Add student publication folder visibility see #6760

10 years ago · fa1203ae6b
parent 783f3e312b
commit fa1203ae6b
15 changed files with 179 additions and 108 deletions
--- a/main/group/group_space.php
+++ b/main/group/group_space.php
@ -101,20 +101,12 @@ if (isset($_GET['action'])) {

 /*	Main Display Area */

-$course_code = api_get_course_id();
-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
-    api_get_user_id(),
-    $course_code
-);
-
-// Edit the group.
-
 $edit_url = '';
-if (api_is_allowed_to_edit(false, true) or
+if (api_is_allowed_to_edit(false, true) ||
    GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())
 ) {
    $my_origin = isset($origin) ? $origin : '';
-    $edit_url =  '<a href="'.api_get_path(WEB_CODE_PATH).'group/settings.php?cidReq='.api_get_course_id().'&origin='.$my_origin.'&gidReq='.api_get_group_id().'">'.
+    $edit_url =  '<a href="'.api_get_path(WEB_CODE_PATH).'group/settings.php?'.api_get_cidreq().'&origin='.$my_origin.'">'.
        Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>';
 }

--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -1113,17 +1113,17 @@ class CourseManager
     *    Is the user subscribed in the real course or linked courses?
     *
     * @param int the id of the user
-     * @param array info about the course (comes from course table, see database lib)
+     * @param int $courseId
     * @deprecated linked_courses definition doesn't exists
     * @return true if the user is registered in the real course or linked courses, false otherwise
     */
-    public static function is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id = '')
+    public static function is_user_subscribed_in_real_or_linked_course($user_id, $courseId, $session_id = '')
    {
        if ($user_id != strval(intval($user_id))) {
            return false;
        }

-        $course_code = Database::escape_string($course_code);
+        $courseId = intval($courseId);

        if ($session_id == '') {
            $result = Database::fetch_array(
@ -1135,7 +1135,7 @@ class CourseManager
                    WHERE
                        course_user.user_id = '$user_id' AND
                        course_user.relation_type<>" . COURSE_RELATION_TYPE_RRHH . " AND
-                        ( course.code = '$course_code')"
+                        ( course.id = '$courseId')"
                )
            );
            return !empty($result);
@ -1160,7 +1160,7 @@ class CourseManager
                FROM " . Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . "
                WHERE session_id='" . $session_id . "'
                AND user_id = '$user_id' AND status = 2
-                AND course_code='$course_code'"))
+                AND c_id ='$courseId'"))
        ) {
            return true;
        }
--- a/main/tracking/userLog.php
+++ b/main/tracking/userLog.php
@ -59,7 +59,7 @@ Display::display_header($nameTools,"Tracking");
 /*	Constants and variables */

 $is_allowedToTrack = $is_courseAdmin;
-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id);
+$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $courseId);

 // Database Table Definitions
 $TABLECOURSUSER	        	= Database::get_main_table(TABLE_MAIN_COURSE_USER);
--- a/main/tracking/userlogCSV.php
+++ b/main/tracking/userlogCSV.php
@ -50,7 +50,7 @@ $nameTools = get_lang('ToolName');
 $is_allowedToTrack = $is_courseAdmin;
 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
    $user_id,
-    $course_id
+    $courseId
 );

 // Database Table Definitions
--- a/main/work/download_comment_file.php
+++ b/main/work/download_comment_file.php
@ -31,7 +31,8 @@ if (!empty($workData)) {
    }

    $work = get_work_data_by_id($workData['work_id']);
-    allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $courseInfo['real_id']);
+
+    protectWork($courseInfo, $work['parent_id']);

    if (user_is_author($workData['work_id']) ||
        $courseInfo['show_score'] == 0 &&
--- a/main/work/downloadfolder.inc.php
+++ b/main/work/downloadfolder.inc.php
@ -92,8 +92,7 @@ if (api_is_allowed_to_edit() || api_is_coach()) {

 } else {
    $courseInfo = api_get_course_info();
-
-    allowOnlySubscribedUser(api_get_user_id(), $work_id, $courseInfo['real_id']);
+    protectWork($courseInfo, $work_id);

    $userCondition = null;

--- a/main/work/edit.php
+++ b/main/work/edit.php
@ -36,7 +36,7 @@ if (empty($parent_data)) {

 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
    $user_id,
-    $course_code,
+    $course_id,
    $session_id
 );

