document.php 80 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. /**
  5. * Homepage script for the documents tool
  6. *
  7. * This script allows the user to manage files and directories on a remote http
  8. * server.
  9. * The user can : - navigate through files and directories.
  10. * - upload a file
  11. * - delete, copy a file or a directory
  12. * - edit properties & content (name, comments, html content)
  13. * The script is organised in four sections.
  14. *
  15. * 1) Execute the command called by the user
  16. * Note: somme commands of this section are organised in two steps.
  17. * The script always begins with the second step,
  18. * so it allows to return more easily to the first step.
  19. *
  20. * Note (March 2004) some editing functions (renaming, commenting)
  21. * are moved to a separate page, edit_document.php. This is also
  22. * where xml and other stuff should be added.
  23. * 2) Define the directory to display
  24. * 3) Read files and directories from the directory defined in part 2
  25. * 4) Display all of that on an HTML page
  26. *
  27. * @package chamilo.document
  28. */
  29. require_once __DIR__.'/../inc/global.inc.php';
  30. $allowDownloadDocumentsByApiKey = api_get_setting('allow_download_documents_by_api_key') === 'true';
  31. $current_course_tool = TOOL_DOCUMENT;
  32. $this_section = SECTION_COURSES;
  33. $to_user_id = null;
  34. $parent_id = null;
  35. $lib_path = api_get_path(LIBRARY_PATH);
  36. $actionsRight = '';
  37. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
  38. $allowUseTool = false;
  39. if ($allowDownloadDocumentsByApiKey) {
  40. try {
  41. if ($action != 'download') {
  42. throw new Exception(get_lang('SelectAnAction'));
  43. }
  44. $username = isset($_GET['username']) ? Security::remove_XSS($_GET['username']) : null;
  45. $apiKey = isset($_GET['api_key']) ? Security::remove_XSS($_GET['api_key']) : null;
  46. $restApi = Rest::validate($username, $apiKey);
  47. $allowUseTool = $restApi ? true : false;
  48. } catch (Exception $e) {
  49. $allowUseTool = false;
  50. }
  51. }
  52. if (!$allowUseTool) {
  53. api_protect_course_script(true);
  54. api_protect_course_group(GroupManager::GROUP_TOOL_DOCUMENTS);
  55. }
  56. DocumentManager::removeGeneratedAudioTempFile();
  57. if (isset($_SESSION['temp_realpath_image']) &&
  58. !empty($_SESSION['temp_realpath_image']) &&
  59. file_exists($_SESSION['temp_realpath_image'])
  60. ) {
  61. unlink($_SESSION['temp_realpath_image']);
  62. }
  63. $_user = api_get_user_info();
  64. $courseInfo = api_get_course_info();
  65. $courseId = $courseInfo['real_id'];
  66. $course_dir = $courseInfo['directory'].'/document';
  67. $sys_course_path = api_get_path(SYS_COURSE_PATH);
  68. $base_work_dir = $sys_course_path.$course_dir;
  69. $http_www = api_get_path(WEB_COURSE_PATH).$courseInfo['directory'].'/document';
  70. $document_path = $base_work_dir;
  71. $usePpt2lp = api_get_setting('service_ppt2lp', 'active') == 'true';
  72. $course_dir = $courseInfo['directory'].'/document';
  73. $sys_course_path = api_get_path(SYS_COURSE_PATH);
  74. $base_work_dir = $sys_course_path.$course_dir;
  75. $http_www = api_get_path(WEB_COURSE_PATH).$courseInfo['directory'].'/document';
  76. $document_path = $base_work_dir;
  77. $currentUrl = api_get_self().'?'.api_get_cidreq();
  78. // I'm in the certification module?
