chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replacing the old toolgroup with the function api_get_group_id() + allowing users to download their works

Browse Source
skala
Julio Montoya 13 years ago
parent dc74f9bcfc
commit e3baa0df50
5 changed files with 71 additions and 106 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      main/document/downloadfolder.inc.php
  2. 2
      main/inc/lib/security.lib.php
  3. 31
      main/work/downloadfolder.inc.php
  4. 47
      main/work/work.lib.php
  5. 85
      main/work/work.php

12
main/document/downloadfolder.inc.php
Unescape View File

@ -9,6 +9,8 @@
* Code
*/
set_time_limit(0);
require_once '../inc/global.inc.php';
$document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id());
$path = $document_data['path'];
@ -130,11 +132,11 @@ event_download(($path == '/') ? 'documents.zip (folder)' : basename($path).'.zip
// Start download of created file
$name = ($path == '/') ? 'documents.zip' : $document_data['title'].'.zip';
//if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
//}
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
}
/**
* Returns the difference between two arrays, as an array of those key/values

2
main/inc/lib/security.lib.php
Unescape View File

@ -49,8 +49,8 @@ class Security {
if (empty($checker_path)) { return false; } // The checker path must be set.
$true_path = str_replace("\\", '/', realpath($abs_path));
$found = strpos($true_path.'/', $checker_path);
if ($found === 0) {
return true;
} else {

31
main/work/downloadfolder.inc.php
Unescape View File

@ -8,6 +8,8 @@
*/
$work_id = $_GET['id'];
require_once '../inc/global.inc.php';
require_once 'work.lib.php';
$work_data = get_work_data_by_id($work_id);
if (empty($work_data)) {
@ -43,7 +45,7 @@ $prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$files = array();
$course_id = api_get_course_int_id();
if (api_is_allowed_to_edit()) {
if (api_is_allowed_to_edit()) {
//search for all files that are not deleted => visibility != 2
$sql = "SELECT url, title FROM $tbl_student_publication AS work, $prop_table AS props
@ -56,7 +58,7 @@ if (api_is_allowed_to_edit()) {
$query = Database::query($sql);
//add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
if (file_exists($sys_course_path.$_course['path'].'/'.$not_deleted_file['url'])) {
if (file_exists($sys_course_path.$_course['path'].'/'.$not_deleted_file['url'])) {
$files[basename($not_deleted_file['url'])] = $not_deleted_file['title'];
$zip_folder->add($sys_course_path.$_course['path'].'/'.$not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path'].'/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback');
}
@ -78,20 +80,23 @@ if (api_is_allowed_to_edit()) {
$files[basename($not_deleted_file['url'])] = $not_deleted_file['title'];
$zip_folder->add($sys_course_path.$_course['path'].'/'.$not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path'].'/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback');
}
}
}
}//end for other users
//logging
event_download(basename($work_data['title']).'.zip (folder)');
//start download of created file
$name = basename($work_data['title']).'.zip';
if (!empty($files)) {
//logging
event_download(basename($work_data['title']).'.zip (folder)');
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
//start download of created file
$name = basename($work_data['title']).'.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
}
} else {
exit;
}
/* Extra function (only used here) */