--- a/main/work/upload.php
+++ b/main/work/upload.php
@ -28,19 +28,11 @@ if (empty($work_id)) {
    api_not_allowed(true);
 }

-$workInfo = get_work_data_by_id($work_id);
-
-if (empty($workInfo)) {
-    api_not_allowed(true);
-}
+protectWork($course_info, $work_id);

-if ($workInfo['active'] != 1) {
-    api_not_allowed(true);
-}
-
-allowOnlySubscribedUser($user_id, $work_id, $course_id);
+$workInfo = get_work_data_by_id($work_id);

-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $session_id);
+$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_id, $session_id);
 $is_course_member = $is_course_member || api_is_platform_admin();

 if ($is_course_member == false || api_is_invitee()) {
--- a/main/work/upload_from_template.php
+++ b/main/work/upload_from_template.php
@ -29,19 +29,16 @@ if (empty($work_id)) {
    api_not_allowed(true);
 }

-$workInfo = get_work_data_by_id($work_id);
-
-if (empty($workInfo)) {
-    api_not_allowed(true);
-}
+protectWork($course_info, $work_id);

-allowOnlySubscribedUser($user_id, $work_id, $course_id);
+$workInfo = get_work_data_by_id($work_id);

 $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course(
    $user_id,
-    $course_code,
+    $course_id,
    $session_id
 );
+
 $is_course_member = $is_course_member || api_is_platform_admin();

 if ($is_course_member == false) {
--- a/main/work/view.php
+++ b/main/work/view.php
@ -22,11 +22,13 @@ $interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPubl
 $my_folder_data = get_work_data_by_id($work['parent_id']);
 $courseInfo = api_get_course_info();

-allowOnlySubscribedUser(
+/*allowOnlySubscribedUser(
    api_get_user_id(),
    $work['parent_id'],
    $courseInfo['real_id']
-);
+);*/
+
+protectWork(api_get_course_info(), $work['parent_id']);

 $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
    api_get_user_id(),
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@ -1386,6 +1386,13 @@ function getWorkListStudent(
        if ($isSubscribed == false) {
            continue;
        }
+
+        $visibility = api_get_item_visibility($courseInfo, 'work', $work['id'], $session_id);
+
+        if ($visibility != 1) {
+            continue;
+        }
+
        $work['type'] = Display::return_icon('work.png');
        $work['expires_on'] = empty($work['expires_on']) ? null : api_get_local_time($work['expires_on']);

@ -1410,12 +1417,6 @@ function getWorkListStudent(
            $work['feedback'] = ' '.Display::label($count.' '.get_lang('Feedback'), 'info');
        }

-        /*$score = getTotalWorkScore($workList);
-
-        if (!is_null($score) && !empty($score)) {
-            $work['title'] .= ' '.Display::return_icon('rate_work.png', get_lang('Score'));
-        }*/
-
        $lastWork = getLastWorkStudentFromParentByUser($userId, $work['id'], $courseInfo);

        if (!empty($lastWork)) {
@ -1455,6 +1456,7 @@ function getWorkListTeacher(
    $workTable = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
    $workTableAssignment = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);

+    $courseInfo = api_get_course_info();
    $course_id = api_get_course_int_id();
    $session_id = api_get_session_id();
    $condition_session = api_get_session_condition($session_id);
@ -1483,7 +1485,8 @@ function getWorkListTeacher(
        }
        $sql = " $select
                FROM $workTable w
-                LEFT JOIN $workTableAssignment a ON (a.publication_id = w.id AND a.c_id = w.c_id)
+                LEFT JOIN $workTableAssignment a
+                ON (a.publication_id = w.id AND a.c_id = w.c_id)
                WHERE
                    w.c_id = $course_id
                    $condition_session AND
@ -1526,10 +1529,29 @@ function getWorkListTeacher(
                'success'
            );

+            $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $session_id);
+
+            if ($visibility == 1) {
+                $icon = 'visible.png';
+                $text = get_lang('Visible');
+                $action = 'invisible';
+                $class = '';
+            } else {
+                $icon = 'invisible.png';
+                $text = get_lang('invisible');
+                $action = 'visible';
+                $class = 'muted';
+            }
+
+            $visibilityLink = Display::url(
+                Display::return_icon($icon, $text, array(), ICON_SIZE_SMALL),
+                api_get_path(WEB_CODE_PATH).'work/work.php?id='.$workId.'&action='.$action.'&'.api_get_cidreq()
+            );
+
            if (empty($work['title'])) {
                $work['title'] = basename($work['url']);
            }
-            $work['title'] = Display::url($work['title'], $url.'&id='.$workId);
+            $work['title'] = Display::url($work['title'], $url.'&id='.$workId, ['class' => $class]);
            $work['title'] .= ' '.Display::label(get_count_work($work['id']), 'success');
            $work['sent_date'] = api_get_local_time($work['sent_date']);

