chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing document preview when using sessions BT#2773

Browse Source
skala
Julio Montoya 15 years ago
parent 27b9a8ad7a
commit 9b34553c11
7 changed files with 75 additions and 35 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/document/document.php
  2. 2
      main/document/showinframes.php
  3. 2
      main/document/showinframesmin.php
  4. 2
      main/inc/ajax/document.ajax.php
  5. 4
      main/inc/lib/course.lib.php
  6. 88
      main/inc/lib/document.lib.php
  7. 2
      user_portal.php

10
main/document/document.php
Unescape View File

@ -68,7 +68,7 @@ if (isset($_REQUEST['id'])) {
//Redirect to the file path
if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') {
$visibility = DocumentManager::is_visible_by_id($_REQUEST['id'], $course_info, api_get_session_id(), 'file');
$visibility = DocumentManager::is_visible_by_id($_REQUEST['id'], $course_info, api_get_session_id(), api_get_user_id());
if ($visibility && api_is_allowed_to_session_edit()) {
$url = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/document'.$document_data['path'].'?'.api_get_cidreq();
header("Location: $url");
@ -294,7 +294,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'download') {
// Launch event
event_download($document_data['url']);
// Check visibility of document and paths
if (!($is_allowed_to_edit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($my_get_id, $_course, api_get_session_id(), 'file' )) {
if (!($is_allowed_to_edit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($my_get_id, $_course, api_get_session_id(), api_get_user_id())) {
api_not_allowed(true);
}
$full_file_name = $base_work_dir.$document_data['path'];
@ -506,7 +506,7 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold
$my_get_move = intval($_REQUEST['move']);
if (api_is_coach()) {
if (!DocumentManager::is_visible_by_id($my_get_move, $course_info, api_get_session_id())) {
if (!DocumentManager::is_visible_by_id($my_get_move, $course_info, api_get_session_id(), api_get_user_id())) {
api_not_allowed();
}
}
@ -552,7 +552,7 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold
}
if (api_is_coach()) {
if (!DocumentManager::is_visible_by_id($_POST['move_file'], $_course, api_get_session_id())) {
if (!DocumentManager::is_visible_by_id($_POST['move_file'], $_course, api_get_session_id(), api_get_user_id())) {
api_not_allowed();
}
}
@ -727,7 +727,7 @@ if ($is_allowed_to_edit) {
if (!$is_allowed_to_edit) {
if (api_is_coach()) {
if (!DocumentManager::is_visible_by_id($update_id, $_course, api_get_session_id())) {
if (!DocumentManager::is_visible_by_id($update_id, $_course, api_get_session_id(), api_get_user_id())) {
api_not_allowed();
}
}

2
main/document/showinframes.php
Unescape View File

@ -83,7 +83,7 @@ if ($is_allowed_in_course == false) {
}
//Check user visibility
$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id());
$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id());
if (!api_is_allowed_to_edit() && !$is_visible) {
api_not_allowed(true);
}

2
main/document/showinframesmin.php
Unescape View File

@ -69,7 +69,7 @@ if ($is_allowed_in_course == false) {
}
//Check user visibility
$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id());
$is_visible = DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id());
if (!api_is_allowed_to_edit() && !$is_visible) {
api_not_allowed(true);
}

2
main/inc/ajax/document.ajax.php
Unescape View File

@ -45,7 +45,7 @@ switch($action) {
case 'document_preview':
$course_info = api_get_course_info_by_id($_REQUEST['course_id']);
if (!empty($course_info) && is_array($course_info)) {
echo DocumentManager::get_document_preview($course_info, false, '_blank', $_REQUEST['sessid']);
echo DocumentManager::get_document_preview($course_info, false, '_blank', $_REQUEST['session_id']);
}
break;
}

4
main/inc/lib/course.lib.php
Unescape View File

@ -2525,7 +2525,7 @@ class CourseManager {
* @param bool Whether to show the document quick-loader or not
* @return void
*/
function display_special_courses ($user_id, $load_dirs = false) {
function display_special_courses($user_id, $load_dirs = false) {
$user_id = intval($user_id);
$user_info = api_get_user_info($user_id);
@ -3003,7 +3003,7 @@ class CourseManager {
if ($load_dirs) {
$result .= '<div style="float:right;">';
$result .= '<a id="document_preview_'.$info['real_id'].'_'.$my_course['id_session'].'" class="document_preview" href="#">'.Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'),22).'</a>';
$result .= Display::div('', array('id' => 'document_result_'.$info['real_id'].'_'.$my_course['id_session'], 'class'=>'document_preview_container not_active'));
$result .= Display::div('', array('id' => 'document_result_'.$info['real_id'].'_'.$my_course['id_session'], 'class'=>'document_preview_container'));
$result .= '</div>';
}

