chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Blocking access if user is not subscribed see BT#6615

Browse Source
1.9.x
Julio Montoya 12 years ago
parent c6de26d37b
commit f0926c0875
8 changed files with 66 additions and 54 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 35
      main/work/download.php
  2. 3
      main/work/downloadfolder.inc.php
  3. 7
      main/work/edit.php
  4. 2
      main/work/upload.php
  5. 2
      main/work/view.php
  6. 66
      main/work/work.lib.php
  7. 2
      main/work/work_list.php
  8. 3
      main/work/work_list_others.php

35
main/work/download.php
Unescape View File

@ -12,6 +12,8 @@
session_cache_limiter('public');
require_once '../inc/global.inc.php';
require_once 'work.lib.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
$this_section = SECTION_COURSES;
@ -29,26 +31,29 @@ $id = intval($_GET['id']);
$course_info = api_get_course_info();
if (empty($course_info)) {
api_not_allowed(true);
api_not_allowed(true);
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id']);
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id']);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
exit;
}
/*
field show_score in table course : 0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
1 => New documents are only visible for the teacher(s)
field visibility in table item_property : 0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication : 0 => eye closed, invisible for all students
@ -56,24 +61,24 @@ if (!empty($course_info['real_id'])) {
(we should have visibility == accepted , otherwise there is an inconsistency in the Database)
field value in table c_course_setting : 0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
+------------------+------------------------------+----------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+------------------------------+----------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+------------------------------+----------------------------+
+------------------+------------------------------+----------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+------------------------------+----------------------------+
+------------------+------------------------------+----------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
$doc_visible_for_all = ($course_info['show_score'] == 1);
$is_editor = api_is_allowed_to_edit(true,true,true);
$student_is_owner_of_work = ($row['user_id'] == api_get_user_id());
if ($is_editor
|| (!$doc_visible_for_all && $work_is_visible && $student_is_owner_of_work)
|| ($doc_visible_for_all && $work_is_visible)) {
@ -84,7 +89,7 @@ if (!empty($course_info['real_id'])) {
}
} else {
api_not_allowed();
}
}
}
}
exit;
exit;

3
main/work/downloadfolder.inc.php
Unescape View File

@ -71,6 +71,9 @@ if (api_is_allowed_to_edit()) {
} else {
$courseInfo = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work_id, $courseInfo['real_id']);
$userCondition = null;
// All users

7
main/work/edit.php
Unescape View File

@ -147,7 +147,7 @@ if ($is_allowed_to_edit && !empty($item_id)) {
}
}
$form->addElement('hidden', 'active', 1);
$form->addElement('hidden', 'active', 1);
$form->addElement('hidden', 'accepted', 1);
$form->addElement('hidden', 'item_to_edit', $item_id);
$form->addElement('hidden', 'sec_token', $token);
@ -178,9 +178,10 @@ if ($form->validate()) {
if ($is_author) {
$work_data = get_work_data_by_id($item_to_edit_id);
if (!empty($_POST['title']))
if (!empty($_POST['title'])) {
$title = isset($_POST['title']) ? $_POST['title'] : $work_data['title'];
$description = isset($_POST['description']) ? $_POST['description'] : $work_data['description'];
}
$description = isset($_POST['description']) ? $_POST['description'] : $work_data['description'];
if ($is_allowed_to_edit && ($_POST['qualification'] !='' )) {
$add_to_update = ', qualificator_id ='."'".api_get_user_id()."',";

2
main/work/upload.php
Unescape View File

@ -35,6 +35,8 @@ if (empty($work_id)) {
api_not_allowed(true);
}
allowOnlySubscribedUser($user_id, $work_id, $course_id);
$parent_data = $my_folder_data = get_work_data_by_id($work_id);
if (empty($parent_data)) {

2
main/work/view.php
Unescape View File

@ -20,6 +20,8 @@ $interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPubl
$my_folder_data = get_work_data_by_id($work['parent_id']);
$course_info = api_get_course_info();
allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $course_info['real_id']);
if (user_is_author($id) || $course_info['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
$url_dir = 'work.php?&id=' . $my_folder_data['id'];
$interbreadcrumb[] = array ('url' => $url_dir,'name' => $my_folder_data['title']);

66
main/work/work.lib.php
Unescape View File

@ -808,46 +808,14 @@ function display_student_publications_list($id, $my_folder_data, $work_parents,
if (api_is_allowed_to_edit()) {
$cant_files = get_count_work($work_data['id']);
/*$sql_document = "SELECT count(*)
FROM $work_table w INNER JOIN $user_table u ON w.user_id = u.user_id
WHERE w.c_id = $course_id AND w.parent_id = ".$work_data['id']." AND w.active IN (0, 1)";*/
} else {
if (ADD_DOCUMENT_TO_WORK) {
$subscribedUsers = getAllUserToWork($work_data['id'], $course_id);
if (!empty($subscribedUsers)) {
if (!in_array(api_get_user_id(), $subscribedUsers)) {
continue;
}
}
$isSubscribed = userIsSubscribedToWork(api_get_user_id(), $work_data['id'], $course_id);
if ($isSubscribed == false) {
continue;
}
$cant_files = get_count_work($work_data['id'], api_get_user_id());
/*
$user_filter = "user_id = ".api_get_user_id()." AND ";
if ($course_info['show_score'] == 0) {
$user_filter = null;
}
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p
WHERE s.c_id = $course_id AND
p.c_id = $course_id AND
s.id = p.ref AND
p.tool='work' AND
s.accepted='1' AND
$user_filter
parent_id = ".$work_data['id']." AND
active = 1 AND
parent_id = ".$work_parent->id."";*/
}
//count documents
/*$res_document = Database::query($sql_document);
$count_document = Database::fetch_row($res_document);
$cant_files = $count_document[0];*/
$text_file = get_lang('FilesUpload');
if ($cant_files == 1) {
@ -2246,5 +2214,33 @@ function deleteUserToWork($userId, $workId, $courseId)
Database::delete($table, $params);
}
function userIsSubscribedToWork($userId, $workId, $courseId)
{
if (ADD_DOCUMENT_TO_WORK == false) {
return true;
}
$subscribedUsers = getAllUserToWork($workId, $courseId);
if (empty($subscribedUsers)) {
return true;
} else {
if (in_array($userId, $subscribedUsers)) {
return true;
}
}
return false;
}
function allowOnlySubscribedUser($userId, $workId, $courseId)
{
if (ADD_DOCUMENT_TO_WORK == false) {
return true;
}
if (api_is_platform_admin() || api_is_allowed_to_edit()) {
return true;
}
if (userIsSubscribedToWork($userId, $workId, $courseId) == false) {
api_not_allowed(true);
}
}

2
main/work/work_list.php
Unescape View File

@ -35,6 +35,8 @@ $courseInfo = api_get_course_info();
$htmlHeadXtra[] = api_get_jqgrid_js();
$url_dir = api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq();
allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
if (!empty($group_id)) {
$group_properties = GroupManager :: get_group_properties($group_id);

3
main/work/work_list_others.php
Unescape View File

@ -38,8 +38,9 @@ if ($courseInfo['show_score'] == 1) {
api_not_allowed(true);
}
$htmlHeadXtra[] = api_get_jqgrid_js();
allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
$htmlHeadXtra[] = api_get_jqgrid_js();
if (!empty($group_id)) {
$group_properties = GroupManager :: get_group_properties($group_id);

Write Preview
Loading…
Cancel
Save