work.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * @package chamilo.work
  5. **/
  6. use ChamiloSession as Session;
  7. $language_file = array('exercice', 'work', 'document', 'admin', 'gradebook', 'tracking');
  8. require_once '../inc/global.inc.php';
  9. $current_course_tool = TOOL_STUDENTPUBLICATION;
  10. api_protect_course_script(true);
  11. require_once 'work.lib.php';
  12. require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
  13. require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
  14. require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
  15. require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
  16. $course_id = api_get_course_int_id();
  17. $course_info = api_get_course_info();
  18. $user_id = api_get_user_id();
  19. $id_session = api_get_session_id();
  20. // Section (for the tabs)
  21. $this_section = SECTION_COURSES;
  22. $work_id = isset($_GET['id']) ? intval($_GET['id']) : null;
  23. $my_folder_data = get_work_data_by_id($work_id);
  24. $curdirpath = '';
  25. $htmlHeadXtra[] = api_get_jqgrid_js();
  26. $htmlHeadXtra[] = to_javascript_work();
  27. $_course = api_get_course_info();
  28. /* Constants and variables */
  29. $tool_name = get_lang('StudentPublications');
  30. $course_code = api_get_course_id();
  31. $session_id = api_get_session_id();
  32. $group_id = api_get_group_id();
  33. $item_id = isset($_REQUEST['item_id']) ? intval($_REQUEST['item_id']) : null;
  34. $parent_id = isset($_REQUEST['parent_id']) ? intval($_REQUEST['parent_id']) : '';
  35. $origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
  36. $submitGroupWorkUrl = isset($_REQUEST['submitGroupWorkUrl']) ? Security::remove_XSS($_REQUEST['submitGroupWorkUrl']) : '';
  37. $title = isset($_REQUEST['title']) ? $_REQUEST['title'] : '';
  38. $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : '';
  39. $uploadvisibledisabled = isset($_REQUEST['uploadvisibledisabled']) ? Database::escape_string($_REQUEST['uploadvisibledisabled']) : $course_info['show_score'];
  40. $course_dir = api_get_path(SYS_COURSE_PATH).$_course['path'];
  41. $base_work_dir = $course_dir . '/work';
  42. $link_target_parameter = ""; // e.g. "target=\"_blank\"";
  43. $display_list_users_without_publication = isset($_GET['list']) && Security::remove_XSS($_GET['list']) == 'without' ? true : false;
  44. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'list';
  45. //Download folder
  46. if ($action == 'downloadfolder') {
  47. require 'downloadfolder.inc.php';
  48. }
  49. $display_upload_form = false;
  50. if ($action == 'upload_form') {
  51. $display_upload_form = true;
  52. }
  53. /* Header */
  54. if (!empty($_GET['gradebook']) && $_GET['gradebook'] == 'view') {
  55. $_SESSION['gradebook'] = Security::remove_XSS($_GET['gradebook']);
  56. $gradebook = $_SESSION['gradebook'];
  57. } elseif (empty($_GET['gradebook'])) {
  58. unset($_SESSION['gradebook']);
  59. $gradebook = '';
  60. }
  61. if (!empty($gradebook) && $gradebook == 'view') {
  62. $interbreadcrumb[] = array ('url' => '../gradebook/' . $_SESSION['gradebook_dest'],'name' => get_lang('ToolGradebook'));
  63. }
  64. if (!empty($group_id)) {
  65. $group_properties = GroupManager::get_group_properties($group_id);
  66. $show_work = false;
  67. if (api_is_allowed_to_edit(false, true)) {
  68. $show_work = true;
  69. } else {
  70. // you are not a teacher
  71. $show_work = GroupManager::user_has_access(
  72. $user_id,
  73. $group_id,
  74. GroupManager::GROUP_TOOL_WORK
  75. );
  76. }
  77. if (!$show_work) {
  78. api_not_allowed();
  79. }
