diff --git a/main/work/work.lib.php b/main/work/work.lib.php
index 1e7dd498c7..5b6788e336 100644
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@@ -25,19 +25,23 @@ require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/gradebook_functions.inc.
* @param integer Whether to show upload form option
* @return void
*/
-function display_action_links($id, $cur_dir_path, $always_show_tool_options, $always_show_upload_form) {
+function display_action_links($id, $cur_dir_path, $show_tool_options, $display_upload_link, $action) {
global $gradebook;
-
+
+ $id = $my_back_id = intval($id);
+ if ($action == 'list') {
+ $my_back_id = 0;
+ }
+
$display_output = '';
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : '';
- if ($always_show_upload_form) {
- $parent_id = $id;
- }
+
+
if (!empty($cur_dir_path)) {
- $display_output .= ''.Display::return_icon('back.png', get_lang('BackToWorksList'),'','32').'';
+ $display_output .= ''.Display::return_icon('back.png', get_lang('BackToWorksList'),'','32').'';
}
- if (!$always_show_tool_options && api_is_allowed_to_edit(null, true) && $origin != 'learnpath') {
+ if ($show_tool_options && api_is_allowed_to_edit(null, true) && $origin != 'learnpath') {
// Create dir
if (empty($cur_dir_path)) {
$display_output .= '';
@@ -50,10 +54,12 @@ function display_action_links($id, $cur_dir_path, $always_show_tool_options, $al
}
}
- if (!$always_show_upload_form && api_is_allowed_to_session_edit(false, true) && (isset($cur_dir_path) && (!empty($cur_dir_path) && $cur_dir_path != '/') )) {
- $display_output .= '';
- $display_output .= Display::return_icon('upload_file.png', get_lang('UploadADocument'),'','32').'';
- }
+
+ if ($display_upload_link && api_is_allowed_to_session_edit(false, true) && (isset($cur_dir_path) && (!empty($cur_dir_path) && $cur_dir_path != '/') )) {
+ $display_output .= '';
+ $display_output .= Display::return_icon('upload_file.png', get_lang('UploadADocument'),'','32').'';
+ }
+
if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath' && api_is_allowed_to_session_edit(false, true)) {
// Delete all files
@@ -62,14 +68,6 @@ function display_action_links($id, $cur_dir_path, $always_show_tool_options, $al
} else {
$message = get_lang('ConfirmYourChoice');
}
-
- if (empty($curdirpath) or $curdirpath != '.') {
- //$display_output .= ''.Display::return_icon('delete_na.png', get_lang('Delete'),'','32').'';
- } else {
- /*$display_output .= ''.
- Display::return_icon('delete.png', get_lang('Delete'),'','32').'';*/
- }
- // make all files visible or invisible
}
if (api_is_allowed_to_edit(null, true)) {
@@ -357,6 +355,7 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
// Getting the work data
$my_folder_data = get_work_data_by_id($id);
+
$qualification_exists = false;
if (!empty($my_folder_data['qualification']) && intval($my_folder_data['qualification']) > 0) {
@@ -375,12 +374,9 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
if (intval($my_folder_data['qualification']) == 0) {
Display::display_warning_message(get_lang('MaxWeightNeedToBeProvided'));
}
- }
-
+ }
$contains_file_query = '';
-
-
//Get list from database
if ($is_allowed_to_edit) {
$active_condition = ' active IN (0, 1)';
@@ -402,7 +398,8 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$sql_get_publications_list = "SELECT * FROM $work_table $group_query $subdirs_query $add_in_where_query $active_condition $condition_session ORDER BY title";
}
- $work_parents = array();
+ $work_parents = array();
+
$sql_result = Database::query($sql_get_publications_list);
if (Database::num_rows($sql_result)) {
while ($work = Database::fetch_object($sql_result)) {
@@ -410,7 +407,7 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$work_parents[] = $work;
}
}
- }
+ }
} else {
$parent_id = isset($my_folder_data['id']) ? $my_folder_data['id'] : 0;
@@ -485,7 +482,6 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$result = Database::query($sql_select_directory);
$row = Database::fetch_array($result, 'ASSOC');
-
if (!$row) {
// the folder belongs to another session
@@ -506,17 +502,14 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$sql = Database::query('SELECT * FROM '.$work_assigment.' WHERE c_id = '.$course_id.' AND id = "'.$row['has_properties'].'" LIMIT 1');
$homework = Database::fetch_array($sql);
}
- $form_folder = new FormValidator('edit_dir', 'post', api_get_self().'?origin='.$origin.'&gradebook='.$gradebook.'&edit_dir='.$id2);
-
- $group_name[] = FormValidator :: createElement('text', 'dir_name');
- $form_folder -> addGroup($group_name, 'my_group', get_lang('Title'));
-
+ $form_folder = new FormValidator('edit_dir', 'post', api_get_self().'?origin='.$origin.'&gradebook='.$gradebook.'&edit_dir='.$id2);
+ $form_folder->addElement('text', 'dir_name', get_lang('Title'));
$form_folder->addElement('hidden', 'work_id', $id2);
- $form_folder -> addGroupRule('my_group', get_lang('ThisFieldIsRequired'), 'required');
+ $form_folder -> addRule('dir_name', get_lang('ThisFieldIsRequired'), 'required');
$my_title = !empty($row['title']) ? $row['title'] : basename($row['url']);
- $defaults = array('my_group[dir_name]' => Security::remove_XSS($my_title), 'description' => Security::remove_XSS($row['description']));
+ $defaults = array('dir_name' => Security::remove_XSS($my_title), 'description' => Security::remove_XSS($row['description']));
$form_folder->add_html_editor('description', get_lang('Description'), false, false, array('ToolbarSet' => 'work', 'Width' => '80%', 'Height' => '200'));
$there_is_a_end_date = false;
@@ -650,7 +643,7 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$values = $form_folder->exportValues();
$work_id = $values['work_id'];
- $values = $values['my_group'];
+ //$values = $values['my_group'];
$dir_name = replace_dangerous_char($values['dir_name']);
$dir_name = disable_dangerous_file($dir_name);
@@ -685,7 +678,7 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
description = '."'".Database::escape_string($_POST['description'])."'".',
qualification = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".',
weight = '."'".Database::escape_string($_POST['weight']['weight'])."'".'
