getInstalledPlugins(); $capturePluginInstalled = in_array('jcapture', $pluginList); if ($capturePluginInstalled) { $jcapturePath = api_get_path(WEB_PLUGIN_PATH).'jcapture/plugin_applet.php'; $htmlHeadXtra[] = ' '; } $htmlHeadXtra[] = ' '; if (empty($courseInfo)) { api_not_allowed(true); } // Create directory certificates. DocumentManager::create_directory_certificate_in_course($courseInfo); // Used for avoiding double-click. $dbl_click_id = 0; $selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : null; $moveTo = isset($_POST['move_to']) ? Security::remove_XSS($_POST['move_to']) : null; $moveFile = isset($_POST['move_file']) ? (int) $_POST['move_file'] : 0; $certificateLink = ''; if ($is_certificate_mode) { $certificateLink = '&certificate=true&selectcat='.$selectcat; } /* Constants and variables */ $userId = api_get_user_id(); $userInfo = api_get_user_info(); $sessionId = api_get_session_id(); $course_code = api_get_course_id(); $groupId = api_get_group_id(); $isAllowedToEdit = api_is_allowed_to_edit(null, true) || api_is_platform_admin(); $groupMemberWithUploadRights = false; // If the group id is set, we show them group documents $group_properties = []; $group_properties['directory'] = null; // For sessions we should check the parameters of visibility if (api_get_session_id() != 0) { $groupMemberWithUploadRights = $groupMemberWithUploadRights && api_is_allowed_to_session_edit(false, true); } // Get group info $groupIid = 0; $groupMemberWithEditRights = false; // Setting group variables. if (!empty($groupId)) { $group_properties = GroupManager::get_group_properties($groupId); $groupIid = isset($group_properties['iid']) ? $group_properties['iid'] : 0; $groupMemberWithEditRights = GroupManager::allowUploadEditDocument( $userId, $courseId, $group_properties, null ); // Let's assume the user cannot upload files for the group $groupMemberWithUploadRights = false; if ($group_properties['doc_state'] == 2) { // Documents are private if ($isAllowedToEdit || GroupManager::is_user_in_group($userId, $group_properties)) { // Only courseadmin or group members (members + tutors) allowed $interbreadcrumb[] = [ 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'), ]; $interbreadcrumb[] = [ 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('Group area').' '.$group_properties['name'], ]; //they are allowed to upload $groupMemberWithUploadRights = true; } else { $groupId = 0; } } elseif ($group_properties['doc_state'] == 1) { // Documents are public $interbreadcrumb[] = [ 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'), ]; $interbreadcrumb[] = [ 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('Group area').' '.$group_properties['name'], ]; // Allowed to upload? if ($isAllowedToEdit || GroupManager::is_subscribed($userId, $group_properties) || GroupManager::is_tutor_of_group($userId, $group_properties, $courseId) ) { // Only course admin or group members can upload $groupMemberWithUploadRights = true; } } // Group mode if (!GroupManager::allowUploadEditDocument($userId, $courseId, $group_properties)) { $groupMemberWithUploadRights = false; } Session::write('group_member_with_upload_rights', $groupMemberWithUploadRights); } else { Session::write('group_member_with_upload_rights', false); } // Detail. $document_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : null; $currentUrl = api_get_self().'?'.api_get_cidreq().'&id='.$document_id; $curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null; switch ($action) { case 'delete_item': if ($isAllowedToEdit || $groupMemberWithUploadRights || DocumentManager::isBasicCourseFolder($curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId) ) { if (isset($_GET['deleteid'])) { if (!$isAllowedToEdit) { if (api_is_coach()) { if (!DocumentManager::is_visible_by_id( $_GET['deleteid'], $courseInfo, $sessionId, api_get_user_id() ) ) { api_not_allowed(); } } if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $_GET['deleteid'], true)) { api_not_allowed(); } } $documentInfo = DocumentManager::get_document_data_by_id( $_GET['deleteid'], $courseInfo['code'], false, $sessionId ); GroupManager::allowUploadEditDocument( $userId, $courseId, $group_properties, $documentInfo, true ); // Check whether the document is in the database. if (!empty($documentInfo)) { if ($documentInfo['filetype'] != 'link') { $deleteDocument = DocumentManager::delete_document( $courseInfo, null, $base_work_dir, $sessionId, $_GET['deleteid'], $groupIid ); if ($deleteDocument) { $certificateId = isset($_GET['delete_certificate_id']) ? $_GET['delete_certificate_id'] : null; DocumentManager::remove_attach_certificate( api_get_course_int_id(), $certificateId ); Display::addFlash( Display::return_message( get_lang('Document deleted').': '.