  80. $interbreadcrumb[] = array ('url' => '../group/group.php', 'name' => get_lang('Groups'));
  81. $interbreadcrumb[] = array ('url' => '../group/group_space.php?gidReq='.$group_id, 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
  82. $interbreadcrumb[] = array ('url' =>'work.php?gidReq='.$group_id,'name' => get_lang('StudentPublications'));
  83. $url_dir = 'work.php?&id=' . $work_id;
  84. if (!empty($my_folder_data)) {
  85. $interbreadcrumb[] = array ('url' => $url_dir, 'name' => $my_folder_data['title']);
  86. }
  87. if ($action == 'upload_form') {
  88. $interbreadcrumb[] = array ('url' => 'work.php','name' => get_lang('UploadADocument'));
  89. }
  90. if ($action == 'create_dir') {
  91. $interbreadcrumb[] = array ('url' => 'work.php','name' => get_lang('CreateAssignment'));
  92. }
  93. } else {
  94. if ($origin != 'learnpath') {
  95. if (isset($_GET['id']) && !empty($_GET['id']) || $display_upload_form || $action == 'settings' || $action == 'create_dir') {
  96. $interbreadcrumb[] = array ('url' => 'work.php', 'name' => get_lang('StudentPublications'));
  97. } else {
  98. $interbreadcrumb[] = array ('url' => '#', 'name' => get_lang('StudentPublications'));
  99. }
  100. if (!empty($my_folder_data)) {
  101. $interbreadcrumb[] = array ('url' => 'work.php?id=' . $work_id, 'name' => $my_folder_data['title']);
  102. }
  103. if ($action == 'upload_form') {
  104. $interbreadcrumb[] = array ('url' => '#', 'name' => get_lang('UploadADocument'));
  105. }
  106. if ($action == 'settings') {
  107. $interbreadcrumb[] = array ('url' => '#', 'name' => get_lang('EditToolOptions'));
  108. }
  109. if ($action == 'create_dir') {
  110. $interbreadcrumb[] = array ('url' => '#','name' => get_lang('CreateAssignment'));
  111. }
  112. }
  113. }
  114. // Stats
  115. event_access_tool(TOOL_STUDENTPUBLICATION);
  116. $is_allowed_to_edit = api_is_allowed_to_edit();
  117. $student_can_edit_in_session = api_is_allowed_to_session_edit(false, true);
  118. /* Display links to upload form and tool options */
  119. if (!in_array($action, array('add', 'create_dir'))) {
  120. $token = Security::get_token();
  121. }
  122. $courseInfo = api_get_course_info();
  123. $currentUrl = api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq();
  124. $content = null;
  125. // For teachers
  126. switch ($action) {
  127. case 'settings':
  128. //if posts
  129. if ($is_allowed_to_edit && !empty($_POST['changeProperties'])) {
  130. updateSettings(
  131. $course,
  132. $_POST['show_score'],
  133. $_POST['student_delete_own_publication']
  134. );
  135. Session::write('message', Display::return_message(get_lang('Saved'), 'success'));
  136. header('Location: '.$currentUrl);
  137. exit;
  138. }
  139. $studentDeleteOwnPublication = api_get_course_setting('student_delete_own_publication') == 1 ? 1 : 0;
  140. /* Display of tool options */
  141. $content = settingsForm(
  142. array(
  143. 'show_score' => $course_info['show_score'],
  144. 'student_delete_own_publication' => $studentDeleteOwnPublication
  145. )
  146. );
  147. break;
  148. case 'add':
  149. case 'create_dir':
  150. if (!$is_allowed_to_edit) {
  151. api_not_allowed();
  152. }
  153. $form = new FormValidator(
  154. 'form1',
  155. 'post',
  156. api_get_path(WEB_CODE_PATH) . 'work/work.php?action=create_dir&' . api_get_cidreq()
  157. );
  158. $form->addElement('header', get_lang('CreateAssignment'));
  159. $form->addElement('hidden', 'action', 'add');
  160. $defaults = isset($_POST) ? $_POST : array();
  161. $form = getFormWork($form, $defaults);
  162. $form->addElement('style_submit_button', 'submit', get_lang('CreateDirectory'));
