public function isAllowedToDownload($requestedUrl) { if (!$this->isModuleAllowed()) { return false; } if (claro_is_in_a_course()) { if (!claro_is_course_allowed()) { pushClaroMessage('course not allowed', 'debug'); return false; } else { if (claro_is_in_a_group()) { if (!claro_is_group_allowed()) { pushClaroMessage('group not allowed', 'debug'); return false; } else { return true; } } else { return $this->isDocumentDownloadableInCourse($requestedUrl); } } } else { return false; } }
require '../inc/claro_init_global.inc.php'; require_once get_path('incRepositorySys') . '/lib/group.lib.inc.php'; require_once dirname(__FILE__) . '/../messaging/lib/permission.lib.php'; $toolNameList = claro_get_tool_name_list(); $toolRepository = get_path('clarolineRepositoryWeb'); $dialogBox = new DialogBox(); if (!claro_is_in_a_course() || !claro_is_course_allowed()) { claro_disp_auth_form(true); } // block if !claro_is_in_a_group() // accept if claro_is_group_allowed() if (!claro_is_allowed_to_edit()) { if (!claro_is_in_a_group()) { claro_redirect('group.php'); exit; } elseif (!claro_is_group_allowed() && !(isset($_REQUEST['selfReg']) || isset($_REQUEST['doReg']))) { claro_redirect('group.php'); exit; } } // use viewMode claro_set_display_mode_available(true); /******************** * CONNECTION SECTION *********************/ $is_allowedToManage = claro_is_allowed_to_edit(); /* * DB tables definition */ $tbl_cdb_names = claro_sql_get_course_tbl(); $tbl_mdb_names = claro_sql_get_main_tbl();
} elseif (false !== $topicSettingList) { $forumSettingList = get_forum_settings($topicSettingList['forum_id']); $forumId = $forumSettingList['forum_id']; } else { $forumSettingList = get_forum_settings($forumId); } $incrementViewCount = 'show' == $cmd ? true : false; //init anonymity status if (get_conf('clfrm_anonymity_enabled') == 'TRUE') { $anonymityStatus = $forumSettingList['anonymity']; } else { $anonymityStatus = 'forbidden'; } //check access rights $is_postAllowed = !claro_is_current_user_enrolment_pending() && claro_is_course_member() && $forumSettingList['forum_access'] != 0 && (!$topicId || !$topicSettingList['topic_status']) || claro_is_allowed_to_edit() ? true : false; $is_viewAllowed = !is_null($forumSettingList['idGroup']) && !($forumSettingList['idGroup'] == claro_get_current_group_id() || claro_is_in_a_group() || claro_is_group_allowed()) && !claro_is_allowed_to_edit() ? false : true; // NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking // attempt like rewriting the request without $cidReq. If we are in group // forum and the group of the concerned forum isn't the same as the session // one, something weird is happening, indeed ... if (!isset($_REQUEST['submit']) && !$is_postAllowed && 'show' != $cmd || !$is_viewAllowed) { $dialogBox->error(get_lang('Not allowed')); } else { //handle user commands if ('exDelete' == $cmd) { if (delete_post($postId, $topicSettingList['topic_id'], $forumSettingList['forum_id'])) { $dialogBox->success('Post successfully deleted'); } else { $dialogBox->error('Error while deleting post'); } $cmd = 'show';
require '../inc/claro_init_global.inc.php'; require_once get_path('incRepositorySys') . '/lib/fileManage.lib.php'; $_course = claro_get_current_course_data(); function is_parent_path($parentPath, $childPath) { // convert the path for operating system harmonize $parentPath = realpath($parentPath); $childPath = realpath($parentPath . $childPath); if ($childPath !