$userid = api_get_user_id(); /* MAIN DISPLAY SECTION */ $groupId = api_get_group_id(); $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; // Note: This has to be validated that it is an existing forum. $current_forum = get_forum_information($my_forum); if (empty($current_forum)) { api_not_allowed(); } $current_forum_category = get_forumcategory_information($current_forum['forum_category']); $is_group_tutor = false; if (!empty($groupId)) { //Group info & group category info $group_properties = GroupManager::get_group_properties($groupId); //User has access in the group? $user_has_access_in_group = GroupManager::user_has_access($userid, $groupId, GroupManager::GROUP_TOOL_FORUM); $is_group_tutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupId); //Course if (!api_is_allowed_to_edit(false, true) and ($current_forum_category && $current_forum_category['visibility'] == 0 or $current_forum['visibility'] == 0 or !$user_has_access_in_group)) { api_not_allowed(); } } else { //Course if (!api_is_allowed_to_edit(false, true) and ($current_forum_category && $current_forum_category['visibility'] == 0 or $current_forum['visibility'] == 0)) { api_not_allowed(); } } /* Header and Breadcrumbs */ $my_search = isset($_GET['search']) ? $_GET['search'] : ''; $my_action = isset($_GET['action']) ? $_GET['action'] : ''; $gradebook = null;
$tool_name = get_lang('StudentPublications'); $group_id = api_get_group_id(); $userInfo = api_get_user_info($studentId); $courseInfo = api_get_course_info(); if (empty($userInfo) || empty($courseInfo)) { api_not_allowed(true); } // Only a teachers page. if (!empty($group_id)) { $group_properties = GroupManager::get_group_properties($group_id); $show_work = false; if (api_is_allowed_to_edit(false, true)) { $show_work = true; } else { // you are not a teacher $show_work = GroupManager::user_has_access($user_id, $group_id, GroupManager::GROUP_TOOL_WORK); } if (!$show_work) { api_not_allowed(); } $interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq=' . $group_id, 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']); } else { if (!api_is_allowed_to_edit(false, true)) { api_not_allowed(true); } } $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications')); $interbreadcrumb[] = array('url' => '#', 'name' => $userInfo['complete_name']); Display::display_header(null); echo '<div class="actions">';
$tool_name = get_lang('StudentPublications'); $group_id = api_get_group_id(); $userInfo = api_get_user_info($studentId); $courseInfo = api_get_course_info(); if (empty($userInfo) || empty($courseInfo)) { api_not_allowed(true); } // Only a teachers page. if (!empty($group_id)) { $group_properties = GroupManager::get_group_properties($group_id); $show_work = false; if (api_is_allowed_to_edit(false, true)) { $show_work = true; } else { // you are not a teacher $show_work = GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_WORK); } if (!$show_work) { api_not_allowed(); } $interbreadcrumb[] = array('url' => '../group/group.php?' . api_get_cidreq(), 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?' . api_get_cidreq(), 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']); } else { if (!(api_is_allowed_to_edit() || api_is_coach())) { api_not_allowed(true); } } $action = isset($_GET['action']) ? $_GET['action'] : null; switch ($action) { case 'export_to_pdf': exportAllWork($studentId, $courseInfo, 'pdf');
// Note: This can be speed up if we transform the $forum_list // to an array that uses the forum_category as the key. if (isset($forum['forum_category']) && $forum['forum_category'] == $forumCategory['cat_id']) { $show_forum = false; // SHOULD WE SHOW THIS PARTICULAR FORUM // you are teacher => show forum if (api_is_allowed_to_edit(false, true)) { $show_forum = true; } else { // you are not a teacher // it is not a group forum => show forum // (invisible forums are already left out see get_forums function) if ($forum['forum_of_group'] == '0') { $show_forum = true; } else { $show_forum = GroupManager::user_has_access($user_id, $forum['forum_of_group'], GroupManager::GROUP_TOOL_FORUM); } } if ($show_forum) { $form_count++; $mywhatsnew_post_info = isset($whatsnew_post_info[$forum['forum_id']]) ? $whatsnew_post_info[$forum['forum_id']] : null; $html = '<div class="panel panel-default forum">'; $html .= '<div class="panel-body">'; $forum_image = ''; $imgForum = ''; // Showing the image if (!empty($forum['forum_image'])) { $image_path = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/upload/forum/images/' . $forum['forum_image']; $image_size = api_getimagesize($image_path); $img_attributes = ''; if (!empty($image_size)) {
