From 6869273fddcfc779f30cd2f688e7304750c5dc93 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 3 Jul 2008 01:10:47 +0200 Subject: [PATCH] [svn r15716] Document tool group bug - Requires testing (see FS#2626) --- main/document/document.inc.php | 6 +- main/document/document.php | 109 +++++++++++++++++------- main/document/edit_document.php | 33 +++++++- main/inc/lib/document.lib.php | 145 +++++++++++++++++++++++++++++--- 4 files changed, 247 insertions(+), 46 deletions(-) diff --git a/main/document/document.inc.php b/main/document/document.inc.php index aa6bab9df8..1320ffaf2a 100644 --- a/main/document/document.inc.php +++ b/main/document/document.inc.php @@ -1,4 +1,4 @@ -, Ghent University * @version february 2006, dokeos 1.8 -*/ -function display_user_link($user_id, $name) +*/ +function display_user_link_document($user_id, $name) { if ($user_id<>0) { diff --git a/main/document/document.php b/main/document/document.php index 416fa51278..ff6f80ba61 100644 --- a/main/document/document.php +++ b/main/document/document.php @@ -1,4 +1,4 @@ - $path) + { + if (!$is_allowed_to_edit) + { + if(DocumentManager::check_readonly($_course,$_user['user_id'],$path)) + { + Display::display_error_message(get_lang('CantDeleteReadonlyFiles')); + break 2; + } + } + } + foreach($_POST['path'] as $index => $path) { DocumentManager::delete_document($_course,$path,$base_work_dir); @@ -465,7 +512,7 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY ======================================*/ if ((isset($_GET['set_invisible']) && !empty($_GET['set_invisible'])) || (isset($_GET['set_visible']) && !empty($_GET['set_visible'])) AND $_GET['set_visible']<>'*' AND $_GET['set_invisible']<>'*') - { + { //make visible or invisible? if(isset($_GET['set_visible'])) { @@ -476,7 +523,16 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY { $update_id = $_GET['set_invisible']; $visibility_command = 'invisible'; + } + + if (!$is_allowed_to_edit) + { + if(DocumentManager::check_readonly($_course,$_user['user_id'],'',$update_id)) + { + api_not_allowed(); + } } + //update item_property to change visibility if(api_item_property_update($_course, TOOL_DOCUMENT, $update_id, $visibility_command, $_user['user_id'])) { @@ -494,8 +550,8 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY TEMPLATE ACTION ======================================*/ - if(isset($_GET['add_as_template']) && !isset($_POST['create_template'])){ - + if(isset($_GET['add_as_template']) && !isset($_POST['create_template'])) + { $document_id_for_template = intval($_GET['add_as_template']); //create the form that asks for the directory name @@ -509,10 +565,8 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY $new_folder_text .= ''; $new_folder_text .= ''; //show the form - Display::display_normal_message($new_folder_text,false); - - } - + Display::display_normal_message($new_folder_text,false); + } elseif(isset($_GET['add_as_template']) && isset($_POST['create_template'])) { $document_id_for_template = intval(Database::escape_string($_GET['add_as_template'])); @@ -522,30 +576,23 @@ if($is_allowed_to_edit || $group_member_with_upload_rights) // TEACHER ONLY $course_code = api_get_course_id(); $user_id = api_get_user_id(); - if(!is_file(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/')){ + if(!is_file(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/')) + { mkdir(api_get_path(SYS_CODE_PATH).'upload/template_thumbnails/',0777); } - DocumentManager::set_document_as_template($title, $description, $document_id_for_template, $course_code, $user_id); - - Display::display_confirmation_message(get_lang('DocumentSetAsTemplate')); - + DocumentManager::set_document_as_template($title, $description, $document_id_for_template, $course_code, $user_id); + Display::display_confirmation_message(get_lang('DocumentSetAsTemplate')); } - - - if(isset($_GET['remove_as_template'])){ + if(isset($_GET['remove_as_template'])) + { $document_id_for_template = intval($_GET['remove_as_template']); $course_code = api_get_course_id(); - $user_id = api_get_user_id(); - - DocumentManager::unset_document_as_template($document_id_for_template, $course_code, $user_id); - - Display::display_confirmation_message(get_lang('DocumentUnsetAsTemplate')); - - } - - + $user_id = api_get_user_id(); + DocumentManager::unset_document_as_template($document_id_for_template, $course_code, $user_id); + Display::display_confirmation_message(get_lang('DocumentUnsetAsTemplate')); + } } // END is allowed to edit /* @@ -661,7 +708,7 @@ if(isset($docs_and_folders) && is_array($docs_and_folders)) { $user_info=UserManager::get_user_info_by_id($id['insert_user_id']); $user_name=$user_info['firstname'].' '.$user_info['lastname']; - $user_link='
'.get_lang('Owner').': '.display_user_link($id['insert_user_id'],$user_name).'
