foreach ($workList as $workId) { deleteDirWork($workId); } } break; case 'upload_correction_file': api_protect_course_script(true); // User access same as upload.php $is_allowed_to_edit = api_is_allowed_to_edit(null, true); $itemId = isset($_GET['item_id']) ? intval($_GET['item_id']) : ''; $result = array(); if (!empty($_FILES) && !empty($itemId)) { $file = $_FILES['file']; $courseInfo = api_get_course_info(); $workInfo = get_work_data_by_id($itemId); $workInfoParent = get_work_data_by_id($workInfo['parent_id']); $resultUpload = uploadWork($workInfoParent, $courseInfo, true, $workInfo); $work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (isset($resultUpload['url']) && !empty($resultUpload['url'])) { $title = isset($resultUpload['filename']) && !empty($resultUpload['filename']) ? $resultUpload['filename'] : get_lang('Untitled'); $url = Database::escape_string($resultUpload['url']); $title = Database::escape_string($title); $sql = "UPDATE {$work_table} SET\n url_correction = '" . $url . "',\n title_correction = '" . $title . "'\n WHERE iid = {$itemId}"; Database::query($sql); $result['title'] = $resultUpload['filename']; $result['url'] = 'view.php?' . api_get_cidreq() . '&id=' . $itemId; $json = array(); $json['name'] = Display::url(api_htmlentities($result['title']), api_htmlentities($result['url']), array('target' => '_blank')); $json['type'] = api_htmlentities($file['type']); $json['size'] = format_file_size($file['size']); }
<?php /* For licensing terms, see /license.txt */ /** * Functions and main code for the download folder feature * @todo use ids instead of the path like the document tool * @package chamilo.work */ $work_id = $_GET['id']; //require_once '../inc/global.inc.php'; $current_course_tool = TOOL_STUDENTPUBLICATION; //protection api_protect_course_script(true); require_once 'work.lib.php'; $work_data = get_work_data_by_id($work_id); $groupId = api_get_group_id(); if (empty($work_data)) { exit; } //prevent some stuff if (empty($path)) { $path = '/'; } if (empty($_course) || empty($_course['path'])) { api_not_allowed(); } $sys_course_path = api_get_path(SYS_COURSE_PATH); //zip library for creation of the zipfile require_once api_get_path(LIBRARY_PATH) . 'pclzip/pclzip.lib.php'; //Creating a ZIP file $temp_zip_file = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip";
$current_course_tool = TOOL_STUDENTPUBLICATION; api_protect_course_script(true); // Including necessary files require_once 'work.lib.php'; $this_section = SECTION_COURSES; $workId = isset($_GET['id']) ? intval($_GET['id']) : null; $origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : ''; if (empty($workId)) { api_not_allowed(true); } $my_folder_data = get_work_data_by_id($workId); if (empty($my_folder_data)) { api_not_allowed(true); } if ($my_folder_data['active'] != 1) { api_not_allowed(true); } $work_data = get_work_assignment_by_id($workId); $tool_name = get_lang('StudentPublications'); $group_id = api_get_group_id(); $courseInfo = api_get_course_info(); $htmlHeadXtra[] = api_get_jqgrid_js();
$result = addDir($_POST, $user_id, $_course, $group_id, $id_session); if ($result) { $message = Display::return_message(get_lang('DirectoryCreated'), 'success'); } else { $message = Display::return_message(get_lang('CannotCreateDir'), 'error'); } Session::write('message', $message); header('Location: ' . $currentUrl); exit; } else { $content = $form->return_form(); } break; case 'delete_dir': if ($is_allowed_to_edit) { $work_to_delete = get_work_data_by_id($_REQUEST['id']); $result = deleteDirWork($_REQUEST['id']); if ($result) { $message = Display::return_message(get_lang('DirDeleted') . ': ' . $work_to_delete['title'], 'success'); Session::write('message', $message); } header('Location: ' . $currentUrl); exit; } break; case 'move': /* Move file form request */ if ($is_allowed_to_edit) { if (!empty($item_id)) { $content = generateMoveForm($item_id, $curdirpath, $course_info, $group_id, $session_id); }
<?php /* For licensing terms, see /license.txt */ $language_file = array('exercice', 'work', 'document', 'admin'); //require_once '../inc/global.inc.php'; $current_course_tool = TOOL_STUDENTPUBLICATION; require_once 'work.lib.php'; $id = isset($_GET['id']) ? intval($_GET['id']) : null; $work = get_work_data_by_id($id); if (empty($id) || empty($work)) { api_not_allowed(); } $interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications')); $my_folder_data = get_work_data_by_id($work['parent_id']); $course_info = api_get_course_info(); allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']); if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) { if (api_is_allowed_to_edit(null, true)) { $url_dir = 'work_list_all.php?id=' . $my_folder_data['id']; } else { $url_dir = 'work_list.php?id=' . $my_folder_data['id']; } $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']); $interbreadcrumb[] = array('url' => '#', 'name' => $work['title']); if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) { $tpl = new Template(); $tpl->assign('work', $work); $template = $tpl->get_template('work/view.tpl'); $content = $tpl->fetch($template); $tpl->assign('content', $content); $tpl->display_one_col_template();
