foreach ($workList as $workId) {
deleteDirWork($workId);
}
}
break;
case 'upload_correction_file':
api_protect_course_script(true);
// User access same as upload.php
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$itemId = isset($_GET['item_id']) ? intval($_GET['item_id']) : '';
$result = array();
if (!empty($_FILES) && !empty($itemId)) {
$file = $_FILES['file'];
$courseInfo = api_get_course_info();
$workInfo = get_work_data_by_id($itemId);
$workInfoParent = get_work_data_by_id($workInfo['parent_id']);
$resultUpload = uploadWork($workInfoParent, $courseInfo, true, $workInfo);
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (isset($resultUpload['url']) && !empty($resultUpload['url'])) {
$title = isset($resultUpload['filename']) && !empty($resultUpload['filename']) ? $resultUpload['filename'] : get_lang('Untitled');
$url = Database::escape_string($resultUpload['url']);
$title = Database::escape_string($title);
$sql = "UPDATE {$work_table} SET\n url_correction = '" . $url . "',\n title_correction = '" . $title . "'\n WHERE iid = {$itemId}";
Database::query($sql);
$result['title'] = $resultUpload['filename'];
$result['url'] = 'view.php?' . api_get_cidreq() . '&id=' . $itemId;
$json = array();
$json['name'] = Display::url(api_htmlentities($result['title']), api_htmlentities($result['url']), array('target' => '_blank'));
$json['type'] = api_htmlentities($file['type']);
$json['size'] = format_file_size($file['size']);
}
<?php
/* For licensing terms, see /license.txt */
/**
* Functions and main code for the download folder feature
* @todo use ids instead of the path like the document tool
* @package chamilo.work
*/
$work_id = $_GET['id'];
//require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
//protection
api_protect_course_script(true);
require_once 'work.lib.php';
$work_data = get_work_data_by_id($work_id);
$groupId = api_get_group_id();
if (empty($work_data)) {
exit;
}
//prevent some stuff
if (empty($path)) {
$path = '/';
}
if (empty($_course) || empty($_course['path'])) {
api_not_allowed();
}
$sys_course_path = api_get_path(SYS_COURSE_PATH);
//zip library for creation of the zipfile
require_once api_get_path(LIBRARY_PATH) . 'pclzip/pclzip.lib.php';
//Creating a ZIP file
$temp_zip_file = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip";
$current_course_tool = TOOL_STUDENTPUBLICATION;
api_protect_course_script(true);
// Including necessary files
require_once 'work.lib.php';
$this_section = SECTION_COURSES;
$workId = isset($_GET['id']) ? intval($_GET['id']) : null;
$origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
if (empty($workId)) {
api_not_allowed(true);
}
$my_folder_data = get_work_data_by_id($workId);
if (empty($my_folder_data)) {
api_not_allowed(true);
}
if ($my_folder_data['active'] != 1) {
api_not_allowed(true);
}
$work_data = get_work_assignment_by_id($workId);
$tool_name = get_lang('StudentPublications');
$group_id = api_get_group_id();
$courseInfo = api_get_course_info();
$htmlHeadXtra[] = api_get_jqgrid_js();
$result = addDir($_POST, $user_id, $_course, $group_id, $id_session);
if ($result) {
$message = Display::return_message(get_lang('DirectoryCreated'), 'success');
} else {
$message = Display::return_message(get_lang('CannotCreateDir'), 'error');
}
Session::write('message', $message);
header('Location: ' . $currentUrl);
exit;
} else {
$content = $form->return_form();
}
break;
case 'delete_dir':
if ($is_allowed_to_edit) {
$work_to_delete = get_work_data_by_id($_REQUEST['id']);
$result = deleteDirWork($_REQUEST['id']);
if ($result) {
$message = Display::return_message(get_lang('DirDeleted') . ': ' . $work_to_delete['title'], 'success');
Session::write('message', $message);
}
header('Location: ' . $currentUrl);
exit;
}
break;
case 'move':
/* Move file form request */