'; + $user_link='
'.get_lang('Owner').': '.display_user_link_document($id['insert_user_id'],$user_name).'
'; } } diff --git a/main/document/edit_document.php b/main/document/edit_document.php index 42f3a7bd2f..e2a56c40a5 100644 --- a/main/document/edit_document.php +++ b/main/document/edit_document.php @@ -1,4 +1,4 @@ -"; + if ($row['readonly']==1) + { + if (!($row['insert_user_id'] == $user_id)) + { + $readonly_set=true; + break; + } + + } + } + + if ($readonly_set) + { + return true; + } + } + } + return false; + } + } + + + + if (!empty($document_id)) + { + $sql= 'SELECT a.insert_user_id, b.readonly FROM '.$TABLE_PROPERTY.' a,'.$TABLE_DOCUMENT.' b WHERE a.ref = b.id and a.ref='.$document_id.' LIMIT 1'; + $resultans = api_sql_query($sql, __FILE__, __LINE__); + $doc_details = Database ::fetch_array($resultans,'ASSOC'); + + if($doc_details['readonly']==1) + { + if ( $doc_details['insert_user_id'] == $user_id || api_is_platform_admin() ) + { + return false; + } + else + { + return true; + } + } + + + + + + + } + return false; + } + + /** + * This check if a document is a folder or not + * @param array $_course + * @param int $document_id of the item + * @return boolean true/false + **/ + function is_folder($_course, $document_id) + { + $TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']); + //if (!empty($document_id)) + + $resultans = api_sql_query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__); + $result= Database ::fetch_array($resultans,'ASSOC'); + if ($result['filetype']=='folder') + { + return true; + } + else + { + return false; + } + + + } + /** * This deletes a document by changing visibility to 2, renaming it to filename_DELETED_#id * Files/folders that are inside a deleted folder get visibility 2 @@ -695,7 +809,7 @@ class DocumentManager $what_to_delete_sql = "SELECT id FROM ".$TABLE_DOCUMENT." WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'"; //get all id's of documents that are deleted $what_to_delete_result = api_sql_query($what_to_delete_sql, __FILE__, __LINE__); - + if ($what_to_delete_result && Database::num_rows($what_to_delete_result) != 0) { //needed to deleted medadata @@ -737,13 +851,14 @@ class DocumentManager else //set visibility to 2 and rename file/folder to qsdqsd_DELETED_#id { if (api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'delete', api_get_user_id())) - { + { //echo('item_property_update OK'); - if (is_file($base_work_dir.$path)) + if (is_file($base_work_dir.$path) || is_dir($base_work_dir.$path) ) { if(rename($base_work_dir.$path, $base_work_dir.$new_path)) - { - $sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'"; + { + $sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'"; + if (api_sql_query($sql, __FILE__, __LINE__)) { //if it is a folder it can contain files @@ -756,8 +871,17 @@ class DocumentManager //echo('to delete also: id '.$deleted_items['id']); api_item_property_update($_course, TOOL_DOCUMENT, $deleted_items['id'], 'delete', api_get_user_id()); //Change path of subfolders and documents in database - $old_item_path = $deleted_items['path']; + $old_item_path = $deleted_items['path']; $new_item_path = $new_path.substr($old_item_path, strlen($path)); + /*/ + * trying to fix this bug FS#2681 + echo $base_work_dir.$old_item_path; + echo "
"; + echo $base_work_dir.$new_item_path; + echo "
";echo "
"; + rename($base_work_dir.$old_item_path, $base_work_dir.$new_item_path); + */ + $sql = "UPDATE $TABLE_DOCUMENT set path = '".$new_item_path."' WHERE id = ".$deleted_items['id']; api_sql_query($sql, __FILE__, __LINE__); } @@ -767,12 +891,12 @@ class DocumentManager } else { - //Couldn't rename - file permissions problem? + //Couldn't rename - file permissions problem? error_log(__FILE__.' '.__LINE__.': Error renaming '.$base_work_dir.$path.' to '.$base_work_dir.$new_path.'. This is probably due to file permissions',0); } } else - { + { //echo $base_work_dir.$path; //The file or directory isn't there anymore (on the filesystem) // This means it has been removed externally. To prevent a // blocking error from happening, we drop the related items from the @@ -780,7 +904,8 @@ class DocumentManager error_log(__FILE__.' '.__LINE__.': System inconsistency detected. The file or directory '.$base_work_dir.$path.' seems to have been removed from the filesystem independently from the web platform. To restore consistency, the elements using the same path will be removed from the database',0); $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'"; $res = Database::query($sql,__FILE__,__LINE__); - while ( $row = Database::fetch_array($res) ) { + while ( $row = Database::fetch_array($res) ) + { $sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'"; $resipd = Database::query($sqlipd,__FILE__,__LINE__); $sqldd = "DELETE FROM $TABLE_DOCUMENT WHERE id = ".$row['id'];