} // 2. the forumcategory or forum is locked (locked <>0) and the user is not a course manager if (!api_is_allowed_to_edit(false, true) and ($current_forum_category['visibility'] && $current_forum_category['locked'] != 0 or $current_forum['locked'] != 0)) { api_not_allowed(); } // 3. new threads are not allowed and the user is not a course manager if (!api_is_allowed_to_edit(false, true) and $current_forum['allow_new_threads'] != 1) { api_not_allowed(); } // 4. anonymous posts are not allowed and the user is not logged in if (!$_user['user_id'] and $current_forum['allow_anonymous'] != 1) { api_not_allowed(); } // 5. Check user access if ($current_forum['forum_of_group'] != 0) { $show_forum = GroupManager::user_has_access(api_get_user_id(), $current_forum['forum_of_group'], GroupManager::GROUP_TOOL_FORUM); if (!$show_forum) { api_not_allowed(); } } $session_toolgroup = 0; if ($origin == 'group') { $session_toolgroup = intval($_SESSION['toolgroup']); $group_properties = GroupManager::get_group_properties($session_toolgroup); $interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq=' . $session_toolgroup, 'name' => get_lang('GroupSpace') . ' ' . $group_properties['name']); $interbreadcrumb[] = array('url' => 'viewforum.php?origin=' . $origin . '&gidReq=' . $session_toolgroup . '&forum=' . Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']); $interbreadcrumb[] = array('url' => 'newthread.php?origin=' . $origin . '&forum=' . Security::remove_XSS($_GET['forum']), 'name' => get_lang('NewTopic')); } else { $interbreadcrumb[] = array('url' => 'index.php?gradebook=' . $gradebook, 'name' => $nameTools); $interbreadcrumb[] = array('url' => 'viewforumcategory.php?forumcategory=' . $current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']);
/** * @param int $filter * @param string $view * @return string */ public function displayActions($view, $filter = 0) { $courseInfo = api_get_course_info(); $actionsLeft = ''; $actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_js.php?type={$this->type}'>" . Display::return_icon('calendar.png', get_lang('Calendar'), '', ICON_SIZE_MEDIUM) . "</a>"; $courseCondition = ''; if (!empty($courseInfo)) { $courseCondition = api_get_cidreq(); } $actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_list.php?type={$this->type}&" . $courseCondition . "'>" . Display::return_icon('week.png', get_lang('AgendaList'), '', ICON_SIZE_MEDIUM) . "</a>"; $form = ''; if (api_is_allowed_to_edit(false, true) || api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) || GroupManager::user_has_access(api_get_user_id(), api_get_group_id(), GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())) { $actionsLeft .= Display::url(Display::return_icon('new_event.png', get_lang('AgendaAdd'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=add&type=" . $this->type); $actionsLeft .= Display::url(Display::return_icon('import_calendar.png', get_lang('ICalFileImport'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=importical&type=" . $this->type); if ($this->type == 'course') { if (!isset($_GET['action'])) { $form = new FormValidator('form-search', 'post', '', '', array(), FormValidator::LAYOUT_INLINE); $attributes = array('multiple' => false, 'id' => 'select_form_id_search'); $selectedValues = $this->parseAgendaFilter($filter); $this->showToForm($form, $selectedValues, $attributes); $form = $form->returnForm(); } } } if (api_is_platform_admin() || api_is_teacher() || api_is_student_boss() || api_is_drh() || api_is_session_admin() || api_is_coach()) { if ($this->type == 'personal') { $form = null; if (!isset($_GET['action'])) { $form = new FormValidator('form-search', 'get', api_get_self() . '?type=personal&', '', array(), FormValidator::LAYOUT_INLINE); $sessions = SessionManager::get_sessions_by_user(api_get_user_id()); $form->addHidden('type', 'personal'); $sessions = array_column($sessions, 'session_name', 'session_id'); $sessions = ['0' => get_lang('SelectAnOption')] + $sessions; $form->addSelect('session_id', get_lang('Session'), $sessions, ['id' => 'session_id', 'onchange' => 'submit();']); //$form->addButtonFilter(get_lang('Filter')); //$renderer = $form->defaultRenderer(); //$renderer->setCustomElementTemplate('<div class="col-md-6">{element}</div>'); $form->addButtonReset(get_lang('Reset')); $form = $form->returnForm(); } } } $actionsRight = ''; if ($view == 'calendar') { $actionsRight .= $form; } $toolbar = Display::toolbarAction('toolbar-agenda', array(0 => $actionsLeft, 1 => $actionsRight), 2, false); return $toolbar; }
