Exemplo n.º 1
0
 /**
  * Return true if user can see a file
  *
  * @param   int     document id
  * @param   array   course info
  * @param   int
  * @param   int
  * @param bool
  * @return  bool
  */
 public static function is_visible_by_id($doc_id, $course_info, $session_id, $user_id, $admins_can_see_everything = true)
 {
     $user_in_course = false;
     //1. Checking the course array
     if (empty($course_info)) {
         $course_info = api_get_course_info();
         if (empty($course_info)) {
             return false;
         }
     }
     $doc_id = intval($doc_id);
     $session_id = intval($session_id);
     //2. Course and Session visibility are handle in local.inc.php/global.inc.php
     //3. Checking if user exist in course/session
     if ($session_id == 0) {
         if (CourseManager::is_user_subscribed_in_course($user_id, $course_info['code']) || api_is_platform_admin()) {
             $user_in_course = true;
         }
         // Check if course is open then we can consider that the student is registered to the course
         if (isset($course_info) && in_array($course_info['visibility'], array(COURSE_VISIBILITY_OPEN_PLATFORM, COURSE_VISIBILITY_OPEN_WORLD))) {
             $user_in_course = true;
         }
     } else {
         $user_status = SessionManager::get_user_status_in_course_session($user_id, $course_info['real_id'], $session_id);
         if (in_array($user_status, array('0', '2', '6'))) {
             //is true if is an student, course session teacher or coach
             $user_in_course = true;
         }
         if (api_is_platform_admin()) {
             $user_in_course = true;
         }
     }
     // 4. Checking document visibility (i'm repeating the code in order to be more clear when reading ) - jm
     if ($user_in_course) {
         // 4.1 Checking document visibility for a Course
         if ($session_id == 0) {
             $item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0);
             if (isset($item_info['visibility'])) {
                 // True for admins if document exists
                 if ($admins_can_see_everything && api_is_platform_admin()) {
                     return true;
                 }
                 if ($item_info['visibility'] == 1) {
                     return true;
                 }
             }
         } else {
             // 4.2 Checking document visibility for a Course in a Session
             $item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0);
             $item_info_in_session = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, $session_id);
             // True for admins if document exists
             if (isset($item_info['visibility'])) {
                 if ($admins_can_see_everything && api_is_platform_admin()) {
                     return true;
                 }
             }
             if (isset($item_info_in_session['visibility'])) {
                 if ($item_info_in_session['visibility'] == 1) {
                     return true;
                 }
             } else {
                 if ($item_info['visibility'] == 1) {
                     return true;
                 }
             }
         }
     } elseif ($admins_can_see_everything && api_is_platform_admin()) {
         return true;
     }
     return false;
 }
Exemplo n.º 2
0
 /**
  * update done thematic advances from thematic details interface
  * @param 	int		Thematic id
  * @return	int		Affected rows
  */
 public function update_done_thematic_advances($thematic_advance_id)
 {
     $_course = api_get_course_info();
     $thematic_data = $this->get_thematic_list(null, api_get_course_id());
     $thematic_advance_data = $this->get_thematic_advance_list(null, api_get_course_id(), true);
     $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE);
     $affected_rows = 0;
     $user_id = api_get_user_id();
     $all = array();
     if (!empty($thematic_data)) {
         foreach ($thematic_data as $thematic) {
             $thematic_id = $thematic['id'];
             if (!empty($thematic_advance_data[$thematic['id']])) {
                 foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) {
                     $all[] = $thematic_advance['id'];
                 }
             }
         }
     }
     $error = null;
     $a_thematic_advance_ids = array();
     $course_id = api_get_course_int_id();
     $sessionId = api_get_session_id();
     if (!empty($thematic_data)) {
         foreach ($thematic_data as $thematic) {
             $my_affected_rows = 0;
             $thematic_id = $thematic['id'];
             if (!empty($thematic_advance_data[$thematic['id']])) {
                 foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) {
                     $item_info = api_get_item_property_info(api_get_course_int_id(), 'thematic_advance', $thematic_advance['id'], $sessionId);
