/**
* Returns true if the current user has the right to view
*
* @return boolean
*/
public function can_view()
{
$authorize = api_protect_course_script(true);
if (!$authorize) {
return false;
}
$c_id = Request::get_c_id();
if (empty($c_id)) {
return false;
}
return true;
}
public function authorize()
{
$authorize = api_protect_course_script();
if (!$authorize) {
return false;
}
$c_id = Request::get_c_id();
if (empty($c_id)) {
return false;
}
if (Request::is_student_view()) {
return false;
}
if (!$this->is_allowed_to_edit()) {
return false;
}
return true;
}
<?php
/* For licensing terms, see /license.txt */
/**
* This file allows creating new html documents with an online WYSIWYG html editor.
*
* @package chamilo.document
*/
/**
* Code
*/
/* INIT SECTION */
// Name of the language file that needs to be included
$language_file = array('document', 'gradebook');
////require_once '../inc/global.inc.php';
api_protect_course_script();
$_SESSION['whereami'] = 'document/create';
$this_section = SECTION_COURSES;
$htmlHeadXtra[] = '<script>
var hide_bar = function() {
$("#template_col").hide();
$("#doc_form").removeClass("span9");
$("#doc_form").addClass("span11");
}
$(document).ready(function() {
if ($(window).width() <= 785 ) {
hide_bar();
}
$("#hide_bar_template").toggle(
/* For licensing terms, see /license.txt */
/**
* This script displays an area where teachers can edit the group properties and member list.
* Groups are also often called "teams" in the Dokeos code.
*
* @author various contributors
* @author Roan Embrechts (VUB), partial code cleanup, initial virtual course support
* @package chamilo.group
* @todo course admin functionality to create groups based on who is in which course (or class).
*/
//require_once '../inc/global.inc.php';
$this_section = SECTION_COURSES;
$current_course_tool = TOOL_GROUP;
// Notice for unauthorized people.
api_protect_course_script(true);
$group_id = api_get_group_id();
$current_group = GroupManager::get_group_properties($group_id);
$nameTools = get_lang('EditGroup');
$interbreadcrumb[] = array('url' => 'group.php', 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => 'group_space.php?' . api_get_cidReq(), 'name' => $current_group['name']);
$is_group_member = GroupManager::is_tutor_of_group(api_get_user_id(), $group_id);
if (!api_is_allowed_to_edit(false, true) && !$is_group_member) {
api_not_allowed(true);
}
/**
* List all users registered to the course
*/
function search_members_keyword($firstname, $lastname, $username, $official_code, $keyword)
{
if (api_strripos($firstname, $keyword) !== false || api_strripos($lastname, $keyword) !== false || api_strripos($username, $keyword) !== false || api_strripos($official_code, $keyword) !== false) {
/* For licensing terms, see /license.txt */ /** * Exercise list: This script shows the list of exercises for administrators and students. * @package chamilo.exercise * @author Julio Montoya <*****@*****.**> jqgrid integration * Modified by hubert.borderiou (question category) * * @todo fix excel export * */ //require_once '../inc/global.inc.php'; // Setting the tabs $this_section = SECTION_COURSES; $htmlHeadXtra[] = api_get_jqgrid_js(); // Access control api_protect_course_script(true, false, true); // including additional libraries require_once 'hotpotatoes.lib.php'; $_course = api_get_course_info(); // document path $documentPath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . "/document"; $origin = isset($origin) ? $origin : null; $path = isset($_GET['path']) ? Security::remove_XSS($_GET['path']) : null; /* Constants and variables */ $is_allowedToEdit = api_is_allowed_to_edit(null, true) || api_is_drh() || api_is_student_boss(); $is_tutor = api_is_allowed_to_edit(true); $TBL_QUESTIONS = Database::get_course_table(TABLE_QUIZ_QUESTION); $TBL_TRACK_EXERCISES = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES); $TBL_TRACK_ATTEMPT = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT); $TBL_TRACK_ATTEMPT_RECORDING = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING); $TBL_LP_ITEM_VIEW = Database::get_course_table(TABLE_LP_ITEM_VIEW);
*
* @author Julio Montoya - Simple exercise result page
*
*/
//require_once '../inc/global.inc.php';
if (empty($origin)) {
$origin = $_REQUEST['origin'];
}
$id = isset($_REQUEST['id']) ? intval($_GET['id']) : null;
//exe id
$show_headers = isset($_REQUEST['show_headers']) ? intval($_REQUEST['show_headers']) : null;
//exe id
if ($origin == 'learnpath') {
$show_headers = false;
}
api_protect_course_script($show_headers);
if (empty($id)) {
api_not_allowed($show_headers);
}
$is_allowedToEdit = api_is_allowed_to_edit(null, true) || $is_courseTutor;
//Getting results from the exe_id. This variable also contain all the information about the exercise
$track_exercise_info = ExerciseLib::get_exercise_track_exercise_info($id);
//No track info
if (empty($track_exercise_info)) {
api_not_allowed($show_headers);
}
$exercise_id = $track_exercise_info['exe_exo_id'];
$student_id = $track_exercise_info['exe_user_id'];
$current_user_id = api_get_user_id();
$objExercise = new Exercise();
if (!empty($exercise_id)) {
<?php
/* For licensing terms, see /license.txt */
/**
* Responses to AJAX calls for forum attachments
* @package chamilo/forum
* @author Daniel Barreto Alva <*****@*****.**>
*/
require_once '../global.inc.php';
require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
// First, protect this script
api_protect_course_script(false);
/**
* Main code
*/
// Create a default error response
$json = array('error' => true, 'errorMessage' => 'ERROR');
$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
$current_forum = get_forum_information($_REQUEST['forum']);
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
$current_thread = get_thread_information($_REQUEST['thread']);
// Check if exist action
if (!empty($action)) {
switch ($action) {
case 'upload_file':
if (!empty($_FILES) && !empty($_REQUEST['forum'])) {
// The user is not allowed here if
// 1. the forum category, forum or thread is invisible (visibility==0)
// 2. the forum category, forum or thread is locked (locked <>0)
// 3. if anonymous posts are not allowed
// The only exception is the course manager
* Used to transfer files to another application through http.
*
* Script parameters:
*
* - id id(s) of the document id=1 or id=1,2,4
* - cidReq course code
*
* Note this script enables key authentication so access with a key token is possible.
*
* @package chamilo.document
* @license see /license.txt
* @author Laurent Opprecht <*****@*****.**> for the Univesity of Geneva
*/
KeyAuth::enable();
require_once __DIR__ . '/../inc/global.inc.php';
$has_access = api_protect_course_script();
if (!$has_access) {
exit;
}
session_cache_limiter('none');
$ids = Request::get('id', '');
$ids = $ids ? explode(',', $ids) : array();
$course = Course::current();
/**
* No files requested. We make sure we return 404 error to tell the client
* that the call failed.
*/
if (count($ids) == 0 || empty($course)) {
Response::not_found();
}
/**