$documentInfo['title'], 'success' ) ); } else { Display::addFlash(Display::return_message(get_lang('Error during the delete of document'), 'warning')); } } else { // Cloud Links $deleteDocument = DocumentManager::deleteCloudLink($courseInfo, $_GET['deleteid']); if ($deleteDocument) { Display::addFlash(Display::return_message( get_lang('Cloud link deleted').': '.$documentInfo['title'], 'success' )); } else { Display::addFlash(Display::return_message( get_lang('Error deleting the cloud link.').': '.$documentInfo['title'], 'error' )); } } } else { Display::addFlash(Display::return_message(get_lang('The file was not found'), 'warning')); } header("Location: $currentUrl"); exit; } } break; case 'download': // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the document *from // the session* didn't work, try it from the course (out of a // session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, 0 ); } // Check whether the document is in the database if (empty($document_data)) { api_not_allowed(); } // Launch event Event::event_download($document_data['url']); $publicPath = api_get_path(WEB_PUBLIC_PATH); $courseCode = api_get_course_id(); $path = $document_data['path']; $url = $publicPath."courses/$courseCode/document$path"; header("Location: $url"); exit; // Check visibility of document and paths if (!($isAllowedToEdit || $groupMemberWithUploadRights) && !DocumentManager::is_visible_by_id($document_id, $courseInfo, $sessionId, api_get_user_id()) ) { api_not_allowed(true); } $full_file_name = $base_work_dir.$document_data['path']; if (Security::check_abs_path($full_file_name, $base_work_dir.'/')) { $result = DocumentManager::file_send_for_download($full_file_name, true); if ($result === false) { api_not_allowed(true); } } exit; break; case 'downloadfolder': if (api_get_setting('students_download_folders') == 'true' || $isAllowedToEdit) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from the // course (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, 0 ); } //filter when I am into shared folder, I can download only my shared folder if (DocumentManager::is_any_user_shared_folder($document_data['path'], $sessionId)) { if (DocumentManager::is_my_shared_folder(api_get_user_id(), $document_data['path'], $sessionId) || $isAllowedToEdit ) { require 'downloadfolder.inc.php'; } } else { require 'downloadfolder.inc.php'; } exit; } break; case 'export_to_pdf': if (api_get_setting('students_export2pdf') == 'true' || $isAllowedToEdit || api_is_platform_admin() ) { $orientation = api_get_configuration_value('document_pdf_orientation'); $orientation = in_array($orientation, ['landscape', 'portrait']) ? $orientation : 'landscape'; $showHeaderAndFooter = true; if ($is_certificate_mode) { $certificateOrientation = api_get_configuration_value('certificate_pdf_orientation'); $orientation = in_array($certificateOrientation, ['landscape', 'portrait']) ? $certificateOrientation : 'landscape'; $showHeaderAndFooter = !api_get_configuration_value('certificate.hide_header_footer') === 'true'; } DocumentManager::export_to_pdf($document_id, $course_code, $orientation, $showHeaderAndFooter); } break; case 'copytomyfiles': // Copy a file to general my files user's if (api_get_setting('allow_my_files') == 'true' && api_get_setting('users_copy_files') == 'true' && api_get_user_id() != 0 && !api_is_anonymous() ) { // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $sessionId ); if ($sessionId != 0 && !