} if (!$is_certificate_mode) { /* BUILD SEARCH FORM */ $form = new FormValidator('search_document', 'get', api_get_self() . '?' . api_get_cidreq(), '', array(), FormValidator::LAYOUT_INLINE); $form->addText('keyword', '', false, array('class' => 'col-md-2')); $form->addElement('hidden', 'cidReq', api_get_course_id()); $form->addElement('hidden', 'id_session', api_get_session_id()); $form->addElement('hidden', 'gidReq', $groupId); $form->addButtonSearch(get_lang('Search')); $actionsRight = $form->returnForm(); } $table_footer = ''; $total_size = 0; $sortable_data = array(); if (isset($documentAndFolders) && is_array($documentAndFolders)) { if ($groupId == 0 || GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_DOCUMENTS)) { $count = 1; $countedPaths = array(); $countedPaths = array(); foreach ($documentAndFolders as $key => $document_data) { $row = array(); $row['id'] = $document_data['id']; $row['type'] = $document_data['filetype']; // If the item is invisible, wrap it in a span with class invisible. $is_visible = DocumentManager::is_visible_by_id($document_data['id'], $courseInfo, $sessionId, api_get_user_id(), false); $invisibility_span_open = $is_visible == 0 ? '<span class="muted">' : ''; $invisibility_span_close = $is_visible == 0 ? '</span>' : ''; // Size (or total size of a directory) $size = $document_data['filetype'] == 'folder' ? get_total_folder_size($document_data['path'], $is_allowed_to_edit) : $document_data['size']; // Get the title or the basename depending on what we're using if ($document_data['title'] != '') {
/** * @param string $tool Possible values: * GroupManager::GROUP_TOOL_* * */ function api_protect_course_group($tool, $showHeader = true) { $userId = api_get_user_id(); $groupId = api_get_group_id(); if (!empty($groupId)) { $allow = GroupManager::user_has_access($userId, $groupId, $tool); if (!$allow) { api_not_allowed($showHeader); } } }
$id_list = explode('_', $eventId); $eventId = $id_list[1]; $event_type = $id_list[0]; } if (!api_is_allowed_to_edit(null, true) && $event_type == 'course') { api_not_allowed(true); } if ($event_type == 'course') { $agendaUrl = api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?' . api_get_cidreq() . '&type=course'; } else { $agendaUrl = api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?&type=' . $event_type; } $course_info = api_get_course_info(); $agenda->type = $event_type; $content = null; if (api_is_allowed_to_edit(false, true) || api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) || GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) { switch ($action) { case 'add': $actionName = get_lang('Add'); $form = $agenda->getForm(array('action' => 'add')); if ($form->validate()) { $values = $form->getSubmitValues(); $sendEmail = isset($values['add_announcement']) ? true : false; $allDay = isset($values['all_day']) ? 'true' : 'false'; $sendAttachment = isset($_FILES['user_upload']) ? true : false; $attachment = $sendAttachment ? $_FILES['user_upload'] : null; $attachmentComment = isset($values['file_comment']) ? $values['file_comment'] : null; $comment = isset($values['comment']) ? $values['comment'] : null; $startDate = $values['date_range_start']; $endDate = $values['date_range_end']; $eventId = $agenda->addEvent($startDate, $endDate, $allDay, $values['title'], $values['content'], $values['users_to_send'], $sendEmail, null, $attachment, $attachmentComment, $comment);