  79. $is_certificate_mode = false;
  80. if (isset($_GET['curdirpath'])) {
  81. $is_certificate_mode = DocumentManager::is_certificate_mode($_GET['curdirpath']);
  82. }
  83. if (isset($_REQUEST['certificate']) && $_REQUEST['certificate'] == 'true') {
  84. $is_certificate_mode = true;
  85. }
  86. // Removing sessions
  87. unset($_SESSION['draw_dir']);
  88. unset($_SESSION['paint_dir']);
  89. unset($_SESSION['temp_audio_nanogong']);
  90. $plugin = new AppPlugin();
  91. $pluginList = $plugin->get_installed_plugins();
  92. $capturePluginInstalled = in_array('jcapture', $pluginList);
  93. if ($capturePluginInstalled) {
  94. $jcapturePath = api_get_path(WEB_PLUGIN_PATH).'jcapture/plugin_applet.php';
  95. $htmlHeadXtra[]
  96. = '<script>
  97. $(function() {
  98. $("#jcapture").click(function(){
  99. $("#appletplace").load("'.$jcapturePath.'");
  100. });
  101. });
  102. </script>
  103. ';
  104. }
  105. if (empty($courseInfo)) {
  106. api_not_allowed(true);
  107. }
  108. // Create directory certificates.
  109. DocumentManager::create_directory_certificate_in_course($courseInfo);
  110. // Used for avoiding double-click.
  111. $dbl_click_id = 0;
  112. $selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : null;
  113. $moveTo = isset($_POST['move_to']) ? Security::remove_XSS($_POST['move_to']) : null;
  114. /* Constants and variables */
  115. $userId = api_get_user_id();
  116. $userInfo = api_get_user_info();
  117. $sessionId = api_get_session_id();
  118. $course_code = api_get_course_id();
  119. $groupId = api_get_group_id();
  120. $isAllowedToEdit = api_is_allowed_to_edit(null, true);
  121. $group_member_with_upload_rights = false;
  122. // If the group id is set, we show them group documents
  123. $group_properties = array();
  124. $group_properties['directory'] = null;
  125. // For sessions we should check the parameters of visibility
  126. if (api_get_session_id() != 0) {
  127. $group_member_with_upload_rights = $group_member_with_upload_rights && api_is_allowed_to_session_edit(false, true);
  128. }
  129. // Get group info
  130. $groupIid = 0;
  131. $groupMemberWithEditRights = false;
  132. // Setting group variables.
  133. if (!empty($groupId)) {
  134. $group_properties = GroupManager::get_group_properties($groupId);
  135. $groupIid = isset($group_properties['iid']) ? $group_properties['iid'] : 0;
  136. $isTutorGroup = GroupManager::is_tutor_of_group(
  137. $userId,
  138. $group_properties,
  139. $courseId
  140. );
  141. $groupMemberWithEditRights = $isAllowedToEdit || $isTutorGroup;
  142. // Let's assume the user cannot upload files for the group
  143. $group_member_with_upload_rights = false;
  144. if ($group_properties['doc_state'] == 2) {
  145. // Documents are private
  146. if ($isAllowedToEdit || GroupManager::is_user_in_group($userId, $group_properties)) {
  147. // Only courseadmin or group members (members + tutors) allowed
  148. $interbreadcrumb[] = array(
  149. 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
  150. 'name' => get_lang('Groups')
  151. );
  152. $interbreadcrumb[] = array(
  153. 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
  154. 'name' => get_lang('GroupSpace').' '.$group_properties['name']
  155. );
  156. //they are allowed to upload
  157. $group_member_with_upload_rights = true;
  158. } else {
  159. $groupId = 0;
  160. }
  161. } elseif ($group_properties['doc_state'] == 1) {
  162. // Documents are public
  163. $interbreadcrumb[] = array(
  164. 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
  165. 'name' => get_lang('Groups')
  166. );
  167. $interbreadcrumb[] = array(
  168. 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
  169. 'name' => get_lang('GroupSpace').' '.$group_properties['name']
  170. );
  171. // Allowed to upload?
  172. if ($isAllowedToEdit ||
  173. GroupManager::is_subscribed($userId, $group_properties) ||
  174. GroupManager::is_tutor_of_group($userId, $group_properties, $courseId)
  175. ) {
  176. // Only course admin or group members can upload
  177. $group_member_with_upload_rights = true;
  178. }
  179. }
  180. Session::write('group_member_with_upload_rights', $group_member_with_upload_rights);
  181. } else {
  182. Session::write('group_member_with_upload_rights', false);
  183. }
  184. // Actions.
