*/
require_once '../inc/global.inc.php';
//exit;
$document_id = $_GET['id'];
$courseCode = api_get_course_id();
if ($document_id) {
$document_data = DocumentManager::get_document_data_by_id($document_id, $courseCode);
if (empty($document_data)) {
api_not_allowed();
}
} else {
api_not_allowed();
}
//Check user visibility
//$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id());
$is_visible = DocumentManager::check_visibility_tree($document_id, api_get_course_id(), api_get_session_id(), api_get_user_id(), api_get_group_id());
if (!api_is_allowed_to_edit() && !$is_visible) {
api_not_allowed(true);
}
$header_file = $document_data['path'];
$pathinfo = pathinfo($header_file);
$show_web_odf = false;
$web_odf_supported_files = DocumentManager::get_web_odf_extension_list();
if (in_array(strtolower($pathinfo['extension']), $web_odf_supported_files)) {
$show_web_odf = true;
}
$file_url_web = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document' . $header_file;
if ($show_web_odf) {
//$htmlHeadXtra[] = api_get_js('webodf/webodf.js');
$htmlHeadXtra[] = api_get_js('wodotexteditor/wodotexteditor.js');
$htmlHeadXtra[] = api_get_js('wodotexteditor/localfileeditor.js');
/**
* Fetches all document data for the given user/group
*
* @param array $_course
* @param string $path
* @param int $to_group_id
* @param int $to_user_id
* @param boolean $can_see_invisible
* @return array with all document data
*/
public static function get_all_document_data($_course, $path = '/', $to_group_id = 0, $to_user_id = 0, $can_see_invisible = false, $search = false)
{
$TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$to_user_id = Database::escape_string($to_user_id);
if (empty($_course)) {
return false;
}
if (!empty($to_user_id)) {
$to_field = 'last.to_user_id';
$to_value = $to_user_id;
} else {
$to_field = 'last.to_group_id';
$to_value = $to_group_id;
}
//escape underscores in the path so they don't act as a wildcard
$path = Database::escape_string(str_replace('_', '\\_', $path));
$to_value = Database::escape_string($to_value);
$visibility_bit = ' <> 2';
//the given path will not end with a slash, unless it's the root '/'
//so no root -> add slash
$added_slash = $path == '/' ? '' : '/';
//condition for the session
$current_session_id = api_get_session_id();
$condition_session = " AND (id_session = '{$current_session_id}' OR id_session = '0' OR id_session IS NULL)";
//condition for search (get ALL folders and documents)
$sql = "SELECT docs.id,\n docs.filetype,\n docs.path,\n docs.title,\n docs.comment,\n docs.size,\n docs.readonly,\n docs.session_id,\n last.id_session item_property_session_id,\n last.lastedit_date,\n last.visibility,\n last.insert_user_id\n FROM " . $TABLE_ITEMPROPERTY . " AS last INNER JOIN " . $TABLE_DOCUMENT . " AS docs\n ON (docs.id = last.ref AND last.tool = '" . TOOL_DOCUMENT . "' AND docs.c_id = {$_course['real_id']} AND last.c_id = {$_course['real_id']})\n WHERE\n docs.path LIKE '" . $path . $added_slash . "%' AND\n docs.path NOT LIKE '" . $path . $added_slash . "%/%' AND\n " . $to_field . " = " . $to_value . " AND\n last.visibility" . $visibility_bit . $condition_session;
$result = Database::query($sql);
$doc_list = array();
$document_data = array();
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
if ($result !== false && Database::num_rows($result) != 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
if (api_is_coach()) {
//Looking for course items that are invisible to hide it in the session
if (in_array($row['id'], array_keys($doc_list))) {
if ($doc_list[$row['id']]['item_property_session_id'] == 0 && $doc_list[$row['id']]['session_id'] == 0) {
if ($doc_list[$row['id']]['visibility'] == 0) {
unset($document_data[$row['id']]);
continue;
}
}
}
$doc_list[$row['id']] = $row;
}
if (!api_is_coach() && !$is_allowed_to_edit) {
$doc_list[] = $row;
}
if ($row['filetype'] == 'file' && pathinfo($row['path'], PATHINFO_EXTENSION) == 'html') {
//Templates management
$table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
$sql_is_template = "SELECT id FROM {$table_template}\n WHERE course_code = '" . $_course['code'] . "'\n AND user_id='" . api_get_user_id() . "'\n AND ref_doc='" . $row['id'] . "'";
$template_result = Database::query($sql_is_template);