== false) { // verify if the file exists and if the file is under parent path return preg_match('|^' . preg_quote($parentPath) . '|', $childPath); } else { return false; } } if (claro_is_in_a_group() && claro_is_group_allowed()) { $_group = claro_get_current_group_data(); $courseDir = claro_get_course_path() . '/group/' . claro_get_current_group_data('directory'); ClaroBreadCrumbs::getInstance()->prepend(get_lang('Documents and Links'), 'document.php'); ClaroBreadCrumbs::getInstance()->prepend(get_lang('Groups'), '../group/group.php'); } else { $courseDir = claro_get_course_path() . '/document'; ClaroBreadCrumbs::getInstance()->prepend(get_lang('Documents and Links'), 'document.php'); } $noPHP_SELF = true; $baseWorkDir = get_path('coursesRepositorySys') . $courseDir; if (!empty($_REQUEST['cmd'])) { $cmd = $_REQUEST['cmd']; } else { $cmd = null; }
$refresh_display_rate = get_conf('refresh_display_rate', 10); /*============================================================================ CHAT INIT ============================================================================*/ // THE CHAT NEEDS A TEMP FILE TO RECORD CONVERSATIONS. // THIS FILE IS STORED IN THE COURSE DIRECTORY $curChatRep = $coursePath . '/chat/'; // IN CASE OF AN UPGRADE THE DIRECTORY MAY NOT EXIST // A PREVIOUS CHECK (AND CREATE IF NEEDED) IS THUS NECESSARY if (!is_dir($curChatRep)) { mkdir($curChatRep, CLARO_FILE_PERMISSIONS); } // DETERMINE IF THE CHAT SYSTEM WILL WORK // EITHER AT THE COURSE LEVEL OR THE GROUP LEVEL if (claro_is_in_a_group()) { if (claro_is_group_allowed()) { $groupContext = TRUE; $courseContext = FALSE; $is_allowedToManage = $is_allowedToManage || claro_is_group_tutor(); $is_allowedToStore = $is_allowedToStore || claro_is_group_tutor(); $is_allowedToReset = $is_allowedToReset || claro_is_group_tutor(); $activeChatFile = $curChatRep . $courseId . '.' . $groupId . '.chat.html'; $onflySaveFile = $curChatRep . $courseId . '.' . $groupId . '.tmpChatArchive.html'; $exportFile = $coursePath . '/group/' . claro_get_current_group_data('directory') . '/'; } else { die('<center>' . get_lang('You are not a member of this group') . '</center>'); } } else { $groupContext = FALSE; $courseContext = TRUE; $activeChatFile = $curChatRep . $courseId . '.chat.html';
// is added to give admin status to tutor // && !claro_is_course_manager()) // is added to let course admin, tutor of current group, use student mode if (!claro_is_user_authenticated() || !claro_is_in_a_course()) { claro_disp_auth_form(true); } elseif ($forumSettingList) { $forum_name = stripslashes($forumSettingList['forum_name']); $forum_post_allowed = $forumSettingList['forum_access'] != 0 ? true : false; $forum_type = $forumSettingList['forum_type']; $forum_groupId = $forumSettingList['idGroup']; $forum_cat_id = $forumSettingList['cat_id']; /* * Check if the topic isn't attached to a group, or -- if it is attached --, * check the user is allowed to see the current group forum. */ if (!$forum_post_allowed || !is_null($forumSettingList['idGroup']) && (!claro_is_in_a_group() || !claro_is_group_allowed() || $forumSettingList['idGroup'] != claro_get_current_group_id())) { // NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking // attempt like rewriting the request without $cidReq. If we are in group // forum and the group of the concerned forum isn't the same as the session // one, something weird is happening, indeed ... $allowed = FALSE; $dialogBox->error(get_lang('Not allowed')); } else { if (isset($_REQUEST['submit'])) { // Either valid user/pass, or valid session. continue with post.. but first: // Check that, if this is a private forum, the current user can post here. /*------------------------------------------------------------------------ PREPARE THE DATA ------------------------------------------------------------------------*/ // SUBJECT $subject = trim($subject);
