require_once 'work.lib.php';
$id = isset($_GET['id']) ? intval($_GET['id']) : null;
$work = get_work_data_by_id($id);
if (empty($id) || empty($work)) {
api_not_allowed();
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']);
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (api_is_allowed_to_edit(null, true)) {
$url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id=' . $my_folder_data['id'];
}
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) {
$tpl = new Template();
$tpl->assign('work', $work);
$template = $tpl->get_template('work/view.tpl');
$content = $tpl->fetch($template);
$tpl->assign('content', $content);
$tpl->display_one_col_template();
} else {
api_not_allowed(true);
}
} else {
api_not_allowed(true);
}
$sql = "DELETE FROM {$TSTDPUBASG} WHERE c_id = {$course_id} AND publication_id ='{$delete_dir_id}'";
Database::query($sql);
$link_info = is_resource_in_course_gradebook(api_get_course_id(), 3, $delete_dir_id, api_get_session_id());
$link_id = $link_info['id'];
if ($link_info !== false) {
remove_resource_from_course_gradebook($link_id);
}
Display::display_confirmation_message(get_lang('DirDeleted') . ': ' . $work_to_delete['title']);
} else {
Display::display_warning_message(get_lang('ResourceLockedByGradebook'));
}
}
/* DELETE WORK COMMAND */
if ($action == 'delete' && $item_id) {
$file_deleted = false;
$is_author = user_is_author($item_id);
$work_data = get_work_data_by_id($item_id);
$locked = api_resource_is_locked_by_gradebook($work_data['parent_id'], LINK_STUDENTPUBLICATION);
if ($is_allowed_to_edit && $locked == false || ($locked == false and $is_author && api_get_course_setting('student_delete_own_publication') == 1 && $work_data['qualificator_id'] == 0)) {
//we found the current user is the author
$queryString1 = "SELECT url, contains_file FROM " . $work_table . " WHERE c_id = {$course_id} AND id = {$item_id}";
$result1 = Database::query($queryString1);
$row = Database::fetch_array($result1);
if (Database::num_rows($result1) > 0) {
$queryString2 = "UPDATE " . $work_table . " SET active = 2 WHERE c_id = {$course_id} AND id = {$item_id}";
$queryString3 = "DELETE FROM " . $TSTDPUBASG . " WHERE c_id = {$course_id} AND publication_id = {$item_id}";
Database::query($queryString2);
Database::query($queryString3);
api_item_property_update($_course, 'work', $item_id, 'DocumentDeleted', $user_id);
$work = $row['url'];
if ($row['contains_file'] == 1) {
/**
* Get the file contents for an assigment
* @param int $id
* @param array $course_info
* @param int Session ID
* @return array|bool
*/
function getFileContents($id, $course_info, $sessionId = 0)
{
$id = intval($id);
if (empty($course_info) || empty($id)) {
return false;
}
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM '.$tbl_student_publication.'
WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
api_not_allowed();
}
/*
field show_score in table course :
0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
field visibility in table item_property :
0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication :
0 => eye closed, invisible for all students
1 => eye open
( We should have visibility == accepted, otherwise there is an
inconsistency in the Database)
field value in table c_course_setting :
0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
+------------------+-------------------------+------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+-------------------------+------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+-------------------------+------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+-------------------------+------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
$doc_visible_for_all = ($course_info['show_score'] == 1);
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor ||
($student_is_owner_of_work) ||
($doc_visible_for_all && $work_is_visible)
) {
$title = $row['title'];
if (array_key_exists('filename', $row) && !empty($row['filename'])) {
$title = $row['filename'];
}
$title = str_replace(' ', '_', $title);
event_download($title);
if (Security::check_abs_path(
$full_file_name,
api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
) {
return array(
'path' => $full_file_name,
'title' => $title
);
}
}
}
}
return false;
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$courseInfo = api_get_course_info();
protectWork(api_get_course_info(), $work['parent_id']);
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), $courseInfo);
if (user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach()) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (api_is_allowed_to_edit() || api_is_coach() || api_is_drh()) {
$url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id=' . $my_folder_data['id'];
}
$userInfo = api_get_user_info($work['user_id']);
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => $userInfo['complete_name']);
$interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
if ($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || (api_is_allowed_to_edit() || api_is_coach()) || user_is_author($id) || $isDrhOfCourse) {
