123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 |
- <?php
- /* For licensing terms, see /license.txt */
- /**
- * Responses to AJAX calls for forum attachments
- * @package chamilo/forum
- * @author Daniel Barreto Alva <daniel.barreto@beeznest.com>
- */
- require_once '../global.inc.php';
- require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
- // First, protect this script
- api_protect_course_script(false);
- /**
- * Main code
- */
- // Create a default error response
- $json = array(
- 'error' => true,
- 'errorMessage' => 'ERROR',
- );
- $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
- $current_forum = get_forum_information($_REQUEST['forum']);
- $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
- $current_thread = get_thread_information($_REQUEST['thread']);
- // Check if exist action
- if (!empty($action)) {
- switch ($action) {
- case 'upload_file':
- if (!empty($_FILES) && !empty($_REQUEST['forum'])) {
- // The user is not allowed here if
- // 1. the forum category, forum or thread is invisible (visibility==0)
- // 2. the forum category, forum or thread is locked (locked <>0)
- // 3. if anonymous posts are not allowed
- // The only exception is the course manager
- // They are several pieces for clarity.
- if (!api_is_allowed_to_edit(null, true) AND
- (
- ($current_forum_category && $current_forum_category['visibility'] == 0) OR
- $current_forum['visibility'] == 0
- )
- ) {
- $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
- break;
- }
- if (!api_is_allowed_to_edit(null, true) AND
- (
- ($current_forum_category && $current_forum_category['locked'] <> 0) OR
- $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0
- )
- ) {
- $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
- break;
- }
- if (api_is_anonymous() AND
- $current_forum['allow_anonymous'] == 0
- ) {
- $json['errorMessage'] = '3. if anonymous posts are not allowed';
- break;
- }
- // If pass all previous control, user can edit post
- $courseId = isset($_REQUEST['c_id'])? intval($_REQUEST['c_id']) : api_get_course_int_id();
- $json['courseId'] = $courseId;
- $forumId = isset($_REQUEST['forum'])? intval($_REQUEST['forum']) : null;
- $json['forum'] = $forumId;
- $threadId = isset($_REQUEST['thread'])? intval($_REQUEST['thread']) : null;
- $json['thread'] = $threadId;
- $postId = isset($_REQUEST['postId'])? intval($_REQUEST['postId']) : null;
- $json['postId'] = $postId;
- if (!empty($courseId) &&
- !is_null($forumId) &&
- !is_null($threadId) &&
- !is_null($postId)
- ) {
- // Save forum attachment
- $attachId = add_forum_attachment_file('', $postId);
- if ($attachId !== false) {
- // Get prepared array of attachment data
- $array = getAttachedFiles(
- $forumId,
- $threadId,
- $postId,
- $attachId,
- $courseId
- );
- // Check if array data is consistent
- if (isset($array['name'])) {
- $json['error'] = false;
- $json['errorMessage'] = 'Success';
- $json = array_merge($json, $array);
- }
- }
- }
- }
- break;
- case 'delete_file':
- // Check if set attachment ID and thread ID
- if (isset($_REQUEST['attachId']) && isset($_REQUEST['thread'])) {
- api_block_course_item_locked_by_gradebook($_REQUEST['thread'], LINK_FORUM_THREAD);
- // The user is not allowed here if
- // 1. the forum category, forum or thread is invisible (visibility==0)
- // 2. the forum category, forum or thread is locked (locked <>0)
- // 3. if anonymous posts are not allowed
- // 4. if editing of replies is not allowed
- // The only exception is the course manager
- // They are several pieces for clarity.
- if (!api_is_allowed_to_edit(null, true) AND
- (
- ($current_forum_category && $current_forum_category['visibility'] == 0) OR
- $current_forum['visibility'] == 0)
- ) {
- $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
- break;
- }
- if (!api_is_allowed_to_edit(null, true) AND
- (
- ($current_forum_category && $current_forum_category['locked'] <> 0) OR
- $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0
- )
- ) {
- $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
- break;
- }
- if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {
- $json['errorMessage'] = '3. if anonymous posts are not allowed';
- break;
- }
- $group_id = api_get_group_id();
- if (!api_is_allowed_to_edit(null, true) AND
- $current_forum['allow_edit'] == 0 &&
- ($group_id && !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id))
- ) {
- $json['errorMessage'] = '4. if editing of replies is not allowed';
- break;
- }
- // If pass all previous control, user can edit post
- $attachId = $_REQUEST['attachId'];
- $threadId = $_REQUEST['thread'];
- // Delete forum attachment from database and file system
- $affectedRows = delete_attachment(0, $attachId, false);
- if ($affectedRows > 0) {
- $json['error'] = false;
- $json['errorMessage'] = 'Success';
- }
- }
- break;
- }
- }
- echo json_encode($json);
- exit;
|