/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
api_protect_course_script(true);
// Including necessary files
require_once 'work.lib.php';
$this_section = SECTION_COURSES;
$workId = isset($_GET['id']) ? intval($_GET['id']) : null;
$origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
if (empty($workId)) {
api_not_allowed(true);
}
$courseInfo = api_get_course_info();
protectWork($courseInfo, $workId);
$my_folder_data = get_work_data_by_id($workId);
$work_data = get_work_assignment_by_id($workId);
$tool_name = get_lang('StudentPublications');
$group_id = api_get_group_id();
$htmlHeadXtra[] = api_get_jqgrid_js();
$url_dir = api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq();
if (!empty($group_id)) {
$group_properties = GroupManager::get_group_properties($group_id);
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?' . api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'group/group_space.php?' . api_get_cidreq(), 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']);
}
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications'));
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work_list.php?' . api_get_cidreq() . '&id=' . $workId, 'name' => $my_folder_data['title']);
$documentsAddedInWork = getAllDocumentsFromWorkToString($workId, $courseInfo);
Display::display_header(null);
/* For licensing terms, see /license.txt */
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
require_once 'work.lib.php';
$id = isset($_GET['id']) ? intval($_GET['id']) : null;
$work = get_work_data_by_id($id);
if (empty($id) || empty($work)) {
api_not_allowed(true);
}
if ($work['active'] != 1) {
api_not_allowed(true);
}
$interbreadcrumb[] = array('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$courseInfo = api_get_course_info();
protectWork(api_get_course_info(), $work['parent_id']);
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(api_get_user_id(), $courseInfo);
if (user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach()) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (api_is_allowed_to_edit() || api_is_coach() || api_is_drh()) {
$url_dir = 'work_list_all.php?id=' . $my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id=' . $my_folder_data['id'];
}
$userInfo = api_get_user_info($work['user_id']);
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => $userInfo['complete_name']);
$interbreadcrumb[] = array('url' => '#', 'name' => $work['title']);
if ($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1 || (api_is_allowed_to_edit() || api_is_coach()) || user_is_author($id) || $isDrhOfCourse) {
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$page = isset($_REQUEST['page']) ? $_REQUEST['page'] : null;
if ($page == 'edit') {
// Including necessary files
require_once 'work.lib.php';
$this_section = SECTION_COURSES;
$work_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
$is_allowed_to_edit = api_is_allowed_to_edit();
$course_id = api_get_course_int_id();
$user_id = api_get_user_id();
$userInfo = api_get_user_info();
$session_id = api_get_session_id();
$course_info = api_get_course_info();
$course_code = $course_info['code'];
$group_id = api_get_group_id();
if (empty($work_id)) {
api_not_allowed(true);
}
protectWork($course_info, $work_id);
$workInfo = get_work_data_by_id($work_id);
$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id, $session_id);
$is_course_member = $is_course_member || api_is_platform_admin();
if ($is_course_member == false || api_is_invitee()) {
api_not_allowed(true);
}
$check = Security::check_token('post');
$token = Security::get_token();
$student_can_edit_in_session = api_is_allowed_to_session_edit(false, true);
// @todo add an option to allow/block multiple attempts.
/*
if (!empty($workInfo) && !empty($workInfo['qualification'])) {
$count = get_work_count_by_student($user_id, $work_id);
if ($count >= 1) {
Display::display_header();
* but this code will hopefully be replaced soon by an Apache URL
* rewrite mechanism.
*
* @package chamilo.work
*/
//require_once '../inc/global.inc.php';
require_once 'work.lib.php';
// Course protection
api_protect_course_script(true);
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
if (empty($commentId)) {
api_not_allowed(true);
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) {
api_not_allowed(true);
}
$work = get_work_data_by_id($workData['work_id']);
protectWork($courseInfo, $work['parent_id']);
if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']);
}
} else {
api_not_allowed(true);
}
} else {
api_not_allowed(true);
}
