Adding attachment link in the new agenda

main/calendar/agenda.inc.php

@@ -2016,11 +2016,16 @@ function display_agenda_items($agenda_items, $day = false) {
  * @version November 2008, dokeos 1.8.6
  */
 
-function get_attachment($agenda_id) {
+function get_attachment($agenda_id, $course_id = null) {
 	$agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
+    if (empty($course_id)) {
+        $course_id = api_get_course_int_id();
+    } else {
+        $course_id = intval($course_id);
+    }
 	$agenda_id=Database::escape_string($agenda_id);
 	$row=array();
-	$sql = 'SELECT id,path, filename,comment FROM '. $agenda_table_attachment.' WHERE agenda_id = '.(int)$agenda_id.'';
+	$sql = 'SELECT id,path, filename,comment FROM '. $agenda_table_attachment.' WHERE c_id = '.$course_id.' AND agenda_id = '.(int)$agenda_id.'';
 	$result=Database::query($sql);
 	if (Database::num_rows($result)!=0) {
 		$row=Database::fetch_array($result);

main/calendar/agenda.lib.php

@@ -333,14 +333,14 @@ class Agenda {
 		$event = null;
 		switch ($this->type) {
 			case 'personal':				
-				$sql = " SELECT * FROM ".$this->tbl_personal_agenda." WHERE id=".$id." AND user = ".api_get_user_id();
+				$sql = " SELECT * FROM ".$this->tbl_personal_agenda." WHERE id = $id AND user = ".api_get_user_id();
 				$result = Database::query($sql);				
 				if (Database::num_rows($result)) {
 					$event = Database::fetch_array($result, 'ASSOC');
 				}
 				break;
 			case 'course':
-				$sql = " SELECT * FROM ".$this->tbl_course_agenda." WHERE id=".$id;
+				$sql = " SELECT * FROM ".$this->tbl_course_agenda." WHERE c_id = ".$this->course['real_id']." AND id = ".$id;
 				$result = Database::query($sql);
 				if (Database::num_rows($result)) {
 					$event = Database::fetch_array($result, 'ASSOC');
@@ -469,8 +469,6 @@ class Agenda {
 		$events = array();
 		if (Database::num_rows($result)) {
 			while ($row = Database::fetch_array($result, 'ASSOC')) {
-                                 
-                //session_id = {$row['ref']} AND
                 //to gather sent_tos
                 $sql = "SELECT to_user_id, to_group_id
                     FROM ".$tbl_property." ip
@@ -498,6 +496,20 @@ class Agenda {
 				}
 				$event = array();
 				$event['id'] 	  		= 'course_'.$row['id'];
+                
+                $attachment = get_attachment($row['id'], $course_id);
+                
+                $has_attachment = '';
+                
+                if (!empty($attachment)) {
+                    $has_attachment =  Display::return_icon('attachment.gif',get_lang('Attachment'));
+                    $user_filename  = $attachment['filename'];                    
+                    $full_file_name = 'download.php?file='.$attachment['path'].'&course_id='.$course_id;                    
+                    $event['attachment'] = $has_attachment.Display::url($user_filename, $full_file_name);                                           
+                } else {
+                    $event['attachment'] = '';
+                }
+                
 				$event['title'] 		= $row['title'];
 				$event['className'] 	= 'course';
 				$event['allDay'] 	  	= 'false';
@@ -571,7 +583,7 @@ class Agenda {
 				
 				$event['allDay'] = isset($row['all_day']) && $row['all_day'] == 1 ? $row['all_day'] : 0;					
 	
-				$my_events[] = $event;	
+				//$my_events[] = $event;
 	
 				$this->events[] = $event;                
 			}

main/calendar/agenda_js.php

@@ -8,7 +8,7 @@
  */
 
 // name of the language file that needs to be included
-$language_file = array('agenda','group');
+$language_file = array('agenda', 'group', 'announcements');
 
 // use anonymous mode when accessing this course tool
 $use_anonymous = true;

main/calendar/download.php

@@ -19,35 +19,47 @@ $this_section=SECTION_COURSES;
 
 require_once api_get_path(LIBRARY_PATH).'document.lib.php';
 require_once 'agenda.inc.php';
+
 // IMPORTANT to avoid caching of documents
 header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
 header('Cache-Control: public');
 header('Pragma: no-cache');
 
-//protection
-api_protect_course_script(true);
+$course_id      = intval($_REQUEST['course_id']);
+$user_id        = api_get_user_id();
+$course_info    = api_get_course_info_by_id($course_id);
+$doc_url        = $_REQUEST['file'];
+$session_id     = api_get_session_id();
+
+if (empty($course_id)) {
+    $course_id = api_get_course_int_id();
+}
+if (empty($course_id) || empty($doc_url)) {
+    api_not_allowed();
+}
+
+$is_user_is_subscribed = CourseManager::is_user_subscribed_in_course($user_id, $course_info['code'], true, $session_id);
+
+if (!api_is_allowed_to_edit() && !$is_user_is_subscribed) {    
+    api_not_allowed();
+}
 
