view.php 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. $language_file = array('exercice', 'work', 'document', 'admin');
  4. require_once '../inc/global.inc.php';
  5. $current_course_tool = TOOL_STUDENTPUBLICATION;
  6. require_once 'work.lib.php';
  7. $id = isset($_GET['id']) ? intval($_GET['id']) : null;
  8. $work = get_work_data_by_id($id);
  9. if (empty($id) || empty($work)) {
  10. api_not_allowed(true);
  11. }
  12. if ($work['active'] != 1) {
  13. api_not_allowed(true);
  14. }
  15. $work['title'] = isset($work['title']) ? Security::remove_XSS($work['title']) : '';
  16. $work['description'] = isset($work['description']) ? Security::remove_XSS($work['description']) : '';
  17. $interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPublications'));
  18. $my_folder_data = get_work_data_by_id($work['parent_id']);
  19. $courseInfo = api_get_course_info();
  20. allowOnlySubscribedUser(
  21. api_get_user_id(),
  22. $work['parent_id'],
  23. $courseInfo['real_id']
  24. );
  25. $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
  26. api_get_user_id(),
  27. $courseInfo
  28. );
  29. if ((user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach())) ||
  30. (
  31. $courseInfo['show_score'] == 0 &&
  32. $work['active'] == 1 &&
  33. $work['accepted'] == 1
  34. )
  35. ) {
  36. if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
  37. $url_dir = 'work_list_all.php?id='.$my_folder_data['id'];
  38. } else {
  39. $url_dir = 'work_list.php?id='.$my_folder_data['id'];
  40. }
  41. $interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
  42. $interbreadcrumb[] = array('url' => '#','name' => $work['title']);
  43. //|| api_is_drh()
  44. if (($courseInfo['show_score'] == 0 &&
  45. $work['active'] == 1 &&
  46. $work['accepted'] == 1
  47. ) ||
  48. (api_is_allowed_to_edit() || api_is_coach()) ||
  49. user_is_author($id) ||
  50. $isDrhOfCourse
  51. ) {
  52. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
  53. switch ($action) {
  54. case 'send_comment':
  55. if (isset($_FILES["file"])) {
  56. $_POST['file'] = $_FILES["file"];
  57. }
  58. addWorkComment(
  59. api_get_course_info(),
  60. api_get_user_id(),
  61. $my_folder_data,
  62. $work,
  63. $_POST
  64. );
  65. $url = api_get_path(WEB_CODE_PATH).'work/view.php?id='.$work['id'].'&'.api_get_cidreq();
  66. header('Location: '.$url);
  67. exit;
  68. break;
  69. case 'delete_attachment':
  70. deleteCommentFile(
  71. $_REQUEST['comment_id'],
  72. api_get_course_info()
  73. );
  74. $url = api_get_path(WEB_CODE_PATH).'work/view.php?id='.$work['id'].'&'.api_get_cidreq();
  75. header('Location: '.$url);
  76. exit;
  77. break;
  78. }
  79. $comments = getWorkComments($work);
  80. $commentForm = getWorkCommentForm($work);
  81. $tpl = new Template();
  82. $tpl->assign('work', $work);
  83. $tpl->assign('work_comment_enabled', ALLOW_USER_COMMENTS);
  84. $tpl->assign('comments', $comments);
  85. if (api_is_allowed_to_session_edit()) {
  86. $tpl->assign('form', $commentForm);
  87. }
  88. $tpl->assign('is_allowed_to_edit', api_is_allowed_to_edit());
  89. $template = $tpl->get_template('work/view.tpl');
  90. $content = $tpl->fetch($template);
  91. $tpl->assign('content', $content);
  92. $tpl->display_one_col_template();
  93. } else {
  94. api_not_allowed(true);
  95. }
  96. } else {
  97. api_not_allowed(true);
  98. }