chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r15716] Document tool group bug - Requires testing (see FS#2626)

Browse Source
skala
Julio Montoya 17 years ago
parent b9ad3b881f
commit 6869273fdd
4 changed files with 247 additions and 46 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/document/document.inc.php
  2. 109
      main/document/document.php
  3. 33
      main/document/edit_document.php
  4. 145
      main/inc/lib/document.lib.php

6
main/document/document.inc.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: document.inc.php 15673 2008-07-01 15:16:49Z juliomontoya $
<?php // $Id: document.inc.php 15716 2008-07-02 23:10:47Z juliomontoya $
/*
==============================================================================
Dokeos - elearning and course management software
@ -395,8 +395,8 @@ function get_titles_of_path($path)
* @return a link to the userInfo.php
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version february 2006, dokeos 1.8
*/
function display_user_link($user_id, $name)
*/
function display_user_link_document($user_id, $name)
{
if ($user_id<>0)
{

109
main/document/document.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: document.php 15673 2008-07-01 15:16:49Z juliomontoya $
<?php // $Id: document.php 15716 2008-07-02 23:10:47Z juliomontoya $
/*
==============================================================================
@ -69,8 +69,10 @@ $language_file[] = 'slideshow';
require("../inc/global.inc.php");
$this_section=SECTION_COURSES;
require('document.inc.php');
require('../inc/lib/usermanager.lib.php');
api_protect_course_script(true);
@ -187,7 +189,7 @@ include_once(api_get_path(LIBRARY_PATH) . 'document.lib.php');
include_once(api_get_path(LIBRARY_PATH) . 'tablesort.lib.php');
include_once(api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php');
//-----------------------------------------------------------
//check the path
//if the path is not found (no document id), set the path to /
@ -333,16 +335,34 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
======================================*/
if (isset($_GET['move']) && $_GET['move']!='')
{
{
if (!$is_allowed_to_edit)
{
if(DocumentManager::check_readonly($_course,$_user['user_id'],$_GET['move']))
{
api_not_allowed();
}
}
if(DocumentManager::get_document_id($_course,$_GET['move']))
{
$folders = DocumentManager::get_all_document_folders($_course,$to_group_id,$is_allowed_to_edit || $group_member_with_upload_rights);
Display::display_normal_message(build_move_to_selector($folders,$_GET['curdirpath'],$_GET['move'],$group_properties['directory']),false);
}
}
if (isset($_POST['move_to']) && isset($_POST['move_file']))
{
if (!$is_allowed_to_edit)
{
if(DocumentManager::check_readonly($_course,$_user['user_id'],$_GET['move']))
{
api_not_allowed();
}
}
include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php');
//this is needed for the update_db_info function
//$dbTable = $_course['dbNameGlu']."document";
@ -368,6 +388,8 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
{
Display::display_error_message(get_lang('Impossible'));
}
}
/*======================================
@ -375,16 +397,28 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
======================================*/
if ( isset($_GET['delete']) )
{
{
if (!$is_allowed_to_edit)
{
if(DocumentManager::check_readonly($_course,$_user['user_id'],$_GET['delete'],'',true))
{
api_not_allowed();
}
}
include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php');
if(DocumentManager::delete_document($_course,$_GET['delete'],$base_work_dir))
{
Display::display_confirmation_message(get_lang('DocDeleted'));
}
else
{
{
Display::display_error_message(get_lang('DocDeleteError'));
}
}
if( isset($_POST['action']))
@ -392,6 +426,19 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
switch($_POST['action'])
{
case 'delete':
foreach($_POST['path'] as $index => $path)
{
if (!$is_allowed_to_edit)
{
if(DocumentManager::check_readonly($_course,$_user['user_id'],$path))
{
Display::display_error_message(get_lang('CantDeleteReadonlyFiles'));
break 2;
}
}
}
foreach($_POST['path'] as $index => $path)
{
DocumentManager::delete_document($_course,$path,$base_work_dir);
@ -465,7 +512,7 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
======================================*/
if ((isset($_GET['set_invisible']) && !empty($_GET['set_invisible'])) || (isset($_GET['set_visible']) && !empty($_GET['set_visible'])) AND $_GET['set_visible']<>'*' AND $_GET['set_invisible']<>'*')
{
{
//make visible or invisible?
if(isset($_GET['set_visible']))
{
@ -476,7 +523,16 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
{
$update_id = $_GET['set_invisible'];
$visibility_command = 'invisible';
}
if (!$is_allowed_to_edit)
{
if(DocumentManager::check_readonly($_course,$_user['user_id'],'',$update_id))
{
api_not_allowed();
}
}
//update item_property to change visibility
if(api_item_property_update($_course, TOOL_DOCUMENT, $update_id, $visibility_command, $_user['user_id']))
{
@ -494,8 +550,8 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
TEMPLATE ACTION
======================================*/
if(isset($_GET['add_as_template']) && !isset($_POST['create_template'])){
if(isset($_GET['add_as_template']) && !isset($_POST['create_template']))
{
$document_id_for_template = intval($_GET['add_as_template']);
//create the form that asks for the directory name
@ -509,10 +565,8 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
$new_folder_text .= '<input type="submit" name="create_template" value="'.get_lang('Ok').'" />';
$new_folder_text .= '</form>';
//show the form
Display::display_normal_message($new_folder_text,false);
}
Display::display_normal_message($new_folder_text,false);
}
elseif(isset($_GET['add_as_template']) && isset($_POST['create_template']))
{
$document_id_for_template = intval(Database::escape_string($_GET['add_as_template']));
@ -522,30 +576,23 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY
$course_code = api_get_course_id();
$user_id = api_get_user_id();
if(!is_file(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/')){
if(!is_file(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/'))
{
mkdir(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/',0777);
}
DocumentManager::set_document_as_template($title, $description, $document_id_for_template, $course_code, $user_id);
Display::display_confirmation_message(get_lang('DocumentSetAsTemplate'));
DocumentManager::set_document_as_template($title, $description, $document_id_for_template, $course_code, $user_id);
Display::display_confirmation_message(get_lang('DocumentSetAsTemplate'));
}
if(isset($_GET['remove_as_template'])){
if(isset($_GET['remove_as_template']))
{
$document_id_for_template = intval($_GET['remove_as_template']);
$course_code = api_get_course_id();
$user_id = api_get_user_id();
DocumentManager::unset_document_as_template($document_id_for_template, $course_code, $user_id);
Display::display_confirmation_message(get_lang('DocumentUnsetAsTemplate'));
}
$user_id = api_get_user_id();
DocumentManager::unset_document_as_template($document_id_for_template, $course_code, $user_id);
Display::display_confirmation_message(get_lang('DocumentUnsetAsTemplate'));
}
} // END is allowed to edit
/*
@ -661,7 +708,7 @@ if(isset($docs_and_folders) && is_array($docs_and_folders))
{
$user_info=UserManager::get_user_info_by_id($id['insert_user_id']);
$user_name=$user_info['firstname'].' '.$user_info['lastname'];
$user_link='<div class="document_owner">'.get_lang('Owner').': '.display_user_link($id['insert_user_id'],$user_name).'</div>';
$user_link='<div class="document_owner">'.get_lang('Owner').': '.display_user_link_document($id['insert_user_id'],$user_name).'</div>';
}
}

