chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

By default only teachers can see the student's assignments, if a student add a new assignment he can see the file uploaded BT#2755

Browse Source
skala
Julio Montoya 14 years ago
parent 2f8b24d6dd
commit edf3ac5c52
3 changed files with 40 additions and 25 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/inc/lib/add_course.lib.inc.php
  2. 47
      main/work/work.lib.php
  3. 12
      main/work/work.php

6
main/inc/lib/add_course.lib.inc.php
Unescape View File

@ -2523,8 +2523,8 @@ function register_course($course_sys_code, $course_screen_code, $course_reposito
if ($ok_to_register_course) {
$titular = addslashes($titular);
// Here we must add 2 fields.
// Here we must add 2 fields.
$sql = "INSERT INTO ".$TABLECOURSE . " SET
code = '".Database :: escape_string($course_sys_code) . "',
db_name = '".Database :: escape_string($course_db_name) . "',
@ -2534,7 +2534,7 @@ function register_course($course_sys_code, $course_screen_code, $course_reposito
description = '".lang2db(get_lang('CourseDescription')) . "',
category_code = '".Database :: escape_string($category) . "',
visibility = '".$visibility . "',
show_score = '',
show_score = '1',
disk_quota = '".api_get_setting('default_document_quotum') . "',
creation_date = now(),
expiration_date = ".$expiration_date . ",

47
main/work/work.lib.php
Unescape View File

@ -15,6 +15,8 @@
*/
require_once api_get_path(SYS_CODE_PATH).'document/document.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
require_once api_get_path(LIBRARY_PATH).'course.lib.php';
/**
* Displays action links (for admins, authorized groups members and authorized students)
* @param string Current dir
@ -306,9 +308,10 @@ function create_group_date_select($prefix = '') {
function display_student_publications_list($work_dir, $sub_course_dir, $currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin, $add_in_where_query = '') {
global $timeNoSecFormat, $dateFormatShort, $gradebook, $_user;
// Database table names
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$work_assigment = Database :: get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$work_assigment = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$user_id = api_get_user_id();
$publications_list = array();
@ -326,9 +329,9 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
if (isset($_GET['direction'])) {
$sort_params[] = 'direction='.Security::remove_XSS($_GET['direction']);
}
$sort_params = implode('&', $sort_params);
$my_params = $sort_params;
$origin = Security::remove_XSS($origin);
$sort_params = implode('&', $sort_params);
$my_params = $sort_params;
$origin = Security::remove_XSS($origin);
if (substr($sub_course_dir, -1, 1) != '/' && !empty($sub_course_dir)) {
$sub_course_dir = $sub_course_dir.'/';
@ -433,6 +436,8 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
$my_sub_dir = str_replace('work/', '', $sub_course_dir);
$course_info = CourseManager::get_course_information(api_get_course_id());
// @todo Since "works" cant have sub works this foreach is useless when selecting the list of works
// List of all folders
@ -450,7 +455,8 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
} else {
$sql_select_directory .= " work.post_group_id = '0' ";
}
$sql_select_directory .= " AND work.url LIKE BINARY '".$mydir_temp."' AND work.filetype = 'folder' AND prop.tool='work' $condition_session";
$sql_select_directory .= " AND work.url LIKE BINARY '".$mydir_temp."' AND work.filetype = 'folder' AND prop.tool='work' $condition_session";
$result = Database::query($sql_select_directory);
$row = Database::fetch_array($result);
@ -458,12 +464,12 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
// the folder belongs to another session
continue;
}
$direc_date = $row['lastedit_date']; //directory's date
$author = $row['author']; //directory's author
$direc_date = $row['lastedit_date']; //directory's date
$author = $row['author']; //directory's author
$view_properties = $row['view_properties'];
$is_assignment = $row['has_properties'];
$id2 = $row['id'];
$mydir = $my_sub_dir.$dir;
$is_assignment = $row['has_properties'];
$id2 = $row['id'];
$mydir = $my_sub_dir.$dir;
if ($is_allowed_to_edit) {
isset($_GET['edit_dir']) ? $clean_edit_dir = Security :: remove_XSS($_GET['edit_dir']) : $clean_edit_dir = '';
@ -578,7 +584,7 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
$form_folder -> setDefaults($defaults);
$display_edit_form = true;
if ($form_folder -> validate()) {
if ($form_folder->validate()) {
$values = $form_folder -> exportValues();
$values = $values['my_group'];
$dir_name = replace_dangerous_char($values['dir_name']);
@ -672,13 +678,14 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
//$a_count_directory = count_dir($work_dir.'/'.$dir, false);
$cant_files = 0;
$cant_dir = 0;
$cant_dir = 0;
if (api_is_allowed_to_edit()) {
$sql_document = "SELECT count(*) FROM $work_table WHERE url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
} else {
// gets admin_course
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT course_user.user_id FROM $table_user user, $table_course_user course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status='1'";
$res = Database::query($sql);
@ -686,12 +693,20 @@ function display_student_publications_list($work_dir, $sub_course_dir, $currentC
while($row_admin = Database::fetch_row($res)) {
$admin_course .= '\''.$row_admin[0].'\',';
}
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p WHERE s.id = p.ref AND p.tool='work' AND s.accepted='1' AND url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
if ($course_info['show_score'] == 1) {
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p
WHERE s.id = p.ref AND p.tool='work' AND s.accepted='1' AND user_id = ".api_get_user_id()." AND url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
} else {
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p
WHERE s.id = p.ref AND p.tool='work' AND s.accepted='1' AND url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
}
}
//count documents
$res_document = Database::query($sql_document);
$count_document = Database::fetch_row($res_document);
$cant_files = $count_document[0];
//count directories
$sql_directory = "SELECT count(*) FROM $work_table s WHERE url NOT LIKE '/".$mydir."/%/%' AND url LIKE '/".$mydir."/%'";
$res_directory = Database::query($sql_directory);