-$doc_url = $_GET['file'];
 //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
 $doc_url = str_replace('///', '&', $doc_url);
 //still a space present? it must be a '+' (that got replaced by mod_rewrite)
 $doc_url = str_replace(' ', '+', $doc_url);
 $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
 
-if (!isset($_course)) {
-	api_not_allowed(true);
-}
+$full_file_name = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/upload/calendar/'.$doc_url;
 
-$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/calendar/'.$doc_url;
 //if the rewrite rule asks for a directory, we redirect to the document explorer
-if (is_dir($full_file_name))
-{
+if (is_dir($full_file_name)) {
 	//remove last slash if present
 	//$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
 	//mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (René)
 	while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
 	//create the path
-	$document_explorer = api_get_path(WEB_COURSE_PATH).api_get_course_path(); // home course path
+	$document_explorer = api_get_path(WEB_COURSE_PATH).$course_info['path']; // home course path
 	//redirect
 	header('Location: '.$document_explorer);
 	exit;
@@ -59,14 +71,14 @@ $tbl_agenda_attachment 	= Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
 event_download($doc_url);
 
 $sql='SELECT filename FROM '.$tbl_agenda_attachment.'
-  	  WHERE path LIKE BINARY "'.Database::escape_string($doc_url).'"';
+  	  WHERE c_id = '.$course_id.' AND path LIKE BINARY "'.Database::escape_string($doc_url).'"';
 
 $result = Database::query($sql);
-if (Database::num_rows($result) > 0) {
+if (Database::num_rows($result)) {
     $row    = Database::fetch_array($result);    
     $title = str_replace(' ','_', $row['filename']);
-    if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/calendar/')) {
+    if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).$course_info['path'].'/upload/calendar/')) {
         DocumentManager::file_send_for_download($full_file_name,TRUE, $title);
     }
 }
-exit;
+api_not_allowed();

main/css/base.css

@@ -3809,7 +3809,7 @@ form div.error input, form div.error textarea {
   margin:2px 3px 2px 0px; 
   /* padding:5px;*/
   background-color: #bfbfbf;
-  font-size: 9.75px;
+  font-size: 10px;
   font-weight: bold;
   color: #ffffff;  
   -webkit-border-radius: 3px;

main/inc/lib/course.lib.php

@@ -993,10 +993,16 @@ class CourseManager {
      * @param	bool	True for checking inside sessions too, by default is not checked
      * @return 	bool 	true if the user is registered in the course, false otherwise
      */
-    public static function is_user_subscribed_in_course($user_id, $course_code = null, $in_a_session = false) {
+    public static function is_user_subscribed_in_course($user_id, $course_code = null, $in_a_session = false, $session_id = null) {
 
         $user_id = intval($user_id);
         
+        if (empty($session_id)) {
+            $session_id = api_get_session_id();
+        } else {
+            $session_id = intval($session_id);
+        }
+
         $condition_course = '';
         if (isset($course_code)) {
             $course_code = Database::escape_string($course_code);
@@ -1005,6 +1011,7 @@ class CourseManager {
 
         $result = Database::fetch_array(Database::query("SELECT * FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)."
                 WHERE user_id = $user_id AND relation_type<>".COURSE_RELATION_TYPE_RRHH." $condition_course "));
+        
         if (!empty($result)) {
             return true; // The user has been registered in this course.
         }
@@ -1024,7 +1031,7 @@ class CourseManager {
         }
 
         if (Database::num_rows(Database::query('SELECT 1 FROM '.Database::get_main_table(TABLE_MAIN_SESSION).
-                ' WHERE id='.intval($_SESSION['id_session']).' AND id_coach='.$user_id)) > 0) {
+                ' WHERE id='.$session_id.' AND id_coach='.$user_id)) > 0) {
             return true;
         }
 

main/template/default/agenda/month.tpl

@@ -29,7 +29,9 @@ $(document).ready(function() {
 		autoOpen: false,
 		modal	: false, 
 		width	: 550, 
-		height	: 450
+		height	: 450,
+        zIndex: 20000 // added because of qtip2
+
    	});
 
 	var title = $( "#title" ),
@@ -154,6 +156,19 @@ $(document).ready(function() {
 			}
 		},	
 		eventRender: function(event, element) {
+        
+            if (event.attachment) {
+                element.qtip({
+                    show: {
+                        event: false, // Don't specify a show event...
+                        ready: true // ... but show the tooltip when ready
+                    },
+                    hide: false, // Don't specify a hide event either!
+		            content: event.attachment,
+		            position: { at:'top right' , my:'bottom right'},	
+		        }).removeData('qtip'); // this is an special hack to add multipl qtip in the same target!
+            }
+            
 			if (event.description) {
 				element.qtip({
 		            content: event.description,