', 'onchange' => 'submit();']);
//$form->addButtonFilter(get_lang('Filter'));
//$renderer = $form->defaultRenderer();
//$renderer->setCustomElementTemplate('<div class="col-md-6">{element}</div>');
$form->addButtonReset(get_lang('Reset'));
$form = $form->returnForm();
}
}
}
$actionsRight = '';
if ($view == 'calendar') {
$actionsRight .= $form;
}
$toolbar = Display::toolbarAction('toolbar-agenda', array(0 => $actionsLeft, 1 => $actionsRight), 2, false);
return $toolbar;
}
}
if (!$is_certificate_mode) {
/* BUILD SEARCH FORM */
$form = new FormValidator('search_document', 'get', api_get_self() . '?' . api_get_cidreq(), '', array(), FormValidator::LAYOUT_INLINE);
$form->addText('keyword', '', false, array('class' => 'col-md-2'));
$form->addElement('hidden', 'cidReq', api_get_course_id());
$form->addElement('hidden', 'id_session', api_get_session_id());
$form->addElement('hidden', 'gidReq', $groupId);
$form->addButtonSearch(get_lang('Search'));
$actionsRight = $form->returnForm();
}
$table_footer = '';
$total_size = 0;
$sortable_data = array();
if (isset($documentAndFolders) && is_array($documentAndFolders)) {
if ($groupId == 0 || GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_DOCUMENTS)) {
$count = 1;
$countedPaths = array();
$countedPaths = array();
foreach ($documentAndFolders as $key => $document_data) {
$row = array();
$row['id'] = $document_data['id'];
$row['type'] = $document_data['filetype'];
// If the item is invisible, wrap it in a span with class invisible.
$is_visible = DocumentManager::is_visible_by_id($document_data['id'], $courseInfo, $sessionId, api_get_user_id(), false);
$invisibility_span_open = $is_visible == 0 ? '<span class="muted">' : '';
$invisibility_span_close = $is_visible == 0 ? '</span>' : '';
// Size (or total size of a directory)
$size = $document_data['filetype'] == 'folder' ? get_total_folder_size($document_data['path'], $is_allowed_to_edit) : $document_data['size'];
// Get the title or the basename depending on what we're using
if ($document_data['title'] != '') {
/**
* @param string $tool Possible values:
* GroupManager::GROUP_TOOL_*
*
*/
function api_protect_course_group($tool, $showHeader = true)
{
$userId = api_get_user_id();
$groupId = api_get_group_id();
if (!empty($groupId)) {
$allow = GroupManager::user_has_access($userId, $groupId, $tool);
if (!$allow) {
api_not_allowed($showHeader);
}
}
}
$id_list = explode('_', $eventId);
$eventId = $id_list[1];
$event_type = $id_list[0];
}
if (!api_is_allowed_to_edit(null, true) && $event_type == 'course') {
api_not_allowed(true);
}
if ($event_type == 'course') {
$agendaUrl = api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?' . api_get_cidreq() . '&type=course';
} else {
$agendaUrl = api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?&type=' . $event_type;
}
$course_info = api_get_course_info();
$agenda->type = $event_type;
$content = null;
if (api_is_allowed_to_edit(false, true) || api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) || GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {
switch ($action) {
case 'add':
$actionName = get_lang('Add');
$form = $agenda->getForm(array('action' => 'add'));
if ($form->validate()) {
$values = $form->getSubmitValues();
$sendEmail = isset($values['add_announcement']) ? true : false;
$allDay = isset($values['all_day']) ? 'true' : 'false';
$sendAttachment = isset($_FILES['user_upload']) ? true : false;
$attachment = $sendAttachment ? $_FILES['user_upload'] : null;
$attachmentComment = isset($values['file_comment']) ? $values['file_comment'] : null;
$comment = isset($values['comment']) ? $values['comment'] : null;
$startDate = $values['date_range_start'];
$endDate = $values['date_range_end'];
$eventId = $agenda->addEvent($startDate, $endDate, $allDay, $values['title'], $values['content'], $values['users_to_send'], $sendEmail, null, $attachment, $attachmentComment, $comment);
/**
* @param int $filter
* @param string $view
* @return string
*/
public function displayActions($view, $filter = 0)
{
$actions = "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_js.php?type={$this->type}'>" . Display::return_icon('calendar.png', get_lang('Calendar'), '', ICON_SIZE_MEDIUM) . "</a>";
$actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_list.php?type={$this->type}&" . api_get_cidreq() . "'>" . Display::return_icon('week.png', get_lang('AgendaList'), '', ICON_SIZE_MEDIUM) . "</a>";
if (api_is_allowed_to_edit(false, true) or api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) or GroupManager::user_has_access(api_get_user_id(), api_get_group_id(), GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())) {
if ($this->type == 'course') {
$form = null;
if (!isset($_GET['action'])) {
$form = new FormValidator('form-search');
$attributes = array('multiple' => false, 'id' => 'select_form_id_search');
$selectedValues = $this->parseAgendaFilter($filter);
$this->showToForm($form, $selectedValues, $attributes);
$form = $form->return_form();
}
$actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=add&type=course'>" . Display::return_icon('new_event.png', get_lang('AgendaAdd'), '', ICON_SIZE_MEDIUM) . "</a>";
$actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=importical&type=course'>" . Display::return_icon('import_calendar.png', get_lang('ICalFileImport'), '', ICON_SIZE_MEDIUM) . "</a>";
if ($view == 'calendar') {
$actions .= $form;
}
}
}
return $actions;
}
/**
* @param array $courseInfo
* @param int $workId
* @return bool
*/
function protectWork($courseInfo, $workId)
{
$userId = api_get_user_id();
$groupId = api_get_group_id();
$sessionId = api_get_session_id();
$workData = get_work_data_by_id($workId);
if (empty($workData) || empty($courseInfo)) {
api_not_allowed(true);
}
if (api_is_platform_admin() || api_is_allowed_to_edit()) {
return true;
}
$workId = $workData['id'];
if ($workData['active'] != 1) {
api_not_allowed(true);
}
$visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
if ($visibility != 1) {
api_not_allowed(true);
}
allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
if (!empty($groupId)) {
$showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK);
if (!$showWork) {
api_not_allowed(true);
}
}
}
/**
* This function displays a dropdown list that allows the course administrator do view the calendar items of one specific group
* @author: Patrick Cool <*****@*****.**>, Ghent University
*/
function show_user_group_filter_form()
{
echo "<select name=\"select\" onchange=\"javascript: MM_jumpMenu('parent',this,0)\">";
echo "<option value=\"agenda.php?user=none&action=view\">" . get_lang("ShowAll") . "</option>";
// Groups
$group_list = get_course_groups();
$group_available_to_access = array();
$option = '';
if (!empty($group_list)) {
$option = "<optgroup label=\"" . get_lang("Groups") . "\">";
foreach ($group_list as $this_group) {
// echo "<option value=\"agenda.php?isStudentView=true&group=".$this_group['id']."\">".$this_group['name']."</option>";
$has_access = GroupManager::user_has_access(api_get_user_id(), $this_group['id'], GroupManager::GROUP_TOOL_CALENDAR);
$result = GroupManager::get_group_properties($this_group['id']);
if ($result['calendar_state'] != '0') {
$group_available_to_access[] = $this_group['id'];
}
// lastedit
if ($has_access || $result['calendar_state'] == '1') {
$option .= "<option value=\"agenda.php?action=view&group=" . $this_group['id'] . "\" ";
$option .= $this_group['id'] == $_SESSION['group'] ? " selected" : "";
$option .= ">" . $this_group['name'] . "</option>";
}
}
$option .= "</optgroup>";
}
echo $option;
// Users
$user_list = get_course_users();
if (!empty($user_list)) {
echo "<optgroup label=\"" . get_lang("Users") . "\">";
foreach ($user_list as $this_user) {
echo "<option value=\"agenda.php?action=view&user="******"\" ";
echo isset($_SESSION['user']) && $this_user['uid'] == $_SESSION['user'] ? " selected" : "";
echo ">" . api_get_person_name($this_user['firstName'], $this_user['lastName']) . "</option>";
}
echo "</optgroup>";
}
echo "</select>";
}
public static function user_can_edit_announcement()
{
$group_id = api_get_group_id();
return api_is_allowed_to_edit(false, true) or api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous() or !empty($group_id) and GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_ANNOUNCEMENT) and GroupManager::is_tutor_of_group(api_get_user_id(), $group_id);
}
