PHP allowOnlySubscribedUser Examples

Example #1

File: downloadfolder.inc.php Project: ragebat/chamilo-lms

$temp_zip_file = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip";
$zip_folder = new PclZip($temp_zip_file);
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
//Put the files in the zip
//2 possibilities: admins get all files and folders in the selected folder (except for the deleted ones)
//normal users get only visible files that are in visible folders
//admins are allowed to download invisible files
$files = array();
$course_id = api_get_course_int_id();
if (api_is_allowed_to_edit()) {
    //Search for all files that are not deleted => visibility != 2
    $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file\n            FROM {$tbl_student_publication} AS work INNER JOIN {$prop_table} AS props\n                ON (\n                    props.c_id = {$course_id} AND\n                    work.c_id = {$course_id} AND\n                    work.id = props.ref\n                  )\n \t\t\tWHERE   props.tool='work' AND\n \t\t\t        work.parent_id = {$work_id} AND\n \t\t\t        work.filetype = 'file' AND\n \t\t\t        props.visibility<>'2' AND\n \t\t\t        work.active = 1 AND\n \t\t\t        work.post_group_id = {$groupId}\n            ";
} else {
    $courseInfo = api_get_course_info();
    allowOnlySubscribedUser(api_get_user_id(), $work_id, $courseInfo['real_id']);
    $userCondition = null;
    // All users
    if ($courseInfo['show_score'] == 0) {
        // Do another filter
    } else {
        // Only teachers
        $userCondition = " AND props.insert_user_id = " . api_get_user_id();
    }
    //for other users, we need to create a zipfile with only visible files and folders
    $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file\n            FROM {$tbl_student_publication} AS work INNER JOIN {$prop_table} AS props\n                ON (props.c_id = {$course_id} AND\n                    work.c_id = {$course_id} AND\n                    work.id = props.ref)\n           WHERE\n                    props.tool='work' AND\n                    work.accepted = 1 AND\n                    work.active = 1 AND\n                    work.parent_id = {$work_id} AND\n                    work.filetype = 'file' AND\n                    props.visibility = '1' AND\n                    work.post_group_id = {$groupId}\n                    {$userCondition}\n            ";
}
$query = Database::query($sql);
//add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
    $user_info = api_get_user_info($not_deleted_file['insert_user_id']);

Example #2

File: view.php Project: ragebat/chamilo-lms

<?php

/* For licensing terms, see /license.txt */
$language_file = array('exercice', 'work', 'document', 'admin');
//require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
require_once 'work.lib.php';
$id = isset($_GET['id']) ? intval($_GET['id']) : null;
$work = get_work_data_by_id($id);
if (empty($id) || empty($work)) {
    api_not_allowed();
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']);
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
    if (api_is_allowed_to_edit(null, true)) {
        $url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
    } else {
        $url_dir = 'work_list.php?id=' . $my_folder_data['id'];
    }
    $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
    $interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
    if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) {
        $tpl = new Template();
        $tpl->assign('work', $work);
        $template = $tpl->get_template('work/view.tpl');
        $content = $tpl->fetch($template);
        $tpl->assign('content', $content);
        $tpl->display_one_col_template();

Example #3

File: work.lib.php Project: omaoibrahim/chamilo-lms

/**
 * @param array $courseInfo
 * @param int $workId
 * @return bool
 */
function protectWork($courseInfo, $workId)
{
    $userId = api_get_user_id();
    $groupId = api_get_group_id();
    $sessionId = api_get_session_id();
    $workData = get_work_data_by_id($workId);
    if (empty($workData) || empty($courseInfo)) {
        api_not_allowed(true);
    }
    if (api_is_platform_admin() || api_is_allowed_to_edit()) {
        return true;
    }
    $workId = $workData['id'];
    if ($workData['active'] != 1) {
        api_not_allowed(true);
    }
    $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
    if ($visibility != 1) {
        api_not_allowed(true);
    }
    allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
    if (!empty($groupId)) {
        $showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK);
        if (!$showWork) {
            api_not_allowed(true);
        }
    }
}

Example #4

File: work.lib.php Project: annickvdp/Chamilo1.9.10

/**
 * Get the file contents for an assigment
 * @param int $id
 * @param array $course_info
 * @param int Session ID
 * @return array|bool
 */
function getFileContents($id, $course_info, $sessionId = 0)
{
    $id = intval($id);
    if (empty($course_info) || empty($id)) {
        return false;
    }
    if (empty($sessionId)) {
        $sessionId = api_get_session_id();
    }

    $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);

    if (!empty($course_info['real_id'])) {
        $sql = 'SELECT * FROM '.$tbl_student_publication.'
                WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
        $result = Database::query($sql);
        if ($result && Database::num_rows($result)) {
            $row = Database::fetch_array($result, 'ASSOC');
            $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];

            $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
            allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);

            if (empty($item_info)) {
                api_not_allowed();
            }

            /*
            field show_score in table course :
                0 =>    New documents are visible for all users
                1 =>    New documents are only visible for the teacher(s)
            field visibility in table item_property :
                0 => eye closed, invisible for all students
                1 => eye open
            field accepted in table c_student_publication :
                0 => eye closed, invisible for all students
                1 => eye open
            ( We should have visibility == accepted, otherwise there is an
            inconsistency in the Database)
            field value in table c_course_setting :
                0 => Allow learners to delete their own publications = NO
                1 => Allow learners to delete their own publications = YES

            +------------------+-------------------------+------------------------+
            |Can download work?| doc visible for all = 0 | doc visible for all = 1|
            +------------------+-------------------------+------------------------+
            |  visibility = 0  | editor only             | editor only            |
            |                  |                         |                        |
            +------------------+-------------------------+------------------------+
            |  visibility = 1  | editor                  | editor                 |
            |                  | + owner of the work     | + any student          |
            +------------------+-------------------------+------------------------+
            (editor = teacher + admin + anybody with right api_is_allowed_to_edit)
            */

            $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
            $doc_visible_for_all = ($course_info['show_score'] == 1);

            $is_editor = api_is_allowed_to_edit(true, true, true);
            $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);

            if ($is_editor ||
                ($student_is_owner_of_work) ||
                ($doc_visible_for_all && $work_is_visible)
            ) {
                $title = $row['title'];
                if (array_key_exists('filename', $row) && !empty($row['filename'])) {
                    $title = $row['filename'];
                }
                $title = str_replace(' ', '_', $title);
                event_download($title);
                if (Security::check_abs_path(
                    $full_file_name,
                    api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
                ) {
                    return array(
                        'path' => $full_file_name,
                        'title' => $title
                    );
                }
            }
        }
    }

    return false;
}

Example #5

File: upload_from_template.php Project: annickvdp/Chamilo1.9.10

$session_id = api_get_session_id();
$course_code = api_get_course_id();
$course_info = api_get_course_info();
$group_id = api_get_group_id();

if (empty($work_id)) {
    api_not_allowed(true);
}

$workInfo = get_work_data_by_id($work_id);

if (empty($workInfo)) {
    api_not_allowed(true);
}

allowOnlySubscribedUser($user_id, $work_id, $course_id);

$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
    $user_id,
    $course_code,
    $session_id
);
$is_course_member = $is_course_member || api_is_platform_admin();

if ($is_course_member == false) {
    api_not_allowed(true);
}

$check = Security::check_token('post');
$token = Security::get_token();