/**
* Return true if user can see a file
*
* @param int document id
* @param array course info
* @param int
* @param int
* @param bool
* @return bool
*/
public static function is_visible_by_id($doc_id, $course_info, $session_id, $user_id, $admins_can_see_everything = true)
{
$user_in_course = false;
//1. Checking the course array
if (empty($course_info)) {
$course_info = api_get_course_info();
if (empty($course_info)) {
return false;
}
}
$doc_id = intval($doc_id);
$session_id = intval($session_id);
//2. Course and Session visibility are handle in local.inc.php/global.inc.php
//3. Checking if user exist in course/session
if ($session_id == 0) {
if (CourseManager::is_user_subscribed_in_course($user_id, $course_info['code']) || api_is_platform_admin()) {
$user_in_course = true;
}
// Check if course is open then we can consider that the student is registered to the course
if (isset($course_info) && in_array($course_info['visibility'], array(COURSE_VISIBILITY_OPEN_PLATFORM, COURSE_VISIBILITY_OPEN_WORLD))) {
$user_in_course = true;
}
} else {
$user_status = SessionManager::get_user_status_in_course_session($user_id, $course_info['real_id'], $session_id);
if (in_array($user_status, array('0', '2', '6'))) {
//is true if is an student, course session teacher or coach
$user_in_course = true;
}
if (api_is_platform_admin()) {
$user_in_course = true;
}
}
// 4. Checking document visibility (i'm repeating the code in order to be more clear when reading ) - jm
if ($user_in_course) {
// 4.1 Checking document visibility for a Course
if ($session_id == 0) {
$item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0);
if (isset($item_info['visibility'])) {
// True for admins if document exists
if ($admins_can_see_everything && api_is_platform_admin()) {
return true;
}
if ($item_info['visibility'] == 1) {
return true;
}
}
} else {
// 4.2 Checking document visibility for a Course in a Session
$item_info = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, 0);
$item_info_in_session = api_get_item_property_info($course_info['real_id'], 'document', $doc_id, $session_id);
// True for admins if document exists
if (isset($item_info['visibility'])) {
if ($admins_can_see_everything && api_is_platform_admin()) {
return true;
}
}
if (isset($item_info_in_session['visibility'])) {
if ($item_info_in_session['visibility'] == 1) {
return true;
}
} else {
if ($item_info['visibility'] == 1) {
return true;
}
}
}
} elseif ($admins_can_see_everything && api_is_platform_admin()) {
return true;
}
return false;
}
/**
* update done thematic advances from thematic details interface
* @param int Thematic id
* @return int Affected rows
*/
public function update_done_thematic_advances($thematic_advance_id)
{
$_course = api_get_course_info();
$thematic_data = $this->get_thematic_list(null, api_get_course_id());
$thematic_advance_data = $this->get_thematic_advance_list(null, api_get_course_id(), true);
$tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE);
$affected_rows = 0;
$user_id = api_get_user_id();
$all = array();
if (!empty($thematic_data)) {
foreach ($thematic_data as $thematic) {
$thematic_id = $thematic['id'];
if (!empty($thematic_advance_data[$thematic['id']])) {
foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) {
$all[] = $thematic_advance['id'];
}
}
}
}
$error = null;
$a_thematic_advance_ids = array();
$course_id = api_get_course_int_id();
$sessionId = api_get_session_id();
if (!empty($thematic_data)) {
foreach ($thematic_data as $thematic) {
$my_affected_rows = 0;
$thematic_id = $thematic['id'];
if (!empty($thematic_advance_data[$thematic['id']])) {
foreach ($thematic_advance_data[$thematic['id']] as $thematic_advance) {
$item_info = api_get_item_property_info(api_get_course_int_id(), 'thematic_advance', $thematic_advance['id'], $sessionId);
if ($item_info['id_session'] == $sessionId) {
$a_thematic_advance_ids[] = $thematic_advance['id'];
// update done thematic for previous advances ((done_advance = 1))
$upd = "UPDATE {$tbl_thematic_advance} SET\n done_advance = 1\n WHERE c_id = {$course_id} AND id = " . $thematic_advance['id'] . " ";
$result = Database::query($upd);
$my_affected_rows = Database::affected_rows($result);
$affected_rows += $my_affected_rows;
//if ($my_affected_rows) {
api_item_property_update($_course, 'thematic_advance', $thematic_advance['id'], "ThematicAdvanceDone", $user_id);
//}
if ($thematic_advance['id'] == $thematic_advance_id) {
break 2;
}
}
}
}
}
}
// Update done thematic for others advances (done_advance = 0)
if (!empty($a_thematic_advance_ids) && count($a_thematic_advance_ids) > 0) {
$diff = array_diff($all, $a_thematic_advance_ids);
if (!empty($diff)) {
$upd = "UPDATE {$tbl_thematic_advance} SET done_advance = 0\n \t\t\t WHERE c_id = {$course_id} AND id IN(" . implode(',', $diff) . ") ";
Database::query($upd);