47
main/work/work.lib.php
Unescape View File

@ -40,7 +40,7 @@ function display_action_links($id, $cur_dir_path, $always_show_tool_options, $al
if (!$always_show_tool_options && api_is_allowed_to_edit(null, true) && $origin != 'learnpath') {
// Create dir
if (empty($cur_dir_path)) {
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;toolgroup='.Security::remove_XSS($_GET['toolgroup']).'&amp;action=create_dir&origin='.$origin.'&gradebook='.$gradebook.'">';
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;action=create_dir&origin='.$origin.'&gradebook='.$gradebook.'">';
$display_output .= Display::return_icon('new_work.png', get_lang('CreateAssignment'),'','32').'</a>';
}
if (empty($cur_dir_path)) {
@ -330,14 +330,13 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$work_assigment = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$user_id = api_get_user_id();
//condition for the session
$session_id = api_get_session_id();
$session_id = api_get_session_id();
$condition_session = api_get_session_condition($session_id);
$course_id = api_get_course_int_id();
$group_id = api_get_group_id();
$publications_list = array();
$sort_params = array();
if (isset($_GET['column'])) {
@ -379,6 +378,8 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
}
$contains_file_query = '';
//Get list from database
if ($is_allowed_to_edit) {
@ -389,8 +390,8 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$contains_file_query
ORDER BY sent_date DESC";
} else {
if (!empty($_SESSION['toolgroup'])) {
$group_query = " WHERE c_id = $course_id AND post_group_id = '".intval($_SESSION['toolgroup'])."' "; // set to select only messages posted by the user's group
if (!empty($group_id)) {
$group_query = " WHERE c_id = $course_id AND post_group_id = '".$group_id."' "; // set to select only messages posted by the user's group
$subdirs_query = "AND parent_id = 0";
} else {
$group_query = " WHERE c_id = $course_id AND post_group_id = '0' ";
@ -410,11 +411,11 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
}
}
}
} else {
} else {
$parent_id = isset($my_folder_data['id']) ? $my_folder_data['id'] : 0;
if (!empty($_SESSION['toolgroup'])) {
$group_query = " WHERE c_id = $course_id AND post_group_id = '".intval($_SESSION['toolgroup'])."' "; // set to select only messages posted by the user's group
if (!empty($group_id)) {
$group_query = " WHERE c_id = $course_id AND post_group_id = '".intval($group_id)."' "; // set to select only messages posted by the user's group
} else {
$group_query = " WHERE c_id = $course_id AND post_group_id = '0' ";
}
@ -461,6 +462,8 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$table_data = array();
// List of all folders if no id was provided
$group_id = api_get_group_id();
if (is_array($work_parents)) {
@ -469,8 +472,8 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
FROM ".$iprop_table." prop INNER JOIN ".$work_table." work ON (prop.ref=work.id AND prop.c_id = $course_id )
WHERE active IN (0, 1) AND ";
if (!empty($_SESSION['toolgroup'])) {
$sql_select_directory .= " work.post_group_id = '".$_SESSION['toolgroup']."' "; // set to select only messages posted by the user's group
if (!empty($group_id)) {
$sql_select_directory .= " work.post_group_id = '".$group_id."' "; // set to select only messages posted by the user's group
} else {
$sql_select_directory .= " work.post_group_id = '0' ";
}
@ -803,10 +806,11 @@ function display_student_publications_list($id, $link_target_parameter, $dateFor
$work_title = !empty($work_data['title']) ? $work_data['title'] : basename($work_data['url']);
//Work name
if (api_is_allowed_to_edit()) {
$zip = '<a href="'.api_get_self().'?cidReq='.api_get_course_id().'&gradebook='.$gradebook.'&action=downloadfolder&id='.$work_data['id'].'">
'.Display::return_icon('save_pack.png', get_lang('Save'), array('style' => 'float:right;'), 22).'</a>';
}
//if (api_is_allowed_to_edit()) {
if ($cant_files > 0 ) {
$zip = '<a href="downloadfolder.inc.php?id='.$work_data['id'].'">'.Display::return_icon('save_pack.png', get_lang('Save'), array('style' => 'float:right;'), 22).'</a>';
}
//}
$url = $zip.'<a href="'.api_get_self().'?'.api_get_cidreq().'&origin='.$origin.'&gradebook='.Security::remove_XSS($_GET['gradebook']).'&id='.$work_data['id'].'"'.$class.'>'.
$work_title.'</a>'.
$add_to_name.'<br />'.$cant_files.' '.$text_file.$dirtext;
@ -1390,6 +1394,8 @@ function insert_all_directory_in_course_table($base_work_dir) {
$only_dir[] = substr($dir_to_array[$i], strlen($base_work_dir), strlen($dir_to_array[$i]));
}
$course_id = api_get_course_int_id();
$group_id = api_get_group_id();
for($i = 0; $i < count($only_dir); $i++) {
global $work_table;
$sql_insert_all= "INSERT INTO " . $work_table . " SET
@ -1401,7 +1407,7 @@ function insert_all_directory_in_course_table($base_work_dir) {
active = '0',
accepted = '1',
filetype = 'folder',
post_group_id = '".intval($_GET['toolgroup'])."',
post_group_id = '".$group_id."',
sent_date = '0000-00-00 00:00:00' ";
Database::query($sql_insert_all);
}
@ -1652,12 +1658,7 @@ function get_list_users_without_publication($task_id) {
}
$group_id = api_get_group_id();
//just in case
if (empty($group_id)) {
$group_id = isset($_SESSION['toolgroup']) ? $_SESSION['toolgroup'] : 0;
}
$new_group_user_list = array();
if ($group_id) {