88
main/inc/lib/document.lib.php
Unescape View File

@ -14,6 +14,7 @@
*/
require_once api_get_path(LIBRARY_PATH).'course.lib.php';
require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
require_once api_get_path(LIBRARY_PATH).'sessionmanager.lib.php';
/* CONSTANTS */
@ -1122,20 +1123,62 @@ return 'application/octet-stream';
}
/**
* return true if the documentpath have visibility=1 as item_property
* Return true if user can see a file
*
* @param int document id
* @param array course info
* @param array $course the _course array info of the document's course
* @param array $course the _course array info of the document's course
* @return bool
*/
public static function is_visible_by_id($id, $course, $session_id = 0, $file_type = 'file') {
$docTable = Database::get_course_table(TABLE_DOCUMENT, $course['dbName']);
$propTable = Database::get_course_table(TABLE_ITEM_PROPERTY, $course['dbName']);
$id = intval($id);
$session_id = intval($session_id);
//$condition = "AND id_session = $session_id";
public static function is_visible_by_id($doc_id, $course_info, $session_id, $user_id) {
$is_visible = false;
$user_in_course = false;
//Checking the course array
if (empty($course_info)) {
$course_info = api_get_course_info();
if (empty($course_info)) {
return false;
}
}
$doc_id = intval($doc_id);
$session_id = intval($session_id);
// Course and session visibility is handle in local.inc.php
//Checking if user exist in course/session
if ($session_id == 0 ) {
if (CourseManager::is_user_subscribed_in_course($user_id, $course_info['code'])) {
$user_in_course = true;
}
} else {
$user_status = SessionManager::get_user_status_in_session($user_id, $course_info['code'], $session_id);
if (in_array($user_status, array('0', '6'))) {
//student or coach
$user_in_course = true;
}
}
if ($user_in_course) {
$item_info = api_get_item_property_info($course['real_id'], 'document', $doc_id, $session_id);
if (isset($item_info['visibility'])) {
if (api_is_platform_admin()) {
return true;
}
if ($item_info['visibility'] == 1) {
return true;
}
}
}
return false;
/*
$docTable = Database::get_course_table(TABLE_DOCUMENT, $course['dbName']);
$propTable = Database::get_course_table(TABLE_ITEM_PROPERTY, $course['dbName']);
$condition = "AND id_session IN ('$session_id', '0') ";
if (!in_array($file_type, array('file','folder'))) {
$file_type = 'file';
}
@ -1150,9 +1193,11 @@ return 'application/octet-stream';
$is_visible = $_SESSION['is_allowed_in_course'] || api_is_platform_admin();
}
}
//improved protection of documents viewable directly through the url: incorporates the same protections of the course at the url of documents: access allowed for the whole world Open, access allowed for users registered on the platform Private access, document accessible only to course members (see the Users list), Completely closed; the document is only accessible to the course admin and teaching assistants.
//return $_SESSION ['is_allowed_in_course'] || api_is_platform_admin();
return $is_visible;
*/
}
@ -2496,20 +2541,16 @@ return 'application/octet-stream';
}
}
//condition for the session
$current_session_id = 0;
if (!empty($session_id)) {
$current_session_id = intval($session_id);
}
//condition for the session
$session_id = intval($session_id);
if (!$user_in_course) {
if (empty($current_session_id)) {
if (empty($session_id)) {
if (CourseManager::is_user_subscribed_in_course($user_id, $course_info['code'])) {
$user_in_course = true;
}
} else {
require_once api_get_path(LIBRARY_PATH).'sessionmanager.lib.php';
$user_status = SessionManager::get_user_status_in_session($user_id, $course_info['code'], $current_session_id);
} else {
$user_status = SessionManager::get_user_status_in_session($user_id, $course_info['code'], $session_id);
if (in_array($user_status, array('0', '6'))) { //user and coach
$user_in_course = true;
}
@ -2525,8 +2566,8 @@ return 'application/octet-stream';
$added_slash = ($path == '/') ? '' : '/';
//$condition_session = " AND (id_session = '$current_session_id' OR (id_session = '0' AND insert_date <= (SELECT creation_date FROM $tbl_course WHERE code = '".$course_info['code']."' )))";
$condition_session = " AND (id_session = '$current_session_id' OR id_session = '0' )";
//$condition_session = " AND (id_session = '$session_id' OR (id_session = '0' AND insert_date <= (SELECT creation_date FROM $tbl_course WHERE code = '".$course_info['code']."' )))";
$condition_session = " AND (id_session = '$session_id' OR id_session = '0' )";
$sql_doc = "SELECT last.visibility, docs.* ".
" FROM $tbl_item_prop AS last, $tbl_doc AS docs ".
@ -2547,15 +2588,14 @@ return 'application/octet-stream';
$return .= Display::return_icon('new_doc.gif', '', array(), 22);
$return .= Display::url(get_lang('NewDocument'), api_get_self().'?'.api_get_cidreq().'&action=add_item&type='.TOOL_DOCUMENT.'&lp_id='.$_SESSION['oLP']->lp_id);
$return .= '</div>';
} else {
$txt_sessid = (empty($session_id)?'0':(string)$session_id);
$return .= Display::div(Display::url(Display::return_icon('delete.png', get_lang('Close'), array(), 22), '#', array('id'=>'close_div_'.$course_info['real_id'].'_'.$txt_sessid,'class' =>'close_div')), array('style' => 'position:absolute;right:10px'));
} else {
$return .= Display::div(Display::url(Display::return_icon('delete.png', get_lang('Close'), array(), 22), '#', array('id'=>'close_div_'.$course_info['real_id'].'_'.$session_id,'class' =>'close_div')), array('style' => 'position:absolute;right:10px'));
}
// If you want to debug it, I advise you to do "echo" on the eval statements.
if (!empty($resources) && $user_in_course) {
foreach ($resources as $resource) {
$item_info = api_get_item_property_info($course_info['real_id'], 'document', $resource['id'], $current_session_id);
$item_info = api_get_item_property_info($course_info['real_id'], 'document', $resource['id'], $session_id);
if (empty($item_info)) {
continue;

2
user_portal.php
Unescape View File

@ -91,7 +91,7 @@ define('CONFVAL_dateFormatForInfosFromCourses', get_lang('dateFormatLong'));
define("CONFVAL_limitPreviewTo", SCRIPTVAL_NewEntriesOfTheDayOfLastLogin);
//$load_dirs = api_get_setting('courses_list_document_dynamic_dropdown');
$load_dirs = false;
$load_dirs = true;
// This is the main function to get the course list.

Write Preview
Loading…
Cancel
Save