                     if ($item_info['id_session'] == $sessionId) {
                         $a_thematic_advance_ids[] = $thematic_advance['id'];
                         // update done thematic for previous advances ((done_advance = 1))
                         $upd = "UPDATE {$tbl_thematic_advance} SET\n                                    done_advance = 1\n                                    WHERE c_id = {$course_id} AND id = " . $thematic_advance['id'] . " ";
                         $result = Database::query($upd);
                         $my_affected_rows = Database::affected_rows($result);
                         $affected_rows += $my_affected_rows;
                         //if ($my_affected_rows) {
                         api_item_property_update($_course, 'thematic_advance', $thematic_advance['id'], "ThematicAdvanceDone", $user_id);
                         //}
                         if ($thematic_advance['id'] == $thematic_advance_id) {
                             break 2;
                         }
                     }
                 }
             }
         }
     }
     // Update done thematic for others advances (done_advance = 0)
     if (!empty($a_thematic_advance_ids) && count($a_thematic_advance_ids) > 0) {
         $diff = array_diff($all, $a_thematic_advance_ids);
         if (!empty($diff)) {
             $upd = "UPDATE {$tbl_thematic_advance} SET done_advance = 0\n    \t\t\t        WHERE c_id = {$course_id} AND id IN(" . implode(',', $diff) . ") ";
             Database::query($upd);
         }
         // update item_property
         $tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
         $sql = "SELECT ref FROM {$tbl_item_property}\n                    WHERE\n                        c_id = {$course_id} AND\n                        tool='thematic_advance' AND\n                        lastedit_type='ThematicAdvanceDone' AND\n                        session_id = {$sessionId} ";
         // get all thematic advance done
         $rs_thematic_done = Database::query($sql);
         if (Database::num_rows($rs_thematic_done) > 0) {
             while ($row_thematic_done = Database::fetch_array($rs_thematic_done)) {
                 $ref = $row_thematic_done['ref'];
                 if (in_array($ref, $a_thematic_advance_ids)) {
                     continue;
                 }
                 // update items
                 $sql = "UPDATE {$tbl_item_property} SET\n                                lastedit_date='" . api_get_utc_datetime() . "',\n                                lastedit_type='ThematicAdvanceUpdated',\n                                lastedit_user_id = {$user_id}\n                            WHERE\n                                c_id = {$course_id} AND\n                                tool='thematic_advance' AND\n                                ref={$ref} AND\n                                session_id = {$sessionId}  ";
                 Database::query($sql);
             }
         }
     }
     return $affected_rows;
 }
Exemplo n.º 3
0
/*	Display user interface */
// Display the header
$nameTools = get_lang('EditDocument') . ': ' . Security::remove_XSS($document_data['title']);
Display::display_header($nameTools, 'Doc');
if (isset($msgError)) {
    Display::display_error_message($msgError);
}
if (isset($info_message)) {
    Display::display_confirmation_message($info_message);
    if (isset($_POST['origin'])) {
        $slide_id = $_POST['origin_opt'];
        $call_from_tool = $_POST['origin'];
    }
}
// Owner
$document_info = api_get_item_property_info(api_get_course_int_id(), 'document', $document_id);
$owner_id = $document_info['insert_user_id'];
$last_edit_date = $document_info['lastedit_date'];
if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_edit || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) {
    $action = api_get_self() . '?id=' . $document_data['id'];
    $form = new FormValidator('formEdit', 'post', $action, null, array('class' => 'form-horizontal'));
    // Form title
    $form->addElement('header', $nameTools);
    $form->addElement('hidden', 'filename');
    $form->addElement('hidden', 'extension');
    $form->addElement('hidden', 'file_path');
    $form->addElement('hidden', 'commentPath');
    $form->addElement('hidden', 'showedit');
    $form->addElement('hidden', 'origin');
    $form->addElement('hidden', 'origin_opt');
    $form->add_textfield('title', get_lang('Title'));
Exemplo n.º 4
0
/**
 * Get the file contents for an assigment
 * @param int $id
 * @param array $course_info
 * @param int Session ID
 * @return array|bool
 */
function getFileContents($id, $course_info, $sessionId = 0)
{
    $id = intval($id);
    if (empty($course_info) || empty($id)) {
        return false;
    }
    if (empty($sessionId)) {
        $sessionId = api_get_session_id();
    }

