chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allowing group tutors to edit/delete forum posts see BT#3088

Browse Source
skala
Julio Montoya 14 years ago
parent 61971fabfe
commit 81cb17a19a
4 changed files with 38 additions and 32 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 51
      main/forum/forumfunction.inc.php
  2. 12
      main/forum/viewforum.php
  3. 2
      main/forum/viewforumcategory.php
  4. 5
      main/forum/viewthread.php

51
main/forum/forumfunction.inc.php
Unescape View File

@ -723,22 +723,25 @@ function delete_post($post_id) {
$post_id = intval($post_id);
$course_id = api_get_course_int_id();
// Get parent_post_id of deleted post.
// Get parent_post_id of deleted post.
$tab_post_info = get_post_information($post_id);
$post_parent_id_of_deleted_post = $tab_post_info['post_parent_id'];
$thread_id_of_deleted_post = $tab_post_info['thread_id'];
$forum_if_of_deleted_post = $tab_post_info['forum_id'];
$sql = "UPDATE $table_posts SET post_parent_id=$post_parent_id_of_deleted_post
WHERE c_id = $course_id AND post_parent_id=$post_id AND thread_id=$thread_id_of_deleted_post AND forum_id=$forum_if_of_deleted_post;";
Database::query($sql);
$sql = "DELETE FROM $table_posts WHERE c_id = $course_id AND post_id='".Database::escape_string($post_id)."'"; // Note: This has to be a recursive function that deletes all of the posts in this block.
Database::query($sql);
// Delete attachment file about this post id.
delete_attachment($post_id);
if ($tab_post_info) {
$post_parent_id_of_deleted_post = $tab_post_info['post_parent_id'];
$thread_id_of_deleted_post = $tab_post_info['thread_id'];
$forum_if_of_deleted_post = $tab_post_info['forum_id'];
$sql = "UPDATE $table_posts SET post_parent_id=$post_parent_id_of_deleted_post
WHERE c_id = $course_id AND post_parent_id=$post_id AND thread_id=$thread_id_of_deleted_post AND forum_id=$forum_if_of_deleted_post;";
Database::query($sql);
$sql = "DELETE FROM $table_posts WHERE c_id = $course_id AND post_id='".Database::escape_string($post_id)."'"; // Note: This has to be a recursive function that deletes all of the posts in this block.
Database::query($sql);
// Delete attachment file about this post id.
delete_attachment($post_id);
}
$last_post_of_thread = check_if_last_post_of_thread(intval($_GET['thread']));
$last_post_of_thread = check_if_last_post_of_thread($_GET['thread']);
if (is_array($last_post_of_thread)) {
// Decreasing the number of replies for this thread and also changing the last post information.
@ -755,6 +758,8 @@ function delete_post($post_id) {
Database::query($sql);
return 'PostDeletedSpecial';
}
}
/**
@ -4251,15 +4256,17 @@ function get_thread_user_post_limit($course_code, $thread_id, $user_id, $limit =
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
*/
function calculate_children($rows) {
foreach ($rows as $row) {
$rows_with_children[$row['post_id']] = $row;
$rows_with_children[$row['post_parent_id']]['children'][] = $row['post_id'];
}
$rows = $rows_with_children;
$sorted_rows = array(0 => array());
_phorum_recursive_sort($rows, $sorted_rows);
unset($sorted_rows[0]);
if (!empty($rows)) {
foreach ($rows as $row) {
$rows_with_children[$row['post_id']] = $row;
$rows_with_children[$row['post_parent_id']]['children'][] = $row['post_id'];
}
$rows = $rows_with_children;
_phorum_recursive_sort($rows, $sorted_rows);
unset($sorted_rows[0]);
}
return $sorted_rows;
}