$row['is_template'] = Database::num_rows($template_result) > 0 ? 1 : 0;
}
//just filling $document_data
$document_data[$row['id']] = $row;
}
//Only for the student we filter the results see BT#1652
if (!api_is_coach() && !$is_allowed_to_edit) {
$ids_to_remove = array();
$my_repeat_ids = $temp = array();
//Selecting repetead ids
foreach ($doc_list as $row) {
if (in_array($row['id'], array_keys($temp))) {
$my_repeat_ids[] = $row['id'];
}
$temp[$row['id']] = $row;
}
//@todo use the DocumentManager::is_visible function
//Checking disponibility in a session
foreach ($my_repeat_ids as $id) {
foreach ($doc_list as $row) {
if ($id == $row['id']) {
if ($row['visibility'] == 0 && $row['item_property_session_id'] == 0) {
$delete_repeated[$id] = true;
}
if ($row['visibility'] == 0 && $row['item_property_session_id'] != 0) {
$delete_repeated[$id] = true;
}
}
}
}
foreach ($doc_list as $key => $row) {
if (in_array($row['visibility'], array('0', '2')) && !in_array($row['id'], $my_repeat_ids)) {
$ids_to_remove[] = $row['id'];
unset($doc_list[$key]);
}
}
foreach ($document_data as $row) {
if (in_array($row['id'], $ids_to_remove)) {
unset($document_data[$row['id']]);
}
if (isset($delete_repeated[$row['id']]) && $delete_repeated[$row['id']]) {
unset($document_data[$row['id']]);
}
}
//Checking parents visibility
$final_document_data = array();
foreach ($document_data as $row) {
$is_visible = DocumentManager::check_visibility_tree($row['id'], $_course['code'], $current_session_id, api_get_user_id());
if ($is_visible) {
$final_document_data[$row['id']] = $row;
}
}
} else {
$final_document_data = $document_data;
}
return $final_document_data;
} else {
//display_error("Error getting document info from database (".Database::error().")!");
return false;
}
}
/**
* Fetches all document data for the given user/group
*
* @param array $_course
* @param string $path
* @param int $to_group_id
* @param int $to_user_id
* @param boolean $can_see_invisible
* @param boolean $search
* @return array with all document data
*/
public static function get_all_document_data($_course, $path = '/', $to_group_id = 0, $to_user_id = null, $can_see_invisible = false, $search = false)
{
$TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$userGroupFilter = '';
if (!is_null($to_user_id)) {
$to_user_id = intval($to_user_id);
$userGroupFilter = "last.to_user_id = {$to_user_id}";
if (empty($to_user_id)) {
$userGroupFilter = " (last.to_user_id = 0 OR last.to_user_id IS NULL) ";
}
} else {
$to_group_id = intval($to_group_id);
$userGroupFilter = "last.to_group_id = {$to_group_id}";
if (empty($to_group_id)) {
$userGroupFilter = "( last.to_group_id = 0 OR last.to_group_id IS NULL) ";
}
}
// Escape underscores in the path so they don't act as a wildcard
$originalPath = $path;
$path = str_replace('_', '\\_', $path);
$visibility_bit = ' <> 2';
// The given path will not end with a slash, unless it's the root '/'
// so no root -> add slash
$added_slash = $path == '/' ? '' : '/';
// Condition for the session
$sessionId = api_get_session_id();
$condition_session = " AND (last.session_id = '{$sessionId}' OR (last.session_id = '0' OR last.session_id IS NULL) )";
$condition_session .= self::getSessionFolderFilters($originalPath, $sessionId);
$sharedCondition = null;
if ($originalPath == '/shared_folder') {
$students = CourseManager::get_user_list_from_course_code($_course['code'], $sessionId);
if (!empty($students)) {
$conditionList = array();
foreach ($students as $studentId => $studentInfo) {
$conditionList[] = '/shared_folder/sf_user_' . $studentInfo['user_id'];
}
$sharedCondition .= ' AND docs.path IN ("' . implode('","', $conditionList) . '")';
}
}
$sql = "SELECT\n docs.id,\n docs.filetype,\n docs.path,\n docs.title,\n docs.comment,\n docs.size,\n docs.readonly,\n docs.session_id,\n last.session_id item_property_session_id,\n last.lastedit_date,\n last.visibility,\n last.insert_user_id\n FROM {$TABLE_ITEMPROPERTY} AS last\n INNER JOIN {$TABLE_DOCUMENT} AS docs\n ON (\n docs.id = last.ref AND\n last.tool = '" . TOOL_DOCUMENT . "' AND\n docs.c_id = {$_course['real_id']} AND\n last.c_id = {$_course['real_id']}\n )\n WHERE\n docs.path LIKE '" . Database::escape_string($path . $added_slash . '%') . "' AND\n docs.path NOT LIKE '" . Database::escape_string($path . $added_slash . '%/%') . "' AND\n docs.path NOT LIKE '%_DELETED_%' AND\n {$userGroupFilter} AND\n last.visibility {$visibility_bit}\n {$condition_session}\n {$sharedCondition}\n ";