require_once 'work.lib.php'; $this_section = SECTION_COURSES; $work_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null; $is_allowed_to_edit = api_is_allowed_to_edit(); $course_id = api_get_course_int_id(); $user_id = api_get_user_id(); $userInfo = api_get_user_info(); $session_id = api_get_session_id(); $course_info = api_get_course_info(); $course_code = $course_info['code']; $group_id = api_get_group_id(); if (empty($work_id)) { api_not_allowed(true); } protectWork($course_info, $work_id); $workInfo = get_work_data_by_id($work_id); $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id, $session_id); $is_course_member = $is_course_member || api_is_platform_admin(); if ($is_course_member == false || api_is_invitee()) { api_not_allowed(true); } $check = Security::check_token('post'); $token = Security::get_token(); $student_can_edit_in_session = api_is_allowed_to_session_edit(false, true); // @todo add an option to allow/block multiple attempts. /* if (!empty($workInfo) && !empty($workInfo['qualification'])) { $count = get_work_count_by_student($user_id, $work_id); if ($count >= 1) { Display::display_header(); if (api_get_course_setting('student_delete_own_publication') == '1') {
$finalResult[$title] = $item['id']; } $coursePath = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/'; $workDir = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/work/'; $workDir .= basename($workInfo['url']) . '/'; $finder = new Finder(); $finder->files()->in($destinationDir); /** @var SplFileInfo $file */ foreach ($finder as $file) { $fileName = $file->getBasename(); $fileName = substr($fileName, 20, strlen($fileName)); $pos = strpos($fileName, '-') + 1; $fileName = substr($fileName, $pos, strlen($fileName)); if (isset($finalResult[$fileName])) { $workStudentId = $finalResult[$fileName]; $workStudent = get_work_data_by_id($workStudentId); if ($workStudent) { if (!empty($workStudent['url_correction'])) { $correctionFilePath = $coursePath . $workStudent['url_correction']; $correctionTitle = $workStudent['title_correction']; } else { if (!empty($workStudent['url'])) { $correctionFilePath = $coursePath . $workStudent['url'] . '_correction'; $correctionTitle = $fileName; } else { //$correctionFilePath = $workDir.api_get_unique_id().'_correction'; } } $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (!empty($correctionFilePath)) { $result = copy($file->getRealPath(), $correctionFilePath);
/** * Get all work created by a user * @param int $user_id * @param int $courseId * @param int $sessionId * @return array */ function getWorkCreatedByUser($user_id, $courseId, $sessionId) { $items = api_get_item_property_list_by_tool_by_user( $user_id, 'work', $courseId, $sessionId ); $forumList = array(); if (!empty($items)) { foreach ($items as $forum) { $item = get_work_data_by_id( $forum['ref'], $courseId, $sessionId ); $forumList[] = array( $item['title'], api_get_local_time($forum['insert_date']), api_get_local_time($forum['lastedit_date']) ); } } return $forumList; }
$form->addButtonUpdate($text); $form->setDefaults($defaults); $error_message = null; $_course = api_get_course_info(); $currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/'; $succeed = false; if ($form->validate()) { if ($student_can_edit_in_session && $check) { /* * SPECIAL CASE ! For a work edited */ //Get the author ID for that document from the item_property table $item_to_edit_id = intval($_POST['item_to_edit']); $is_author = user_is_author($item_to_edit_id); if ($is_author) { $work_data = get_work_data_by_id($item_to_edit_id); if (!empty($_POST['title'])) { $title = isset($_POST['title']) ? $_POST['title'] : $work_data['title']; } $description = isset($_POST['description']) ? $_POST['description'] : $work_data['description']; $add_to_update = null; if ($is_allowed_to_edit && $_POST['qualification'] != '') { $add_to_update = ', qualificator_id =' . "'" . api_get_user_id() . "', "; $add_to_update .= ' qualification = ' . "'" . Database::escape_string($_POST['qualification']) . "',"; $add_to_update .= ' date_of_qualification = ' . "'" . api_get_utc_datetime() . "'"; if (isset($_POST['send_email'])) { $url = api_get_path(WEB_CODE_PATH) . 'work/view.php?' . api_get_cidreq() . '&id=' . $item_to_edit_id; $subject = sprintf(get_lang('ThereIsANewWorkFeedback'), $work_item['title']); $message = sprintf(get_lang('ThereIsANewWorkFeedbackInWorkXHere'), $work_item['title'], $url); MessageManager::send_message_simple($work_item['user_id'], $subject, $message, api_get_user_id(), isset($_POST['send_to_drh_users'])); }
