/** * Return true if user can see a file * * @param int document id * @param array course info * @param int * @param int * @param bool * @return bool */ public static function is_visible_by_id($doc_id, $course_info, $session_id, $user_id, $admins_can_see_everything = true) { $user_in_course = false; //1. Checking the course array if (empty($course_info)) { $course_info = api_get_course_info(); if (empty($course_info)) { return false; } } $doc_id = intval($doc_id); $session_id = intval($session_id); //2. Course and Session visibility are handle in local.inc.php/global.inc.php //3. Checking if user exist in course/session if ($session_id == 0) { if (CourseManager::is_user_subscribed_in_course($user_id, $course_info['code']) || api_is_platform_admin()) { $user_in_course = true; } // Check if course is open then we can consider that the student is registered to the course if (isset($course_info) && in_array($course_info['visibility'], array(COURSE_VISIBILITY_OPEN_PLATFORM, COURSE_VISIBILITY_OPEN_WORLD))) { $user_in_course = true; } } else { $user_status = SessionManager::get_user_status_in_course_session($user_id, $course_info['real_id'], $session_id); if (in_array($user_status, array('0', '2', '6'))) { //is true if is an student, course session teacher or coach $user_in_course = true; } if (api_is_platform_admin()) { $user_in_course = true; } } // 4. Checking document visibility (i'm repeating the code in order to be more clear when reading ) - jm if ($user_in_course) { // 4.1 Checking document visibility for a Course if ($session_id == 0) { $item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0); if (isset($item_info['visibility'])) { // True for admins if document exists if ($admins_can_see_everything && api_is_platform_admin()) { return true; } if ($item_info['visibility'] == 1) { return true; } } } else { // 4.2 Checking document visibility for a Course in a Session $item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0); $item_info_in_session = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, $session_id); // True for admins if document exists if (isset($item_info['visibility'])) { if ($admins_can_see_everything && api_is_platform_admin()) { return true; } } if (isset($item_info_in_session['visibility'])) { if ($item_info_in_session['visibility'] == 1) { return true; } } else { if ($item_info['visibility'] == 1) { return true; } } } } elseif ($admins_can_see_everything && api_is_platform_admin()) { return true; } return false; }
/** * update done thematic advances from thematic details interface * @param int Thematic id * @return int Affected rows */ public function update_done_thematic_advances($thematic_advance_id) { $_course = api_get_course_info(); $thematic_data = $this->get_thematic_list(null, api_get_course_id()); $thematic_advance_data = $this->get_thematic_advance_list(null, api_get_course_id(), true); $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); $affected_rows = 0; $user_id = api_get_user_id(); $all = array(); if (!empty($thematic_data)) { foreach ($thematic_data as $thematic) { $thematic_id = $thematic['id']; if (!empty($thematic_advance_data[$thematic['id']])) { foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) { $all[] = $thematic_advance['id']; } } } } $error = null; $a_thematic_advance_ids = array(); $course_id = api_get_course_int_id(); $sessionId = api_get_session_id(); if (!empty($thematic_data)) { foreach ($thematic_data as $thematic) { $my_affected_rows = 0; $thematic_id = $thematic['id']; if (!empty($thematic_advance_data[$thematic['id']])) { foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) { $item_info = api_get_item_property_info(api_get_course_int_id(), 'thematic_advance', $thematic_advance['id'], $sessionId); if ($item_info['id_session'] == $sessionId) { $a_thematic_advance_ids[] = $thematic_advance['id']; // update done thematic for previous advances ((done_advance = 1)) $upd = "UPDATE {$tbl_thematic_advance} SET\n done_advance = 1\n WHERE c_id = {$course_id} AND id = " . $thematic_advance['id'] . " "; $result = Database::query($upd); $my_affected_rows = Database::affected_rows($result); $affected_rows += $my_affected_rows; //if ($my_affected_rows) { api_item_property_update($_course, 'thematic_advance', $thematic_advance['id'], "ThematicAdvanceDone", $user_id); //} if ($thematic_advance['id'] == $thematic_advance_id) { break 2; } } } } } } // Update done thematic for others advances (done_advance = 0) if (!empty($a_thematic_advance_ids) && count($a_thematic_advance_ids) > 0) { $diff = array_diff($all, $a_thematic_advance_ids); if (!empty($diff)) { $upd = "UPDATE {$tbl_thematic_advance} SET done_advance = 0\n \t\t\t WHERE c_id = {$course_id} AND id IN(" . implode(',', $diff) . ") "; Database::query($upd); } // update item_property $tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY); $sql = "SELECT ref FROM {$tbl_item_property}\n WHERE\n c_id = {$course_id} AND\n tool='thematic_advance' AND\n lastedit_type='ThematicAdvanceDone' AND\n session_id = {$sessionId} "; // get all thematic advance done $rs_thematic_done = Database::query($sql); if (Database::num_rows($rs_thematic_done) > 0) { while ($row_thematic_done = Database::fetch_array($rs_thematic_done)) { $ref = $row_thematic_done['ref']; if (in_array($ref, $a_thematic_advance_ids)) { continue; } // update items $sql = "UPDATE {$tbl_item_property} SET\n lastedit_date='" . api_get_utc_datetime() . "',\n lastedit_type='ThematicAdvanceUpdated',\n lastedit_user_id = {$user_id}\n WHERE\n c_id = {$course_id} AND\n tool='thematic_advance' AND\n ref={$ref} AND\n session_id = {$sessionId} "; Database::query($sql); } } } return $affected_rows; }
/* Display user interface */ // Display the header $nameTools = get_lang('EditDocument') . ': ' . Security::remove_XSS($document_data['title']); Display::display_header($nameTools, 'Doc'); if (isset($msgError)) { Display::display_error_message($msgError); } if (isset($info_message)) { Display::display_confirmation_message($info_message); if (isset($_POST['origin'])) { $slide_id = $_POST['origin_opt']; $call_from_tool = $_POST['origin']; } } // Owner $document_info = api_get_item_property_info(api_get_course_int_id(), 'document', $document_id); $owner_id = $document_info['insert_user_id']; $last_edit_date = $document_info['lastedit_date']; if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_edit || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { $action = api_get_self() . '?id=' . $document_data['id']; $form = new FormValidator('formEdit', 'post', $action, null, array('class' => 'form-horizontal')); // Form title $form->addElement('header', $nameTools); $form->addElement('hidden', 'filename'); $form->addElement('hidden', 'extension'); $form->addElement('hidden', 'file_path'); $form->addElement('hidden', 'commentPath'); $form->addElement('hidden', 'showedit'); $form->addElement('hidden', 'origin'); $form->addElement('hidden', 'origin_opt'); $form->add_textfield('title', get_lang('Title'));
/** * Get the file contents for an assigment * @param int $id * @param array $course_info * @param int Session ID * @return array|bool */ function getFileContents($id, $course_info, $sessionId = 0) { $id = intval($id); if (empty($course_info) || empty($id)) { return false; } if (empty($sessionId)) { $sessionId = api_get_session_id(); } $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (!empty($course_info['real_id'])) { $sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"'; $result = Database::query($sql); if ($result && Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url']; $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId); allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']); if (empty($item_info)) { api_not_allowed(); } /* field show_score in table course : 0 => New documents are visible for all users 1 => New documents are only visible for the teacher(s) field visibility in table item_property : 0 => eye closed, invisible for all students 1 => eye open field accepted in table c_student_publication : 0 => eye closed, invisible for all students 1 => eye open ( We should have visibility == accepted, otherwise there is an inconsistency in the Database) field value in table c_course_setting : 0 => Allow learners to delete their own publications = NO 1 => Allow learners to delete their own publications = YES +------------------+-------------------------+------------------------+ |Can download work?| doc visible for all = 0 | doc visible for all = 1| +------------------+-------------------------+------------------------+ | visibility = 0 | editor only | editor only | | | | | +------------------+-------------------------+------------------------+ | visibility = 1 | editor | editor | | | + owner of the work | + any student | +------------------+-------------------------+------------------------+ (editor = teacher + admin + anybody with right api_is_allowed_to_edit) */ $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1); $doc_visible_for_all = ($course_info['show_score'] == 1); $is_editor = api_is_allowed_to_edit(true, true, true); $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']); if ($is_editor || ($student_is_owner_of_work) || ($doc_visible_for_all && $work_is_visible) ) { $title = $row['title']; if (array_key_exists('filename', $row) && !empty($row['filename'])) { $title = $row['filename']; } $title = str_replace(' ', '_', $title); event_download($title); if (Security::check_abs_path( $full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/') ) { return array( 'path' => $full_file_name, 'title' => $title ); } } } } return false; }