}
// update item_property
$tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
$sql = "SELECT ref FROM {$tbl_item_property}\n WHERE\n c_id = {$course_id} AND\n tool='thematic_advance' AND\n lastedit_type='ThematicAdvanceDone' AND\n session_id = {$sessionId} ";
// get all thematic advance done
$rs_thematic_done = Database::query($sql);
if (Database::num_rows($rs_thematic_done) > 0) {
while ($row_thematic_done = Database::fetch_array($rs_thematic_done)) {
$ref = $row_thematic_done['ref'];
if (in_array($ref, $a_thematic_advance_ids)) {
continue;
}
// update items
$sql = "UPDATE {$tbl_item_property} SET\n lastedit_date='" . api_get_utc_datetime() . "',\n lastedit_type='ThematicAdvanceUpdated',\n lastedit_user_id = {$user_id}\n WHERE\n c_id = {$course_id} AND\n tool='thematic_advance' AND\n ref={$ref} AND\n session_id = {$sessionId} ";
Database::query($sql);
}
}
}
return $affected_rows;
}
/* Display user interface */
// Display the header
$nameTools = get_lang('EditDocument') . ': ' . Security::remove_XSS($document_data['title']);
Display::display_header($nameTools, 'Doc');
if (isset($msgError)) {
Display::display_error_message($msgError);
}
if (isset($info_message)) {
Display::display_confirmation_message($info_message);
if (isset($_POST['origin'])) {
$slide_id = $_POST['origin_opt'];
$call_from_tool = $_POST['origin'];
}
}
// Owner
$document_info = api_get_item_property_info(api_get_course_int_id(), 'document', $document_id);
$owner_id = $document_info['insert_user_id'];
$last_edit_date = $document_info['lastedit_date'];
if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_edit || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) {
$action = api_get_self() . '?id=' . $document_data['id'];
$form = new FormValidator('formEdit', 'post', $action, null, array('class' => 'form-horizontal'));
// Form title
$form->addElement('header', $nameTools);
$form->addElement('hidden', 'filename');
$form->addElement('hidden', 'extension');
$form->addElement('hidden', 'file_path');
$form->addElement('hidden', 'commentPath');
$form->addElement('hidden', 'showedit');
$form->addElement('hidden', 'origin');
$form->addElement('hidden', 'origin_opt');
$form->add_textfield('title', get_lang('Title'));
/**
* Get the file contents for an assigment
* @param int $id
* @param array $course_info
* @param int Session ID
* @return array|bool
*/
function getFileContents($id, $course_info, $sessionId = 0)
{
$id = intval($id);
if (empty($course_info) || empty($id)) {
return false;
}
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM '.$tbl_student_publication.'
WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
api_not_allowed();
}
/*
field show_score in table course :
0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
field visibility in table item_property :
0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication :
0 => eye closed, invisible for all students
1 => eye open
( We should have visibility == accepted, otherwise there is an
inconsistency in the Database)
field value in table c_course_setting :
0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
+------------------+-------------------------+------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+-------------------------+------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+-------------------------+------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+-------------------------+------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
$doc_visible_for_all = ($course_info['show_score'] == 1);
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor ||
($student_is_owner_of_work) ||
($doc_visible_for_all && $work_is_visible)
) {
$title = $row['title'];
if (array_key_exists('filename', $row) && !empty($row['filename'])) {
$title = $row['filename'];
}
$title = str_replace(' ', '_', $title);
event_download($title);
if (Security::check_abs_path(
$full_file_name,
api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
) {
return array(
'path' => $full_file_name,
'title' => $title
);
}
}
}
}
return false;
}
/**
*
* @param array
* @return string HTML language variable
*
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function store_move_thread($values)
{
$table_threads = Database::get_course_table(TABLE_FORUM_THREAD);
$table_posts = Database::get_course_table(TABLE_FORUM_POST);
$courseId = api_get_course_int_id();
$sessionId = api_get_session_id();
$forumId = intval($_POST['forum']);
$threadId = intval($_POST['thread_id']);
$forumInfo = get_forums($forumId);
// Change the thread table: Setting the forum_id to the new forum.
$sql = "UPDATE {$table_threads} SET forum_id = {$forumId}\n WHERE c_id = {$courseId} AND thread_id = {$threadId}";
Database::query($sql);
// Changing all the posts of the thread: setting the forum_id to the new forum.