12
main/work/work.php
Unescape View File

@ -350,7 +350,6 @@ if (!empty($_SESSION['toolgroup'])) {
event_access_tool(TOOL_STUDENTPUBLICATION);
$is_allowed_to_edit = api_is_allowed_to_edit(); //has to come after display_tool_view_option();
//api_display_tool_title($tool_name);
/* MAIN CODE */
@ -914,7 +913,7 @@ if ($ctok == $_POST['sec_token']) { //check the token inserted into the form
}
$current_date = api_get_utc_datetime();
$parent_id = '';
$active = '';
$active = '1';
$user_id = api_get_user_id();
$sql = Database::query('SELECT id FROM '.Database::get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE url = '."'/".Database::escape_string($_GET['curdirpath'])."' AND filetype='folder' LIMIT 1");
@ -928,7 +927,7 @@ if ($ctok == $_POST['sec_token']) { //check the token inserted into the form
description = '" . Database::escape_string($description) . "',
author = '" . Database::escape_string($authors) . "',
active = '" . $active . "',
accepted = '" . (api_is_allowed_to_edit(null,true)?$uploadvisibledisabled:(!$uploadvisibledisabled)) . "',
accepted = '1',
post_group_id = '" . $post_group_id . "',
sent_date = '".$current_date ."',
parent_id = '".$parent_id ."' ,
@ -976,7 +975,7 @@ if ($ctok == $_POST['sec_token']) { //check the token inserted into the form
title = '" . Database::escape_string($title) . "',
description = '" . Database::escape_string($description) . "',
author = '" . Database::escape_string($authors) . "',
post_group_id = '".$post_group_id."',
post_group_id = '".$post_group_id."',
sent_date = '".$current_date."',
session_id = '".intval($id_session)."',
user_id = '".$user_id."'";
@ -1120,8 +1119,9 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
}
}
$message = get_lang('DocAdd');
if ($uploadvisibledisabled && !$is_allowed_to_edit) {
$message .= "<br />" . get_lang('_doc_unvisible') . "<br />";
//$message .= "<br />" . get_lang('_doc_unvisible') . "<br />";
}
//stats
@ -1480,7 +1480,7 @@ if (!$display_upload_form && !$display_tool_options) {
if ($display_list_users_without_publication) {
display_list_users_without_publication($publication['id']);
} else {
display_student_publications_list($base_work_dir . '/' . $my_cur_dir_path, 'work/' . $my_cur_dir_path, $currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin,$add_query);
display_student_publications_list($base_work_dir . '/' . $my_cur_dir_path, 'work/' . $my_cur_dir_path, $currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin, $add_query);
}
}

Write Preview
Loading…
Cancel
Save