/** * * @param array * @return string HTML language variable * * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function store_move_thread($values) { $table_threads = Database::get_course_table(TABLE_FORUM_THREAD); $table_posts = Database::get_course_table(TABLE_FORUM_POST); $courseId = api_get_course_int_id(); $sessionId = api_get_session_id(); $forumId = intval($_POST['forum']); $threadId = intval($_POST['thread_id']); $forumInfo = get_forums($forumId); // Change the thread table: Setting the forum_id to the new forum. $sql = "UPDATE {$table_threads} SET forum_id = {$forumId}\n WHERE c_id = {$courseId} AND thread_id = {$threadId}"; Database::query($sql); // Changing all the posts of the thread: setting the forum_id to the new forum. $sql = "UPDATE {$table_posts} SET forum_id = {$forumId}\n WHERE c_id = {$courseId} AND thread_id= {$threadId}"; Database::query($sql); // Fix group id, if forum is moved to a different group if (!empty($forumInfo['to_group_id'])) { $groupId = $forumInfo['to_group_id']; $item = api_get_item_property_info($courseId, TABLE_FORUM_THREAD, $threadId, $sessionId, $groupId); $table = Database::get_course_table(TABLE_ITEM_PROPERTY); $sessionCondition = api_get_session_condition($sessionId); if (!empty($item)) { if ($item['to_group_id'] != $groupId) { $sql = "UPDATE {$table}\n SET to_group_id = {$groupId}\n WHERE\n tool = '" . TABLE_FORUM_THREAD . "' AND\n c_id = {$courseId} AND\n ref = " . $item['ref'] . "\n {$sessionCondition}\n "; Database::query($sql); } } else { $sql = "UPDATE {$table}\n SET to_group_id = {$groupId}\n WHERE\n tool = '" . TABLE_FORUM_THREAD . "' AND\n c_id = {$courseId} AND\n ref = " . $threadId . "\n {$sessionCondition}\n "; Database::query($sql); } } return get_lang('ThreadMoved'); }
/** * Checks if the learning path is visible for student after the progress * of its prerequisite is completed, considering the time availability and * the LP visibility. * @param int $lp_id * @param int $student_id * @param string Course code (optional) * @param int $sessionId * @return bool */ public static function is_lp_visible_for_student($lp_id, $student_id, $courseCode = null, $sessionId = null) { $lp_id = (int) $lp_id; $courseInfo = api_get_course_info($courseCode); $sessionId = intval($sessionId); if (empty($sessionId)) { $sessionId = api_get_session_id(); } $tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN); // Get current prerequisite $sql = "SELECT id, prerequisite, subscribe_users, publicated_on, expired_on\n FROM {$tbl_learnpath}\n WHERE c_id = " . $courseInfo['real_id'] . " AND id = {$lp_id}"; $itemInfo = api_get_item_property_info($courseInfo['real_id'], TOOL_LEARNPATH, $lp_id, $sessionId); // If the item was deleted. if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) { return false; } $rs = Database::query($sql); $now = time(); if (Database::num_rows($rs) > 0) { $row = Database::fetch_array($rs, 'ASSOC'); $prerequisite = $row['prerequisite']; $is_visible = true; if (!empty($prerequisite)) { $progress = self::getProgress($prerequisite, $student_id, $courseInfo['real_id'], $sessionId); $progress = intval($progress); if ($progress < 100) { $is_visible = false; } } // Also check the time availability of the LP if ($is_visible) { // Adding visibility restrictions if (!empty($row['publicated_on']) && $row['publicated_on'] != '0000-00-00 00:00:00') { if ($now < api_strtotime($row['publicated_on'], 'UTC')) { //api_not_allowed(); $is_visible = false; } } // Blocking empty start times see BT#2800 global $_custom; if (isset($_custom['lps_hidden_when_no_start_date']) && $_custom['lps_hidden_when_no_start_date']) { if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') { //api_not_allowed(); $is_visible = false; } } if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') { if ($now > api_strtotime($row['expired_on'], 'UTC')) { //api_not_allowed(); $is_visible = false; } } } // Check if the subscription users/group to a LP is ON if (isset($row['subscribe_users']) && $row['subscribe_users'] == 1) { // Try group $is_visible = false; // Checking only the user visibility $userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, $student_id, 'LearnpathSubscription'); if ($userVisibility == 1) { $is_visible = true; } else { $userGroups = GroupManager::getAllGroupPerUserSubscription($student_id); if (!empty($userGroups)) { foreach ($userGroups as $groupInfo) { $groupId = $groupInfo['iid']; $userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, null, 'LearnpathSubscription', $groupId); if ($userVisibility == 1) { $is_visible = true; break; } } } } } return $is_visible; } return false; }