$document_info) { /* If there is a session defined and asking for the document from the session didn't work, try it from the course (out of a session context)*/ $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), 0 ); } GroupManager::allowUploadEditDocument( $userId, $courseId, $group_properties, $document_info, true ); $parent_id = $document_info['parent_id']; $my_path = UserManager::getUserPathById(api_get_user_id(), 'system'); $user_folder = $my_path.'my_files/'; $my_path = null; if (!file_exists($user_folder)) { $perm = api_get_permissions_for_new_directories(); @mkdir($user_folder, $perm, true); } $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path']; $copyfile = $user_folder.basename($document_info['path']); $cidReq = Security::remove_XSS($_GET['cidReq']); $id_session = Security::remove_XSS($_GET['id_session']); $gidReq = Security::remove_XSS($_GET['gidReq']); $id = Security::remove_XSS($_GET['id']); if (empty($parent_id)) { $parent_id = 0; } $file_link = Display::url( get_lang('See file'), api_get_path(WEB_CODE_PATH).'social/myfiles.php?' .api_get_cidreq_params($cidReq, $id_session, $gidReq). '&parent_id='.$parent_id ); if (api_get_setting('allow_my_files') === 'false') { $file_link = ''; } if (file_exists($copyfile)) { $message = get_lang('There are a file with the same name in your private user file area. Do you want replace it?').'
'; $message .= '' .get_lang("No") .'' .' | ' .'' .get_lang('Yes') .'
'; if (!isset($_GET['copy'])) { Display::addFlash(Display::return_message($message, 'warning', false)); } if (isset($_GET['copy']) && $_GET['copy'] === 'yes') { if (!copy($file, $copyfile)) { Display::addFlash(Display::return_message(get_lang('Copy failed'), 'error')); } else { Display::addFlash(Display::return_message( get_lang('File replaced').' '.$file_link, 'confirmation', false )); } } } else { if (!copy($file, $copyfile)) { Display::addFlash(Display::return_message(get_lang('Copy failed'), 'error')); } else { Display::addFlash( Display::return_message(get_lang('The copy has been made').' '.$file_link, 'confirmation', false) ); } } } break; case 'convertToPdf': // PDF format as target by default $formatTarget = $_REQUEST['formatTarget'] ? strtolower(Security::remove_XSS($_REQUEST['formatTarget'])) : 'pdf'; $formatType = $_REQUEST['formatType'] ? strtolower(Security::remove_XSS($_REQUEST['formatType'])) : 'text'; // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $session_id ); $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path']; $fileInfo = pathinfo($file); if ($fileInfo['extension'] == $formatTarget) { Display::addFlash(Display::return_message( get_lang('Conversion to same file format. Please choose another.'), 'warning' )); } elseif ( !(in_array($fileInfo['extension'], DocumentManager::getJodconverterExtensionList('from', $formatType))) || !(in_array($formatTarget, DocumentManager::getJodconverterExtensionList('to', $formatType))) ) { Display::addFlash(Display::return_message( get_lang('File format not supported'), 'warning' )); } else { $convertedFile = $fileInfo['dirname'].DIRECTORY_SEPARATOR .$fileInfo['filename'].'_from_'.$fileInfo['extension'] .'.'.$formatTarget; $convertedTitle = $document_info['title']; $obj = new OpenofficePresentation(true); if (file_exists($convertedFile)) { Display::addFlash(Display::return_message( get_lang('The operation is impossible, a file with this name already exists.'), 'error' )); } else { $result = $obj->convertCopyDocument( $file, $convertedFile, $convertedTitle ); if (empty($result)) { Display::addFlash(Display::return_message( get_lang('Copy failed'), 'error' )); } else { $cidReq = Security::remove_XSS($_GET['cidReq']); $id_session = api_get_session_id(); $gidReq = Security::remove_XSS($_GET['gidReq']); $file_link = Display::url( get_lang('See file'), api_get_path(WEB_CODE_PATH) .'document/showinframes.php?' .api_get_cidreq_params($cidReq, $id_session, $gidReq) .'&id='.current($result) ); Display::addFlash(Display::return_message( get_lang('The copy has been made').' '.$file_link, 'confirmation', false )); } } } break; } // If no actions we proceed to show the document (Hack in order to use document.php?id=X) if (isset($document_id) && empty($action)) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from the course // (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, 0 ); } // If the document is not a folder we show the document. if ($document_data) { $parent_id = $document_data['parent_id']; // Hack in order to clean the document id in case of false positive from links if ($document_data['filetype'] == 'link') { $document_id = null; } $visibility = DocumentManager::check_visibility_tree( $document_id, api_get_course_info(), $sessionId, api_get_user_id(), $groupIid ); if (!empty($document_data['filetype']) && ($document_data['filetype'] == 'file' || $document_data['filetype'] == 'link') ) { if ($visibility && api_is_allowed_to_session_edit()) { $url = api_get_path(WEB_COURSE_PATH).