33
main/document/edit_document.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: edit_document.php 15550 2008-06-11 17:24:32Z juliomontoya $
<?php // $Id: edit_document.php 15716 2008-07-02 23:10:47Z juliomontoya $
/*
==============================================================================
Dokeos - elearning and course management software
@ -174,8 +174,22 @@ if(!$is_allowedToEdit)
api_not_allowed(true);
}
$user_id = api_get_user_id();
event_access_tool(TOOL_DOCUMENT);
if (!is_allowed_to_edit())
{
if(DocumentManager::check_readonly($_course,$user_id,$file))
{
api_not_allowed();
}
}
/*
==============================================================================
MAIN TOOL CODE
@ -445,7 +459,7 @@ if($is_allowedToEdit)
}
}
else
{
{
$filepath.$filename.'.'.$extension;
$file_size = filesize($filepath.$filename.'.'.$extension);
$document_id = DocumentManager::get_document_id($_course,$file);
@ -455,6 +469,21 @@ if($is_allowedToEdit)
update_existing_document($_course, $document_id,$file_size,$read_only_flag);
}
if (empty($document_id)) //or if is folder
{
$folder=$_POST['file_path'];
$document_id = DocumentManager::get_document_id($_course,$folder);
if (DocumentManager::is_folder($_course, $document_id))
{
if($document_id)
{
update_existing_document($_course, $document_id,$file_size,$read_only_flag);
}
}
}
}
}
}

