diff --git a/main/forum/editpost.php b/main/forum/editpost.php index 0bf6080c64..a46cf581a4 100755 --- a/main/forum/editpost.php +++ b/main/forum/editpost.php @@ -40,10 +40,7 @@ require_once 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* MAIN DISPLAY SECTION */ @@ -56,11 +53,18 @@ $current_thread = get_thread_information($_GET['forum'], $_GET['thread']); $current_forum = get_forum_information($_GET['forum']); $current_forum_category = get_forumcategory_information($current_forum['forum_category']); $current_post = get_post_information($_GET['post']); +if (empty($current_post)) { + api_not_allowed(true); +} api_block_course_item_locked_by_gradebook($_GET['thread'], LINK_FORUM_THREAD); -/* Header and Breadcrumbs */ +$isEditable = postIsEditableByStudent($current_forum, $current_post); +if (!$isEditable) { + api_not_allowed(true); +} +/* Header and Breadcrumbs */ if (isset($_SESSION['gradebook'])) { $gradebook = $_SESSION['gradebook']; } @@ -105,7 +109,7 @@ if ($origin == 'group') { $interbreadcrumb[] = array('url' => 'javascript: void (0);', 'name' => get_lang('EditPost')); } -$table_link = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); +$table_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK); /* Header */ $htmlHeadXtra[] = << 0 ) || + ($current_forum_category && $current_forum_category['locked'] <> 0) || $current_forum['locked'] <> 0 || $current_thread['locked'] <> 0 ) @@ -195,7 +199,7 @@ echo '
'; echo '

'; echo Display::url( prepare4display($current_forum['forum_title']), - 'viewforum.php?' . api_get_cidreq() . '&' . http_build_query([ + 'viewforum.php?'.api_get_cidreq().'&'.http_build_query([ 'origin' => $origin, 'forum' => $current_forum['forum_id'] ]), @@ -213,7 +217,7 @@ getAttachedFiles( $current_post['post_id'] ); -$values = show_edit_post_form( +show_edit_post_form( $forum_setting, $current_post, $current_thread, @@ -221,10 +225,6 @@ $values = show_edit_post_form( isset($_SESSION['formelements']) ? $_SESSION['formelements'] : '' ); -if (!empty($values) and isset($_POST['SubmitPost'])) { - store_edit_post($current_forum, $values); -} - // Footer if (isset($origin) && $origin == 'learnpath') { Display::display_reduced_footer(); diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index f15af4b8db..90641b9b09 100755 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -2385,7 +2385,7 @@ function get_forumcategory_information($cat_id) */ function count_number_of_forums_in_category($cat_id) { - $table_forums = Database :: get_course_table(TABLE_FORUM); + $table_forums = Database::get_course_table(TABLE_FORUM); $course_id = api_get_course_int_id(); $sql = "SELECT count(*) AS number_of_forums FROM ".$table_forums." @@ -2405,60 +2405,90 @@ function count_number_of_forums_in_category($cat_id) */ function updateThread($values) { - $threadTable = Database :: get_course_table(TABLE_FORUM_THREAD); + if (!api_is_allowed_to_edit()) { + return ''; + } + + $threadTable = Database::get_course_table(TABLE_FORUM_THREAD); $courseId = api_get_course_int_id(); + $courseCode = api_get_course_id(); + $sessionId = api_get_session_id(); + // Simple update + set gradebook values to null $params = [ 'thread_title' => $values['thread_title'], - 'thread_sticky' => isset($values['thread_sticky']) ? $values['thread_sticky'] : null, - 'thread_title_qualify' => $values['calification_notebook_title'], - 'thread_qualify_max' => api_float_val($values['numeric_calification']), - 'thread_weight' => api_float_val($values['weight_calification']), - 'thread_peer_qualify' => $values['thread_peer_qualify'], + 'thread_sticky' => isset($values['thread_sticky']) ? $values['thread_sticky'] : null ]; $where = ['c_id = ? AND thread_id = ?' => [$courseId, $values['thread_id']]]; Database::update($threadTable, $params, $where); - if (api_is_course_admin() == true) { - $option_chek = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : false; // values 