Exemplo n.º 1
0
 */
require_once '../inc/global.inc.php';
//exit;
$document_id = $_GET['id'];
$courseCode = api_get_course_id();
if ($document_id) {
    $document_data = DocumentManager::get_document_data_by_id($document_id, $courseCode);
    if (empty($document_data)) {
        api_not_allowed();
    }
} else {
    api_not_allowed();
}
//Check user visibility
//$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id());
$is_visible = DocumentManager::check_visibility_tree($document_id, api_get_course_id(), api_get_session_id(), api_get_user_id(), api_get_group_id());
if (!api_is_allowed_to_edit() && !$is_visible) {
    api_not_allowed(true);
}
$header_file = $document_data['path'];
$pathinfo = pathinfo($header_file);
$show_web_odf = false;
$web_odf_supported_files = DocumentManager::get_web_odf_extension_list();
if (in_array(strtolower($pathinfo['extension']), $web_odf_supported_files)) {
    $show_web_odf = true;
}
$file_url_web = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document' . $header_file;
if ($show_web_odf) {
    //$htmlHeadXtra[] = api_get_js('webodf/webodf.js');
    $htmlHeadXtra[] = api_get_js('wodotexteditor/wodotexteditor.js');
    $htmlHeadXtra[] = api_get_js('wodotexteditor/localfileeditor.js');
Exemplo n.º 2
0
 /**
  * Fetches all document data for the given user/group
  *
  * @param array $_course
  * @param string $path
  * @param int $to_group_id
  * @param int $to_user_id
  * @param boolean $can_see_invisible
  * @return array with all document data
  */
 public static function get_all_document_data($_course, $path = '/', $to_group_id = 0, $to_user_id = 0, $can_see_invisible = false, $search = false)
 {
     $TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
     $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
     $to_user_id = Database::escape_string($to_user_id);
     if (empty($_course)) {
         return false;
     }
     if (!empty($to_user_id)) {
         $to_field = 'last.to_user_id';
         $to_value = $to_user_id;
     } else {
         $to_field = 'last.to_group_id';
         $to_value = $to_group_id;
     }
     //escape underscores in the path so they don't act as a wildcard
     $path = Database::escape_string(str_replace('_', '\\_', $path));
     $to_value = Database::escape_string($to_value);
     $visibility_bit = ' <> 2';
     //the given path will not end with a slash, unless it's the root '/'
     //so no root -> add slash
     $added_slash = $path == '/' ? '' : '/';
     //condition for the session
     $current_session_id = api_get_session_id();
     $condition_session = " AND (id_session = '{$current_session_id}' OR id_session = '0' OR id_session IS NULL)";
     //condition for search (get ALL folders and documents)
     $sql = "SELECT  docs.id,\n                        docs.filetype,\n                        docs.path,\n                        docs.title,\n                        docs.comment,\n                        docs.size,\n                        docs.readonly,\n                        docs.session_id,\n                        last.id_session item_property_session_id,\n                        last.lastedit_date,\n                        last.visibility,\n                        last.insert_user_id\n                FROM  " . $TABLE_ITEMPROPERTY . " AS last INNER JOIN " . $TABLE_DOCUMENT . "  AS docs\n                    ON (docs.id = last.ref AND last.tool = '" . TOOL_DOCUMENT . "' AND docs.c_id = {$_course['real_id']} AND last.c_id = {$_course['real_id']})\n                WHERE\n                    docs.path LIKE '" . $path . $added_slash . "%' AND\n                    docs.path NOT LIKE '" . $path . $added_slash . "%/%' AND\n                    " . $to_field . " = " . $to_value . " AND\n                    last.visibility" . $visibility_bit . $condition_session;
     $result = Database::query($sql);
     $doc_list = array();
     $document_data = array();
     $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
     if ($result !== false && Database::num_rows($result) != 0) {
         while ($row = Database::fetch_array($result, 'ASSOC')) {
             if (api_is_coach()) {
                 //Looking for course items that are invisible to hide it in the session
                 if (in_array($row['id'], array_keys($doc_list))) {
                     if ($doc_list[$row['id']]['item_property_session_id'] == 0 && $doc_list[$row['id']]['session_id'] == 0) {
                         if ($doc_list[$row['id']]['visibility'] == 0) {
                             unset($document_data[$row['id']]);
                             continue;
                         }
                     }
                 }
                 $doc_list[$row['id']] = $row;
             }
             if (!api_is_coach() && !$is_allowed_to_edit) {
                 $doc_list[] = $row;
             }
             if ($row['filetype'] == 'file' && pathinfo($row['path'], PATHINFO_EXTENSION) == 'html') {
                 //Templates management
                 $table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
                 $sql_is_template = "SELECT id FROM {$table_template}\n                                        WHERE course_code = '" . $_course['code'] . "'\n                                        AND user_id='" . api_get_user_id() . "'\n                                        AND ref_doc='" . $row['id'] . "'";
                 $template_result = Database::query($sql_is_template);
                 $row['is_template'] = Database::num_rows($template_result) > 0 ? 1 : 0;
             }
             //just filling $document_data
             $document_data[$row['id']] = $row;
         }
         //Only for the student we filter the results see BT#1652
         if (!api_is_coach() && !$is_allowed_to_edit) {
             $ids_to_remove = array();