85
main/work/work.php
Unescape View File

@ -45,13 +45,6 @@ $language_file = array('exercice', 'work', 'document', 'admin');
require_once '../inc/global.inc.php';
// @todo why is this needed?
//session
if (isset ($_GET['id_session'])) {
$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
}
isset($_SESSION['id_session']) ? $id_session = $_SESSION['id_session'] : $id_session = null;
// Including necessary files
require_once 'work.lib.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
@ -186,13 +179,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && !sizeof($_POST)) {
exit ();
}
}
/*
if (isset($_GET['toolgroup'])) {
$toolgroup = Database::escape_string($_GET['toolgroup']);
api_session_register('toolgroup');
}
$toolgroup = isset($_SESSION['toolgroup']) ? $_SESSION['toolgroup'] : api_get_group_id();
*/
$group_id = api_get_group_id();
$display_upload_form = false;
@ -200,7 +187,6 @@ if ($action == 'upload_form') {
$display_upload_form = true;
}
/* Header */
if (!empty($_GET['gradebook']) && $_GET['gradebook'] == 'view') {
@ -215,14 +201,13 @@ if (!empty($gradebook) && $gradebook == 'view') {
$interbreadcrumb[] = array ('url' => '../gradebook/' . $_SESSION['gradebook_dest'],'name' => get_lang('ToolGradebook'));
}
if (!empty($_SESSION['toolgroup'])) {
$_clean['toolgroup'] = (int)$_SESSION['toolgroup'];
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']);
if (!empty($group_id)) {
$group_properties = GroupManager :: get_group_properties($group_id);
$interbreadcrumb[] = array ('url' => '../group/group.php', 'name' => get_lang('Groups'));
$interbreadcrumb[] = array ('url' => '../group/group_space.php?gidReq='.$_SESSION['toolgroup'], 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
$interbreadcrumb[] = array ('url' => '../group/group_space.php?gidReq='.$group_id, 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
$url_dir ='';
$interbreadcrumb[] = array ('url' =>'work.php?gidReq='.$_SESSION['toolgroup'],'name' => get_lang('StudentPublications'));
$interbreadcrumb[] = array ('url' =>'work.php?gidReq='.$group_id,'name' => get_lang('StudentPublications'));
$url_dir = 'work.php?&id=' . $work_id;
$interbreadcrumb[] = array ('url' => $url_dir,'name' => $my_folder_data['title']);
@ -289,7 +274,7 @@ if ($origin == 'learnpath') {
/* Display links to upload form and tool options */
if ($action != 'send_mail') {
if (!in_array($action, array('send_mail','add', 'upload'))) {
$token = Security::get_token();
}
@ -343,8 +328,8 @@ if ($is_special) {
switch ($action) {
case 'mark_work':
case 'upload_form':
if (empty($item_id)) {
case 'upload_form': //can be add or edit work
if (empty($item_id)) {
$parent_data = get_work_data_by_id($work_id);
$parent_data['qualification'] = intval($parent_data['qualification']);
@ -380,6 +365,7 @@ switch ($action) {
$is_author = true;
}
}
$form = new FormValidator('form', 'POST', api_get_self() . "?action=upload&id=".$work_id."&curdirpath=" . rtrim(Security :: remove_XSS($curdirpath),'/') . "&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin", '', 'enctype="multipart/form-data"');
// form title
@ -479,10 +465,6 @@ switch ($action) {
Display::display_error_message(get_lang('ActionNotAllowed'));
}
break;
//download of an completed folder
case 'downloadfolder':
//require 'downloadfolder.inc.php';
break;
case 'send_mail':
if (Security::check_token('get')) {
$mails_sent_to = send_reminder_users_without_publication($my_folder_data);
@ -684,9 +666,9 @@ switch ($action) {
$agenda_id = agenda_add_item($course_info, $title, $content, $date, $end_date, array('GROUP:'.$group_id), 0);
}
}
//Folder created
api_item_property_update($course_info, 'work', $id, 'DirectoryCreated', $user_id);
api_item_property_update($course_info, 'work', $id, 'DirectoryCreated', $user_id, $group_id);
Display :: display_confirmation_message(get_lang('DirectoryCreated'), false);