$result = Database::query($sql);
$doc_list = array();
$document_data = array();
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$isCoach = api_is_coach();
if ($result !== false && Database::num_rows($result) != 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
if ($isCoach) {
// Looking for course items that are invisible to hide it in the session
if (in_array($row['id'], array_keys($doc_list))) {
if ($doc_list[$row['id']]['item_property_session_id'] == 0 && $doc_list[$row['id']]['session_id'] == 0) {
if ($doc_list[$row['id']]['visibility'] == 0) {
unset($document_data[$row['id']]);
continue;
}
}
}
$doc_list[$row['id']] = $row;
}
if (!$isCoach && !$is_allowed_to_edit) {
$doc_list[] = $row;
}
if ($row['filetype'] == 'file' && pathinfo($row['path'], PATHINFO_EXTENSION) == 'html') {
// Templates management
$table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
$sql = "SELECT id FROM {$table_template}\n WHERE\n course_code = '" . $_course['code'] . "' AND\n user_id = '" . api_get_user_id() . "' AND\n ref_doc = '" . $row['id'] . "'";
$template_result = Database::query($sql);
$row['is_template'] = Database::num_rows($template_result) > 0 ? 1 : 0;
}
// Just filling $document_data.
$document_data[$row['id']] = $row;
}
// Only for the student we filter the results see BT#1652
if (!$isCoach && !$is_allowed_to_edit) {
$ids_to_remove = array();
$my_repeat_ids = $temp = array();
// Selecting repeated ids
foreach ($doc_list as $row) {
if (in_array($row['id'], array_keys($temp))) {
$my_repeat_ids[] = $row['id'];
}
$temp[$row['id']] = $row;
}
//@todo use the DocumentManager::is_visible function
// Checking visibility in a session
foreach ($my_repeat_ids as $id) {
foreach ($doc_list as $row) {
if ($id == $row['id']) {
if ($row['visibility'] == 0 && $row['item_property_session_id'] == 0) {
$delete_repeated[$id] = true;
}
if ($row['visibility'] == 0 && $row['item_property_session_id'] != 0) {
$delete_repeated[$id] = true;
}
}
}
}
foreach ($doc_list as $key => $row) {
if (in_array($row['visibility'], array('0', '2')) && !in_array($row['id'], $my_repeat_ids)) {
$ids_to_remove[] = $row['id'];
unset($doc_list[$key]);
}
}
foreach ($document_data as $row) {
if (in_array($row['id'], $ids_to_remove)) {
unset($document_data[$row['id']]);
}
if (isset($delete_repeated[$row['id']]) && $delete_repeated[$row['id']]) {
unset($document_data[$row['id']]);
}
}
// Checking parents visibility.
$final_document_data = array();
foreach ($document_data as $row) {
$is_visible = DocumentManager::check_visibility_tree($row['id'], $_course['code'], $sessionId, api_get_user_id(), $to_group_id);
if ($is_visible) {
$final_document_data[$row['id']] = $row;
}
}
} else {
$final_document_data = $document_data;
}
return $final_document_data;
} else {
return false;
}
}
$is_certificate_mode = true;
}
// If no actions we proceed to show the document (Hack in order to use document.php?id=X)
if (isset($document_id) && empty($action)) {
// Get the document data from the ID
$document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, $sessionId);
if ($sessionId != 0 && !$document_data) {
// If there is a session defined and asking for the
// document * from the session* didn't work, try it from the course
// (out of a session context)
$document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, 0);
}
// If the document is not a folder we show the document.
if ($document_data) {
$parent_id = $document_data['parent_id'];
$visibility = DocumentManager::check_visibility_tree($document_id, api_get_course_id(), $sessionId, api_get_user_id(), $groupId);
if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') {
if ($visibility && api_is_allowed_to_session_edit()) {
$url = api_get_path(WEB_COURSE_PATH) . $courseInfo['path'] . '/document' . $document_data['path'] . '?' . api_get_cidreq();
header("Location: {$url}");
}
exit;
} else {
if (!$visibility && !api_is_allowed_to_edit()) {
api_not_allowed();
}
}
$_GET['curdirpath'] = $document_data['path'];
}
// What's the current path?
// We will verify this a bit further down