if ($is_allowed_to_edit) {
if (!empty($item_id)) {
$content = generateMoveForm($item_id, $curdirpath, $course_info, $group_id, $session_id);
}
<?php
/* For licensing terms, see /license.txt */
$language_file = array('exercice', 'work', 'document', 'admin');
//require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
require_once 'work.lib.php';
$id = isset($_GET['id']) ? intval($_GET['id']) : null;
$work = get_work_data_by_id($id);
if (empty($id) || empty($work)) {
api_not_allowed();
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']);
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (api_is_allowed_to_edit(null, true)) {
$url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id=' . $my_folder_data['id'];
}
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
if ($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || api_is_allowed_to_edit() || user_is_author($id)) {
$tpl = new Template();
$tpl->assign('work', $work);
$template = $tpl->get_template('work/view.tpl');
$content = $tpl->fetch($template);
$tpl->assign('content', $content);
$tpl->display_one_col_template();
require_once 'work.lib.php';
$this_section = SECTION_COURSES;
$work_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
$is_allowed_to_edit = api_is_allowed_to_edit();
$course_id = api_get_course_int_id();
$user_id = api_get_user_id();
$userInfo = api_get_user_info();
$session_id = api_get_session_id();
$course_info = api_get_course_info();
$course_code = $course_info['code'];
$group_id = api_get_group_id();
if (empty($work_id)) {
api_not_allowed(true);
}
protectWork($course_info, $work_id);
$workInfo = get_work_data_by_id($work_id);
$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id, $session_id);
$is_course_member = $is_course_member || api_is_platform_admin();
if ($is_course_member == false || api_is_invitee()) {
api_not_allowed(true);
}
$check = Security::check_token('post');
$token = Security::get_token();
$student_can_edit_in_session = api_is_allowed_to_session_edit(false, true);
// @todo add an option to allow/block multiple attempts.
/*
if (!empty($workInfo) && !empty($workInfo['qualification'])) {
$count = get_work_count_by_student($user_id, $work_id);
if ($count >= 1) {
Display::display_header();
if (api_get_course_setting('student_delete_own_publication') == '1') {
$finalResult[$title] = $item['id'];
}
$coursePath = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/';
$workDir = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/work/';
$workDir .= basename($workInfo['url']) . '/';
$finder = new Finder();
$finder->files()->in($destinationDir);
/** @var SplFileInfo $file */
foreach ($finder as $file) {
$fileName = $file->getBasename();
$fileName = substr($fileName, 20, strlen($fileName));
$pos = strpos($fileName, '-') + 1;
$fileName = substr($fileName, $pos, strlen($fileName));
if (isset($finalResult[$fileName])) {
$workStudentId = $finalResult[$fileName];
$workStudent = get_work_data_by_id($workStudentId);
if ($workStudent) {
if (!empty($workStudent['url_correction'])) {
$correctionFilePath = $coursePath . $workStudent['url_correction'];
$correctionTitle = $workStudent['title_correction'];
} else {
if (!empty($workStudent['url'])) {
$correctionFilePath = $coursePath . $workStudent['url'] . '_correction';
$correctionTitle = $fileName;
} else {
//$correctionFilePath = $workDir.api_get_unique_id().'_correction';
}
}
$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($correctionFilePath)) {
$result = copy($file->getRealPath(), $correctionFilePath);
/**
* Get all work created by a user
* @param int $user_id
* @param int $courseId
* @param int $sessionId
* @return array
*/
function getWorkCreatedByUser($user_id, $courseId, $sessionId)
{
$items = api_get_item_property_list_by_tool_by_user(
$user_id,