// insert into student_publication_assignment
@ -716,7 +698,7 @@ switch ($action) {
publication_id = '".$id."'";
Database::query($sql_add_homework);
$inserted_id = Database::insert_id();
$sql_add_publication = "UPDATE $work_table SET has_properties = $inserted_id, view_properties = 0 WHERE id = $id";
$sql_add_publication = "UPDATE $work_table SET has_properties = $inserted_id, view_properties = 0 WHERE c_id = $course_id AND id = $id";
Database::query($sql_add_publication);
}
@ -775,12 +757,7 @@ switch ($action) {
// Compose a unique file name to avoid any conflict
$new_file_name = api_get_unique_id();
if (isset ($_SESSION['toolgroup'])) {
$post_group_id = $_SESSION['toolgroup'];
} else {
$post_group_id = '0';
}
//if we come from the group tools the groupid will be saved in $work_table
@move_uploaded_file($_FILES['file']['tmp_name'], $updir.$curdirpath.'/'.$new_file_name);
$url = 'work'.$curdirpath.'/'.$new_file_name;
@ -798,9 +775,9 @@ switch ($action) {
description = '" . Database::escape_string($description) . "',
author = '" . Database::escape_string($authors) . "',
contains_file = '".intval($_POST['contains_file'])."',
active = '" . $active . "',
active = '" . $active . "',
accepted = '1',
post_group_id = '".$post_group_id."',
post_group_id = '".$group_id."',
sent_date = '".api_get_utc_datetime()."',
parent_id = '".$work_id."' ,
session_id = '".intval($id_session)."' ,
@ -809,25 +786,11 @@ switch ($action) {
Database::query($sql_add_publication);
$id = Database::insert_id();
if ($id) {
api_item_property_update($_course, 'work', $id, 'DocumentAdded', $user_id);
api_item_property_update($course_info, 'work', $id, 'DocumentAdded', $user_id, api_get_group_id());
$succeed = true;
}
// update all the parents in the table item property
//no need to add this
/*
$list_id = get_parent_directories($id);
for ($i = 0; $i < count($list_id); $i++) {
api_item_property_update($_course, 'work', $list_id[$i], 'FolderUpdated', $user_id);
}*/
}
} elseif ($newWorkUrl) {
if (isset ($_SESSION['toolgroup'])) {
$post_group_id = $_SESSION['toolgroup'];
} else {
$post_group_id = '0';
}
// SPECIAL CASE ! For a work coming from another area (i.e. groups)
$url = str_replace('../../' . $_course['path'] . '/', '', $newWorkUrl);
@ -841,7 +804,7 @@ switch ($action) {
title = '" . Database::escape_string($title) . "',
description = '" . Database::escape_string($description) . "',
author = '" . Database::escape_string($authors) . "',
post_group_id = '".$post_group_id."',
post_group_id = '".$group_id."',
sent_date = '".api_get_utc_datetime()."',
session_id = '".intval($id_session)."',
user_id = '".$user_id."'";
@ -849,14 +812,8 @@ switch ($action) {
Database::query($sql);
$insertId = Database::insert_id();
api_item_property_update($_course, 'work', $insertId, 'DocumentAdded', $user_id);
api_item_property_update($_course, 'work', $insertId, 'DocumentAdded', $user_id, $group_id);
$succeed = true;
/*// update all the parents in the table item propery
$list_id=get_parent_directories($my_cur_dir_path);
for ($i = 0; $i < count($list_id); $i++) {
api_item_property_update($_course, 'work', $list_id[$i], 'FolderUpdated', $user_id);
}*/
} elseif (isset($_POST['editWork'])) {
/*
@ -1039,7 +996,7 @@ switch ($action) {
$session_id = api_get_session_id();
$session_id == 0 ? $withsession = " AND session_id = 0 " : $withsession = " AND session_id='".$session_id."'";
$sql = "SELECT id, url, title FROM $work_table
WHERE c_id = $course_id AND active IN (0, 1) AND url LIKE '/%' AND post_group_id = '".(empty($_SESSION['toolgroup'])?0:intval($_SESSION['toolgroup']))."'".$withsession;
WHERE c_id = $course_id AND active IN (0, 1) AND url LIKE '/%' AND post_group_id = '".$group_id."'".$withsession;
$res = Database::query($sql);
while($folder = Database::fetch_array($res)) {
$folders[$folder['id']] = $folder['title'];

Write Preview
Loading…
Cancel
Save