    $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);

    if (!empty($course_info['real_id'])) {
        $sql = 'SELECT * FROM '.$tbl_student_publication.'
                WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
        $result = Database::query($sql);
        if ($result && Database::num_rows($result)) {
            $row = Database::fetch_array($result, 'ASSOC');
            $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];

            $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
            allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);

            if (empty($item_info)) {
                api_not_allowed();
            }

            /*
            field show_score in table course :
                0 =>    New documents are visible for all users
                1 =>    New documents are only visible for the teacher(s)
            field visibility in table item_property :
                0 => eye closed, invisible for all students
                1 => eye open
            field accepted in table c_student_publication :
                0 => eye closed, invisible for all students
                1 => eye open
            ( We should have visibility == accepted, otherwise there is an
            inconsistency in the Database)
            field value in table c_course_setting :
                0 => Allow learners to delete their own publications = NO
                1 => Allow learners to delete their own publications = YES

            +------------------+-------------------------+------------------------+
            |Can download work?| doc visible for all = 0 | doc visible for all = 1|
            +------------------+-------------------------+------------------------+
            |  visibility = 0  | editor only             | editor only            |
            |                  |                         |                        |
            +------------------+-------------------------+------------------------+
            |  visibility = 1  | editor                  | editor                 |
            |                  | + owner of the work     | + any student          |
            +------------------+-------------------------+------------------------+
            (editor = teacher + admin + anybody with right api_is_allowed_to_edit)
            */

            $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
            $doc_visible_for_all = ($course_info['show_score'] == 1);

            $is_editor = api_is_allowed_to_edit(true, true, true);
            $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);

            if ($is_editor ||
                ($student_is_owner_of_work) ||
                ($doc_visible_for_all && $work_is_visible)
            ) {
                $title = $row['title'];
                if (array_key_exists('filename', $row) && !empty($row['filename'])) {
                    $title = $row['filename'];
                }
                $title = str_replace(' ', '_', $title);
                event_download($title);
                if (Security::check_abs_path(
                    $full_file_name,
                    api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
                ) {
                    return array(
                        'path' => $full_file_name,
                        'title' => $title
                    );
                }
            }
        }
    }

