view.php 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. require_once __DIR__.'/../inc/global.inc.php';
  4. $current_course_tool = TOOL_STUDENTPUBLICATION;
  5. require_once 'work.lib.php';
  6. $id = isset($_GET['id']) ? (int) $_GET['id'] : null;
  7. $work = get_work_data_by_id($id);
  8. if (empty($id) || empty($work)) {
  9. api_not_allowed(true);
  10. }
  11. if ($work['active'] != 1) {
  12. api_not_allowed(true);
  13. }
  14. $work['title'] = isset($work['title']) ? Security::remove_XSS($work['title']) : '';
  15. $work['description'] = isset($work['description']) ? Security::remove_XSS($work['description']) : '';
  16. $htmlHeadXtra[] = '<script>'.ExerciseLib::getJsCode().'</script>';
  17. $interbreadcrumb[] = [
  18. 'url' => api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq(),
  19. 'name' => get_lang('Assignments'),
  20. ];
  21. $my_folder_data = get_work_data_by_id($work['parent_id']);
  22. $courseInfo = api_get_course_info();
  23. $blockScoreEdition = api_get_configuration_value('block_student_publication_score_edition');
  24. if ($blockScoreEdition && !empty($work['qualification']) && !api_is_platform_admin()) {
  25. api_not_allowed(true);
  26. }
  27. protectWork(api_get_course_info(), $work['parent_id']);
  28. $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
  29. api_get_user_id(),
  30. $courseInfo
  31. );
  32. if ((user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach())) ||
  33. (
  34. $courseInfo['show_score'] == 0 &&
  35. $work['active'] == 1 &&
  36. $work['accepted'] == 1
  37. )
  38. ) {
  39. if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
  40. $url_dir = api_get_path(WEB_CODE_PATH).'work/work_list_all.php?id='.$my_folder_data['id'].'&'.api_get_cidreq();
  41. } else {
  42. $url_dir = api_get_path(WEB_CODE_PATH).'work/work_list.php?id='.$my_folder_data['id'].'&'.api_get_cidreq();
  43. }
  44. $userInfo = api_get_user_info($work['user_id']);
  45. $interbreadcrumb[] = ['url' => $url_dir, 'name' => $my_folder_data['title']];
  46. $interbreadcrumb[] = ['url' => '#', 'name' => $userInfo['complete_name']];
  47. $interbreadcrumb[] = ['url' => '#', 'name' => $work['title']];
  48. if ((
  49. $courseInfo['show_score'] == 0 &&
  50. $work['active'] == 1 &&
  51. $work['accepted'] == 1
  52. ) ||
  53. (api_is_allowed_to_edit() || api_is_coach()) || user_is_author($id) || $isDrhOfCourse
  54. ) {
  55. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
  56. $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : null;
  57. if ($page == 'edit') {
  58. $url = api_get_path(WEB_CODE_PATH).'work/edit.php?id='.$my_folder_data['id'].'&item_id='.$work['id'].'&'.api_get_cidreq();
  59. } else {
  60. $url = api_get_path(WEB_CODE_PATH).'work/view.php?id='.$work['id'].'&'.api_get_cidreq();
  61. $allowRedirect = api_get_configuration_value('allow_redirect_to_main_page_after_work_upload');
  62. $urlToRedirect = '';
  63. if ($allowRedirect) {
  64. $url = api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq();
  65. }
  66. }
  67. switch ($action) {
  68. case 'send_comment':
  69. if (isset($_FILES['attachment'])) {
  70. $_POST['attachment'] = $_FILES['attachment'];
  71. }
  72. addWorkComment(
  73. api_get_course_info(),
  74. api_get_user_id(),
  75. $my_folder_data,
  76. $work,
  77. $_POST
  78. );
  79. if (api_is_allowed_to_edit()) {
  80. $work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
  81. $sql = "UPDATE $work_table
  82. SET
  83. qualificator_id = '".api_get_user_id()."',
  84. qualification = '".api_float_val($_POST['qualification'])."',
  85. date_of_qualification = '".api_get_utc_datetime()."'
  86. WHERE c_id = ".$courseInfo['real_id']." AND id = $id";
  87. Database::query($sql);
  88. Display::addFlash(Display::return_message(get_lang('Update successful')));
  89. $resultUpload = uploadWork(
  90. $my_folder_data,
  91. $courseInfo,
  92. true,
  93. $work
  94. );
  95. if ($resultUpload) {
  96. $work_table = Database::get_course_table(
  97. TABLE_STUDENT_PUBLICATION
  98. );
  99. if (isset($resultUpload['url']) && !empty($resultUpload['url'])) {
  100. $title = isset($resultUpload['filename']) && !empty($resultUpload['filename']) ? $resultUpload['filename'] : get_lang('Untitled');
  101. $urlToSave = Database::escape_string($resultUpload['url']);
  102. $title = Database::escape_string($title);
  103. $sql = "UPDATE $work_table SET
  104. url_correction = '".$urlToSave."',
  105. title_correction = '".$title."'