@ -1572,7 +1594,7 @@ function getWorkListTeacher(
                $deleteLink = null;
                $editLink = null;
            }
-            $work['actions'] = $downloadLink.$editLink.$deleteLink;
+            $work['actions'] = $visibilityLink.$downloadLink.$editLink.$deleteLink;
            $works[] = $work;
        }
    }
@ -2739,6 +2761,7 @@ function allowOnlySubscribedUser($userId, $workId, $courseId)
    if (api_is_platform_admin() || api_is_allowed_to_edit()) {
        return true;
    }
+
    if (userIsSubscribedToWork($userId, $workId, $courseId) == false) {
        api_not_allowed(true);
    }
@ -4828,3 +4851,49 @@ function getWorkCreatedByUser($user_id, $courseId, $sessionId)

    return $forumList;
 }
+
+/**
+ * @param array $courseInfo
+ * @param int $workId
+ * @return bool
+ */
+function protectWork($courseInfo, $workId)
+{
+    $userId = api_get_user_id();
+    $groupId = api_get_group_id();
+    $sessionId = api_get_session_id();
+    $workData = get_work_data_by_id($workId);
+
+    if (empty($workData) || empty($courseInfo)) {
+        api_not_allowed(true);
+    }
+
+    if (api_is_platform_admin() || api_is_allowed_to_edit()) {
+        return true;
+    }
+
+    $workId = $workData['id'];
+
+    if ($workData['active'] != 1) {
+        api_not_allowed(true);
+    }
+
+    $visibility = api_get_item_visibility($courseInfo, 'work', $workId, $sessionId);
+
+    if ($visibility != 1) {
+        api_not_allowed(true);
+    }
+
+    allowOnlySubscribedUser($userId, $workId, $courseInfo['real_id']);
+
+    if (!empty($groupId)) {
+        $showWork = GroupManager::user_has_access(
+            $userId,
+            $groupId,
+            GroupManager::GROUP_TOOL_WORK
+        );
+        if (!$showWork) {
+            api_not_allowed(true);
+        }
+    }
+}
--- a/main/work/work.php
+++ b/main/work/work.php
@ -79,11 +79,11 @@ if (!empty($group_id)) {
    }

    if ($action == 'upload_form') {
-        $interbreadcrumb[] = array('url' => 'work.php','name' => get_lang('UploadADocument'));
+        $interbreadcrumb[] = array('url' => 'work.php?'.api_get_cidreq(),'name' => get_lang('UploadADocument'));
    }

    if ($action == 'create_dir') {
-        $interbreadcrumb[] = array('url' => 'work.php','name' => get_lang('CreateAssignment'));
+        $interbreadcrumb[] = array('url' => 'work.php?'.api_get_cidreq(),'name' => get_lang('CreateAssignment'));
    }
 } else {
    if ($origin != 'learnpath') {
@ -254,6 +254,63 @@ switch ($action) {
            header('Location: '.$currentUrl);
            exit;
        }
+        break;
+    case 'visible':
+        if (!$is_allowed_to_edit) {
+            api_not_allowed();
+        }
+
+        api_item_property_update(
+            $courseInfo,
+            'work',
+            $work_id,
+            'visible',
+            api_get_user_id(),
+            null,
+            null,
+            null,
+            null,
+            $session_id
+        );
+        Display::addFlash(
+            Display::return_message(
+                get_lang('VisibilityChanged'),
+                'confirmation'
+            )
+        );
+
+        header('Location: '.$currentUrl);
+        exit;
+
+        break;
+    case 'invisible':
+        if (!$is_allowed_to_edit) {
+            api_not_allowed();
+        }
+
+        api_item_property_update(
+            $courseInfo,
+            'work',
+            $work_id,
+            'invisible',
+            api_get_user_id(),
+            null,
+            null,
+            null,
+            null,
+            $session_id
+        );
+
+        Display::addFlash(
+            Display::return_message(
+                get_lang('VisibilityChanged'),
+                'confirmation'
+            )
+        );
+
+        header('Location: '.$currentUrl);
+        exit;
+
        break;
    case 'list':
        /*	Display list of student publications */
--- a/main/work/work_list.php
+++ b/main/work/work_list.php
@ -19,58 +19,35 @@ if (empty($workId)) {
    api_not_allowed(true);
 }