if (!claro_is_tool_allowed()) { if (!claro_is_in_a_course()) { claro_disp_auth_form(true); } else { claro_die(get_lang("Not allowed")); } } // display mode claro_set_display_mode_available(TRUE); // check and set user access level for the tool // set admin mode and groupId $is_allowedToAdmin = claro_is_allowed_to_edit(); if (claro_is_in_a_group() && claro_is_group_allowed()) { // group context $groupId = (int) claro_get_current_group_id(); } elseif (claro_is_in_a_group() && !claro_is_group_allowed()) { claro_die(get_lang("Not allowed")); } elseif (claro_is_course_allowed()) { // course context $groupId = 0; } else { claro_disp_auth_form(); } // require wiki files require_once "lib/class.wiki.php"; require_once "lib/class.wikistore.php"; require_once "lib/class.wikipage.php"; require_once "lib/lib.requestfilter.php"; require_once "lib/lib.wikisql.php"; require_once "lib/lib.javascript.php"; require_once "lib/lib.wikidisplay.php";
function printInit($selection = "*") { global $uidReset, $cidReset, $gidReset, $tidReset, $uidReq, $cidReq, $gidReq, $tidReq, $tlabelReq, $_user, $_course, $_groupUser, $_courseTool, $_SESSION, $_claro_local_run; if ($_claro_local_run) { echo "local init runned"; } else { echo '<font color="red"> local init never runned during this script </font>'; } echo ' <table width="100%" border="1" cellspacing="4" cellpadding="1" bordercolor="#808080" bgcolor="#C0C0C0" lang="en"> <TR>'; if ($selection == "*" or strstr($selection, "u")) { echo ' <TD valign="top" > <strong>User</strong> : (_uid) : ' . var_export(claro_get_current_user_id(), 1) . ' | (session[_uid]) : ' . var_export($_SESSION["_uid"], 1) . ' <br /> reset = ' . var_export($uidReset, 1) . ' | req = ' . var_export($uidReq, 1) . '<br /> _user : <pre>' . var_export($_user, 1) . '</pre> <br />is_platformAdmin :' . var_export(claro_is_platform_admin(), 1) . ' <br />is_allowedCreateCourse :' . var_export(claro_is_allowed_to_create_course(), 1) . ' </TD>'; } if ($selection == "*" or strstr($selection, "c")) { echo "\n <TD valign=\"top\" >\n <strong>Course</strong> : (_cid)" . var_export(claro_get_current_course_id(), 1) . "\n <br />\n reset = " . var_export($cidReset, 1) . " | req = " . var_export($cidReq, 1) . "\n <br />\n _course : <pre>" . var_export($_course, 1) . "</pre>\n <br />\n _groupProperties :\n <PRE>\n " . var_export(claro_get_current_group_properties_data(), 1) . "\n </PRE>\n </TD>"; } echo ' </TR> <TR>'; if ($selection == "*" or strstr($selection, "g")) { echo '<TD valign="top" ><strong>Group</strong> : (_gid) ' . var_export(claro_get_current_group_id(), 1) . '<br /> reset = ' . var_export($GLOBALS['gidReset'], 1) . ' | req = ' . var_export($gidReq, 1) . "<br />\n _group :<pre>" . var_export(claro_get_current_group_data(), 1) . "</pre></TD>"; } if ($selection == "*" or strstr($selection, "t")) { echo '<TD valign="top" ><strong>Tool</strong> : (_tid)' . var_export(claro_get_current_tool_id(), 1) . '<br /> reset = ' . var_export($tidReset, 1) . ' | req = ' . var_export($tidReq, 1) . '| req = ' . var_export($tlabelReq, 1) . ' <br /> _tool :' . var_export(get_init('_tool'), 1) . "</TD>"; } echo "</TR>"; if ($selection == "*" or strstr($selection, "u") && strstr($selection, "c")) { echo '<TR><TD valign="top" colspan="2"><strong>Course-User</strong>'; if (claro_is_user_authenticated()) { echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1); } if (claro_is_in_a_course()) { echo ' in ' . var_export(claro_get_current_course_id(), 1) . '<br />'; } if (claro_is_user_authenticated() && claro_get_current_course_id()) { echo '_courseUser : <pre>' . var_export(getInit('_courseUser'), 1) . '</pre>'; } echo '<br />is_courseMember : ' . var_export(claro_is_course_member(), 1); echo '<br />is_courseAdmin : ' . var_export(claro_is_course_manager(), 