chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

User can edit work if the "delete own document" is on and the work has not been reviewed see BT#6616

Browse Source
1.9.x
Julio Montoya 12 years ago
parent 25116e1129
commit a425a23c6b
2 changed files with 32 additions and 24 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 36
      main/work/edit.php
  2. 20
      main/work/work.lib.php

36
main/work/edit.php
Unescape View File

@ -66,16 +66,18 @@ if (!$is_author) {
api_not_allowed(true);
}
// Student's can't edit work
// Student's can't edit work only if he can delete his docs.
if (!api_is_allowed_to_edit()) {
api_not_allowed(true);
if (api_get_course_setting('student_delete_own_publication') != 1) {
api_not_allowed(true);
}
}
if (!empty($my_folder_data)) {
$homework = get_work_assignment_by_id($my_folder_data['id']);
if ($homework['expires_on'] != '0000-00-00 00:00:00' || $homework['ends_on'] != '0000-00-00 00:00:00') {
$time_now = time();
$time_now = time();
if (!empty($homework['expires_on']) && $homework['expires_on'] != '0000-00-00 00:00:00') {
$time_expires = api_strtotime($homework['expires_on'], 'UTC');
@ -110,13 +112,19 @@ $form_title = get_lang('Edit');
$interbreadcrumb[] = array('url' => '#', 'name' => $form_title);
$form = new FormValidator('form', 'POST', api_get_self()."?".api_get_cidreq()."&id=".$work_id."&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin", '', array('enctype' => "multipart/form-data"));
$form = new FormValidator(
'form',
'POST',
api_get_self()."?".api_get_cidreq()."&id=".$work_id."&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin",
'',
array('enctype' => "multipart/form-data")
);
$form->addElement('header', $form_title);
$show_progress_bar = false;
if ($submitGroupWorkUrl) {
// For user comming from group space to publish his work
// For user coming from group space to publish his work
$realUrl = str_replace($_configuration['root_sys'], api_get_path(WEB_PATH), str_replace("\\", '/', realpath($submitGroupWorkUrl)));
$form->addElement('hidden', 'newWorkUrl', $submitGroupWorkUrl);
$text_document = $form->addElement('text', 'document', get_lang('Document'));
@ -142,7 +150,7 @@ if ($is_allowed_to_edit && !empty($item_id)) {
$row = Database::fetch_array($result);
$qualification_over = $row['qualification'];
if (!empty($qualification_over) && intval($qualification_over) > 0) {
$form->addElement('text', 'qualification', array(get_lang('Qualification'), null, " / ".$qualification_over), 'size="10"');
$form->addElement('text', 'qualification', array(get_lang('Qualification'), null, " / ".$qualification_over), 'size="10"');
$form->addElement('hidden', 'qualification_over', $qualification_over);
}
}
@ -179,27 +187,28 @@ if ($form->validate()) {
$work_data = get_work_data_by_id($item_to_edit_id);
if (!empty($_POST['title'])) {
$title = isset($_POST['title']) ? $_POST['title'] : $work_data['title'];
$title = isset($_POST['title']) ? $_POST['title'] : $work_data['title'];
}
$description = isset($_POST['description']) ? $_POST['description'] : $work_data['description'];
if ($is_allowed_to_edit && ($_POST['qualification'] !='' )) {
$add_to_update = ', qualificator_id ='."'".api_get_user_id()."',";
$add_to_update = ', qualificator_id ='."'".api_get_user_id()."', ";
$add_to_update .= ' qualification = '."'".Database::escape_string($_POST['qualification'])."',";
$add_to_update .= ' date_of_qualification ='."'".api_get_utc_datetime()."'";
$add_to_update .= ' date_of_qualification = '."'".api_get_utc_datetime()."'";
}
if ((int)$_POST['qualification'] > (int)$_POST['qualification_over']) {
if ($_POST['qualification'] > $_POST['qualification_over']) {
Display::display_error_message(get_lang('QualificationMustNotBeMoreThanQualificationOver'));
} else {
$sql = "UPDATE " . $work_table . "
SET title = '" . Database::escape_string($title) . "',
description = '" . Database::escape_string($description) . "'
SET title = '".Database::escape_string($title)."',
description = '".Database::escape_string($description)."'
".$add_to_update."
WHERE c_id = $course_id AND id = $item_to_edit_id";
Database::query($sql);
}
api_item_property_update($_course, 'work', $item_to_edit_id, 'DocumentUpdated', $user_id);
$succeed = true;
$error_message .= Display::return_message(get_lang('ItemUpdated'), false);
} else {
@ -210,14 +219,13 @@ if ($form->validate()) {
}
Security::clear_token();
} else {
//Bad token or can't add works
// Bad token or can't add works
$error_message = Display::return_message(get_lang('IsNotPosibleSaveTheDocument'), 'error');
}
$script = 'work_list.php';
if ($is_allowed_to_edit) {
$script = 'work_list_all.php';
}
header('Location: '.api_get_path(WEB_CODE_PATH).'work/'.$script.'?'.api_get_cidreq().'&id='.$work_id.'&error_message='.$error_message);
exit;
}

20
main/work/work.lib.php
Unescape View File

@ -1716,7 +1716,7 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
}
$sql = "SELECT $select
FROM $work_condition $user_condition $course_conditions
FROM $work_condition $user_condition
WHERE $extra_conditions $where_condition $condition_session ";
$sql .= " ORDER BY $column $direction ";
@ -1816,11 +1816,9 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
$url = api_get_path(WEB_CODE_PATH).'work/';
$action = '';
if ($is_allowed_to_edit) {
$action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.
Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a> ';
if ($locked) {
if ($qualification_exists) {
$action .= Display::return_icon('rate_work_na.png', get_lang('CorrectAndRate'),array(), ICON_SIZE_SMALL);
@ -1837,7 +1835,6 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
}
}
if ($work['contains_file']) {
if ($locked) {
$action .= Display::return_icon('move_na.png', get_lang('Move'),array(), ICON_SIZE_SMALL);
@ -1857,16 +1854,19 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
$action .= '<a href="'.$url.'work.php?'.api_get_cidreq().'&action=delete&amp;item_id='.$item_id.'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'" >'.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>';
}
} elseif ($is_author && (empty($work['qualificator_id']) || $work['qualificator_id'] == 0)) {
if (api_is_allowed_to_session_edit(false, true)) {
$action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.
Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a>';
} else {
$action .= Display::return_icon('edit_na.png', get_lang('Modify'),array(), ICON_SIZE_SMALL);
}
$action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a>';
if (api_get_course_setting('student_delete_own_publication') == 1) {
if (api_is_allowed_to_session_edit(false, true)) {
$action .= '<a href="'.$url.'edit.php?'.api_get_cidreq().'&item_id='.$item_id.'&id='.$work['parent_id'].'&gradebook='.Security::remove_XSS($_GET['gradebook']).'" title="'.get_lang('Modify').'">'.
Display::return_icon('edit.png', get_lang('Comment'),array(), ICON_SIZE_SMALL).'</a>';
}
$action .= ' <a href="'.$url.'work.php?'.api_get_cidreq().'&action=delete&amp;item_id='.$item_id.'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'" >'.Display::return_icon('delete.png',get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>';
} else {
$action .= Display::return_icon('edit_na.png', get_lang('Modify'),array(), ICON_SIZE_SMALL);
}
} else {
$action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a>';
$action .= Display::return_icon('edit_na.png', get_lang('Modify'),array(), ICON_SIZE_SMALL);
}

Write Preview
Loading…
Cancel
Save