12
main/forum/viewforum.php
Unescape View File

@ -35,7 +35,6 @@ api_protect_course_script(true);
$this_section = SECTION_COURSES;
// Including additional library scripts.
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$nameTools = get_lang('ToolForum');
@ -63,12 +62,13 @@ $userinf = api_get_user_info($userid);
// Note pcool: I tried to use only one sql statement (and function) for this,
// but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table.
$my_forum_group = isset($_GET['gidReq']) ? $_GET['gidReq'] : '';
//$my_forum_group = isset($_GET['gidReq']) ? $_GET['gidReq'] : '';
$group_id = api_get_group_id();
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$val = GroupManager::user_has_access($userid, $my_forum_group, GROUP_TOOL_FORUM);
$val = GroupManager::user_has_access($userid, $group_id, GROUP_TOOL_FORUM);
if (!empty($my_forum_group)) {
if (api_is_allowed_to_edit(false, true) || $val) {
if (!empty($group_id)) {
if (api_is_allowed_to_edit(false, true) || $val || GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {
$current_forum = get_forum_information($my_forum); // Note: This has to be validated that it is an existing forum.
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
}
@ -77,7 +77,6 @@ if (!empty($my_forum_group)) {
if ($result['forum_of_group'] == 0) {
$current_forum = get_forum_information($my_forum); // Note: This has to be validated that it is an existing forum.
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
}
}
@ -243,6 +242,7 @@ if ($my_action == 'liststd' AND isset($_GET['content']) AND isset($_GET['id']) A
// If the user is not a course administrator and the forum is hidden
// then the user is not allowed here.
if (!api_is_allowed_to_edit(false, true) AND ($current_forum_category['visibility'] == 0 OR $current_forum['visibility'] == 0)) {
api_not_allowed();
}

2
main/forum/viewforumcategory.php
Unescape View File

@ -300,7 +300,7 @@ if ($action_forums != 'add') {
} else {
$session_displayed = '';
}
echo '<td><a href="viewforum.php?'.api_get_cidreq().'&amp;forum='.$forum['forum_id'].'&amp;origin='.$origin.'&amp;search='.Security::remove_XSS(urlencode(isset($_GET['search']) ? $_GET['search'] : '')).'" '.class_visible_invisible($forum['visibility']).'>'.prepare4display($forum['forum_title']).$session_displayed.'</a>'.$forum_title_group_addition.'<br />'.prepare4display($forum['forum_comment']).'</td>';
echo '<td><a href="viewforum.php?'.api_get_cidreq().'&amp;gidReq='.$forum['forum_of_group'].'&amp;forum='.$forum['forum_id'].'&amp;origin='.$origin.'&amp;search='.Security::remove_XSS(urlencode(isset($_GET['search']) ? $_GET['search'] : '')).'" '.class_visible_invisible($forum['visibility']).'>'.prepare4display($forum['forum_title']).$session_displayed.'</a>'.$forum_title_group_addition.'<br />'.prepare4display($forum['forum_comment']).'</td>';
//$number_forum_topics_and_posts=get_post_topics_of_forum($forum['forum_id']); // deprecated
// the number of topics and posts

5
main/forum/viewthread.php
Unescape View File

@ -103,12 +103,11 @@ if (!api_is_allowed_to_edit(false, true) AND ($current_forum['visibility'] == 0
$group_id = api_get_group_id();
$my_action = isset($_GET['action']) ? $_GET['action'] : '';
if ($my_action == 'delete' AND isset($_GET['content']) AND isset($_GET['id']) AND (api_is_allowed_to_edit(false, true) OR GroupManager::is_tutor_of_group(api_get_user_id(), $group_id))) {
$message = delete_post($_GET['id']); // Note: This has to be cleaned first.
$message = delete_post($_GET['id']); // Note: This has to be cleaned first.
}
if (($my_action == 'invisible' OR $my_action == 'visible') AND isset($_GET['id']) AND api_is_allowed_to_edit(false, true) OR GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {
if (($my_action == 'invisible' OR $my_action == 'visible') AND isset($_GET['id']) AND (api_is_allowed_to_edit(false, true) OR GroupManager::is_tutor_of_group(api_get_user_id(), $group_id))) {
$message = approve_post($_GET['id'], $_GET['action']); // Note: This has to be cleaned first.
}
if ($my_action == 'move' AND isset($_GET['post'])) {

Write Preview
Loading…
Cancel
Save