/** * Check if a user is the author of the item * @param int $item_id * @param int $user_id * @return bool */ function user_is_author($item_id, $user_id = null) { if (empty($item_id)) { return false; } if (empty($user_id)) { $user_id = api_get_user_id(); } $is_author = false; $item_to_edit_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id()); $is_allowed_to_edit = api_is_allowed_to_edit(); if ($is_allowed_to_edit) { $is_author = true; } else { if ($item_to_edit_data['insert_user_id'] == $user_id) { $is_author = true; } } if (!$is_author) { //api_not_allowed(); return false; } return $is_author; }
header('Pragma: no-cache'); //protection api_protect_course_script(true); $id = intval($_GET['id']); $course_info = api_get_course_info(); if (empty($course_info)) { api_not_allowed(true); } $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (!empty($course_info['real_id'])) { $sql = 'SELECT * FROM ' . $tbl_student_publication . ' WHERE c_id = ' . $course_info['real_id'] . ' AND id = "' . $id . '"'; $result = Database::query($sql); if ($result && Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $full_file_name = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/' . $row['url']; $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id']); allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']); if (empty($item_info)) { exit; } /* field show_score in table course : 0 => New documents are visible for all users 1 => New documents are only visible for the teacher(s) field visibility in table item_property : 0 => eye closed, invisible for all students 1 => eye open field accepted in table c_student_publication : 0 => eye closed, invisible for all students 1 => eye open (we should have visibility == accepted , otherwise there is an inconsistency in the Database) field value in table c_course_setting : 0 => Allow learners to delete their own publications = NO 1 => Allow learners to delete their own publications = YES
} if (!empty($exercise_list) && api_get_setting('exercise_invisible_in_session') === 'true') { if (!empty($sessionId)) { $changeDefaultVisibility = true; if (api_get_setting('configure_exercise_visibility_in_course') === 'true') { if (api_get_course_setting('exercise_invisible_in_session') == 1) { $changeDefaultVisibility = true; } else { $changeDefaultVisibility = false; } } if ($changeDefaultVisibility) { // Check exercise foreach ($exercise_list as $exercise) { if ($exercise['session_id'] == 0) { $visibilityInfo = api_get_item_property_info($courseInfo, TOOL_QUIZ, $exercise['iid'], $sessionId); if (empty($visibilityInfo)) { // Create a record for this api_item_property_update($courseInfo, TOOL_QUIZ, $exercise['iid'], 'invisible', api_get_user_id(), 0, null, '', '', $sessionId); } } } } } } if (isset($list_ordered) && !empty($list_ordered)) { $new_question_list = array(); foreach ($list_ordered as $exercise_id) { if (isset($exercise_list[$exercise_id])) { $new_question_list[] = $exercise_list[$exercise_id]; }
/** * Checks if the learning path is visible for student after the progress * of its prerequisite is completed, considering the time availability and * the LP visibility. * @param int Learnpath id * @param int Student id * @param string Course code (optional) * @param int $sessionId * @return bool */ public static function is_lp_visible_for_student( $lp_id, $student_id, $courseCode = null, $sessionId = null ) { $lp_id = (int)$lp_id; $course = api_get_course_info($courseCode); $sessionId = intval($sessionId); if (empty($sessionId)) { $sessionId = api_get_session_id(); } $tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN); // Get current prerequisite $sql = "SELECT id, prerequisite, publicated_on, expired_on FROM $tbl_learnpath WHERE c_id = ".$course['real_id']." AND id = $lp_id"; $itemInfo = api_get_item_property_info( $course['real_id'], TOOL_LEARNPATH, $lp_id, $sessionId ); // If the item was deleted. if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) { return false; } $rs = Database::query($sql); $now = time(); if (Database::num_rows($rs)>0) { $row = Database::fetch_array($rs, 'ASSOC'); $prerequisite = $row['prerequisite']; $is_visible = true; if (!empty($prerequisite)) { $progress = self::getProgress( $prerequisite, $student_id, $course['real_id'], $sessionId ); $progress = intval($progress); if ($progress < 100) { $is_visible = false; } } // Also check the time availability of the LP if ($is_visible) { // Adding visibility restrictions if (!empty($row['publicated_on']) && $row['publicated_on'] != '0000-00-00 00:00:00' ) { if ($now < api_strtotime($row['publicated_on'], 'UTC')) { //api_not_allowed(); $is_visible = false; } } // Blocking empty start times see BT#2800 global $_custom; if (isset($_custom['lps_hidden_when_no_start_date']) && $_custom['lps_hidden_when_no_start_date'] ) { if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') { //api_not_allowed(); $is_visible = false; } } if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') { if ($now > api_strtotime($row['expired_on'], 'UTC')) { //api_not_allowed(); $is_visible = false; } } } return $is_visible; } return false; }