chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

shared and chat folders are filtered depending the sesion see BT#8074

Browse Source
1.9.x
Julio Montoya 11 years ago
parent 28ee38f13f
commit f5e8a0f597
2 changed files with 62 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 49
      main/document/downloadfolder.inc.php
  2. 29
      main/inc/lib/document.lib.php

49
main/document/downloadfolder.inc.php
Unescape View File

@ -26,10 +26,11 @@ if (empty($document_data)) {
}
//a student should not be able to download a root shared directory
if (($path == '/shared_folder' || $path=='/shared_folder_session_'.api_get_session_id()) && (!api_is_allowed_to_edit() || !api_is_platform_admin())){
echo '<div align="center">';
Display::display_error_message(get_lang('NotAllowedClickBack'));
echo '</div>';
if (($path == '/shared_folder' ||
$path == '/shared_folder_session_' . api_get_session_id()) &&
(!api_is_allowed_to_edit() || !api_is_platform_admin())
) {
api_not_allowed();
exit;
}
@ -39,12 +40,12 @@ require api_get_path(LIBRARY_PATH).'pclzip/pclzip.lib.php';
//Creating a ZIP file
$temp_zip_file = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().".zip";
$zip_folder = new PclZip($temp_zip_file);
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
$prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$zip_folder = new PclZip($temp_zip_file);
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
$prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
$groupId = api_get_group_id();
// We need this path to clean it out of the zip file
@ -65,7 +66,7 @@ if (api_is_allowed_to_edit()) {
}
$querypath = Database::escape_string($querypath);
// Search for all files that are not deleted => visibility != 2
$sql = "SELECT path
$sql = "SELECT path, id_session
FROM $doc_table AS docs, $prop_table AS props
WHERE
props.tool ='".TOOL_DOCUMENT."' AND
@ -76,9 +77,21 @@ if (api_is_allowed_to_edit()) {
props.c_id = ".$course_id." AND
props.id_session IN ('0', '$session_id') AND
docs.c_id = ".$course_id." ";
$sql.= DocumentManager::getSessionFolderFilters($querypath, $session_id);
$query = Database::query($sql);
// Add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
// Filtering folders and
if (strpos($not_deleted_file['path'], 'chat_files') > 0 ||
strpos($not_deleted_file['path'], 'shared_folder') > 0
) {
if (!empty($session_id)) {
if ($not_deleted_file['id_session'] != $session_id) {
continue;
}
}
}
$zip_folder->add(
$sys_course_path.$_course['path'].'/document'.$not_deleted_file['path'],
PCLZIP_OPT_REMOVE_PATH,
@ -97,7 +110,7 @@ if (api_is_allowed_to_edit()) {
// So... I do it in a couple of steps:
// 1st: Get all files that are visible in the given path
$querypath = Database::escape_string($querypath);
$sql = "SELECT path
$sql = "SELECT path, id_session
FROM $doc_table AS docs, $prop_table AS props
WHERE
docs.c_id = $course_id AND
@ -109,9 +122,21 @@ if (api_is_allowed_to_edit()) {
docs.filetype = 'file' AND
props.id_session IN ('0', '$session_id') AND
props.to_group_id = ".$groupId;
$query = Database::query($sql);
$sql.= DocumentManager::getSessionFolderFilters($querypath, $session_id);
$query = Database::query($sql);
// Add them to an array
while ($all_visible_files = Database::fetch_assoc($query)) {
if (strpos($all_visible_files['path'], 'chat_files') > 0 ||
strpos($all_visible_files['path'], 'shared_folder') > 0
) {
if (!empty($session_id)) {
if ($all_visible_files['id_session'] != $session_id) {
continue;
}
}
}
$all_visible_files_path[] = $all_visible_files['path'];
}

29
main/inc/lib/document.lib.php
Unescape View File

@ -337,7 +337,7 @@ class DocumentManager
header('Cache-Control: public'); // IE cannot download from sessions without a cache
}
header('Content-Description: ' . $filename);
header('Content-transfer-encoding: binary');
header('Content-Transfer-Encoding: binary');
$res = fopen($full_file_name, 'r');
fpassthru($res);
@ -463,6 +463,28 @@ class DocumentManager
}
}
/**
* Session folder filters
* @param string $path
* @param int $sessionId
* @return null|string
*/
public static function getSessionFolderFilters($path, $sessionId)
{
$sessionId = intval($sessionId);
$condition = null;
if (!empty($sessionId)) {
// Chat folder filter
if ($path == '/chat_files') {
$condition .= " AND (id_session = '$sessionId') ";
}
// share_folder filter
$condition .= " AND docs.path != '/shared_folder' ";
}
return $condition;
}
/**
* Fetches all document data for the given user/group
*
@ -494,8 +516,8 @@ class DocumentManager
}
// Escape underscores in the path so they don't act as a wildcard
$originalPath = $path;
$path = Database::escape_string(str_replace('_', '\_', $path));
$to_user_id = Database::escape_string($to_user_id);
$to_value = Database::escape_string($to_value);
$visibility_bit = ' <> 2';
@ -508,7 +530,7 @@ class DocumentManager
$current_session_id = api_get_session_id();
$condition_session = " AND (id_session = '$current_session_id' OR (id_session = '0') )";
// Condition for search (get ALL folders and documents)
$condition_session .= self::getSessionFolderFilters($originalPath, $current_session_id);
$sql = "SELECT
docs.id,
@ -538,7 +560,6 @@ class DocumentManager
$visibility_bit
$condition_session
";
$result = Database::query($sql);
$doc_list = array();

Write Preview
Loading…
Cancel
Save