  106. WHERE iid = ".$work['iid'];
  107. Database::query($sql);
  108. Display::addFlash(
  109. Display::return_message(get_lang('The file has successfully been uploaded.'))
  110. );
  111. }
  112. }
  113. }
  114. $blockScoreEdition = api_get_configuration_value('block_student_publication_score_edition');
  115. if ($blockScoreEdition && !api_is_platform_admin()) {
  116. $url = api_get_path(WEB_CODE_PATH).'work/work_list_all.php?'.api_get_cidreq().'&id='.$my_folder_data['id'];
  117. }
  118. header('Location: '.$url);
  119. exit;
  120. break;
  121. case 'delete_attachment':
  122. deleteCommentFile(
  123. $_REQUEST['comment_id'],
  124. api_get_course_info()
  125. );
  126. Display::addFlash(Display::return_message(get_lang('Document deleted')));
  127. header('Location: '.$url);
  128. exit;
  129. break;
  130. case 'delete_correction':
  131. if (isset($work['url_correction']) && !empty($work['url_correction'])) {
  132. if (api_is_allowed_to_edit()) {
  133. deleteCorrection($courseInfo, $work);
  134. Display::addFlash(
  135. Display::return_message(get_lang('Deleted'))
  136. );
  137. }
  138. }
  139. header('Location: '.$url);
  140. exit;
  141. break;
  142. }
  143. $comments = getWorkComments($work);
  144. $commentForm = getWorkCommentForm($work, $my_folder_data);
  145. $tpl = new Template();
  146. $tpl->assign('work', $work);
  147. $tpl->assign('comments', $comments);
  148. $actions = '';
  149. if (isset($work['contains_file']) && !empty($work['contains_file'])) {
  150. if (isset($work['download_url']) && !empty($work['download_url'])) {
  151. $actions = Display::url(
  152. Display::return_icon(
  153. 'back.png',
  154. get_lang('Back to Assignments list'),
  155. null,
  156. ICON_SIZE_MEDIUM
  157. ),
  158. api_get_path(WEB_CODE_PATH).'work/work.php?'.api_get_cidreq()
  159. );
  160. // Check if file can be downloaded
  161. $file = getFileContents($work['id'], $courseInfo, api_get_session_id(), false);
  162. if (!empty($file)) {
  163. $actions .= Display::url(
  164. Display::return_icon(
  165. 'save.png',
  166. get_lang('Download'),
  167. null,
  168. ICON_SIZE_MEDIUM
  169. ),
  170. $work['download_url']
  171. );
  172. }
  173. }
  174. }
  175. if (isset($work['url_correction']) && !empty($work['url_correction']) && !empty($work['download_url'])) {
  176. $actions .= Display::url(
  177. Display::return_icon(
  178. 'check-circle.png',
  179. get_lang('Correction'),
  180. null,
  181. ICON_SIZE_MEDIUM
  182. ),
  183. $work['download_url'].'&correction=1'
  184. );
  185. if (api_is_allowed_to_edit()) {
  186. $actions .= Display::url(
  187. Display::return_icon(
  188. 'delete.png',
  189. get_lang('Delete').': '.get_lang('Correction'),
  190. null,
  191. ICON_SIZE_MEDIUM
  192. ),
  193. api_get_self().'?action=delete_correction&id='.$id.'&'.api_get_cidreq()
  194. );
  195. }
  196. }
  197. if (!empty($actions)) {
  198. $tpl->assign(
  199. 'actions',
  200. Display::toolbarAction('toolbar', [$actions])
  201. );
  202. }
  203. if (api_is_allowed_to_session_edit()) {
  204. $tpl->assign('form', $commentForm);
  205. }
  206. $tpl->assign('is_allowed_to_edit', api_is_allowed_to_edit());
  207. $template = $tpl->get_template('work/view.tpl');
  208. $content = $tpl->fetch($template);
  209. $tpl->assign('content', $content);
  210. $tpl->display_one_col_template();
  211. } else {
  212. api_not_allowed(true);
  213. }
  214. } else {
  215. api_not_allowed(true);
  216. }