             $my_repeat_ids = $temp = array();
             //Selecting repetead ids
             foreach ($doc_list as $row) {
                 if (in_array($row['id'], array_keys($temp))) {
                     $my_repeat_ids[] = $row['id'];
                 }
                 $temp[$row['id']] = $row;
             }
             //@todo use the DocumentManager::is_visible function
             //Checking disponibility in a session
             foreach ($my_repeat_ids as $id) {
                 foreach ($doc_list as $row) {
                     if ($id == $row['id']) {
                         if ($row['visibility'] == 0 && $row['item_property_session_id'] == 0) {
                             $delete_repeated[$id] = true;
                         }
                         if ($row['visibility'] == 0 && $row['item_property_session_id'] != 0) {
                             $delete_repeated[$id] = true;
                         }
                     }
                 }
             }
             foreach ($doc_list as $key => $row) {
                 if (in_array($row['visibility'], array('0', '2')) && !in_array($row['id'], $my_repeat_ids)) {
                     $ids_to_remove[] = $row['id'];
                     unset($doc_list[$key]);
                 }
             }
             foreach ($document_data as $row) {
                 if (in_array($row['id'], $ids_to_remove)) {
                     unset($document_data[$row['id']]);
                 }
                 if (isset($delete_repeated[$row['id']]) && $delete_repeated[$row['id']]) {
                     unset($document_data[$row['id']]);
                 }
             }
             //Checking parents visibility
             $final_document_data = array();
             foreach ($document_data as $row) {
                 $is_visible = DocumentManager::check_visibility_tree($row['id'], $_course['code'], $current_session_id, api_get_user_id());
                 if ($is_visible) {
                     $final_document_data[$row['id']] = $row;
                 }
             }
         } else {
             $final_document_data = $document_data;
         }
         return $final_document_data;
     } else {
         //display_error("Error getting document info from database (".Database::error().")!");
         return false;
     }
 }
Exemplo n.º 3
0
 /**
  * Fetches all document data for the given user/group
  *
  * @param array $_course
  * @param string $path
  * @param int $to_group_id
  * @param int $to_user_id
  * @param boolean $can_see_invisible
  * @param boolean $search
  * @return array with all document data
  */
 public static function get_all_document_data($_course, $path = '/', $to_group_id = 0, $to_user_id = null, $can_see_invisible = false, $search = false)
 {
     $TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
     $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
     $userGroupFilter = '';
     if (!is_null($to_user_id)) {
         $to_user_id = intval($to_user_id);
         $userGroupFilter = "last.to_user_id = {$to_user_id}";
         if (empty($to_user_id)) {
             $userGroupFilter = " (last.to_user_id = 0 OR last.to_user_id IS NULL) ";
         }
     } else {
         $to_group_id = intval($to_group_id);
         $userGroupFilter = "last.to_group_id = {$to_group_id}";
         if (empty($to_group_id)) {
             $userGroupFilter = "( last.to_group_id = 0 OR last.to_group_id IS NULL) ";
         }
     }
     // Escape underscores in the path so they don't act as a wildcard
     $originalPath = $path;
     $path = str_replace('_', '\\_', $path);
     $visibility_bit = ' <> 2';
     // The given path will not end with a slash, unless it's the root '/'
     // so no root -> add slash
     $added_slash = $path == '/' ? '' : '/';
     // Condition for the session
     $sessionId = api_get_session_id();
     $condition_session = " AND (last.session_id = '{$sessionId}' OR (last.session_id = '0' OR last.session_id IS NULL) )";
     $condition_session .= self::getSessionFolderFilters($originalPath, $sessionId);
     $sharedCondition = null;
     if ($originalPath == '/shared_folder') {
         $students = CourseManager::get_user_list_from_course_code($_course['code'], $sessionId);
         if (!empty($students)) {
             $conditionList = array();
             foreach ($students as $studentId => $studentInfo) {
                 $conditionList[] = '/shared_folder/sf_user_' . $studentInfo['user_id'];
             }
             $sharedCondition .= ' AND docs.path IN ("' . implode('","', $conditionList) . '")';
         }
     }
     $sql = "SELECT\n                    docs.id,\n                    docs.filetype,\n                    docs.path,\n                    docs.title,\n                    docs.comment,\n                    docs.size,\n                    docs.readonly,\n                    docs.session_id,\n                    last.session_id item_property_session_id,\n                    last.lastedit_date,\n                    last.visibility,\n                    last.insert_user_id\n                FROM {$TABLE_ITEMPROPERTY} AS last\n                INNER JOIN {$TABLE_DOCUMENT} AS docs\n                ON (\n                    docs.id = last.ref AND\n                    last.tool = '" . TOOL_DOCUMENT . "' AND\n                    docs.c_id = {$_course['real_id']} AND\n                    last.c_id = {$_course['real_id']}\n                )\n                WHERE\n                    docs.path LIKE '" . Database::escape_string($path . $added_slash . '%') . "' AND\n                    docs.path NOT LIKE '" . Database::escape_string($path . $added_slash . '%/%') . "' AND\n                    docs.path NOT LIKE '%_DELETED_%' AND\n                    {$userGroupFilter} AND\n                    last.visibility {$visibility_bit}\n                    {$condition_session}\n                    {$sharedCondition}\n                ";