'work',
$courseId,
$sessionId
);
$forumList = array();
if (!empty($items)) {
foreach ($items as $forum) {
$item = get_work_data_by_id(
$forum['ref'],
$courseId,
$sessionId
);
$forumList[] = array(
$item['title'],
api_get_local_time($forum['insert_date']),
api_get_local_time($forum['lastedit_date'])
);
}
}
return $forumList;
}
$form->addButtonUpdate($text);
$form->setDefaults($defaults);
$error_message = null;
$_course = api_get_course_info();
$currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/';
$succeed = false;
if ($form->validate()) {
if ($student_can_edit_in_session && $check) {
/*
* SPECIAL CASE ! For a work edited
*/
//Get the author ID for that document from the item_property table
$item_to_edit_id = intval($_POST['item_to_edit']);
$is_author = user_is_author($item_to_edit_id);
if ($is_author) {
$work_data = get_work_data_by_id($item_to_edit_id);
if (!empty($_POST['title'])) {
$title = isset($_POST['title']) ? $_POST['title'] : $work_data['title'];
}
$description = isset($_POST['description']) ? $_POST['description'] : $work_data['description'];
$add_to_update = null;
if ($is_allowed_to_edit && $_POST['qualification'] != '') {
$add_to_update = ', qualificator_id =' . "'" . api_get_user_id() . "', ";
$add_to_update .= ' qualification = ' . "'" . Database::escape_string($_POST['qualification']) . "',";
$add_to_update .= ' date_of_qualification = ' . "'" . api_get_utc_datetime() . "'";
if (isset($_POST['send_email'])) {
$url = api_get_path(WEB_CODE_PATH) . 'work/view.php?' . api_get_cidreq() . '&id=' . $item_to_edit_id;
$subject = sprintf(get_lang('ThereIsANewWorkFeedback'), $work_item['title']);
$message = sprintf(get_lang('ThereIsANewWorkFeedbackInWorkXHere'), $work_item['title'], $url);
MessageManager::send_message_simple($work_item['user_id'], $subject, $message, api_get_user_id(), isset($_POST['send_to_drh_users']));
}
}
if ($there_is_a_expire_date) {
$defaults['expires_on'] = $homework['expires_on'];
}
$defaults['add_to_calendar'] = isset($homework['add_to_calendar']) ? $homework['add_to_calendar'] : null;
$form = getFormWork($form, $defaults);
$form->addElement('hidden', 'work_id', $workId);
$form->addElement('style_submit_button', 'submit', get_lang('ModifyDirectory'), 'class="save"');
if ($form->validate()) {
$params = $form->exportValues();
$workId = $params['work_id'];
$editCheck = false;
$workData = get_work_data_by_id($workId);
if (!empty($workData)) {
$editCheck = true;
} else {
$editCheck = true;
}
if ($editCheck) {
updateWork($workId, $params, $courseInfo, $sessionId);
updatePublicationAssignment($workId, $params, $courseInfo, $groupId);
updateDirName($workData, $params['new_dir']);
$currentUrl = api_get_path(WEB_CODE_PATH).'work/edit_work.php?id='.$workId.'&'.api_get_cidreq();
Session::write('message', Display::return_message(get_lang('FolderEdited'), 'success'));
header('Location: '.$currentUrl);
/**
* @param int $start
* @param int $limit
* @param int $column
* @param string $direction
* @param int $work_id
* @param array $where_condition
* @param int $studentId
* @return array
*/
function get_work_user_list($start, $limit, $column, $direction, $work_id, $where_condition, $studentId = null)
{
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$session_id = api_get_session_id();
$course_id = api_get_course_int_id();
$group_id = api_get_group_id();
$course_info = api_get_course_info(api_get_course_id());
$work_id = intval($work_id);
$column = empty($column) ?: Database::escape_string($column);
$start = intval($start);
$limit = intval($limit);
if (!in_array($direction, array('asc', 'desc'))) {
$direction = 'desc';
}
$work_data = get_work_data_by_id($work_id);
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$condition_session = api_get_session_condition($session_id);