  163. if ($form->validate()) {
  164. $result = addDir(
  165. $_POST,
  166. $user_id,
  167. $_course,
  168. $group_id,
  169. $id_session
  170. );
  171. if ($result) {
  172. $message = Display::return_message(get_lang('DirectoryCreated'), 'success');
  173. } else {
  174. $message = Display::return_message(get_lang('CannotCreateDir'), 'error');
  175. }
  176. Session::write('message', $message);
  177. header('Location: '.$currentUrl);
  178. exit;
  179. } else {
  180. $content = $form->return_form();
  181. }
  182. break;
  183. case 'delete_dir':
  184. if ($is_allowed_to_edit) {
  185. $work_to_delete = get_work_data_by_id($_REQUEST['id']);
  186. $result = deleteDirWork($_REQUEST['id']);
  187. if ($result) {
  188. $message = Display::return_message(
  189. get_lang('DirDeleted') . ': ' . $work_to_delete['title'],
  190. 'success'
  191. );
  192. Session::write('message', $message);
  193. }
  194. header('Location: '.$currentUrl);
  195. exit;
  196. }
  197. break;
  198. case 'move':
  199. /* Move file form request */
  200. if ($is_allowed_to_edit) {
  201. if (!empty($item_id)) {
  202. $content = generateMoveForm(
  203. $item_id,
  204. $curdirpath,
  205. $course_info,
  206. $group_id,
  207. $session_id
  208. );
  209. }
  210. }
  211. break;
  212. case 'move_to':
  213. /* Move file command */
  214. if ($is_allowed_to_edit) {
  215. $move_to_path = get_work_path($_REQUEST['move_to_id']);
  216. if ($move_to_path==-1) {
  217. $move_to_path = '/';
  218. } elseif (substr($move_to_path, -1, 1) != '/') {
  219. $move_to_path = $move_to_path .'/';
  220. }
  221. // Security fix: make sure they can't move files that are not in the document table
  222. if ($path = get_work_path($item_id)) {
  223. if (move($course_dir.'/'.$path, $base_work_dir . $move_to_path)) {
  224. // Update db
  225. updateWorkUrl(
  226. $item_id,
  227. 'work' . $move_to_path,
  228. $_REQUEST['move_to_id']
  229. );
  230. api_item_property_update(
  231. $_course,
  232. 'work',
  233. $_REQUEST['move_to_id'],
  234. 'FolderUpdated',
  235. $user_id
  236. );
  237. $message = Display::return_message(get_lang('DirMv'), 'success');
  238. } else {
  239. $message = Display::return_message(get_lang('Impossible'), 'error');
  240. }
  241. } else {
  242. $message = Display::return_message(get_lang('Impossible'), 'error');
  243. }
  244. Session::write('message', $message);
  245. header('Location: '.$currentUrl);
  246. exit;
  247. }
  248. break;
  249. case 'list':
  250. /* Display list of student publications */
  251. if (!empty($my_folder_data['description'])) {
  252. $content = '<p><div><strong>'.
  253. get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description'], STUDENT).
  254. '</p></div></p>';
  255. }
  256. if (api_is_allowed_to_edit() || api_is_coach()) {
  257. // Work list
  258. $content .= '<div class="row">';
  259. $content .= '<div class="span9">';
  260. $content .= showTeacherWorkGrid();
  261. $content .= '</div>';
  262. $content .= '<div class="span3">';
  263. $content .= showStudentList($work_id);
  264. $content .= '</div>';
  265. } else {
  266. $content .= showStudentWorkGrid();
  267. }
  268. break;
  269. }
  270. Display :: display_header(null);
  271. Display::display_introduction_section(TOOL_STUDENTPUBLICATION);
  272. if ($origin == 'learnpath') {
  273. echo '<div style="height:15px">&nbsp;</div>';
  274. }
  275. display_action_links($work_id, $curdirpath, $action);
  276. $message = Session::read('message');
  277. echo $message;
  278. Session::erase('message');
  279. echo $content;
  280. Display::display_footer();