function check_competency_result_access($userId, $crId, &$found)
{
// select the first assessment_worksheet which (through several layers of
// indirection) is referenced by the competency item
$query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('assessment_worksheet' => 'id'), 'joins' => array("INNER JOIN rubric_results ON rubric_results.id = assessment_worksheet.fk_rubric_results", "INNER JOIN competency_results ON competency_results.fk_rubric_results = rubric_results.id"), 'where' => "competency_results.id = ?", 'where-params' => array("i:{$crId}"))));
if ($query->is_empty()) {
$found = false;
return false;
}
$found = true;
// then verify that we have access to the worksheet for some assessment
$wkstId = $query->get_row_ordered()[0];
return check_assessment_access($userId, $wkstId, 'assessment_worksheet');
}
function update_wkst($id, $objec, $instr, $coa)
{
// verify access to worksheet
if (!abet_is_admin_authenticated() && !check_assessment_access($_SESSION['id'], $id, 'assessment_worksheet')) {
page_fail(UNAUTHORIZED);
}
// prepare fields
$us = array();
if (!is_null($objec)) {
$us['objective'] = "s:{$objec}";
}
if (!is_null($instr)) {
$us['instrument'] = "s:{$instr}";
}
if (!is_null($coa)) {
$us['course_of_action'] = "s:{$coa}";
}
if (count($us) > 0) {
// update the three fields of importance
$query = new Query(new QueryBuilder(UPDATE_QUERY, array('table' => 'assessment_worksheet', 'updates' => $us, 'where' => 'id = ?', 'where-params' => array("i:{$id}"), 'limit' => 1)));
}
echo "{\"success\":true}";
}
page_fail(BAD_REQUEST);
}
// double check access to content
if (!abet_is_admin_authenticated() && !abet_is_observer() && !check_assessment_access($_SESSION['id'], $_GET['id'], 'general_content')) {
page_fail(UNAUTHORIZED);
}
echo get_content($_GET['id']);
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (abet_is_observer()) {
// observers can't post data
page_fail(UNAUTHORIZED);
}
if (array_key_exists('id', $_POST) && array_key_exists('type', $_POST)) {
// make sure user can access general_content entity
if (!abet_is_admin_authenticated() && !check_assessment_access($_SESSION['id'], $_POST['id'], 'general_content')) {
page_fail(UNAUTHORIZED);
}
// create new content (single entity)
if ($_POST['type'] == 'file' && array_key_exists('file', $_FILES)) {
// make sure file data was uploaded correctly
if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
page_fail_with_reason(SERVER_ERROR, "file upload was unsuccessful");
}
echo create_file($_POST['id']);
} else {
if ($_POST['type'] == 'comment') {
echo create_comment($_POST['id']);
} else {
page_fail(BAD_REQUEST);
}
function update_rubric($obj)
{
global $RUBRIC;
global $RUBRIC_DESCRIPTION;
global $RUBRIC_RESULTS;
global $COMPETENCY;
if (!array_key_exists('id', $obj)) {
page_fail(BAD_REQUEST);
}
$id = $obj['id'];
// verify access to object
if (!abet_is_admin_authenticated() && !check_assessment_access($_SESSION[id], $id, 'assessment_worksheet')) {
page_fail(UNAUTHORIZED);
}
list($rId, $rdId, $rrId) = grab_rubric_ids($id);
// update 'rubric'
$updates = array();
if (array_key_exists('name', $obj)) {
$updates['name'] = "s:{$obj['name']}";
}
if (array_key_exists('threshold', $obj)) {
$updates['threshold'] = "d:{$obj['threshold']}";
}
if (array_key_exists('threshold_desc', $obj)) {
$updates['threshold_desc'] = "s:{$obj['threshold_desc']}";
}
generic_update('rubric', $rId, $updates);
// update 'rubric_description'
$updates = array();
if (array_key_exists('outstanding_desc', $obj)) {
$updates['outstanding_desc'] = "s:{$obj['outstanding_desc']}";
}
if (array_key_exists('expected_desc', $obj)) {
$updates['expected_desc'] = "s:{$obj['expected_desc']}";
}
if (array_key_exists('marginal_desc', $obj)) {
$updates['marginal_desc'] = "s:{$obj['marginal_desc']}";
}
if (array_key_exists('unacceptable_desc', $obj)) {
$updates['unacceptable_desc'] = "s:{$obj['unacceptable_desc']}";
}
generic_update('rubric_description', $rdId, $updates);
// update 'rubric_results'
$updates = array();
if (array_key_exists('total_students', $obj)) {
$updates['total_students'] = "i:{$obj['total_students']}";
}
generic_update('rubric_results', $rrId, $updates);
// update each competency
if (array_key_exists('competency', $obj)) {
foreach ($obj['competency'] as $comp) {
if (!array_key_exists('id', $comp)) {
continue;
}
$id = $comp['id'];
// check access to competency result entity (silently fail if denied)
if (!abet_is_admin_authenticated() && !check_competency_result_access($_SESSION['id'], $id, $found)) {
continue;
}
$updates = array();
if (array_key_exists('description', $comp)) {
$updates['competency_desc'] = "s:{$comp['description']}";
}
if (array_key_exists('outstanding_tally', $comp)) {
$updates['outstanding_tally'] = "s:{$comp['outstanding_tally']}";
}
if (array_key_exists('expected_tally', $comp)) {
$updates['expected_tally'] = "s:{$comp['expected_tally']}";
}
if (array_key_exists('marginal_tally', $comp)) {
$updates['marginal_tally'] = "s:{$comp['marginal_tally']}";
}
if (array_key_exists('unacceptable_tally', $comp)) {
$updates['unacceptable_tally'] = "s:{$comp['unacceptable_tally']}";
}
if (array_key_exists('pass_fail_type', $comp)) {
$updates['pass_fail_type'] = $comp['pass_fail_type'] ? "l:1" : "l:0";
}
if (array_key_exists('comment', $comp)) {
$updates['comment'] = "s:{$comp['comment']}";
}
generic_update('competency_results', $id, $updates);
}
}
return "{\"success\":true}";
}