$locked = api_resource_is_locked_by_gradebook($work_id, LINK_STUDENTPUBLICATION);
if (!empty($work_data)) {
if (!empty($group_id)) {
$extra_conditions = " work.post_group_id = '" . intval($group_id) . "' ";
// set to select only messages posted by the user's group
} else {
$extra_conditions = " work.post_group_id = '0' ";
}
if ($is_allowed_to_edit) {
$extra_conditions .= ' AND work.active IN (0, 1) ';
} else {
if (isset($course_info['show_score']) && $course_info['show_score'] == 1) {
$extra_conditions .= " AND (u.user_id = " . api_get_user_id() . " AND work.active IN (0, 1) OR work.active = 1) ";
} else {
$extra_conditions .= ' AND work.active = 1 ';
}
}
$extra_conditions .= " AND parent_id = " . $work_id . " ";
$select = 'DISTINCT u.user_id, work.id as id, title as title, description, url, sent_date, contains_file, has_properties, view_properties,
qualification, weight, allow_text_assignment, u.firstname, u.lastname, u.username, parent_id, accepted, qualificator_id';
$user_condition = "INNER JOIN {$user_table} u ON (work.user_id = u.user_id) ";
$work_condition = "{$iprop_table} prop INNER JOIN {$work_table} work ON (prop.ref = work.id AND prop.c_id = {$course_id} AND work.c_id = {$course_id} ) ";
$work_assignment = get_work_assignment_by_id($work_id);
if (!empty($studentId)) {
$where_condition .= " AND u.user_id = " . intval($studentId);
}
$sql = "SELECT {$select}\n FROM {$work_condition} {$user_condition}\n WHERE {$extra_conditions} {$where_condition} {$condition_session} ";
$sql .= " ORDER BY {$column} {$direction} ";
$sql .= " LIMIT {$start}, {$limit}";
$result = Database::query($sql);
$works = array();
while ($work = Database::fetch_array($result, 'ASSOC')) {
$item_id = $work['id'];
// Get the author ID for that document from the item_property table
$is_author = false;
$can_read = false;
$owner_id = $work['user_id'];
/* Because a bug found when saving items using the api_item_property_update()
the field $item_property_data['insert_user_id'] is not reliable. */
// $item_property_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id());
//if (!$is_allowed_to_edit && $item_property_data['insert_user_id'] == api_get_user_id()) {
if (!$is_allowed_to_edit && $owner_id == api_get_user_id()) {
$is_author = true;
}
if ($course_info['show_score'] == 0) {
$can_read = true;
}
if ($work['accepted'] == '0') {
$class = 'invisible';
} else {
$class = '';
}
$qualification_exists = false;
if (!empty($work_data['qualification']) && intval($work_data['qualification']) > 0) {
$qualification_exists = true;
}
$qualification_string = '';
if ($qualification_exists) {
if ($work['qualification'] == '') {
$qualification_string = Display::label('-');
} else {
$qualification_string = Display::label($work['qualification'], 'info');
}
}
$add_string = '';
$time_expires = api_strtotime($work_assignment['expires_on'], 'UTC');
if (!empty($work_assignment['expires_on']) && $work_assignment['expires_on'] != '0000-00-00 00:00:00' && $time_expires && $time_expires < api_strtotime($work['sent_date'], 'UTC')) {
$add_string = Display::label(get_lang('Expired'), 'important');
}
if ($can_read && $work['accepted'] == '1' || $is_author && in_array($work['accepted'], array('1', '0')) || $is_allowed_to_edit) {
// Firstname, lastname, username
$work['firstname'] = Display::div($work['firstname'], array('class' => $class));
$work['lastname'] = Display::div($work['lastname'], array('class' => $class));
if (strlen($work['title']) > 30) {
$short_title = substr($work['title'], 0, 27) . '...';
$work['title'] = Display::span($short_title, array('class' => $class, 'title' => $work['title']));
} else {
$work['title'] = Display::div($work['title'], array('class' => $class));
}
// Type.
$work['type'] = build_document_icon_tag('file', $work['file']);
// File name.