$courseInfo['path'].'/document'.$document_data['path'].'?'.api_get_cidreq(); header("Location: $url"); exit; } } else { if (!$visibility && !$isAllowedToEdit) { api_not_allowed(true); } } $_GET['curdirpath'] = $document_data['path']; } // What's the current path? // We will verify this a bit further down if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_GET['curdirpath']); } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_POST['curdirpath']); } else { $curdirpath = '/'; } $curdirpathurl = urlencode($curdirpath); } else { // What's the current path? // We will verify this a bit further down if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_GET['curdirpath']); } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_POST['curdirpath']); } else { $curdirpath = '/'; } $curdirpathurl = urlencode($curdirpath); // Check the path // If the path is not found (no document id), set the path to / $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath); if (!$document_id) { $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath, 0); } $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true ); $parent_id = $document_data['parent_id']; } if (isset($document_data) && $document_data['path'] == '/certificates') { $is_certificate_mode = true; } if (!$parent_id) { $testParentId = 0; // Get parent id from current path if (!empty($document_data['path'])) { $testParentId = DocumentManager::get_document_id( api_get_course_info(), dirname($document_data['path']), 0 ); } $parent_id = 0; if (!empty($testParentId)) { $parent_id = $testParentId; } } $current_folder_id = $document_id; // Show preview if (isset($_GET['curdirpath']) && $_GET['curdirpath'] == '/certificates' && isset($_GET['set_preview']) && $_GET['set_preview'] == strval(intval($_GET['set_preview'])) ) { if (isset($_GET['set_preview'])) { // Generate document HTML $content_html = DocumentManager::replace_user_info_into_html( api_get_user_id(), api_get_course_info(), api_get_session_id(), true ); $filename = 'certificate_preview/'.api_get_unique_id().'.png'; $qr_code_filename = api_get_path(SYS_ARCHIVE_PATH).$filename; $temp_folder = api_get_path(SYS_ARCHIVE_PATH).'certificate_preview'; if (!is_dir($temp_folder)) { mkdir($temp_folder, api_get_permissions_for_new_directories()); } $qr_code_web_filename = api_get_path(WEB_ARCHIVE_PATH).$filename; $certificate = new Certificate(); $text = $certificate->parseCertificateVariables($content_html['variables']); $result = $certificate->generateQRImage($text, $qr_code_filename); $new_content_html = $content_html['content']; $path_image = api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document/images/gallery'; $new_content_html = str_replace('../images/gallery', $path_image, $new_content_html); $path_image_in_default_course = api_get_path(WEB_CODE_PATH).'default_course_document'; $new_content_html = str_replace( '/main/default_course_document', $path_image_in_default_course, $new_content_html ); $new_content_html = str_replace( SYS_CODE_PATH.'img/', api_get_path(WEB_IMG_PATH), $new_content_html ); // Remove media=screen to be available when printing a document $new_content_html = str_replace( ' media="screen"', '', $new_content_html ); Display::display_reduced_header(); echo ' '; echo ''; echo Display::return_icon('printmgr.gif', get_lang('Print')); echo ''; if (is_file($qr_code_filename) && is_readable($qr_code_filename)) { $new_content_html = str_replace( '((certificate_barcode))', Display::img($qr_code_web_filename), $new_content_html ); } print_r($new_content_html); exit; } } $htmlHeadXtra[] = ''; // If they are looking at group documents they can't see the root if ($groupId != 0 && $curdirpath == '/') { $curdirpath = $group_properties['directory']; $curdirpathurl = urlencode($group_properties['directory']); } // Check visibility of the current dir path. Don't show anything if not allowed //@todo check this validation for coaches //if (!