-$my_folder_data = get_work_data_by_id($workId);
+$courseInfo = api_get_course_info();

-if (empty($my_folder_data)) {
-    api_not_allowed(true);
-}
-
-if ($my_folder_data['active'] != 1) {
-    api_not_allowed(true);
-}
+protectWork($courseInfo, $workId);

+$my_folder_data = get_work_data_by_id($workId);
 $work_data = get_work_assignment_by_id($workId);
 $tool_name = get_lang('StudentPublications');

 $group_id = api_get_group_id();
-$courseInfo = api_get_course_info();
+
 $htmlHeadXtra[] = api_get_jqgrid_js();
 $url_dir = api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq();

-allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
-
 if (!empty($group_id)) {
    $group_properties  = GroupManager :: get_group_properties($group_id);
-    $show_work = false;
-
-    if (api_is_allowed_to_edit(false, true)) {
-        $show_work = true;
-    } else {
-        // you are not a teacher
-        $show_work = GroupManager::user_has_access(
-            $user_id,
-            $group_id,
-            GroupManager::GROUP_TOOL_WORK
-        );
-    }
-
-    if (!$show_work) {
-        api_not_allowed();
-    }
-
-    $interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'group/group.php', 'name' => get_lang('Groups'));
-    $interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?gidReq='.$group_id, 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
+    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
+    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
 }

-$interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq(), 'name' => get_lang('StudentPublications'));
-$interbreadcrumb[] = array ('url' => api_get_path(WEB_CODE_PATH).'work/work_list.php?'.api_get_cidreq().'&id='.$workId, 'name' =>  $my_folder_data['title']);
+$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq(), 'name' => get_lang('StudentPublications'));
+$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'work/work_list.php?'.api_get_cidreq().'&id='.$workId, 'name' =>  $my_folder_data['title']);

 $documentsAddedInWork = getAllDocumentsFromWorkToString($workId, $courseInfo);

 Display :: display_header(null);

 echo '<div class="actions">';
-echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq().'&origin='.$origin.'">'.Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).'</a>';
+echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq().'&origin='.$origin.'">'.
+    Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).'</a>';
 if (api_is_allowed_to_session_edit(false, true) && !empty($workId) && !api_is_invitee() ) {
    echo '<a href="'.api_get_path(WEB_CODE_PATH).'work/upload.php?'.api_get_cidreq().'&id='.$workId.'&origin='.$origin.'">';
    echo Display::return_icon('upload_file.png', get_lang('UploadADocument'), '', ICON_SIZE_MEDIUM).'</a>';
@ -88,7 +65,8 @@ if (!empty($error_message)) {
 }

 if (!empty($my_folder_data['description'])) {
-    echo '<p><div><strong>'.get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description']).'</p></div></p>';
+    echo '<p><div><strong>'.get_lang('Description').':</strong><p>'.
+        Security::remove_XSS($my_folder_data['description']).'</p></div></p>';
 }

 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
--- a/main/work/work_list_others.php
+++ b/main/work/work_list_others.php
@ -31,7 +31,7 @@ if ($courseInfo['show_score'] == 1) {
    api_not_allowed(true);
 }

-allowOnlySubscribedUser(api_get_user_id(), $workId, $courseInfo['real_id']);
+protectWork($courseInfo, $workId);

 $htmlHeadXtra[] = api_get_jqgrid_js();

--- a/tests/main/work/work.lib.test.php
+++ b/tests/main/work/work.lib.test.php
@ -244,22 +244,6 @@ class TestWork extends UnitTestCase {
 		//var_dump($res);
 	}

-	/**
-	 * Checks if the first given directory exists as a subdir of the second given directory
-	 * This function should now be deprecated by Security::check_abs_path()
-	 * @param	string	Subdir
-	 * @param	string	Base dir
-	 * @return	integer	-1 on error, 0 if not subdir, 1 if subdir
-	 */
-
-	function testis_subdir_of() {
-		$path_name = api_get_path(SYS_COURSE_PATH);
-		$subdir=$path_name.'work/testing';
-		$basedir=$path_name;
-		$res=is_subdir_of($subdir,$basedir);
-		$this->assertTrue(is_numeric($res));
-		//var_dump($res);
-	}

 	/**
 	* returns all the javascript that is required for easily