$link_to_download = null;
if ($work['contains_file']) {
$link_to_download = '<a href="download.php?id=' . $item_id . '">' . Display::return_icon('save.png', get_lang('Save'), array(), ICON_SIZE_SMALL) . '</a> ';
} else {
//$link_to_download = '<a href="view.php?id='.$item_id.'">'.Display::return_icon('save_na.png', get_lang('Save'),array(), ICON_SIZE_SMALL).'</a> ';
}
$send_to = Portfolio::share('work', $work['id'], array('style' => 'white-space:nowrap;'));
$work['qualification'] = $qualification_string;
// Date.
$work_date = api_convert_and_format_date($work['sent_date']);
$work['sent_date'] = date_to_str_ago(api_get_local_time($work['sent_date'])) . ' ' . $add_string . '<br />' . $work_date;
// Actions.
$url = api_get_path(WEB_CODE_PATH) . 'work/';
$action = '';
if ($is_allowed_to_edit) {
$action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a> ';
if ($locked) {
if ($qualification_exists) {
$action .= Display::return_icon('rate_work_na.png', get_lang('CorrectAndRate'), array(), ICON_SIZE_SMALL);
} else {
$action .= Display::return_icon('edit_na.png', get_lang('Comment'), array(), ICON_SIZE_SMALL);
}
} else {
if ($qualification_exists) {
$action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '" title="' . get_lang('Modify') . '" >' . Display::return_icon('rate_work.png', get_lang('CorrectAndRate'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '&gradebook=' . Security::remove_XSS($_GET['gradebook']) . '" title="' . get_lang('Modify') . '">' . Display::return_icon('edit.png', get_lang('Comment'), array(), ICON_SIZE_SMALL) . '</a>';
}
}
if ($work['contains_file']) {
if ($locked) {
$action .= Display::return_icon('move_na.png', get_lang('Move'), array(), ICON_SIZE_SMALL);
} else {
$action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=move&item_id=' . $item_id . '" title="' . get_lang('Move') . '">' . Display::return_icon('move.png', get_lang('Move'), array(), ICON_SIZE_SMALL) . '</a>';
}
}
if ($work['accepted'] == '1') {
$action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=make_invisible&item_id=' . $item_id . '&' . $sort_params . '" title="' . get_lang('Invisible') . '" >' . Display::return_icon('visible.png', get_lang('Invisible'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=make_visible&item_id=' . $item_id . '&' . $sort_params . '" title="' . get_lang('Visible') . '" >' . Display::return_icon('invisible.png', get_lang('Visible'), array(), ICON_SIZE_SMALL) . '</a> ';
}
if ($locked) {
$action .= Display::return_icon('delete_na.png', get_lang('Delete'), '', ICON_SIZE_SMALL);
} else {
$action .= '<a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=delete&item_id=' . $item_id . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;" title="' . get_lang('Delete') . '" >' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
}
} elseif ($is_author && (empty($work['qualificator_id']) || $work['qualificator_id'] == 0)) {
$action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a>';
if (api_get_course_setting('student_delete_own_publication') == 1) {
if (api_is_allowed_to_session_edit(false, true)) {
$action .= '<a href="' . $url . 'edit.php?' . api_get_cidreq() . '&item_id=' . $item_id . '&id=' . $work['parent_id'] . '&gradebook=' . Security::remove_XSS($_GET['gradebook']) . '" title="' . get_lang('Modify') . '">' . Display::return_icon('edit.png', get_lang('Comment'), array(), ICON_SIZE_SMALL) . '</a>';
}
$action .= ' <a href="' . $url . 'work.php?' . api_get_cidreq() . '&action=delete&item_id=' . $item_id . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;" title="' . get_lang('Delete') . '" >' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
} else {
$action .= Display::return_icon('edit_na.png', get_lang('Modify'), array(), ICON_SIZE_SMALL);
}
} else {
$action .= '<a href="' . $url . 'view.php?' . api_get_cidreq() . '&id=' . $item_id . '" title="' . get_lang('View') . '">' . Display::return_icon('default.png', get_lang('View'), array(), ICON_SIZE_SMALL) . '</a>';
$action .= Display::return_icon('edit_na.png', get_lang('Modify'), array(), ICON_SIZE_SMALL);
}
// Status.