1); echo '<br />is_courseAllowed : ' . var_export(claro_is_course_allowed(), 1); echo '<br />is_courseTutor : ' . var_export(claro_is_course_tutor(), 1); echo '</TD></TR>'; } echo ""; if ($selection == "*" or strstr($selection, "u") && strstr($selection, "g")) { echo '<TR><TD valign="top" colspan="2">' . '<strong>Course-Group-User</strong>'; if (claro_is_user_authenticated()) { echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1); } if (claro_is_in_a_group()) { echo ' in ' . var_export(claro_get_current_group_id(), 1); } if (claro_is_in_a_group()) { echo '<br />_groupUser:'******'_groupUser'), 1); } echo '<br />is_groupMember:' . var_export(claro_is_group_member(), 1) . '<br />is_groupTutor: ' . var_export(claro_is_group_tutor(), 1) . '<br />is_groupAllowed:' . var_export(claro_is_group_allowed(), 1) . '</TD>' . '</tr>'; } if ($selection == "*" or strstr($selection, "c") && strstr($selection, "t")) { echo '<tr> <TD valign="top" colspan="2" ><strong>Course-Tool</strong><br />'; if (claro_get_current_tool_id()) { echo 'Tool :' . claro_get_current_tool_id(); } if (claro_is_in_a_course()) { echo ' in ' . claro_get_current_course_id() . '<br />'; } if (claro_get_current_tool_id()) { echo "_courseTool : <pre>" . var_export($_courseTool, 1) . '</pre><br />'; } echo 'is_toolAllowed : ' . var_export(claro_is_tool_allowed(), 1); echo "</TD>"; } echo "</TR></TABLE>"; }
$is_allowedToEdit = claro_is_allowed_to_edit() || claro_is_group_tutor() && !claro_is_course_manager(); // ( claro_is_group_tutor() // is added to give admin status to tutor // && !claro_is_course_manager()) // is added to let course admin, tutor of current group, use student mode $postSettingList = get_post_settings($post_id); if ($postSettingList && $is_allowedToEdit) { $topic_id = $postSettingList['topic_id']; $forumSettingList = get_forum_settings($postSettingList['forum_id']); $forum_name = stripslashes($forumSettingList['forum_name']); $forum_cat_id = $forumSettingList['cat_id']; /* * Check if the topic isn't attached to a group, or -- if it is attached --, * check the user is allowed to see the current group forum. */ if (!is_null($forumSettingList['idGroup']) && ($forumSettingList['idGroup'] != claro_get_current_group_id() || !claro_is_group_allowed())) { // NOTE : $forumSettingList['idGroup'] != claro_get_current_group_id() is necessary to prevent any hacking // attempt like rewriting the request without $cidReq. If we are in group // forum and the group of the concerned forum isn't the same as the session // one, something weird is happening, indeed ... $allowed = false; $dialogBox->error(get_lang('Not allowed')); } else { if (isset($_REQUEST['cancel'])) { claro_redirect('viewtopic.php?topic=' . $topic_id); exit; } if (isset($_REQUEST['submit'])) { /*----------------------------------------------------------------- Edit Post -----------------------------------------------------------------*/
/** * Check that the user has the privilege required to download the requested file * @param String $requestedUrl path of the requested file to test * @return boolean true if the user can download the file */ public function isAllowedToDownload($requestedUrl) { if (!$this->isModuleAllowed()) { return false; } if (!is_null($this->cid)) { $courseUserPrivilege = claro_get_course_user_privilege($this->cid, $this->uid); if (!$courseUserPrivilege['is_courseMember']) { pushClaroMessage('course not allowed', 'debug'); return false; } else { if (claro_is_in_a_group()) { if (!claro_is_group_allowed()) { pushClaroMessage('group not allowed', 'debug'); return false; } else { return true; } } else { return $this->isDocumentDownloadableInCourse($requestedUrl); } } } else { return false; } }