function get_rubric($id)
{
// verify access to object
if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION[id], $id, 'assessment_worksheet')) {
page_fail(UNAUTHORIZED);
}
// select required fields from rubric and rubric_result
$rubric = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('rubric' => array('name', 'threshold', 'threshold_desc'), 'rubric_description' => array('outstanding_desc', 'expected_desc', 'marginal_desc', 'unacceptable_desc'), 'rubric_results' => 'total_students'), 'joins' => array("INNER JOIN assessment_worksheet ON assessment_worksheet.fk_rubric = rubric.id", "INNER JOIN rubric_description ON rubric.fk_description = rubric_description.id", "INNER JOIN rubric_results ON assessment_worksheet.fk_rubric_results = rubric_results.id"), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}"))));
$row = $rubric->get_row_assoc();
if (is_null($row)) {
page_fail(NOT_FOUND);
}
// select competencies
$comps = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('competency_results' => array('id', 'competency_desc', 'outstanding_tally', 'expected_tally', 'marginal_tally', 'unacceptable_tally', 'pass_fail_type', 'comment')), 'aliases' => array('competency_results.competency_desc' => 'description'), 'joins' => array("INNER JOIN rubric_results ON rubric_results.id = competency_results.fk_rubric_results", "INNER JOIN assessment_worksheet ON assessment_worksheet.fk_rubric_results = rubric_results.id"), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}"))));
if ($comps->is_empty()) {
page_fail(NOT_FOUND);
}
// prepare json object
$cs = array();
$comps->for_each_assoc(function ($row) use(&$cs) {
$cs[] = $row;
});
$row['competency'] = $cs;
return json_encode($row);
}
function get_wkst($id)
{
// verify access to worksheet
if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION['id'], $id, 'assessment_worksheet')) {
page_fail(UNAUTHORIZED);
}
// select required data from db
$query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('assessment_worksheet' => array('id', 'activity', 'objective', 'instrument', 'course_of_action'), 'abet_assessment' => 'id', 'course' => array('title', 'course_number'), 'abet_characteristic' => array('level', 'program_specifier', 'description'), 'abet_criterion' => array('rank', 'description')), 'joins' => array('INNER JOIN abet_assessment ON assessment_worksheet.fk_assessment = abet_assessment.id', 'LEFT OUTER JOIN course ON assessment_worksheet.fk_course = course.id', 'LEFT OUTER JOIN abet_characteristic ON abet_assessment.fk_characteristic = abet_characteristic.id', 'INNER JOIN abet_criterion ON abet_assessment.fk_criterion = abet_criterion.id'), 'where' => 'assessment_worksheet.id = ?', 'where-params' => array("i:{$id}"))));
if ($query->is_empty()) {
page_fail(NOT_FOUND);
}
$row = $query->get_row_assoc();
// query the assessment personnel via the acl
$assess = new ABETAssessment($row['abet_assessment.id']);
$faculty = $assess->get_acl();
// build object for client
$obj = new stdClass();
$obj->id = $row['assessment_worksheet.id'];
$obj->faculty = count($faculty) == 0 ? "n/a" : implode(', ', array_map(function ($x) {
return $x->full_name;
}, $faculty));
$obj->criterion = "{$row['rank']} {$row['abet_criterion.description']}";
if (!is_null($row['level'])) {
$obj->characteristic = "{$row['level']} {$row['abet_characteristic.description']}";
if (!is_null($row['program_specifier']) && $row['program_specifier'] != '') {
$obj->characteristic .= " {$row['program_specifier']}";
}
} else {
$obj->characteristic = null;
}
if (!is_null($row['title'])) {
$obj->course = "{$row['course_number']}: {$row['title']}";
$obj->activity = null;
} else {
$obj->course = null;
$obj->activity = !is_null($row['activity']) && $row['activity'] != '' ? $row['activity'] : 'not specified';
}
$obj->objective = $row['objective'];
$obj->instrument = $row['instrument'];
$obj->course_of_action = $row['course_of_action'];
return json_encode($obj);
}
<script src="scripts/assessment.js" type="text/javascript"></script> <script src="scripts/characteristics.js" type="text/javascript"></script> <script src="scripts/course.js" type="text/javascript"></script> <?php } ?> <link rel="stylesheet" href="stylesheets/abet.css" /> <link rel="stylesheet" href="stylesheets/tree.css" /> <link rel="stylesheet" href="stylesheets/confirm.css" /> <script type="text/javascript"> user = "******"; read_only = <?php echo abet_is_observer() ? 'true' : 'false'; ?> ; </script> </head> <body> <div class="top_bar"> <a href="loadHome" class="nav_button internal"><h1>ABET</h1></a> <input type="text" placeholder="search" class="search" id="search"></input> <div class="top_icons"> <img id="notif" src="resources/notif.png" class="icon"></img> <img id="sett" src="resources/settings.png" class="icon"></img> </div> <div id="search_results" class="popup results"> Press enter to search </div>
