/** * Returns true if the current user has the right to view * * @return boolean */ public function can_view() { $authorize = api_protect_course_script(true); if (!$authorize) { return false; } $c_id = Request::get_c_id(); if (empty($c_id)) { return false; } return true; }
public function authorize() { $authorize = api_protect_course_script(); if (!$authorize) { return false; } $c_id = Request::get_c_id(); if (empty($c_id)) { return false; } if (Request::is_student_view()) { return false; } if (!$this->is_allowed_to_edit()) { return false; } return true; }
<?php /* For licensing terms, see /license.txt */ /** * This file allows creating new html documents with an online WYSIWYG html editor. * * @package chamilo.document */ /** * Code */ /* INIT SECTION */ // Name of the language file that needs to be included $language_file = array('document', 'gradebook'); ////require_once '../inc/global.inc.php'; api_protect_course_script(); $_SESSION['whereami'] = 'document/create'; $this_section = SECTION_COURSES; $htmlHeadXtra[] = '<script> var hide_bar = function() { $("#template_col").hide(); $("#doc_form").removeClass("span9"); $("#doc_form").addClass("span11"); } $(document).ready(function() { if ($(window).width() <= 785 ) { hide_bar(); } $("#hide_bar_template").toggle(
/* For licensing terms, see /license.txt */ /** * This script displays an area where teachers can edit the group properties and member list. * Groups are also often called "teams" in the Dokeos code. * * @author various contributors * @author Roan Embrechts (VUB), partial code cleanup, initial virtual course support * @package chamilo.group * @todo course admin functionality to create groups based on who is in which course (or class). */ //require_once '../inc/global.inc.php'; $this_section = SECTION_COURSES; $current_course_tool = TOOL_GROUP; // Notice for unauthorized people. api_protect_course_script(true); $group_id = api_get_group_id(); $current_group = GroupManager::get_group_properties($group_id); $nameTools = get_lang('EditGroup'); $interbreadcrumb[] = array('url' => 'group.php', 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => 'group_space.php?' . api_get_cidReq(), 'name' => $current_group['name']); $is_group_member = GroupManager::is_tutor_of_group(api_get_user_id(), $group_id); if (!api_is_allowed_to_edit(false, true) && !$is_group_member) { api_not_allowed(true); } /** * List all users registered to the course */ function search_members_keyword($firstname, $lastname, $username, $official_code, $keyword) { if (api_strripos($firstname, $keyword) !== false || api_strripos($lastname, $keyword) !== false || api_strripos($username, $keyword) !== false || api_strripos($official_code, $keyword) !== false) {
/* For licensing terms, see /license.txt */ /** * Exercise list: This script shows the list of exercises for administrators and students. * @package chamilo.exercise * @author Julio Montoya <*****@*****.**> jqgrid integration * Modified by hubert.borderiou (question category) * * @todo fix excel export * */ //require_once '../inc/global.inc.php'; // Setting the tabs $this_section = SECTION_COURSES; $htmlHeadXtra[] = api_get_jqgrid_js(); // Access control api_protect_course_script(true, false, true); // including additional libraries require_once 'hotpotatoes.lib.php'; $_course = api_get_course_info(); // document path $documentPath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . "/document"; $origin = isset($origin) ? $origin : null; $path = isset($_GET['path']) ? Security::remove_XSS($_GET['path']) : null; /* Constants and variables */ $is_allowedToEdit = api_is_allowed_to_edit(null, true) || api_is_drh() || api_is_student_boss(); $is_tutor = api_is_allowed_to_edit(true); $TBL_QUESTIONS = Database::get_course_table(TABLE_QUIZ_QUESTION); $TBL_TRACK_EXERCISES = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES); $TBL_TRACK_ATTEMPT = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT); $TBL_TRACK_ATTEMPT_RECORDING = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING); $TBL_LP_ITEM_VIEW = Database::get_course_table(TABLE_LP_ITEM_VIEW);
* * @author Julio Montoya - Simple exercise result page * */ //require_once '../inc/global.inc.php'; if (empty($origin)) { $origin = $_REQUEST['origin']; } $id = isset($_REQUEST['id']) ? intval($_GET['id']) : null; //exe id $show_headers = isset($_REQUEST['show_headers']) ? intval($_REQUEST['show_headers']) : null; //exe id if ($origin == 'learnpath') { $show_headers = false; } api_protect_course_script($show_headers); if (empty($id)) { api_not_allowed($show_headers); } $is_allowedToEdit = api_is_allowed_to_edit(null, true) || $is_courseTutor; //Getting results from the exe_id. This variable also contain all the information about the exercise $track_exercise_info = ExerciseLib::get_exercise_track_exercise_info($id); //No track info if (empty($track_exercise_info)) { api_not_allowed($show_headers); } $exercise_id = $track_exercise_info['exe_exo_id']; $student_id = $track_exercise_info['exe_user_id']; $current_user_id = api_get_user_id(); $objExercise = new Exercise(); if (!empty($exercise_id)) {
<?php /* For licensing terms, see /license.txt */ /** * Responses to AJAX calls for forum attachments * @package chamilo/forum * @author Daniel Barreto Alva <*****@*****.**> */ require_once '../global.inc.php'; require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php'; // First, protect this script api_protect_course_script(false); /** * Main code */ // Create a default error response $json = array('error' => true, 'errorMessage' => 'ERROR'); $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null; $current_forum = get_forum_information($_REQUEST['forum']); $current_forum_category = get_forumcategory_information($current_forum['forum_category']); $current_thread = get_thread_information($_REQUEST['thread']); // Check if exist action if (!empty($action)) { switch ($action) { case 'upload_file': if (!empty($_FILES) && !empty($_REQUEST['forum'])) { // The user is not allowed here if // 1. the forum category, forum or thread is invisible (visibility==0) // 2. the forum category, forum or thread is locked (locked <>0) // 3. if anonymous posts are not allowed // The only exception is the course manager
* Used to transfer files to another application through http. * * Script parameters: * * - id id(s) of the document id=1 or id=1,2,4 * - cidReq course code * * Note this script enables key authentication so access with a key token is possible. * * @package chamilo.document * @license see /license.txt * @author Laurent Opprecht <*****@*****.**> for the Univesity of Geneva */ KeyAuth::enable(); require_once __DIR__ . '/../inc/global.inc.php'; $has_access = api_protect_course_script(); if (!$has_access) { exit; } session_cache_limiter('none'); $ids = Request::get('id', ''); $ids = $ids ? explode(',', $ids) : array(); $course = Course::current(); /** * No files requested. We make sure we return 404 error to tell the client * that the call failed. */ if (count($ids) == 0 || empty($course)) { Response::not_found(); } /**