$sql = "UPDATE {$table_posts} SET forum_id = {$forumId}\n WHERE c_id = {$courseId} AND thread_id= {$threadId}";
Database::query($sql);
// Fix group id, if forum is moved to a different group
if (!empty($forumInfo['to_group_id'])) {
$groupId = $forumInfo['to_group_id'];
$item = api_get_item_property_info($courseId, TABLE_FORUM_THREAD, $threadId, $sessionId, $groupId);
$table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$sessionCondition = api_get_session_condition($sessionId);
if (!empty($item)) {
if ($item['to_group_id'] != $groupId) {
$sql = "UPDATE {$table}\n SET to_group_id = {$groupId}\n WHERE\n tool = '" . TABLE_FORUM_THREAD . "' AND\n c_id = {$courseId} AND\n ref = " . $item['ref'] . "\n {$sessionCondition}\n ";
Database::query($sql);
}
} else {
$sql = "UPDATE {$table}\n SET to_group_id = {$groupId}\n WHERE\n tool = '" . TABLE_FORUM_THREAD . "' AND\n c_id = {$courseId} AND\n ref = " . $threadId . "\n {$sessionCondition}\n ";
Database::query($sql);
}
}
return get_lang('ThreadMoved');
}
/**
* Checks if the learning path is visible for student after the progress
* of its prerequisite is completed, considering the time availability and
* the LP visibility.
* @param int $lp_id
* @param int $student_id
* @param string Course code (optional)
* @param int $sessionId
* @return bool
*/
public static function is_lp_visible_for_student($lp_id, $student_id, $courseCode = null, $sessionId = null)
{
$lp_id = (int) $lp_id;
$courseInfo = api_get_course_info($courseCode);
$sessionId = intval($sessionId);
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN);
// Get current prerequisite
$sql = "SELECT id, prerequisite, subscribe_users, publicated_on, expired_on\n FROM {$tbl_learnpath}\n WHERE c_id = " . $courseInfo['real_id'] . " AND id = {$lp_id}";
$itemInfo = api_get_item_property_info($courseInfo['real_id'], TOOL_LEARNPATH, $lp_id, $sessionId);
// If the item was deleted.
if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) {
return false;
}
$rs = Database::query($sql);
$now = time();
if (Database::num_rows($rs) > 0) {
$row = Database::fetch_array($rs, 'ASSOC');
$prerequisite = $row['prerequisite'];
$is_visible = true;
if (!empty($prerequisite)) {
$progress = self::getProgress($prerequisite, $student_id, $courseInfo['real_id'], $sessionId);
$progress = intval($progress);
if ($progress < 100) {
$is_visible = false;
}
}
// Also check the time availability of the LP
if ($is_visible) {
// Adding visibility restrictions
if (!empty($row['publicated_on']) && $row['publicated_on'] != '0000-00-00 00:00:00') {
if ($now < api_strtotime($row['publicated_on'], 'UTC')) {
//api_not_allowed();
$is_visible = false;
}
}
// Blocking empty start times see BT#2800
global $_custom;
if (isset($_custom['lps_hidden_when_no_start_date']) && $_custom['lps_hidden_when_no_start_date']) {
if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') {
//api_not_allowed();
$is_visible = false;
}
}
if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') {
if ($now > api_strtotime($row['expired_on'], 'UTC')) {
//api_not_allowed();
$is_visible = false;
}
}
}
// Check if the subscription users/group to a LP is ON
if (isset($row['subscribe_users']) && $row['subscribe_users'] == 1) {
// Try group
$is_visible = false;
// Checking only the user visibility
$userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, $student_id, 'LearnpathSubscription');
if ($userVisibility == 1) {
$is_visible = true;
} else {
$userGroups = GroupManager::getAllGroupPerUserSubscription($student_id);
if (!empty($userGroups)) {
foreach ($userGroups as $groupInfo) {
$groupId = $groupInfo['iid'];
$userVisibility = api_get_item_visibility($courseInfo, 'learnpath', $row['id'], $sessionId, null, 'LearnpathSubscription', $groupId);
if ($userVisibility == 1) {
$is_visible = true;
break;
}
}
}
}
}
return $is_visible;
}
return false;
}
/**
* Check if a user is the author of the item
* @param int $item_id
* @param int $user_id
* @return bool
*/
function user_is_author($item_id, $user_id = null)
{
if (empty($item_id)) {
return false;
}
if (empty($user_id)) {
$user_id = api_get_user_id();
}
$is_author = false;
$item_to_edit_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id());
$is_allowed_to_edit = api_is_allowed_to_edit();
if ($is_allowed_to_edit) {
$is_author = true;
} else {
