//allowed to upload?
if ($is_allowed_to_edit || GroupManager::is_subscribed($userId, $groupId)) {
// Only courseadmin or group members can upload
$group_member_with_upload_rights = true;
}
}
Session::write('group_member_with_upload_rights', $group_member_with_upload_rights);
} else {
Session::write('group_member_with_upload_rights', false);
}
// Actions.
$document_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$currentUrl = api_get_self() . '?' . api_get_cidreq() . '&id=' . $document_id;
if (Portfolio::controller()->accept()) {
Portfolio::controller()->run();
}
$curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
switch ($action) {
case 'delete_item':
if ($is_allowed_to_edit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId)) {
if (isset($_GET['deleteid'])) {
if (!$is_allowed_to_edit) {
if (api_is_coach()) {
if (!DocumentManager::is_visible_by_id($_GET['deleteid'], $courseInfo, $sessionId, api_get_user_id())) {
api_not_allowed();
}
}
if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $_GET['deleteid'], true)) {
api_not_allowed();
}