/** * @param int $filter * @param string $view * @return string */ public function displayActions($view, $filter = 0) { $actions = "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_js.php?type={$this->type}'>" . Display::return_icon('calendar.png', get_lang('Calendar'), '', ICON_SIZE_MEDIUM) . "</a>"; $actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_list.php?type={$this->type}&" . api_get_cidreq() . "'>" . Display::return_icon('week.png', get_lang('AgendaList'), '', ICON_SIZE_MEDIUM) . "</a>"; if (api_is_allowed_to_edit(false, true) or api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) or GroupManager::user_has_access(api_get_user_id(), api_get_group_id(), GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())) { if ($this->type == 'course') { $form = null; if (!isset($_GET['action'])) { $form = new FormValidator('form-search'); $attributes = array('multiple' => false, 'id' => 'select_form_id_search'); $selectedValues = $this->parseAgendaFilter($filter); $this->showToForm($form, $selectedValues, $attributes); $form = $form->return_form(); } $actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=add&type=course'>" . Display::return_icon('new_event.png', get_lang('AgendaAdd'), '', ICON_SIZE_MEDIUM) . "</a>"; $actions .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=importical&type=course'>" . Display::return_icon('import_calendar.png', get_lang('ICalFileImport'), '', ICON_SIZE_MEDIUM) . "</a>"; if ($view == 'calendar') { $actions .= $form; } } } return $actions; }
/** * @param array $courseInfo * @param int $workId * @return bool */ function protectWork($courseInfo, $workId) { $userId = api_get_user_id(); $groupId = api_get_group_id(); $sessionId = api_get_session_id(); $workData = get_work_data_by_id($workId); if (empty($workData) || empty($courseInfo)) { api_not_allowed(true); } if (api_is_platform_admin() || api_is_allowed_to_edit()) { return true; } $workId = $workData['id']; if ($workData['active'] != 1) { api_not_allowed(true); } $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId); if ($visibility != 1) { api_not_allowed(true); } allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']); if (!empty($groupId)) { $showWork = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_WORK); if (!$showWork) { api_not_allowed(true); } } }
/** * This function displays a dropdown list that allows the course administrator do view the calendar items of one specific group * @author: Patrick Cool <*****@*****.**>, Ghent University */ function show_user_group_filter_form() { echo "<select name=\"select\" onchange=\"javascript: MM_jumpMenu('parent',this,0)\">"; echo "<option value=\"agenda.php?user=none&action=view\">" . get_lang("ShowAll") . "</option>"; // Groups $group_list = get_course_groups(); $group_available_to_access = array(); $option = ''; if (!empty($group_list)) { $option = "<optgroup label=\"" . get_lang("Groups") . "\">"; foreach ($group_list as $this_group) { // echo "<option value=\"agenda.php?isStudentView=true&group=".$this_group['id']."\">".$this_group['name']."</option>"; $has_access = GroupManager::user_has_access(api_get_user_id(), $this_group['id'], GroupManager::GROUP_TOOL_CALENDAR); $result = GroupManager::get_group_properties($this_group['id']); if ($result['calendar_state'] != '0') { $group_available_to_access[] = $this_group['id']; } // lastedit if ($has_access || $result['calendar_state'] == '1') { $option .= "<option value=\"agenda.php?action=view&group=" . $this_group['id'] . "\" "; $option .= $this_group['id'] == $_SESSION['group'] ? " selected" : ""; $option .= ">" . $this_group['name'] . "</option>"; } } $option .= "</optgroup>"; } echo $option; // Users $user_list = get_course_users(); if (!empty($user_list)) { echo "<optgroup label=\"" . get_lang("Users") . "\">"; foreach ($user_list as $this_user) { echo "<option value=\"agenda.php?action=view&user="******"\" "; echo isset($_SESSION['user']) && $this_user['uid'] == $_SESSION['user'] ? " selected" : ""; echo ">" . api_get_person_name($this_user['firstName'], $this_user['lastName']) . "</option>"; } echo "</optgroup>"; } echo "</select>"; }
public static function user_can_edit_announcement() { $group_id = api_get_group_id(); return api_is_allowed_to_edit(false, true) or api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous() or !empty($group_id) and GroupManager::user_has_access(api_get_user_id(), $group_id, GroupManager::GROUP_TOOL_ANNOUNCEMENT) and GroupManager::is_tutor_of_group(api_get_user_id(), $group_id); }