forum.ajax.php 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * Responses to AJAX calls for forum attachments
  5. * @package chamilo/forum
  6. * @author Daniel Barreto Alva <daniel.barreto@beeznest.com>
  7. */
  8. require_once '../global.inc.php';
  9. require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
  10. // First, protect this script
  11. api_protect_course_script(false);
  12. /**
  13. * Main code
  14. */
  15. // Create a default error response
  16. $json = array(
  17. 'error' => true,
  18. 'errorMessage' => 'ERROR',
  19. );
  20. $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
  21. $current_forum = get_forum_information($_REQUEST['forum']);
  22. $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
  23. $current_thread = get_thread_information($_REQUEST['thread']);
  24. // Check if exist action
  25. if (!empty($action)) {
  26. switch ($action) {
  27. case 'upload_file':
  28. if (!empty($_FILES) && !empty($_REQUEST['forum'])) {
  29. // The user is not allowed here if
  30. // 1. the forum category, forum or thread is invisible (visibility==0)
  31. // 2. the forum category, forum or thread is locked (locked <>0)
  32. // 3. if anonymous posts are not allowed
  33. // The only exception is the course manager
  34. // They are several pieces for clarity.
  35. if (!api_is_allowed_to_edit(null, true) AND
  36. (
  37. ($current_forum_category && $current_forum_category['visibility'] == 0) OR
  38. $current_forum['visibility'] == 0
  39. )
  40. ) {
  41. $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
  42. break;
  43. }
  44. if (!api_is_allowed_to_edit(null, true) AND
  45. (
  46. ($current_forum_category && $current_forum_category['locked'] <> 0) OR
  47. $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0
  48. )
  49. ) {
  50. $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
  51. break;
  52. }
  53. if (api_is_anonymous() AND
  54. $current_forum['allow_anonymous'] == 0
  55. ) {
  56. $json['errorMessage'] = '3. if anonymous posts are not allowed';
  57. break;
  58. }
  59. // If pass all previous control, user can edit post
  60. $courseId = isset($_REQUEST['c_id'])? intval($_REQUEST['c_id']) : api_get_course_int_id();
  61. $json['courseId'] = $courseId;
  62. $forumId = isset($_REQUEST['forum'])? intval($_REQUEST['forum']) : null;
  63. $json['forum'] = $forumId;
  64. $threadId = isset($_REQUEST['thread'])? intval($_REQUEST['thread']) : null;
  65. $json['thread'] = $threadId;
  66. $postId = isset($_REQUEST['postId'])? intval($_REQUEST['postId']) : null;
  67. $json['postId'] = $postId;
  68. if (!empty($courseId) &&
  69. !is_null($forumId) &&
  70. !is_null($threadId) &&
  71. !is_null($postId)
  72. ) {
  73. // Save forum attachment
  74. $attachId = add_forum_attachment_file('', $postId);
  75. if ($attachId !== false) {
  76. // Get prepared array of attachment data
  77. $array = getAttachedFiles(
  78. $forumId,
  79. $threadId,
  80. $postId,
  81. $attachId,
  82. $courseId
  83. );
  84. // Check if array data is consistent
  85. if (isset($array['name'])) {
  86. $json['error'] = false;
  87. $json['errorMessage'] = 'Success';
  88. $json = array_merge($json, $array);
  89. }
  90. }
  91. }
  92. }
  93. break;
  94. case 'delete_file':
  95. // Check if set attachment ID and thread ID
  96. if (isset($_REQUEST['attachId']) && isset($_REQUEST['thread'])) {
  97. api_block_course_item_locked_by_gradebook($_REQUEST['thread'], LINK_FORUM_THREAD);
  98. // The user is not allowed here if
  99. // 1. the forum category, forum or thread is invisible (visibility==0)
  100. // 2. the forum category, forum or thread is locked (locked <>0)
  101. // 3. if anonymous posts are not allowed
  102. // 4. if editing of replies is not allowed
  103. // The only exception is the course manager
  104. // They are several pieces for clarity.
  105. if (!api_is_allowed_to_edit(null, true) AND
  106. (
  107. ($current_forum_category && $current_forum_category['visibility'] == 0) OR
  108. $current_forum['visibility'] == 0)
  109. ) {
  110. $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
  111. break;
  112. }
  113. if (!api_is_allowed_to_edit(null, true) AND
  114. (
  115. ($current_forum_category && $current_forum_category['locked'] <> 0) OR
  116. $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0
  117. )
  118. ) {
  119. $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
  120. break;
  121. }
  122. if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {
  123. $json['errorMessage'] = '3. if anonymous posts are not allowed';
  124. break;
  125. }
  126. $group_id = api_get_group_id();
  127. if (!api_is_allowed_to_edit(null, true) AND
  128. $current_forum['allow_edit'] == 0 &&
  129. ($group_id && !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id))
  130. ) {
  131. $json['errorMessage'] = '4. if editing of replies is not allowed';
  132. break;
  133. }
  134. // If pass all previous control, user can edit post
  135. $attachId = $_REQUEST['attachId'];
  136. $threadId = $_REQUEST['thread'];
  137. // Delete forum attachment from database and file system
  138. $affectedRows = delete_attachment(0, $attachId, false);
  139. if ($affectedRows > 0) {
  140. $json['error'] = false;
  141. $json['errorMessage'] = 'Success';
  142. }
  143. }
  144. break;
  145. }
  146. }
  147. echo json_encode($json);
  148. exit;