    return false;
}
Exemplo n.º 5
0
/**
 *
 * @param array
 * @return string HTML language variable
 *
 * @author Patrick Cool <*****@*****.**>, Ghent University
 * @version february 2006, dokeos 1.8
 */
function store_move_thread($values)
{
    $table_threads = Database::get_course_table(TABLE_FORUM_THREAD);
    $table_posts = Database::get_course_table(TABLE_FORUM_POST);
    $courseId = api_get_course_int_id();
    $sessionId = api_get_session_id();
    $forumId = intval($_POST['forum']);
    $threadId = intval($_POST['thread_id']);
    $forumInfo = get_forums($forumId);
    // Change the thread table: Setting the forum_id to the new forum.
    $sql = "UPDATE {$table_threads} SET forum_id = {$forumId}\n            WHERE c_id = {$courseId} AND thread_id = {$threadId}";
    Database::query($sql);
    // Changing all the posts of the thread: setting the forum_id to the new forum.
    $sql = "UPDATE {$table_posts} SET forum_id = {$forumId}\n            WHERE c_id = {$courseId} AND thread_id= {$threadId}";
    Database::query($sql);
    // Fix group id, if forum is moved to a different group
    if (!empty($forumInfo['to_group_id'])) {
        $groupId = $forumInfo['to_group_id'];
        $item = api_get_item_property_info($courseId, TABLE_FORUM_THREAD, $threadId, $sessionId, $groupId);
        $table = Database::get_course_table(TABLE_ITEM_PROPERTY);
        $sessionCondition = api_get_session_condition($sessionId);
        if (!empty($item)) {
            if ($item['to_group_id'] != $groupId) {
                $sql = "UPDATE {$table}\n                    SET to_group_id = {$groupId}\n                    WHERE\n                      tool = '" . TABLE_FORUM_THREAD . "' AND\n                      c_id = {$courseId} AND\n                      ref = " . $item['ref'] . "\n                      {$sessionCondition}\n                ";
                Database::query($sql);
            }
        } else {
            $sql = "UPDATE {$table}\n                    SET to_group_id = {$groupId}\n                    WHERE\n                      tool = '" . TABLE_FORUM_THREAD . "' AND\n                      c_id = {$courseId} AND\n                      ref = " . $threadId . "\n                      {$sessionCondition}\n            ";
            Database::query($sql);
        }
    }
    return get_lang('ThreadMoved');
}
Exemplo n.º 6
0
 /**
  * Checks if the learning path is visible for student after the progress
  * of its prerequisite is completed, considering the time availability and
  * the LP visibility.
  * @param int $lp_id
  * @param int $student_id
  * @param string Course code (optional)
  * @param int $sessionId
  * @return	bool
  */
 public static function is_lp_visible_for_student($lp_id, $student_id, $courseCode = null, $sessionId = null)
 {
     $lp_id = (int) $lp_id;
     $courseInfo = api_get_course_info($courseCode);
     $sessionId = intval($sessionId);
     if (empty($sessionId)) {
         $sessionId = api_get_session_id();
     }
     $tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN);
     // Get current prerequisite
     $sql = "SELECT id, prerequisite, subscribe_users, publicated_on, expired_on\n                FROM {$tbl_learnpath}\n                WHERE c_id = " . $courseInfo['real_id'] . " AND id = {$lp_id}";
     $itemInfo = api_get_item_property_info($courseInfo['real_id'], TOOL_LEARNPATH, $lp_id, $sessionId);
     // If the item was deleted.
     if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) {
         return false;
     }
     $rs = Database::query($sql);
     $now = time();
     if (Database::num_rows($rs) > 0) {
         $row = Database::fetch_array($rs, 'ASSOC');
         $prerequisite = $row['prerequisite'];
         $is_visible = true;
         if (!empty($prerequisite)) {
             $progress = self::getProgress($prerequisite, $student_id, $courseInfo['real_id'], $sessionId);
             $progress = intval($progress);
             if ($progress < 100) {
                 $is_visible = false;
             }
         }
         // Also check the time availability of the LP
         if ($is_visible) {
             // Adding visibility restrictions
             if (!empty($row['publicated_on']) && $row['publicated_on'] != '0000-00-00 00:00:00') {
                 if ($now < api_strtotime($row['publicated_on'], 'UTC')) {
                     //api_not_allowed();
                     $is_visible = false;
                 }
             }
             // Blocking empty start times see BT#2800
             global $_custom;
             if (isset($_custom['lps_hidden_when_no_start_date']) && $_custom['lps_hidden_when_no_start_date']) {
                 if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') {
                     //api_not_allowed();
                     $is_visible = false;
                 }
             }
             if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') {
                 if ($now > api_strtotime($row['expired_on'], 'UTC')) {
                     //api_not_allowed();
                     $is_visible = false;
                 }
             }
         }
         // Check if the subscription users/group to a LP is ON
         if (isset($row['subscribe_users']) && $row['subscribe_users'] == 1) {
             // Try group
             $is_visible = false;
             // Checking only the user visibility
             $userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, $student_id, 'LearnpathSubscription');
             if ($userVisibility == 1) {
                 $is_visible = true;
             } else {
                 $userGroups = GroupManager::getAllGroupPerUserSubscription($student_id);
                 if (!empty($userGroups)) {
                     foreach ($userGroups as $groupInfo) {
                         $groupId = $groupInfo['iid'];
                         $userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, null, 'LearnpathSubscription', $groupId);
                         if ($userVisibility == 1) {
                             $is_visible = true;
                             break;
                         }
                     }
                 }
             }
         }
         return $is_visible;
     }
     return false;
 }
Exemplo n.º 7
0
/**
 * Check if a user is the author of the item
 * @param int $item_id
 * @param int  $user_id
 * @return bool
 */
function user_is_author($item_id, $user_id = null)
{
    if (empty($item_id)) {
        return false;
    }
    if (empty($user_id)) {
        $user_id = api_get_user_id();
    }
    $is_author = false;
    $item_to_edit_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id());
    $is_allowed_to_edit = api_is_allowed_to_edit();
    if ($is_allowed_to_edit) {
        $is_author = true;
    } else {
        if ($item_to_edit_data['insert_user_id'] == $user_id) {
            $is_author = true;
        }
    }
    if (!$is_author) {
        //api_not_allowed();
        return false;
    }
    return $is_author;
}
Exemplo n.º 8
0
header('Pragma: no-cache');
//protection
api_protect_course_script(true);
$id = intval($_GET['id']);
$course_info = api_get_course_info();
if (empty($course_info)) {
    api_not_allowed(true);
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
    $sql = 'SELECT * FROM ' . $tbl_student_publication . ' WHERE c_id = ' . $course_info['real_id'] . ' AND id = "' . $id . '"';
    $result = Database::query($sql);
    if ($result && Database::num_rows($result)) {
        $row = Database::fetch_array($result, 'ASSOC');
        $full_file_name = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/' . $row['url'];
        $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id']);
        allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
        if (empty($item_info)) {
            exit;
        }
        /*
        field show_score in table course :  0 => 	New documents are visible for all users
                                            1 =>    New documents are only visible for the teacher(s)
        field visibility in table item_property :   0 => eye closed, invisible for all students
                                                    1 => eye open
        field accepted in table c_student_publication : 0 => eye closed, invisible for all students
                                                        1 => eye open
        (we should have visibility == accepted , otherwise there is an inconsistency in the Database)
        field value in table c_course_setting :     0 => Allow learners to delete their own publications = NO
                                                    1 => Allow learners to delete their own publications = YES
        