1 or 0 - if ($option_chek) { - $id = $values['thread_id']; - $titleGradebook = Security::remove_XSS(stripslashes($values['calification_notebook_title'])); - $valueCalification = isset($values['numeric_calification']) ? intval($values['numeric_calification']) : 0; - $weightCalification = isset($values['weight_calification']) ? floatval($values['weight_calification']) : 0; - $description = ''; - $sessionId = api_get_session_id(); - $courseId = api_get_course_id(); - - $linkInfo = GradebookUtils::isResourceInCourseGradebook( - $courseId, + $id = $values['thread_id']; + $linkInfo = GradebookUtils::isResourceInCourseGradebook( + $courseCode, + LINK_FORUM_THREAD, + $id, + $sessionId + ); + $linkId = $linkInfo['id']; + $em = Database::getManager(); + $gradebookLink = null; + if (!empty($linkId)) { + $gradebookLink = $em->getRepository('ChamiloCoreBundle:GradebookLink')->find($linkId); + } + + // values 1 or 0 + $check = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : false; + if ($check) { + $title = Security::remove_XSS(stripslashes($values['calification_notebook_title'])); + $value = isset($values['numeric_calification']) ? intval($values['numeric_calification']) : 0; + $weight = isset($values['weight_calification']) ? floatval($values['weight_calification']) : 0; + $description = ''; + // Update title + $params = [ + 'thread_title_qualify' => $values['calification_notebook_title'], + 'thread_qualify_max' => api_float_val($values['numeric_calification']), + 'thread_weight' => api_float_val($values['weight_calification']), + 'thread_peer_qualify' => $values['thread_peer_qualify'], + ]; + $where = ['c_id = ? AND thread_id = ?' => [$courseId, $values['thread_id']]]; + Database::update($threadTable, $params, $where); + + if (!$linkInfo) { + GradebookUtils::add_resource_to_course_gradebook( + $values['category_id'], + $courseCode, LINK_FORUM_THREAD, $id, + $title, + $weight, + $value, + $description, + 1, $sessionId ); - $linkId = $linkInfo['id']; - - if (!$linkInfo) { - GradebookUtils::add_resource_to_course_gradebook( - $values['category_id'], - $courseId, - LINK_FORUM_THREAD, - $id, - $titleGradebook, - $weightCalification, - $valueCalification, - $description, - 1, - $sessionId - ); - } else { - $em = Database::getManager(); - $gradebookLink = $em->getRepository('ChamiloCoreBundle:GradebookLink')->find($linkId); - $gradebookLink->setWeight($weightCalification); + } else { + if ($gradebookLink) { + $gradebookLink->setWeight($weight); $em->persist($gradebookLink); $em->flush(); } } + } else { + $params = [ + 'thread_title_qualify' => '', + 'thread_qualify_max' => '', + 'thread_weight' => '', + 'thread_peer_qualify' => '', + ]; + $where = ['c_id = ? AND thread_id = ?' => [$courseId, $values['thread_id']]]; + Database::update($threadTable, $params, $where); + + if (!empty($linkInfo)) { + if ($gradebookLink) { + $em->remove($gradebookLink); + $em->flush(); + } + } } $message = get_lang('EditPostStored').'
'; @@ -2494,7 +2524,7 @@ function store_thread($current_forum, $values, $courseInfo = array(), $showMessa $sessionId = $sessionId ?: api_get_session_id(); $em = Database::getManager(); - $table_threads = Database :: get_course_table(TABLE_FORUM_THREAD); + $table_threads = Database::get_course_table(TABLE_FORUM_THREAD); $gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $upload_ok = 1; @@ -3432,7 +3462,7 @@ function store_reply($current_forum, $values, $courseId = 0, $userId = 0) { $courseId = !empty($courseId) ? $courseId : api_get_course_int_id(); $_course = api_get_course_info_by_id($courseId); - $table_posts = Database :: get_course_table(TABLE_FORUM_POST); + $table_posts = Database::get_course_table(TABLE_FORUM_POST); $post_date = api_get_utc_datetime(); $userId = $userId ?: api_get_user_id(); @@ -3606,88 +3636,29 @@ function show_edit_post_form( $form->addButtonAdvancedSettings('advanced_params'); $form->addElement('html', '