- WHERE c_id = '.$course_id.' AND id = '.$row['id'];
+ WHERE c_id = '.$course_id.' AND id = '.$row['id'];
Database::query($sql);
require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/gradebook_functions.inc.php';
diff --git a/main/work/work.php b/main/work/work.php
index f0f230bff5..32ee610253 100644
--- a/main/work/work.php
+++ b/main/work/work.php
@@ -58,6 +58,7 @@ require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
$course_id = api_get_course_int_id();
$course_info = api_get_course_info();
$user_id = api_get_user_id();
+$id_session = api_get_session_id();
// Section (for the tabs)
$this_section = SECTION_COURSES;
@@ -94,7 +95,6 @@ $TSTDPUBASG = Database :: get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMEN
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_session = Database :: get_main_table(TABLE_MAIN_SESSION);
-$table_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
$table_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
/* Constants and variables */
@@ -127,39 +127,28 @@ $uploadvisibledisabled = isset($_REQUEST['uploadvisibledisabled']) ? Database::
// get data for publication assignment
$has_expired = false;
-$has_ended = false;
+$has_ended = false;
//directories management
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$course_dir = $sys_course_path . $_course['path'];
$base_work_dir = $course_dir . '/work';
-$cur_dir_path = '';
-if (isset($curdirpath) && $curdirpath != '') {
- //now using common security approach with security lib
- $in_course = Security :: check_abs_path($base_work_dir.$curdirpath, $base_work_dir);
- if (!$in_course) {
- $curdirpath = "/";
- }
-}
-if ($curdirpath == '.') {
- $curdirpath = '/';
-}
-
/* Configuration settings */
-$link_target_parameter = ""; //or e.g. "target=\"_blank\"";
+api_protect_course_script(true);
+
+$link_target_parameter = ""; // e.g. "target=\"_blank\"";
$display_list_users_without_publication = isset($_GET['list']) && Security::remove_XSS($_GET['list']) == 'without';
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'list';
+//Download folder
if ($action == 'downloadfolder') {
require 'downloadfolder.inc.php';
}
-api_protect_course_script(true);
-
/* More init stuff */
if (isset ($_POST['cancelForm']) && !empty ($_POST['cancelForm'])) {
@@ -212,16 +201,15 @@ if (!empty($group_id)) {
$url_dir = 'work.php?&id=' . $work_id;
$interbreadcrumb[] = array ('url' => $url_dir,'name' => $my_folder_data['title']);
- if ($display_upload_form) {
+ if ($action == 'upload_form') {
$interbreadcrumb[] = array ('url' => 'work.php','name' => get_lang('UploadADocument'));
}
-
+
+ //???