145
main/inc/lib/document.lib.php
Unescape View File

@ -668,8 +668,122 @@ class DocumentManager
return false;
}
}
}
}
/**
* This check if a document has the readonly property checked, then see if the user
* is the owner of this file, if all this is true then return true.
*
* @param array $_course
* @param int $user_id id of the current user
* @param string $file path stored in the database
* @param int $document_id in case you dont have the file path ,insert the id of the file here and leave $file in blank ''
* @return boolean true/false
**/
function check_readonly($_course,$user_id,$file,$document_id='',$to_delete=false)
{
if(!(!empty($document_id) && is_numeric($document_id)))
{
$document_id = DocumentManager::get_document_id($_course, $file);
}
$TABLE_PROPERTY = Database :: get_course_table(TABLE_ITEM_PROPERTY, $_course['dbName']);
$TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']);
if ($to_delete)
{
if (DocumentManager::is_folder($_course, $document_id))
{
if (!empty($file))
{
$path=$file;
$what_to_check_sql = "SELECT td.id, readonly, tp.insert_user_id FROM ".$TABLE_DOCUMENT." td , $TABLE_PROPERTY tp WHERE tp.ref= td.id and (path='".$path."' OR path LIKE BINARY '".$path."/%' ) ";
//get all id's of documents that are deleted
$what_to_check_result = api_sql_query($what_to_check_sql, __FILE__, __LINE__);
if ($what_to_check_result && Database::num_rows($what_to_check_result) != 0)
{
// file with readonly set to 1 exist?
$readonly_set=false;
while ($row = Database::fetch_array($what_to_check_result))
{
//query to delete from item_property table
//echo $row['id']; echo "<br>";
if ($row['readonly']==1)
{
if (!($row['insert_user_id'] == $user_id))
{
$readonly_set=true;
break;
}
}
}
if ($readonly_set)
{
return true;
}
}
}
return false;
}
}
if (!empty($document_id))
{
$sql= 'SELECT a.insert_user_id, b.readonly FROM '.$TABLE_PROPERTY.' a,'.$TABLE_DOCUMENT.' b WHERE a.ref = b.id and a.ref='.$document_id.' LIMIT 1';
$resultans = api_sql_query($sql, __FILE__, __LINE__);
$doc_details = Database ::fetch_array($resultans,'ASSOC');
if($doc_details['readonly']==1)
{
if ( $doc_details['insert_user_id'] == $user_id || api_is_platform_admin() )
{
return false;
}
else
{
return true;
}
}
}
return false;
}
/**
* This check if a document is a folder or not
* @param array $_course
* @param int $document_id of the item
* @return boolean true/false
**/
function is_folder($_course, $document_id)
{
$TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']);
//if (!empty($document_id))
$resultans = api_sql_query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__);
$result= Database ::fetch_array($resultans,'ASSOC');
if ($result['filetype']=='folder')
{
return true;
}
else
{
return false;
}
}
/**
* This deletes a document by changing visibility to 2, renaming it to filename_DELETED_#id
* Files/folders that are inside a deleted folder get visibility 2
@ -695,7 +809,7 @@ class DocumentManager
$what_to_delete_sql = "SELECT id FROM ".$TABLE_DOCUMENT." WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'";
//get all id's of documents that are deleted
$what_to_delete_result = api_sql_query($what_to_delete_sql, __FILE__, __LINE__);
if ($what_to_delete_result && Database::num_rows($what_to_delete_result) != 0)
{
//needed to deleted medadata
@ -737,13 +851,14 @@ class DocumentManager
else //set visibility to 2 and rename file/folder to qsdqsd_DELETED_#id
{
if (api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'delete', api_get_user_id()))
{
{
//echo('item_property_update OK');
if (is_file($base_work_dir.$path))
if (is_file($base_work_dir.$path) || is_dir($base_work_dir.$path) )
{
if(rename($base_work_dir.$path, $base_work_dir.$new_path))
{
$sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'";
{
$sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'";
if (api_sql_query($sql, __FILE__, __LINE__))
{
//if it is a folder it can contain files
@ -756,8 +871,17 @@ class DocumentManager
//echo('to delete also: id '.$deleted_items['id']);
api_item_property_update($_course, TOOL_DOCUMENT, $deleted_items['id'], 'delete', api_get_user_id());
//Change path of subfolders and documents in database
$old_item_path = $deleted_items['path'];
$old_item_path = $deleted_items['path'];
$new_item_path = $new_path.substr($old_item_path, strlen($path));
/*/
* trying to fix this bug FS#2681
echo $base_work_dir.$old_item_path;
echo "<br>";
echo $base_work_dir.$new_item_path;
echo "<br>";echo "<br>";
rename($base_work_dir.$old_item_path, $base_work_dir.$new_item_path);
*/
$sql = "UPDATE $TABLE_DOCUMENT set path = '".$new_item_path."' WHERE id = ".$deleted_items['id'];
api_sql_query($sql, __FILE__, __LINE__);
}
@ -767,12 +891,12 @@ class DocumentManager
}
else
{
//Couldn't rename - file permissions problem?
//Couldn't rename - file permissions problem?
error_log(__FILE__.' '.__LINE__.': Error renaming '.$base_work_dir.$path.' to '.$base_work_dir.$new_path.'. This is probably due to file permissions',0);
}
}
else
{
{ //echo $base_work_dir.$path;
//The file or directory isn't there anymore (on the filesystem)
// This means it has been removed externally. To prevent a
// blocking error from happening, we drop the related items from the
@ -780,7 +904,8 @@ class DocumentManager
error_log(__FILE__.' '.__LINE__.': System inconsistency detected. The file or directory '.$base_work_dir.$path.' seems to have been removed from the filesystem independently from the web platform. To restore consistency, the elements using the same path will be removed from the database',0);
$sql = "SELECT id FROM $TABLE_DOCUMENT WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'";
$res = Database::query($sql,__FILE__,__LINE__);
while ( $row = Database::fetch_array($res) ) {
while ( $row = Database::fetch_array($res) )
{
$sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'";
$resipd = Database::query($sqlipd,__FILE__,__LINE__);
$sqldd = "DELETE FROM $TABLE_DOCUMENT WHERE id = ".$row['id'];

Write Preview
Loading…
Cancel
Save