/** * Serves setaskment submissions and other files. * * @param mixed $course course or id of the course * @param mixed $cm course module or id of the course module * @param context $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - just send the file */ function setasksubmission_file_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) { global $DB, $CFG; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, false, $cm); $itemid = (int) array_shift($args); $record = $DB->get_record('setask_submission', array('id' => $itemid), 'userid, setaskment, groupid', MUST_EXIST); $userid = $record->userid; $groupid = $record->groupid; require_once $CFG->dirroot . '/mod/setask/locallib.php'; $setask = new setask($context, $cm, $course); if ($setask->get_instance()->id != $record->setaskment) { return false; } if ($setask->get_instance()->teamsubmission && !$setask->can_view_group_submission($groupid)) { return false; } if (!$setask->get_instance()->teamsubmission && !$setask->can_view_submission($userid)) { return false; } $relativepath = implode('/', $args); $fullpath = "/{$context->id}/setasksubmission_file/{$filearea}/{$itemid}/{$relativepath}"; $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) || $file->is_directory()) { return false; } // Download MUST be forced - security! send_stored_file($file, 0, 0, true); }
/** * Default implementation of file_get_info for plugins. * This is used by the filebrowser to browse a plugins file areas. * * This implementation should work for most plugins but can be overridden if required. * @param file_browser $browser * @param string $filearea * @param int $itemid * @param string $filepath * @param string $filename * @return file_info_stored */ public function get_file_info($browser, $filearea, $itemid, $filepath, $filename) { global $CFG, $DB, $USER; $urlbase = $CFG->wwwroot . '/pluginfile.php'; // Permission check on the itemid. if ($this->get_subtype() == 'setasksubmission') { if ($itemid) { $record = $DB->get_record('setask_submission', array('id' => $itemid), 'userid', IGNORE_MISSING); if (!$record) { return null; } if (!$this->setaskment->can_view_submission($record->userid)) { return null; } } } else { // Not supported for feedback plugins. return null; } $fs = get_file_storage(); $filepath = is_null($filepath) ? '/' : $filepath; $filename = is_null($filename) ? '.' : $filename; if (!($storedfile = $fs->get_file($this->setaskment->get_context()->id, $this->get_subtype() . '_' . $this->get_type(), $filearea, $itemid, $filepath, $filename))) { return null; } return new file_info_stored($browser, $this->setaskment->get_context(), $storedfile, $urlbase, $filearea, $itemid, true, true, false); }
/** * Permission control method for submission plugin ---- required method for AJAXmoodle based comment API * * @param stdClass $options * @return array */ function setasksubmission_comments_comment_permissions(stdClass $options) { global $USER, $CFG, $DB; if ($options->commentarea != 'submission_comments' && $options->commentarea != 'submission_comments_upgrade') { throw new comment_exception('invalidcommentarea'); } if (!($submission = $DB->get_record('setask_submission', array('id' => $options->itemid)))) { throw new comment_exception('invalidcommentitemid'); } $context = $options->context; require_once $CFG->dirroot . '/mod/setask/locallib.php'; $setaskment = new setask($context, null, null); if ($setaskment->get_instance()->id != $submission->setaskment) { throw new comment_exception('invalidcontext'); } if ($setaskment->get_instance()->teamsubmission && !$setaskment->can_view_group_submission($submission->groupid)) { return array('post' => false, 'view' => false); } if (!$setaskment->get_instance()->teamsubmission && !$setaskment->can_view_submission($submission->userid)) { return array('post' => false, 'view' => false); } return array('post' => true, 'view' => true); }
use setaskfeedback_editpdf\page_editor; use setaskfeedback_editpdf\comments_quick_list; define('AJAX_SCRIPT', true); require '../../../../config.php'; require_once $CFG->dirroot . '/mod/setask/locallib.php'; require_sesskey(); $action = optional_param('action', '', PARAM_ALPHANUM); $setaskmentid = required_param('setaskmentid', PARAM_INT); $userid = required_param('userid', PARAM_INT); $attemptnumber = required_param('attemptnumber', PARAM_INT); $readonly = optional_param('readonly', false, PARAM_BOOL); $cm = \get_coursemodule_from_instance('setask', $setaskmentid, 0, false, MUST_EXIST); $context = \context_module::instance($cm->id); $setaskment = new \setask($context, null, null); require_login($setaskment->get_course(), false, $cm); if (!$setaskment->can_view_submission($userid)) { print_error('nopermission'); } if ($action == 'loadallpages') { $draft = true; if (!has_capability('mod/setask:grade', $context)) { $draft = false; $readonly = true; // A student always sees the readonly version. require_capability('mod/setask:submit', $context); } // Whoever is viewing the readonly version should not use the drafts, but the actual annotations. if ($readonly) { $draft = false; } $pages = document_services::get_page_images_for_attempt($setaskment, $userid, $attemptnumber, $readonly);