     $result = Database::query($sql);
     $doc_list = array();
     $document_data = array();
     $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
     $isCoach = api_is_coach();
     if ($result !== false && Database::num_rows($result) != 0) {
         while ($row = Database::fetch_array($result, 'ASSOC')) {
             if ($isCoach) {
                 // Looking for course items that are invisible to hide it in the session
                 if (in_array($row['id'], array_keys($doc_list))) {
                     if ($doc_list[$row['id']]['item_property_session_id'] == 0 && $doc_list[$row['id']]['session_id'] == 0) {
                         if ($doc_list[$row['id']]['visibility'] == 0) {
                             unset($document_data[$row['id']]);
                             continue;
                         }
                     }
                 }
                 $doc_list[$row['id']] = $row;
             }
             if (!$isCoach && !$is_allowed_to_edit) {
                 $doc_list[] = $row;
             }
             if ($row['filetype'] == 'file' && pathinfo($row['path'], PATHINFO_EXTENSION) == 'html') {
                 // Templates management
                 $table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
                 $sql = "SELECT id FROM {$table_template}\n                            WHERE\n                                course_code = '" . $_course['code'] . "' AND\n                                user_id = '" . api_get_user_id() . "' AND\n                                ref_doc = '" . $row['id'] . "'";
                 $template_result = Database::query($sql);
                 $row['is_template'] = Database::num_rows($template_result) > 0 ? 1 : 0;
             }
             // Just filling $document_data.
             $document_data[$row['id']] = $row;
         }
         // Only for the student we filter the results see BT#1652
         if (!$isCoach && !$is_allowed_to_edit) {
             $ids_to_remove = array();
             $my_repeat_ids = $temp = array();
             // Selecting repeated ids
             foreach ($doc_list as $row) {
                 if (in_array($row['id'], array_keys($temp))) {
                     $my_repeat_ids[] = $row['id'];
                 }
                 $temp[$row['id']] = $row;
             }
             //@todo use the DocumentManager::is_visible function
             // Checking visibility in a session
             foreach ($my_repeat_ids as $id) {
                 foreach ($doc_list as $row) {
                     if ($id == $row['id']) {
                         if ($row['visibility'] == 0 && $row['item_property_session_id'] == 0) {
                             $delete_repeated[$id] = true;
                         }
                         if ($row['visibility'] == 0 && $row['item_property_session_id'] != 0) {
                             $delete_repeated[$id] = true;
                         }
                     }
                 }
             }
             foreach ($doc_list as $key => $row) {
                 if (in_array($row['visibility'], array('0', '2')) && !in_array($row['id'], $my_repeat_ids)) {
                     $ids_to_remove[] = $row['id'];
                     unset($doc_list[$key]);
                 }
             }
             foreach ($document_data as $row) {
                 if (in_array($row['id'], $ids_to_remove)) {
                     unset($document_data[$row['id']]);
                 }
                 if (isset($delete_repeated[$row['id']]) && $delete_repeated[$row['id']]) {
                     unset($document_data[$row['id']]);
                 }
             }
             // Checking parents visibility.
             $final_document_data = array();
             foreach ($document_data as $row) {
                 $is_visible = DocumentManager::check_visibility_tree($row['id'], $_course['code'], $sessionId, api_get_user_id(), $to_group_id);
                 if ($is_visible) {
                     $final_document_data[$row['id']] = $row;
                 }
             }
         } else {
             $final_document_data = $document_data;
         }
         return $final_document_data;
     } else {
         return false;
     }
 }
Exemplo n.º 4
0
    $is_certificate_mode = true;
}
// If no actions we proceed to show the document (Hack in order to use document.php?id=X)
if (isset($document_id) && empty($action)) {
    // Get the document data from the ID
    $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, $sessionId);
    if ($sessionId != 0 && !$document_data) {
        // If there is a session defined and asking for the
        // document * from the session* didn't work, try it from the course
        // (out of a session context)
        $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, 0);
    }
    // If the document is not a folder we show the document.
    if ($document_data) {
        $parent_id = $document_data['parent_id'];
        $visibility = DocumentManager::check_visibility_tree($document_id, api_get_course_id(), $sessionId, api_get_user_id(), $groupId);
        if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') {
            if ($visibility && api_is_allowed_to_session_edit()) {
                $url = api_get_path(WEB_COURSE_PATH) . $courseInfo['path'] . '/document' . $document_data['path'] . '?' . api_get_cidreq();
                header("Location: {$url}");
            }
            exit;
        } else {
            if (!$visibility && !api_is_allowed_to_edit()) {
                api_not_allowed();
            }
        }
        $_GET['curdirpath'] = $document_data['path'];
    }
    // What's the current path?
    // We will verify this a bit further down