$isAllowedToEdit || api_is_coach()) { before if (!$isAllowedToEdit && api_is_coach()) { if ($curdirpath != '/' && !(DocumentManager::is_visible($curdirpath, $courseInfo, $sessionId, 'folder')) ) { api_not_allowed(true); } } /* Create shared folders */ DocumentManager::createUserSharedFolder(api_get_user_id(), $courseInfo, $sessionId); if ($is_certificate_mode) { $interbreadcrumb[] = [ 'url' => '../gradebook/index.php?'.api_get_cidreq(), 'name' => get_lang('Assessments'), ]; } else { if ((isset($_GET['id']) && $_GET['id'] != 0) || isset($_GET['curdirpath']) || isset($_GET['createdir'])) { $interbreadcrumb[] = [ 'url' => 'document.php?'.api_get_cidreq(), 'name' => get_lang('Documents'), ]; } else { $interbreadcrumb[] = [ 'url' => '#', 'name' => get_lang('Documents'), ]; } } // Interbreadcrumb for the current directory root path if (empty($document_data['parents'])) { if (isset($_GET['createdir'])) { $interbreadcrumb[] = [ 'url' => $document_data['document_url'], 'name' => $document_data['title'], ]; } else { // Hack in order to not add the document to the breadcrumb in case it is a link if ($document_data['filetype'] != 'link') { $interbreadcrumb[] = [ 'url' => '#', 'name' => $document_data['title'], ]; } } } else { $counter = 0; foreach ($document_data['parents'] as $document_sub_data) { //fixing double group folder in breadcrumb if ($groupId) { if ($counter == 0) { $counter++; continue; } } if (!isset($_GET['createdir']) && $document_sub_data['id'] == $document_data['id']) { $document_sub_data['document_url'] = '#'; } $interbreadcrumb[] = [ 'url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title'], ]; $counter++; } } if (isset($_GET['createdir'])) { $interbreadcrumb[] = ['url' => '#', 'name' => get_lang('Create folder')]; } $documentAndFolders = DocumentManager::getAllDocumentData( $courseInfo, $curdirpath, $groupIid, null, $isAllowedToEdit || $groupMemberWithUploadRights, false ); $count = 1; $jquery = null; if (!empty($documentAndFolders)) { foreach ($documentAndFolders as $file) { if ($file['filetype'] == 'file') { $path_info = pathinfo($file['path']); $extension = ''; if (!empty($path_info['extension'])) { $extension = strtolower($path_info['extension']); } //@todo use a js loop to auto generate this code if (in_array($extension, ['ogg', 'mp3', 'wav'])) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $file['id'], api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { /* If there is a session defined and asking for the document * from the session* didn't work, try it from the course (out of a session context) */ $document_data = DocumentManager::get_document_data_by_id( $file['id'], api_get_course_id(), false, 0 ); } if ($extension == 'ogg') { $extension = 'oga'; } $params = [ 'url' => $document_data['direct_url'], 'extension' => $extension, 'count' => $count, ]; $jquery .= DocumentManager::generateAudioJavascript($params); $count++; } } } } $htmlHeadXtra[] = ' '; // Lib for event log, stats & tracking & record of the access Event::event_access_tool(TOOL_DOCUMENT); /* DISPLAY */ if ($groupId != 0) { // Add group name after for group documents $add_group_to_title = ' ('.$group_properties['name'].')'; } $moveForm = ''; /* MOVE FILE OR DIRECTORY */ //Only teacher and all users into their group and each user into his/her shared folder if ($isAllowedToEdit || $groupMemberWithUploadRights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId) ) { if (isset($_GET['move']) && $_GET['move'] != '') { $my_get_move = intval($_REQUEST['move']); if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($my_get_move, $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } if (!$isAllowedToEdit) { if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $my_get_move)) { api_not_allowed(true); } } // Get the document data from the ID $document_to_move = DocumentManager::get_document_data_by_id( $my_get_move, api_get_course_id(), false, $sessionId ); GroupManager::allowUploadEditDocument( $userId, $courseId, $group_properties, $document_to_move, true ); $move_path = $document_to_move['path']; if (!empty($document_to_move)) { $folders = DocumentManager::get_all_document_folders( $courseInfo, $groupIid, $isAllowedToEdit || $groupMemberWithUploadRights, false, $curdirpath ); $moveForm .