} if ($there_is_a_expire_date) { $defaults['expires_on'] = $homework['expires_on']; } $defaults['add_to_calendar'] = isset($homework['add_to_calendar']) ? $homework['add_to_calendar'] : null; $form = getFormWork($form, $defaults); $form->addElement('hidden', 'work_id', $workId); $form->addElement('style_submit_button', 'submit', get_lang('ModifyDirectory'), 'class="save"'); if ($form->validate()) { $params = $form->exportValues(); $workId = $params['work_id']; $editCheck = false; $workData = get_work_data_by_id($workId); if (!empty($workData)) { $editCheck = true; } else { $editCheck = true; } if ($editCheck) { updateWork($workId, $params, $courseInfo, $sessionId); updatePublicationAssignment($workId, $params, $courseInfo, $groupId); updateDirName($workData, $params['new_dir']); $currentUrl = api_get_path(WEB_CODE_PATH).'work/edit_work.php?id='.$workId.'&'.api_get_cidreq(); Session::write('message', Display::return_message(get_lang('FolderEdited'), 'success')); header('Location: '.$currentUrl);
/** * @param int $start * @param int $limit * @param int $column * @param string $direction * @param int $work_id * @param array $where_condition * @param int $studentId * @return array */ function get_work_user_list($start, $limit, $column, $direction, $work_id, $where_condition, $studentId = null) { $work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION); $iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY); $user_table = Database::get_main_table(TABLE_MAIN_USER); $session_id = api_get_session_id(); $course_id = api_get_course_int_id(); $group_id = api_get_group_id(); $course_info = api_get_course_info(api_get_course_id()); $work_id = intval($work_id); $column = empty($column) ?: Database::escape_string($column); $start = intval($start); $limit = intval($limit); if (!in_array($direction, array('asc', 'desc'))) { $direction = 'desc'; } $work_data = get_work_data_by_id($work_id); $is_allowed_to_edit = api_is_allowed_to_edit(null, true); $condition_session = api_get_session_condition($session_id); $locked = api_resource_is_locked_by_gradebook($work_id, LINK_STUDENTPUBLICATION); if (!empty($work_data)) { if (!empty($group_id)) { $extra_conditions = " work.post_group_id = '" . intval($group_id) . "' "; // set to select only messages posted by the user's group } else { $extra_conditions = " work.post_group_id = '0' "; } if ($is_allowed_to_edit) { $extra_conditions .= ' AND work.active IN (0, 1) '; } else { if (isset($course_info['show_score']) && $course_info['show_score'] == 1) { $extra_conditions .= " AND (u.user_id = " . api_get_user_id() . " AND work.active IN (0, 1) OR work.active = 1) "; } else { $extra_conditions .= ' AND work.active = 1 '; } } $extra_conditions .= " AND parent_id = " . $work_id . " "; $select = 'DISTINCT u.user_id, work.id as id, title as title, description, url, sent_date, contains_file, has_properties, view_properties, qualification, weight, allow_text_assignment, u.firstname, u.lastname, u.username, parent_id, accepted, qualificator_id'; $user_condition = "INNER JOIN {$user_table} u ON (work.user_id = u.user_id) "; $work_condition = "{$iprop_table} prop INNER JOIN {$work_table} work ON (prop.ref = work.id AND prop.c_id = {$course_id} AND work.c_id = {$course_id} ) "; $work_assignment = get_work_assignment_by_id($work_id); if (!empty($studentId)) { $where_condition .= " AND u.user_id = " . intval($studentId); } $sql = "SELECT {$select}\n FROM {$work_condition} {$user_condition}\n WHERE {$extra_conditions} {$where_condition} {$condition_session} "; $sql .= " ORDER BY {$column} {$direction} "; $sql .= " LIMIT {$start}, {$limit}"; $result = Database::query($sql); $works = array(); while ($work = Database::fetch_array($result, 'ASSOC')) { $item_id = $work['id']; // Get the author ID for that document from the item_property table $is_author = false; $can_read = false; $owner_id = $work['user_id']; /* Because a bug found when saving items using the api_item_property_update() the field $item_property_data['insert_user_id'] is not reliable. */ // $item_property_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id()); //if (!$is_allowed_to_edit && $item_property_data['insert_user_id'] == api_get_user_id()) { if (!