if ($item_to_edit_data['insert_user_id'] == $user_id) {
$is_author = true;
}
}
if (!$is_author) {
//api_not_allowed();
return false;
}
return $is_author;
}
header('Pragma: no-cache');
//protection
api_protect_course_script(true);
$id = intval($_GET['id']);
$course_info = api_get_course_info();
if (empty($course_info)) {
api_not_allowed(true);
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM ' . $tbl_student_publication . ' WHERE c_id = ' . $course_info['real_id'] . ' AND id = "' . $id . '"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/' . $row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id']);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
exit;
}
/*
field show_score in table course : 0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
field visibility in table item_property : 0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication : 0 => eye closed, invisible for all students
1 => eye open
(we should have visibility == accepted , otherwise there is an inconsistency in the Database)
field value in table c_course_setting : 0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
}
if (!empty($exercise_list) && api_get_setting('exercise_invisible_in_session') === 'true') {
if (!empty($sessionId)) {
$changeDefaultVisibility = true;
if (api_get_setting('configure_exercise_visibility_in_course') === 'true') {
if (api_get_course_setting('exercise_invisible_in_session') == 1) {
$changeDefaultVisibility = true;
} else {
$changeDefaultVisibility = false;
}
}
if ($changeDefaultVisibility) {
// Check exercise
foreach ($exercise_list as $exercise) {
if ($exercise['session_id'] == 0) {
$visibilityInfo = api_get_item_property_info($courseInfo, TOOL_QUIZ, $exercise['iid'], $sessionId);
if (empty($visibilityInfo)) {
// Create a record for this
api_item_property_update($courseInfo, TOOL_QUIZ, $exercise['iid'], 'invisible', api_get_user_id(), 0, null, '', '', $sessionId);
}
}
}
}
}
}
if (isset($list_ordered) && !empty($list_ordered)) {
$new_question_list = array();
foreach ($list_ordered as $exercise_id) {
if (isset($exercise_list[$exercise_id])) {
$new_question_list[] = $exercise_list[$exercise_id];
}
/**
* Checks if the learning path is visible for student after the progress
* of its prerequisite is completed, considering the time availability and
* the LP visibility.
* @param int Learnpath id
* @param int Student id
* @param string Course code (optional)
* @param int $sessionId
* @return bool
*/
public static function is_lp_visible_for_student(
$lp_id,
$student_id,
$courseCode = null,
$sessionId = null
) {
$lp_id = (int)$lp_id;
$course = api_get_course_info($courseCode);
$sessionId = intval($sessionId);
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_learnpath = Database::get_course_table(TABLE_LP_MAIN);
// Get current prerequisite
$sql = "SELECT id, prerequisite, publicated_on, expired_on
FROM $tbl_learnpath
WHERE c_id = ".$course['real_id']." AND id = $lp_id";
$itemInfo = api_get_item_property_info(
$course['real_id'],
TOOL_LEARNPATH,
$lp_id,
$sessionId
);
// If the item was deleted.
if (isset($itemInfo['visibility']) && $itemInfo['visibility'] == 2) {
return false;
}
$rs = Database::query($sql);
$now = time();
if (Database::num_rows($rs)>0) {
$row = Database::fetch_array($rs, 'ASSOC');
$prerequisite = $row['prerequisite'];
$is_visible = true;
if (!empty($prerequisite)) {
$progress = self::getProgress(
$prerequisite,
$student_id,
$course['real_id'],
$sessionId
);
$progress = intval($progress);
if ($progress < 100) {
$is_visible = false;
}
}
// Also check the time availability of the LP
if ($is_visible) {
// Adding visibility restrictions
if (!empty($row['publicated_on']) &&
$row['publicated_on'] != '0000-00-00 00:00:00'
) {
if ($now < api_strtotime($row['publicated_on'], 'UTC')) {
//api_not_allowed();
$is_visible = false;
}
}
// Blocking empty start times see BT#2800
global $_custom;
if (isset($_custom['lps_hidden_when_no_start_date']) &&
$_custom['lps_hidden_when_no_start_date']
) {
if (empty($row['publicated_on']) || $row['publicated_on'] == '0000-00-00 00:00:00') {
//api_not_allowed();
$is_visible = false;
}
}
if (!empty($row['expired_on']) && $row['expired_on'] != '0000-00-00 00:00:00') {
if ($now > api_strtotime($row['expired_on'], 'UTC')) {
//api_not_allowed();
$is_visible = false;
}
}
}
return $is_visible;
}
return false;
}