= ''; // filter if is my shared folder. TODO: move this code to build_move_to_selector function if (DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) && !$isAllowedToEdit ) { //only main user shared folder $main_user_shared_folder_main = '/shared_folder/sf_user_'.api_get_user_id(); $main_user_shared_folder_sub = '/shared_folder\/sf_user_'.api_get_user_id().'\//'; //all subfolders $user_shared_folders = []; foreach ($folders as $fold) { if ($main_user_shared_folder_main == $fold || preg_match($main_user_shared_folder_sub, $fold) ) { $user_shared_folders[] = $fold; } } $moveForm .= DocumentManager::build_move_to_selector( $user_shared_folders, $move_path, $my_get_move, $group_properties['directory'] ); } else { $moveForm .= DocumentManager::build_move_to_selector( $folders, $move_path, $my_get_move, $group_properties['directory'] ); } } } if (!empty($moveTo) && isset($moveFile)) { if (!$isAllowedToEdit) { if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $moveFile)) { api_not_allowed(true); } } if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($moveFile, $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } // Get the document data from the ID $document_to_move = DocumentManager::get_document_data_by_id( $moveFile, api_get_course_id(), false, $sessionId ); GroupManager::allowUploadEditDocument( $userId, $courseId, $group_properties, $document_to_move, true ); // Security fix: make sure they can't move files that are not in the document table if (!empty($document_to_move)) { if ($document_to_move['filetype'] === 'link') { $real_path_target = $base_work_dir.$moveTo.'/'; if (!DocumentManager::cloudLinkExists($_course, $moveTo, $document_to_move['comment'])) { DocumentManager::updateDbInfo( 'update', $document_to_move['path'], $moveTo.'/'.basename($document_to_move['path']) ); Display::addFlash( Display::return_message( get_lang('Cloud link moved'), 'success' ) ); } else { Display::addFlash( Display::return_message( get_lang('This URL already exists'), 'error' ) ); } // Set the current path $curdirpath = $moveTo; $curdirpathurl = urlencode($moveTo); } else { if ($moveTo === '/') { // Move to course root $newParent = api_get_course_entity(); } else { // Move to folder $moveTo = DocumentManager::get_document_id( $courseInfo, $moveTo ); /** @var CDocument $newParent */ $newParent = $repo->find($moveTo); } /** @var CDocument $document */ $document = $repo->find($document_to_move['iid']); if ($moveTo && $document && $newParent) { DocumentManager::updateDbInfo( 'update', $document_to_move['path'], $moveTo.'/'.basename($document_to_move['path']) ); $document->getResourceNode()->setParent($newParent->getResourceNode()); $em->persist($document); $em->flush(); Display::addFlash(Display::return_message(get_lang('Element moved'), 'confirmation')); } } } else { Display::addFlash(Display::return_message(get_lang('Operation impossible'), 'error')); } } } /* DELETE FILE OR DIRECTORY */ //Only teacher and all users into their group if ($isAllowedToEdit || $groupMemberWithUploadRights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { if (isset($_POST['action']) && isset($_POST['ids'])) { $files = $_POST['ids']; $readonlyAlreadyChecked = false; $messages = ''; $items = [ '/audio', '/flash', '/images', '/shared_folder', '/video', '/chat_files', '/certificates', ]; $defaultVisibility = ResourceLink::VISIBILITY_DRAFT; // Make visible or invisible? if ($_POST['action'] === 'set_visible') { $defaultVisibility = ResourceLink::VISIBILITY_PUBLISHED; } foreach ($files as $documentId) { $data = DocumentManager::get_document_data_by_id($documentId, $courseInfo['code']); /** @var CDocument $document */ $document = $repo->find($documentId); if (in_array($data['path'], $items)) { // exclude system directories (do not allow deletion) continue; } else { switch ($_POST['action']) { case 'set_invisible': $repo->updateVisibility($document, $defaultVisibility); break; case 'set_visible': $repo->updateVisibility($document, $defaultVisibility); $messages .= Display::return_message( get_lang('The visibility has been changed.').': '.$data['title'], 'confirmation' ); break; case 'delete': // Check all documents scheduled for deletion // If one of them is read-only, abandon deletion // Note: this is only executed once if (!