Some fixes in the work tool to allow user to share documents

skala
Julio Montoya 13 years ago
parent 008e7415e1
commit b389e03802
  1. 2
      main/work/download.php
  2. 5
      main/work/view.php
  3. 5
      main/work/work.lib.php
  4. 14
      main/work/work.php

@ -16,8 +16,6 @@ $current_course_tool = TOOL_STUDENTPUBLICATION;
$this_section = SECTION_COURSES;
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
// IMPORTANT to avoid caching of documents
header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
header('Cache-Control: public');

@ -16,13 +16,14 @@ if (empty($id) || empty($work)) {
$interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPublications'));
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
if (user_is_author($id)) {
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
$url_dir = 'work.php?&id=' . $my_folder_data['id'];
$interbreadcrumb[] = array ('url' => $url_dir,'name' => $my_folder_data['title']);
$interbreadcrumb[] = array ('url' => '#','name' => $work['title']);
if (api_is_allowed_to_edit() || ($work['user_id'] == api_get_user_id() && $work['active'] == 1 && $work['accepted'] == 1)) {
if (($course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) || api_is_allowed_to_edit() || ($work['user_id'] == api_get_user_id() && $work['active'] == 1 && $work['accepted'] == 1)) {
$tpl = new Template();
$tpl->assign('work', $work);
$template = $tpl->get_template('work/view.tpl');

@ -1567,6 +1567,7 @@ function get_work_user_list($start, $limit, $column, $direction, $work_id, $wher
} else {
$extra_conditions = " work.post_group_id = '0' ";
}
if ($is_allowed_to_edit) {
$extra_conditions .= ' AND work.active IN (0, 1) ';
} else {
@ -1868,6 +1869,7 @@ function user_is_author($item_id, $user_id = null) {
$is_author = false;
$item_to_edit_data = api_get_item_property_info(api_get_course_int_id(), 'work', $item_id, api_get_session_id());
$is_allowed_to_edit = api_is_allowed_to_edit();
if ($is_allowed_to_edit) {
$is_author = true;
} else {
@ -1876,7 +1878,8 @@ function user_is_author($item_id, $user_id = null) {
}
}
if (!$is_author) {
api_not_allowed();
//api_not_allowed();
return false;
}
return $is_author;
}

@ -115,8 +115,7 @@ $origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST[
$submitGroupWorkUrl = isset($_REQUEST['submitGroupWorkUrl']) ? Security::remove_XSS($_REQUEST['submitGroupWorkUrl']) : '';
$title = isset($_REQUEST['title']) ? Database::escape_string($_REQUEST['title']) : '';
$uploadvisibledisabled = isset($_REQUEST['uploadvisibledisabled']) ? Database::escape_string($_REQUEST['uploadvisibledisabled']) : '1';
$uploadvisibledisabled = isset($_REQUEST['uploadvisibledisabled']) ? Database::escape_string($_REQUEST['uploadvisibledisabled']) : $course_info['show_score'];
// get data for publication assignment
$has_expired = false;
@ -368,7 +367,7 @@ switch ($action) {
case 'edit':
case 'upload_form': //can be add or edit work
$is_author = false;
if (empty($item_id)) {
if (empty($item_id)) {
$parent_data = get_work_data_by_id($work_id);
$parent_data['qualification'] = intval($parent_data['qualification']);
@ -394,8 +393,15 @@ switch ($action) {
}
//Get the author ID for that document from the item_property table
$is_author = user_is_author($item_id);
$is_author = user_is_author($item_id);
if (!$is_author) {
Display::display_warning_message(get_lang('NotAllowed'));
Display::display_footer();
}
}
$form = new FormValidator('form', 'POST', api_get_self() . "?action=upload&id=".$work_id."&curdirpath=" . rtrim(Security :: remove_XSS($curdirpath),'/') . "&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin", '', array('enctype' => "multipart/form-data"));
// form title

Loading…
Cancel
Save