}
header('Content-Type: application/json');
if (!abet_is_authenticated()) {
page_fail(UNAUTHORIZED);
}
if ($_SERVER['REQUEST_METHOD'] != 'GET') {
page_fail(BAD_REQUEST);
}
// output is array of navigation trees
$navTrees = array();
$isAdmin = abet_is_admin_authenticated();
// design query to select all navigation for current user
$qbInfo = array('tables' => array('abet_assessment' => array('id', 'name'), 'program' => array('id', 'name', 'semester', 'year'), 'abet_criterion' => array('id', 'rank', 'description'), 'abet_characteristic' => array('id', 'level', 'program_specifier', 'short_name'), 'assessment_worksheet' => array('id', 'activity'), 'general_content' => 'id', 'rubric' => 'id', 'course' => 'course_number'), 'joins' => array("INNER JOIN program ON abet_assessment.fk_program = program.id", ($isAdmin ? "RIGHT OUTER" : "INNER") . " JOIN abet_criterion ON abet_assessment.fk_criterion = abet_criterion.id", "LEFT OUTER JOIN abet_characteristic ON abet_assessment.fk_characteristic = abet_characteristic.id", "LEFT OUTER JOIN assessment_worksheet ON abet_assessment.id = assessment_worksheet.fk_assessment", "LEFT OUTER JOIN general_content ON abet_assessment.id = general_content.fk_assessment", "LEFT OUTER JOIN rubric ON assessment_worksheet.fk_rubric = rubric.id", "LEFT OUTER JOIN course ON assessment_worksheet.fk_course = course.id"), 'orderby' => "program.year, program.semester, program.name, abet_criterion.rank, abet_characteristic.level, course.course_number");
// is the user is not an admin and not an observer, restrict their access
// according to the ACLs for the given assessments
if (!$isAdmin && !abet_is_observer()) {
// join on the acl tables to restrict access
$qbInfo['joins'][] = "INNER JOIN acl ON abet_assessment.fk_acl = acl.id";
$qbInfo['joins'][] = "INNER JOIN acl_entry ON acl_entry.fk_acl = acl.id AND acl_entry.fk_profile = '{$_SESSION['id']}'";
}
// grab all assessments that the user can access, along with their keys
$query = new Query(new QueryBuilder(SELECT_QUERY, $qbInfo));
// structure the navigation tree around the heirarchy of assessments to which the
// user has access; we present the same navigation structure to all kinds of users
$userTools = new stdClass();
$userTools->label = 'Content';
$userTools->children = array();
create_unique_id($userTools, 'top-level', 1);
// mappings to remember content organizers as we go through results
$mappings = array();
$criteria = array();
// check initial user authentication
if (!abet_is_authenticated()) {
page_fail(UNAUTHORIZED);
}
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (!array_key_exists('id', $_GET)) {
page_fail(BAD_REQUEST);
}
// double check access to content
if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION['id'], $_GET['id'], 'general_content')) {
page_fail(UNAUTHORIZED);
}
echo get_content($_GET['id']);
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (abet_is_observer()) {
// observers can't post data
page_fail(UNAUTHORIZED);
}
if (array_key_exists('id', $_POST) && array_key_exists('type', $_POST)) {
// make sure user can access general_content entity
if (!abet_is_admin_authenticated() && !check_assessment_access($_SESSION['id'], $_POST['id'], 'general_content')) {
page_fail(UNAUTHORIZED);
}
// create new content (single entity)
if ($_POST['type'] == 'file' && array_key_exists('file', $_FILES)) {
// make sure file data was uploaded correctly
if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
page_fail_with_reason(SERVER_ERROR, "file upload was unsuccessful");
}
echo create_file($_POST['id']);
a file_upload entity as the GET argument. The script checks access to the
file before allowing it to be downloaded.
*/
// check general authentication mode
if (!abet_is_authenticated()) {
http_response_code(UNAUTHORIZED);
header('Content-Type: text/html');
echo "<h1>Access to the specified object is unauthorized.</h1>";
exit;
}
// check for correct GET variables
if (!array_key_exists('id', $_GET)) {
http_response_code(BAD_REQUEST);
header('Content-Type: text/html');
echo "<h1>Bad request: try again...";
exit;
}
// check access to specific file resource
if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_general_content_item_access($_SESSION['id'], $_GET['id'], 'file_upload', $found)) {
header('Content-Type: text/html');
if ($found) {
http_response_code(UNAUTHORIZED);
echo "<h1>Access to the specified object is unauthorized or it has been removed.</h1>";
} else {
http_response_code(NOT_FOUND);
echo "<h1>The specified object was not found. It's possible it was removed.</h1>";
}
exit;
}
// call routine to output file
file_download($_GET['id']);
