} else { Display::display_error_message(get_lang('Impossible')); } } } else { Display::display_error_message(get_lang('Impossible')); } } } /* DELETE FILE OR DIRECTORY */ //Only teacher and all users into their group if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_folder(api_get_user_id(), $curdirpath, $session_id)) { if (isset($_GET['delete'])) { if (!$is_allowed_to_edit) { if (api_is_coach()) { if (!DocumentManager::is_visible($_GET['delete'], $_course, api_get_session_id())) { api_not_allowed(); } } if (DocumentManager::check_readonly($_course, api_get_user_id(), $_GET['delete'], '', true)) { api_not_allowed(); } } if (DocumentManager::delete_document($_course, $_GET['delete'], $base_work_dir)) { if (isset($_GET['delete_certificate_id']) && $_GET['delete_certificate_id'] == strval(intval($_GET['delete_certificate_id']))) { $default_certificate_id = $_GET['delete_certificate_id']; DocumentManager::remove_attach_certificate(api_get_course_id(), $default_certificate_id); } Display::display_confirmation_message(get_lang('DocDeleted')); } else { Display::display_error_message(get_lang('DocDeleteError'));
}); $("#convertModal").on("hidden", function(){ $("." + format + "FormatType").hide(); }); } </script>'; // If they are looking at group documents they can't see the root if ($groupId != 0 && $curdirpath == '/') { $curdirpath = $group_properties['directory']; $curdirpathurl = urlencode($group_properties['directory']); } // Check visibility of the current dir path. Don't show anything if not allowed //@todo check this validation for coaches //if (!$is_allowed_to_edit || api_is_coach()) { before if (!$is_allowed_to_edit && api_is_coach()) { if ($curdirpath != '/' && !DocumentManager::is_visible($curdirpath, $courseInfo, $sessionId, 'folder')) { api_not_allowed(true); } } /* Create shared folders */ if ($sessionId == 0) { //Create shared folder. Necessary for recycled courses. // session_id should always be zero and should always be created from a // base course, never from a session. if (!file_exists($base_work_dir . '/shared_folder')) { $usf_dir_title = get_lang('UserFolders'); $usf_dir_name = '/shared_folder'; //$groupId = 0; $visibility = 0; create_unexisting_directory($courseInfo, api_get_user_id(), $sessionId, 0, $to_user_id, $base_work_dir, $usf_dir_name, $usf_dir_title, $visibility); }
if (isset($path_info['extension']) && $path_info['extension'] == 'swf') { $fixed_url = str_replace('-', '_', $doc_url); $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url); if (!$doc_id) { $fix_file_name = true; } } if (Security::check_abs_path($sys_course_path . $doc_url, $sys_course_path . '/')) { $full_file_name = $sys_course_path . $doc_url; if ($fix_file_name) { $doc_url = $fixed_url; } // Check visibility of document and paths $is_visible = DocumentManager::is_visible($doc_url, $_course, api_get_session_id()); //Document's slideshow thumbnails //correct $is_visible used in below and ??. Now the students can view the thumbnails too if (preg_match('/\\.thumbs\\/\\./', $doc_url)) { $doc_url_thumbs = str_replace('.thumbs/.', '', $doc_url); $is_visible = DocumentManager::is_visible($doc_url_thumbs, $_course, api_get_session_id()); } if (!api_is_allowed_to_edit() && !$is_visible) { Display::display_error_message(get_lang('ProtectedDocument')); //api_not_allowed backbutton won't work. exit; // You shouldn't be here anyway. } // Launch event event_download($doc_url); DocumentManager::file_send_for_download($full_file_name); } exit;