  185. $document_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
  186. $currentUrl = api_get_self().'?'.api_get_cidreq().'&id='.$document_id;
  187. /*if (Portfolio::controller()->accept()) {
  188. Portfolio::controller()->run();
  189. }*/
  190. $curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
  191. switch ($action) {
  192. case 'delete_item':
  193. if ($isAllowedToEdit ||
  194. $group_member_with_upload_rights ||
  195. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ||
  196. DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId)
  197. ) {
  198. if (isset($_GET['deleteid'])) {
  199. if (!$isAllowedToEdit) {
  200. if (api_is_coach()) {
  201. if (!DocumentManager::is_visible_by_id(
  202. $_GET['deleteid'],
  203. $courseInfo,
  204. $sessionId,
  205. api_get_user_id()
  206. )
  207. ) {
  208. api_not_allowed();
  209. }
  210. }
  211. if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $_GET['deleteid'], true)) {
  212. api_not_allowed();
  213. }
  214. }
  215. $documentInfo = DocumentManager::get_document_data_by_id(
  216. $_GET['deleteid'],
  217. $courseInfo['code'],
  218. false,
  219. $sessionId
  220. );
  221. // Check whether the document is in the database.
  222. if (!empty($documentInfo)) {
  223. $deleteDocument = DocumentManager::delete_document(
  224. $courseInfo,
  225. null,
  226. $base_work_dir,
  227. $sessionId,
  228. $_GET['deleteid'],
  229. $groupIid
  230. );
  231. if ($deleteDocument) {
  232. $certificateId = isset($_GET['delete_certificate_id']) ? $_GET['delete_certificate_id'] : null;
  233. DocumentManager::remove_attach_certificate(
  234. api_get_course_id(),
  235. $certificateId
  236. );
  237. Display::addFlash(Display::return_message(
  238. get_lang('DocDeleted').': '.$documentInfo['title'],
  239. 'success'
  240. ));
  241. } else {
  242. Display::addFlash(Display::return_message(get_lang('DocDeleteError'), 'warning'));
  243. }
  244. } else {
  245. Display::addFlash(Display::return_message(get_lang('FileNotFound'), 'warning'));
  246. }
  247. header("Location: $currentUrl");
  248. exit;
  249. }
  250. }
  251. break;
  252. case 'download':
  253. // Get the document data from the ID
  254. $document_data = DocumentManager::get_document_data_by_id(
  255. $document_id,
  256. api_get_course_id(),
  257. false,
  258. $sessionId
  259. );
  260. if ($sessionId != 0 && !$document_data) {
  261. // If there is a session defined and asking for the document *from
  262. // the session* didn't work, try it from the course (out of a
  263. // session context)
  264. $document_data = DocumentManager::get_document_data_by_id(
  265. $document_id,
  266. api_get_course_id(),
  267. false,
  268. 0
  269. );
  270. }
  271. // Check whether the document is in the database
  272. if (empty($document_data)) {
  273. api_not_allowed();
  274. }
  275. // Launch event
  276. Event::event_download($document_data['url']);
  277. // Check visibility of document and paths
  278. if (!($isAllowedToEdit || $group_member_with_upload_rights) &&
  279. !DocumentManager::is_visible_by_id($document_id, $courseInfo, $sessionId, api_get_user_id())
  280. ) {
  281. api_not_allowed(true);
  282. }
  283. $full_file_name = $base_work_dir.$document_data['path'];
  284. if (Security::check_abs_path($full_file_name, $base_work_dir.'/')) {
  285. $result = DocumentManager::file_send_for_download($full_file_name, true);
  286. if ($result === false) {
  287. api_not_allowed(true);
  288. }
  289. }
  290. exit;
  291. break;
  292. case 'downloadfolder':
  293. if (api_get_setting('students_download_folders') == 'true'
  294. || $isAllowedToEdit
  295. || api_is_platform_admin()
  296. ) {
  297. // Get the document data from the ID