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$page = isset($_REQUEST['page']) ? $_REQUEST['page'] : null;
if ($page == 'edit') {
$url = api_get_path(WEB_CODE_PATH) . 'work/edit.php?id=' . $my_folder_data['id'] . '&item_id=' . $work['id'] . '&' . api_get_cidreq();
} else {
$url = api_get_path(WEB_CODE_PATH) . 'work/view.php?id=' . $work['id'] . '&' . api_get_cidreq();
}
switch ($action) {
case 'send_comment':
if (isset($_FILES["file"])) {
$_POST['file'] = $_FILES["file"];
}
addWorkComment(api_get_course_info(), api_get_user_id(), $my_folder_data, $work, $_POST);
Display::addFlash(Display::return_message(get_lang('CommentCreated')));
header('Location: ' . $url);
) {
if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
$url_dir = 'work_list_all.php?id='.$my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id='.$my_folder_data['id'];
}
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#','name' => $work['title']);
//|| api_is_drh()
if (($courseInfo['show_score'] == 0 &&
$work['active'] == 1 &&
$work['accepted'] == 1
) ||
(api_is_allowed_to_edit() || api_is_coach()) ||
user_is_author($id) ||
$isDrhOfCourse
) {
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
switch ($action) {
case 'send_comment':
if (isset($_FILES["file"])) {
$_POST['file'] = $_FILES["file"];
}
addWorkComment(
api_get_course_info(),
api_get_user_id(),
$my_folder_data,
$work,
$_POST
);
$class = 'save';
// fix the Ok button when we see the tool in the learn path
$form->addButtonUpdate($text);
$form->setDefaults($defaults);
$error_message = null;
$_course = api_get_course_info();
$currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/';
$succeed = false;
if ($form->validate()) {
if ($student_can_edit_in_session && $check) {
/*
* SPECIAL CASE ! For a work edited
*/
//Get the author ID for that document from the item_property table
$item_to_edit_id = intval($_POST['item_to_edit']);
$is_author = user_is_author($item_to_edit_id);
if ($is_author) {
$work_data = get_work_data_by_id($item_to_edit_id);
if (!empty($_POST['title'])) {
$title = isset($_POST['title']) ? $_POST['title'] : $work_data['title'];
}
$description = isset($_POST['description']) ? $_POST['description'] : $work_data['description'];
$add_to_update = null;
if ($is_allowed_to_edit && $_POST['qualification'] != '') {
$add_to_update = ', qualificator_id =' . "'" . api_get_user_id() . "', ";
$add_to_update .= ' qualification = ' . "'" . Database::escape_string($_POST['qualification']) . "',";
$add_to_update .= ' date_of_qualification = ' . "'" . api_get_utc_datetime() . "'";
if (isset($_POST['send_email'])) {
$url = api_get_path(WEB_CODE_PATH) . 'work/view.php?' . api_get_cidreq() . '&id=' . $item_to_edit_id;
$subject = sprintf(get_lang('ThereIsANewWorkFeedback'), $work_item['title']);
$message = sprintf(get_lang('ThereIsANewWorkFeedbackInWorkXHere'), $work_item['title'], $url);
* but this code will hopefully be replaced soon by an Apache URL
* rewrite mechanism.
*
* @package chamilo.work
*/
//require_once '../inc/global.inc.php';
require_once 'work.lib.php';
// Course protection
api_protect_course_script(true);
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
if (empty($commentId)) {
api_not_allowed(true);
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) {
api_not_allowed(true);
}
$work = get_work_data_by_id($workData['work_id']);
protectWork($courseInfo, $work['parent_id']);
if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']);
}
} else {
api_not_allowed(true);
}
} else {
api_not_allowed(true);
}
1 => Allow learners to delete their own publications = YES
+------------------+------------------------------+----------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+------------------------------+----------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+------------------------------+----------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+------------------------------+----------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = $item_info['visibility'] == 1 && $row['accepted'] == 1;
$doc_visible_for_all = $course_info['show_score'] == 1;
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor || $student_is_owner_of_work || $doc_visible_for_all && $work_is_visible) {
$title = str_replace(' ', '_', $row['title']);
event_download($title);
if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
DocumentManager::file_send_for_download($full_file_name, true, $title);
}
} else {
api_not_allowed();
}
}
} else {
api_not_allowed();
}
exit;
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
if (
empty($workData['file_path']) ||
(isset($workData['file_path']) && !file_exists($workData['file_path']))
) {
api_not_allowed(true);
}
$work = get_work_data_by_id($workData['work_id']);
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $courseInfo['real_id']);
if (user_is_author($workData['work_id']) ||
$courseInfo['show_score'] == 0 &&
$work['active'] == 1 &&
$work['accepted'] == 1
) {
if (Security::check_abs_path(
$workData['file_path'],
api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/'
)
) {
DocumentManager::file_send_for_download(
$workData['file_path'],
true,
$workData['file_name_to_show']
);
}