if ($display_tool_options) {
- $interbreadcrumb[] = array (
- 'url' => 'work.php',
- 'name' => get_lang('EditToolOptions'));
+ $interbreadcrumb[] = array ('url' => 'work.php','name' => get_lang('EditToolOptions'));
}
-
+
if ($action == 'create_dir') {
$interbreadcrumb[] = array ('url' => 'work.php','name' => get_lang('CreateAssignment'));
}
@@ -238,10 +226,9 @@ if (!empty($group_id)) {
$url_dir = 'work.php?id=' . $work_id;
$interbreadcrumb[] = array ('url' => $url_dir,'name' => $my_folder_data['title']);
- if ($display_upload_form) {
+ if ($action == 'upload_form') {
$interbreadcrumb[] = array ('url' => '#', 'name' => get_lang('UploadADocument'));
}
-
if ($action == 'settings') {
$interbreadcrumb[] = array ('url' => '#', 'name' => get_lang('EditToolOptions'));
}
@@ -278,11 +265,13 @@ if (!in_array($action, array('send_mail','add', 'upload'))) {
$token = Security::get_token();
}
-if ($is_special) {
- $homework = get_work_assignment_by_id($my_folder_data['id']);
- $has_expired = $has_ended = false;
- $has_expiry_date = false;
+$show_tool_options = $action == 'list' ? true : false;
+$display_upload_link = $action == 'upload_form' ? false : true;
+
+if ($is_special) {
+ $homework = get_work_assignment_by_id($my_folder_data['id']);
+
if ($homework['expires_on'] != '0000-00-00 00:00:00' || $homework['ends_on'] != '0000-00-00 00:00:00') {
$time_now = time();
@@ -290,10 +279,14 @@ if ($is_special) {
$time_expires = api_strtotime($homework['expires_on']);
$difference = $time_expires - $time_now;
if ($difference < 0) {
- $has_expired = true;
- $has_expiry_date = true;
+ $has_expired = true;
}
}
+
+ if (empty($homework['expires_on']) || $homework['expires_on'] == '0000-00-00 00:00:00') {
+ $has_expired = false;
+ }
+
if (!empty($homework['ends_on']) && $homework['ends_on'] != '0000-00-00 00:00:00') {
$time_ends = api_strtotime($homework['ends_on']);
$difference2 = $time_ends - $time_now;
@@ -301,35 +294,43 @@ if ($is_special) {
$has_ended = true;
}
}
- if (empty($homework['expires_on']) || $homework['expires_on'] == '0000-00-00 00:00:00') {
- $has_expiry_date = false;
- }
+
$ends_on = api_convert_and_format_date($homework['ends_on']);
$expires_on = api_convert_and_format_date($homework['expires_on']);
- if ($has_ended) {
- display_action_links($work_id, $curdirpath, $always_show_tool_options, $display_upload_form);
- Display :: display_error_message(get_lang('EndDateAlreadyPassed').' '.$ends_on);
- } elseif ($has_expired) {
- display_action_links($work_id,$curdirpath, $always_show_tool_options, $display_upload_form);
- Display :: display_warning_message(get_lang('ExpiryDateAlreadyPassed').' '.$expires_on);
- } else {
- display_action_links($work_id,$curdirpath, $always_show_tool_options, $display_upload_form);
- if ($has_expiry_date) {
- Display :: display_normal_message(get_lang('ExpiryDateToSendWorkIs').' '.$expires_on);
+ if ($has_ended) {
+ if (!api_is_allowed_to_edit()) {
+ $display_upload_link = false;
+ }
+ $message = Display::return_message(get_lang('EndDateAlreadyPassed').' '.$ends_on, 'error');
+ } elseif ($has_expired) {
+ $display_upload_link = true;
+ $message = Display::return_message(get_lang('ExpiryDateAlreadyPassed').' '.$expires_on, 'warning');
+ } else {
+ if ($has_expired) {
+ $message = Display::return_message(get_lang('ExpiryDateToSendWorkIs').' '.$expires_on);
}
- }
- } else {
- display_action_links($work_id,$curdirpath, $always_show_tool_options, $display_upload_form);
+ }
}
-} else {
- display_action_links($work_id, $curdirpath, $always_show_tool_options, $display_upload_form);
}
+display_action_links($work_id, $curdirpath, $show_tool_options, $display_upload_link, $action);
+echo $message;
+
+//for teachers
+
switch ($action) {
case 'mark_work':
+ if (!api_is_allowed_to_edit()) {
+ echo Display::return_message(get_lang('ActionNotAllowed'), 'error');
+ Display::display_footer();
+
+ }
case 'upload_form': //can be add or edit work
+ $is_author = false;
+
if (empty($item_id)) {
+
$parent_data = get_work_data_by_id($work_id);
$parent_data['qualification'] = intval($parent_data['qualification']);
@@ -345,10 +346,7 @@ switch ($action) {
exit;
}
}
- }
-
- $is_author = false;
- if ($item_id) {
+ } else {
//we found the current user is the author
$sql = "SELECT * FROM $work_table WHERE c_id = $course_id AND id = $item_id";
$result = Database::query($sql);
@@ -457,13 +455,19 @@ switch ($action) {
$form->add_real_progress_bar('uploadWork', 'file');
}
$form->setDefaults($defaults);
- //fixes bug when showing modification form
-
- if ($student_can_edit_in_session && (empty($item_id) || (!empty($item_id) && ($is_allowed_to_edit or $is_author)))) {
- $form->display();
- } else {
- Display::display_error_message(get_lang('ActionNotAllowed'));
- }
+ //fixes bug when showing modification form
+ if (!empty($work_id)) {
+ if ( $is_allowed_to_edit or $is_author) {
+ $form->display();
+ } elseif ($student_can_edit_in_session && $has_ended == false) {
+ $form->display();
+ } else {
+ Display::display_error_message(get_lang('ActionNotAllowed'));
+ }
+ } else {
+ Display::display_error_message(get_lang('ActionNotAllowed'));
+ }
+
break;
case 'send_mail':
if (Security::check_token('get')) {