$is_allowed_to_edit && $owner_id == api_get_user_id()) { $is_author = true; } if ($course_info['show_score'] == 0) { $can_read = true; } if ($work['accepted'] == '0') { $class = 'invisible'; } else { $class = ''; } $qualification_exists = false; if (!empty($work_data['qualification']) && intval($work_data['qualification']) > 0) { $qualification_exists = true; } $qualification_string = ''; if ($qualification_exists) { if ($work['qualification'] == '') { $qualification_string = Display::label('-'); } else { $qualification_string = Display::label($work['qualification'], 'info'); } } $add_string = ''; $time_expires = api_strtotime($work_assignment['expires_on'], 'UTC'); if (!empty($work_assignment['expires_on']) && $work_assignment['expires_on'] != '0000-00-00 00:00:00' && $time_expires && $time_expires < api_strtotime($work['sent_date'], 'UTC')) { $add_string = Display::label(get_lang('Expired'), 'important'); } if ($can_read && $work['accepted'] == '1' || $is_author && in_array($work['accepted'], array('1', '0')) || $is_allowed_to_edit) { // Firstname, lastname, username $work['firstname'] = Display::div($work['firstname'], array('class' => $class)); $work['lastname'] = Display::div($work['lastname'], array('class' => $class)); if (strlen($work['title']) > 30) { $short_title = substr($work['title'], 0, 27) . '...'; $work['title'] = Display::span($short_title, array('class' => $class, 'title' => $work['title'])); } else { $work['title'] = Display::div($work['title'], array('class' => $class)); } // Type. $work['type'] = build_document_icon_tag('file', $work['file']); // File name. $link_to_download = null; if ($work['contains_file']) { $link_to_download = '<a href="download.php?id=' . $item_id . '">' . Display::return_icon('save.png', get_lang('Save'), array(), ICON_SIZE_SMALL) . '</a> '; } else { //$link_to_download = '<a href="view.php?id='.$item_id.'">'.Display::return_icon('save_na.png', get_lang('Save'),array(), ICON_SIZE_SMALL).'</a> '; } $send_to = Portfolio::share('work', $work['id'], array('style' => 'white-space:nowrap;')); $work['qualification'] = $qualification_string; // Date. $work_date = api_convert_and_format_date($work['sent_date']); $work['sent_date'] = date_to_str_ago(api_get_local_time($work['sent_date'])) . ' ' . $add_string . '<br />' . $work_date; // Actions. $url = api_get_path(WEB_CODE_PATH) . 'work/'; $action = ''; if ($is_allowed_to_edit) { $action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a> '; if ($locked) { if ($qualification_exists) { $action .= Display::return_icon('rate_work_na.png', get_lang('CorrectAndRate'), array(), ICON_SIZE_SMALL); } else { $action .= Display::return_icon('edit_na.png', get_lang('Comment'), array(), ICON_SIZE_SMALL); } } else { if ($qualification_exists) { $action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '" title="' . get_lang('Modify') . '" >' . Display::return_icon('rate_work.png', get_lang('CorrectAndRate'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '&gradebook=' . Security::remove_XSS($_GET['gradebook']) . '" title="' . get_lang('Modify') . '">' . Display::return_icon('edit.png', get_lang('Comment'), array(), ICON_SIZE_SMALL) . '</a>'; } } if ($work['contains_file']) { if ($locked) { $action .= Display::return_icon('move_na.png', get_lang('Move'), array(), ICON_SIZE_SMALL); } else { $action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=move&item_id=' . $item_id . '" title="' . get_lang('Move') . '">' . Display::return_icon('move.png', get_lang('Move'), array(), ICON_SIZE_SMALL) . '</a>'; } } if ($work['accepted'] == '1') { $action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=make_invisible&item_id=' . $item_id . '&' . $sort_params . '" title="' . get_lang('Invisible') . '" >' . Display::return_icon('visible.png', get_lang('Invisible'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=make_visible&item_id=' . $item_id . '&' . $sort_params . '" title="' . get_lang('Visible') . '" >' . Display::return_icon('invisible.png', get_lang('Visible'), array(), ICON_SIZE_SMALL) . '</a> '; } if ($locked) { $action .= Display::return_icon('delete_na.png', get_lang('Delete'), '', ICON_SIZE_SMALL); } else { $action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=delete&item_id=' . $item_id . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;" title="' . get_lang('Delete') . '" >' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>'; } } elseif ($is_author && (empty($work['qualificator_id']) || $work['qualificator_id'] == 0)) { $action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a>'; if (api_get_course_setting('student_delete_own_publication') == 1) { if (api_is_allowed_to_session_edit(false, true)) { $action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '&gradebook=' . Security::remove_XSS($_GET['gradebook']) . '" title="' . get_lang('Modify') . '">' . Display::return_icon('edit.png', get_lang('Comment'), array(), ICON_SIZE_SMALL) . '</a>'; } $action .= ' <a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=delete&item_id=' . $item_id . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;" title="' . get_lang('Delete') . '" >' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>'; } else { $action .= Display::return_icon('edit_na.png', get_lang('Modify'), array(), ICON_SIZE_SMALL); } } else { $action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a>'; $action .= Display::return_icon('edit_na.png', get_lang('Modify'), array(), ICON_SIZE_SMALL); } // Status. if (empty($work['qualificator_id'])) { $qualificator_id = Display::label(get_lang('NotRevised'), 'warning'); } else { $qualificator_id = Display::label(get_lang('Revised'), 'success'); } $work['qualificator_id'] = $qualificator_id; $work['actions'] = $send_to . $link_to_download . $action; $works[] = $work; } } return $works; } }
* but this code will hopefully be replaced soon by an Apache URL * rewrite mechanism. * * @package chamilo.work */ //require_once '../inc/global.inc.php'; require_once 'work.lib.php'; // Course protection api_protect_course_script(true); $commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null; if (empty($commentId)) { api_not_allowed(true); } $workData = getWorkComment($commentId); $courseInfo = api_get_course_info(); if (!empty($workData)) { if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) { api_not_allowed(true); } $work = get_work_data_by_id($workData['work_id']); protectWork($courseInfo, $work['parent_id']); if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) { if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) { DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']); } } else { api_not_allowed(true); } } else { api_not_allowed(true); }
api_not_allowed(); } $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?' . api_get_cidreq(), 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group_space.php?' . api_get_cidreq(), 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']); } $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications')); $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work_list_all.php?' . api_get_cidreq() . '&id=' . $workId, 'name' => $my_folder_data['title']); $error_message = null; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null; $itemId = isset($_REQUEST['item_id']) ? intval($_REQUEST['item_id']) : null; $message = null; switch ($action) { case 'export_to_doc': if ($is_allowed_to_edit) { if (!empty($itemId)) { $work = get_work_data_by_id($itemId); if (!empty($work)) { Export::htmlToOdt($work['description'], $work['title']); } } } break; case 'delete': /* Delete document */ if ($itemId) { $fileDeleted = deleteWorkItem($itemId, $courseInfo); if (!$fileDeleted) { $message = Display::return_message(get_lang('YouAreNotAllowedToDeleteThisDocument'), 'error'); } else { $message = Display::return_message(get_lang('TheDocumentHasBeenDeleted'), 'confirmation'); }
/** * @param array $courseInfo * @param int $workId * @return bool */ function protectWork($courseInfo, $workId) { $userId = api_get_user_id(); $groupId = api_get_group_id(); $sessionId = api_get_session_id(); $workData = get_work_data_by_id($workId); if (empty($workData) || empty($courseInfo)) { api_not_allowed(true); } if (api_is_platform_admin() || api_is_allowed_to_edit()) { return true; } $workId = $workData['id']; if ($workData['active'] != 1) { api_not_allowed(true); } $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId); if ($visibility != 1) { api_not_allowed(true); } allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']); if (!empty($groupId)) { $showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK); if (!$showWork) { api_not_allowed(true); } } }
$this_section = SECTION_COURSES; $work_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null; $work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION); $is_allowed_to_edit = api_is_allowed_to_edit(); $course_id = api_get_course_int_id(); $user_id = api_get_user_id(); $userInfo = api_get_user_info(); $session_id = api_get_session_id(); $course_code = api_get_course_id(); $course_info = api_get_course_info(); $group_id = api_get_group_id(); if (empty($work_id)) { api_not_allowed(true); } allowOnlySubscribedUser($user_id, $work_id, $course_id); $parent_data = $my_folder_data = get_work_data_by_id($work_id); if (empty($parent_data)) { api_not_allowed(true); } $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id); $is_course_member = $is_course_member || api_is_platform_admin(); if ($is_course_member == false) { api_not_allowed(true); } $check = Security::check_token('post'); $token = Security::get_token(); $student_can_edit_in_session = api_is_allowed_to_session_edit(false, true); $has_ended = false; $is_author = false; $parent_data['qualification'] = intval($parent_data['qualification']); // @todo add an option to allow/block multiple attempts.