if (empty($work['qualificator_id'])) {
$qualificator_id = Display::label(get_lang('NotRevised'), 'warning');
} else {
$qualificator_id = Display::label(get_lang('Revised'), 'success');
}
$work['qualificator_id'] = $qualificator_id;
$work['actions'] = $send_to . $link_to_download . $action;
$works[] = $work;
}
}
return $works;
}
}
* but this code will hopefully be replaced soon by an Apache URL
* rewrite mechanism.
*
* @package chamilo.work
*/
//require_once '../inc/global.inc.php';
require_once 'work.lib.php';
// Course protection
api_protect_course_script(true);
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
if (empty($commentId)) {
api_not_allowed(true);
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) {
api_not_allowed(true);
}
$work = get_work_data_by_id($workData['work_id']);
protectWork($courseInfo, $work['parent_id']);
if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']);
}
} else {
api_not_allowed(true);
}
} else {
api_not_allowed(true);
}
api_not_allowed();
}
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?' . api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group_space.php?' . api_get_cidreq(), 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']);
}
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications'));
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work_list_all.php?' . api_get_cidreq() . '&id=' . $workId, 'name' => $my_folder_data['title']);
$error_message = null;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$itemId = isset($_REQUEST['item_id']) ? intval($_REQUEST['item_id']) : null;
$message = null;
switch ($action) {
case 'export_to_doc':
if ($is_allowed_to_edit) {
if (!empty($itemId)) {
$work = get_work_data_by_id($itemId);
if (!empty($work)) {
Export::htmlToOdt($work['description'], $work['title']);
}
}
}
break;
case 'delete':
/* Delete document */
if ($itemId) {
$fileDeleted = deleteWorkItem($itemId, $courseInfo);
if (!$fileDeleted) {
$message = Display::return_message(get_lang('YouAreNotAllowedToDeleteThisDocument'), 'error');
} else {
$message = Display::return_message(get_lang('TheDocumentHasBeenDeleted'), 'confirmation');
}
/**
* @param array $courseInfo
* @param int $workId
* @return bool
*/
function protectWork($courseInfo, $workId)
{
$userId = api_get_user_id();
$groupId = api_get_group_id();
$sessionId = api_get_session_id();
$workData = get_work_data_by_id($workId);
if (empty($workData) || empty($courseInfo)) {
api_not_allowed(true);
}
if (api_is_platform_admin() || api_is_allowed_to_edit()) {
return true;
}
$workId = $workData['id'];
if ($workData['active'] != 1) {
api_not_allowed(true);
}
$visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
if ($visibility != 1) {
api_not_allowed(true);
}
allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
if (!empty($groupId)) {
$showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK);
if (!$showWork) {
api_not_allowed(true);
}
}
}
$this_section = SECTION_COURSES;
$work_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$is_allowed_to_edit = api_is_allowed_to_edit();
$course_id = api_get_course_int_id();
$user_id = api_get_user_id();
$userInfo = api_get_user_info();
$session_id = api_get_session_id();
$course_code = api_get_course_id();
$course_info = api_get_course_info();
$group_id = api_get_group_id();
if (empty($work_id)) {
api_not_allowed(true);
}
allowOnlySubscribedUser($user_id, $work_id, $course_id);
$parent_data = $my_folder_data = get_work_data_by_id($work_id);
if (empty($parent_data)) {
api_not_allowed(true);
}
$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id);
$is_course_member = $is_course_member || api_is_platform_admin();
if ($is_course_member == false) {
api_not_allowed(true);
}
$check = Security::check_token('post');
$token = Security::get_token();
$student_can_edit_in_session = api_is_allowed_to_session_edit(false, true);
$has_ended = false;
$is_author = false;
$parent_data['qualification'] = intval($parent_data['qualification']);
// @todo add an option to allow/block multiple attempts.