Exemplo n.º 9
0
}
if (!empty($exercise_list) && api_get_setting('exercise_invisible_in_session') === 'true') {
    if (!empty($sessionId)) {
        $changeDefaultVisibility = true;
        if (api_get_setting('configure_exercise_visibility_in_course') === 'true') {
            if (api_get_course_setting('exercise_invisible_in_session') == 1) {
                $changeDefaultVisibility = true;
            } else {
                $changeDefaultVisibility = false;
            }
        }
        if ($changeDefaultVisibility) {
            // Check exercise
            foreach ($exercise_list as $exercise) {
                if ($exercise['session_id'] == 0) {
                    $visibilityInfo = api_get_item_property_info($courseInfo, TOOL_QUIZ, $exercise['iid'], $sessionId);
                    if (empty($visibilityInfo)) {
                        // Create a record for this
                        api_item_property_update($courseInfo, TOOL_QUIZ, $exercise['iid'], 'invisible', api_get_user_id(), 0, null, '', '', $sessionId);
                    }
                }
            }
        }
    }
}
if (isset($list_ordered) && !empty($list_ordered)) {
    $new_question_list = array();
    foreach ($list_ordered as $exercise_id) {
        if (isset($exercise_list[$exercise_id])) {
            $new_question_list[] = $exercise_list[$exercise_id];
        }
Exemplo n.º 10
0
    /**
     * Checks if the learning path is visible for student after the progress
     * of its prerequisite is completed, considering the time availability and
     * the LP visibility.
     * @param int		Learnpath id
     * @param int		Student id
     * @param string Course code (optional)
     * @param int $sessionId
     * @return	bool
     */
    public static function is_lp_visible_for_student(
        $lp_id,
        $student_id,
        $courseCode = null,
        $sessionId = null
    ) {
        $lp_id = (int)$lp_id;
        $course = api_get_course_info($courseCode);
        $sessionId = intval($sessionId);

        if (empty($sessionId)) {
            $sessionId = api_get_session_id();
        }

        $tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN);
        // Get current prerequisite
        $sql = "SELECT id, prerequisite, publicated_on, expired_on
                FROM $tbl_learnpath
                WHERE c_id = ".$course['real_id']." AND id = $lp_id";

        $itemInfo = api_get_item_property_info(
            $course['real_id'],
            TOOL_LEARNPATH,
            $lp_id,
            $sessionId
        );

        // If the item was deleted.
        if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) {
            return false;
        }

        $rs  = Database::query($sql);
        $now = time();
        if (Database::num_rows($rs)>0) {
            $row = Database::fetch_array($rs, 'ASSOC');
            $prerequisite = $row['prerequisite'];
            $is_visible = true;

            if (!empty($prerequisite)) {
                $progress = self::getProgress(
                    $prerequisite,
                    $student_id,
                    $course['real_id'],
                    $sessionId
                );
                $progress = intval($progress);
                if ($progress < 100) {
                    $is_visible = false;
                }
            }

            // Also check the time availability of the LP
            if ($is_visible) {
                // Adding visibility restrictions
                if (!empty($row['publicated_on']) &&
                    $row['publicated_on'] != '0000-00-00 00:00:00'
                ) {
                    if ($now < api_strtotime($row['publicated_on'], 'UTC')) {
                        //api_not_allowed();
                        $is_visible = false;
                    }
                }

                // Blocking empty start times see BT#2800
                global $_custom;
                if (isset($_custom['lps_hidden_when_no_start_date']) &&
                    $_custom['lps_hidden_when_no_start_date']
                ) {
                    if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') {
                        //api_not_allowed();
                        $is_visible = false;
                    }
                }

                if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') {
                    if ($now > api_strtotime($row['expired_on'], 'UTC')) {
                        //api_not_allowed();
                        $is_visible = false;
                    }
                }
            }

            return $is_visible;
        }

        return false;
    }