$readonlyAlreadyChecked) { foreach ($files as $id) { if (!$isAllowedToEdit) { if (DocumentManager::check_readonly( $courseInfo, api_get_user_id(), null, $id, false, $sessionId )) { $messages .= Display::return_message( get_lang('Cannot delete files that are configured in read-only mode.'), 'error' ); break 2; } } } $readonlyAlreadyChecked = true; } if ($data['filetype'] != 'link') { // Files and folders $deleteDocument = DocumentManager::delete_document( $courseInfo, null, $base_work_dir, $sessionId, $documentId, $groupIid ); if (!empty($deleteDocument)) { $messages .= Display::return_message( get_lang('Document deleted').': '.$data['title'], 'confirmation' ); } } else { // Cloud Links if (DocumentManager::deleteCloudLink($_course, $documentId)) { $messages .= Display::return_message( get_lang('Cloud link deleted'), 'confirmation' ); } else { $messages .= Display::return_message( get_lang('Error deleting the cloud link.'), 'error' ); } } break; } } } // endforeach Display::addFlash($messages); header('Location: '.$currentUrl); exit; } } $dirForm = ''; /* CREATE DIRECTORY */ //Only teacher and all users into their group and any user into his/her shared folder if ($isAllowedToEdit || $groupMemberWithUploadRights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { // Create directory with $_POST data if (isset($_POST['create_dir']) && $_POST['dirname'] != '') { // Needed for directory creation $post_dir_name = $_POST['dirname']; if ($post_dir_name == '../' || $post_dir_name == '.' || $post_dir_name == '..') { $message = Display::return_message(get_lang('CannotCreate folder'), 'error'); } else { // dir_id is the parent folder id. if (!empty($_POST['dir_id'])) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $_POST['dir_id'], api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from // the course (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $_POST['dir_id'], api_get_course_id(), false, 0 ); } $curdirpath = $document_data['path']; } $added_slash = $curdirpath == '/' ? '' : '/'; $dir_name = $curdirpath.$added_slash.api_replace_dangerous_char($post_dir_name); $dir_name = disable_dangerous_file($dir_name); $dir_check = $base_work_dir.$dir_name; $visibility = empty($groupId) ? null : 1; $newFolderData = create_unexisting_directory( $courseInfo, api_get_user_id(), $sessionId, api_get_group_id(), $to_user_id, $base_work_dir, $dir_name, $post_dir_name, $visibility, false, true, $document_data ); if (!empty($newFolderData)) { $message = Display::return_message( get_lang('Folder created').' '.$newFolderData->getTitle(), 'confirmation' ); } else { $message = Display::return_message( get_lang('CannotCreate folder'), 'error' ); } } Display::addFlash($message); header('Location: '.$currentUrl); exit; } // Show them the form for the directory name if (isset($_GET['createdir'])) { $dirForm = DocumentManager::create_dir_form($document_id); } } /* VISIBILITY COMMANDS */ if ($isAllowedToEdit) { if ((isset($_GET['set_invisible']) && !empty($_GET['set_invisible'])) || (isset($_GET['set_visible']) && !empty($_GET['set_visible'])) ) { $defaultVisibility = ResourceLink::VISIBILITY_DRAFT; // Make visible or invisible? if (isset($_GET['set_visible'])) { $defaultVisibility = ResourceLink::VISIBILITY_PUBLISHED; $update_id = intval($_GET['set_visible']); $visibility_command = 'visible'; } else { $update_id = intval($_GET['set_invisible']); $visibility_command = 'invisible'; } if (!$isAllowedToEdit) { if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($update_id, $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $update_id)) { api_not_allowed(true); } } /** @var CDocument $document */ $document = $repo->find($update_id); $repo->updateVisibility($document, $defaultVisibility); Display::addFlash(Display::return_message(get_lang('The visibility has been changed.'), 'confirmation')); header('Location: '.$currentUrl); exit; } } $templateForm = ''; /* TEMPLATE ACTION */ //Only teacher and all users into their group if ($isAllowedToEdit || $groupMemberWithUploadRights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { if (isset($_GET['add_as_template']) && !isset($_POST['create_template'])) { $document_id_for_template = intval($_GET['add_as_template']); // Create the form that asks for the directory name $templateForm .= '