  298. $document_data = DocumentManager::get_document_data_by_id(
  299. $document_id,
  300. api_get_course_id(),
  301. false,
  302. $sessionId
  303. );
  304. if ($sessionId != 0 && !$document_data) {
  305. // If there is a session defined and asking for the
  306. // document * from the session* didn't work, try it from the
  307. // course (out of a session context)
  308. $document_data = DocumentManager::get_document_data_by_id(
  309. $document_id,
  310. api_get_course_id(),
  311. false,
  312. 0
  313. );
  314. }
  315. //filter when I am into shared folder, I can download only my shared folder
  316. if (DocumentManager::is_any_user_shared_folder($document_data['path'], $sessionId)) {
  317. if (DocumentManager::is_my_shared_folder(api_get_user_id(), $document_data['path'], $sessionId) ||
  318. $isAllowedToEdit || api_is_platform_admin()
  319. ) {
  320. require 'downloadfolder.inc.php';
  321. }
  322. } else {
  323. require 'downloadfolder.inc.php';
  324. }
  325. // Launch event
  326. Event::event_download($document_data['url']);
  327. exit;
  328. }
  329. break;
  330. case 'export_to_pdf':
  331. if (api_get_setting('students_export2pdf') == 'true' ||
  332. $isAllowedToEdit || api_is_platform_admin()
  333. ) {
  334. $documentOrientation = api_get_configuration_value('document_pdf_orientation');
  335. $orientation = in_array($documentOrientation, ['landscape', 'portrait'])
  336. ? $documentOrientation
  337. : 'landscape';
  338. $showHeaderAndFooter = true;
  339. if ($is_certificate_mode) {
  340. $certificateOrientation = api_get_configuration_value('certificate_pdf_orientation');
  341. $orientation = in_array($certificateOrientation, ['landscape', 'portrait'])
  342. ? $certificateOrientation
  343. : 'landscape';
  344. $showHeaderAndFooter = !api_get_configuration_value('hide_header_footer_in_certificate');
  345. }
  346. DocumentManager::export_to_pdf($document_id, $course_code, $orientation, $showHeaderAndFooter);
  347. }
  348. break;
  349. case 'copytomyfiles':
  350. // Copy a file to general my files user's
  351. if (api_get_setting('allow_my_files') == 'true' &&
  352. api_get_setting('users_copy_files') == 'true' &&
  353. api_get_user_id() != 0 &&
  354. !api_is_anonymous()
  355. ) {
  356. // Get the document data from the ID
  357. $document_info = DocumentManager::get_document_data_by_id(
  358. $document_id,
  359. api_get_course_id(),
  360. true,
  361. $sessionId
  362. );
  363. if ($sessionId != 0 && !$document_info) {
  364. /* If there is a session defined and asking for the document
  365. from the session didn't work, try it from the course
  366. (out of a session context)*/
  367. $document_info = DocumentManager::get_document_data_by_id(
  368. $document_id,
  369. api_get_course_id(),
  370. 0
  371. );
  372. }
  373. $parent_id = $document_info['parent_id'];
  374. $my_path = UserManager::getUserPathById(api_get_user_id(), 'system');
  375. $user_folder = $my_path.'my_files/';
  376. $my_path = null;
  377. if (!file_exists($user_folder)) {
  378. $perm = api_get_permissions_for_new_directories();
  379. @mkdir($user_folder, $perm, true);
  380. }
  381. $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path'];
  382. $copyfile = $user_folder.basename($document_info['path']);
  383. $cidReq = Security::remove_XSS($_GET['cidReq']);
  384. $id_session = Security::remove_XSS($_GET['id_session']);
  385. $gidReq = Security::remove_XSS($_GET['gidReq']);
  386. $id = Security::remove_XSS($_GET['id']);
  387. if (empty($parent_id)) {
  388. $parent_id = 0;
  389. }
  390. $file_link = Display::url(
  391. get_lang('SeeFile'),
  392. api_get_path(WEB_CODE_PATH).'social/myfiles.php?'
  393. .api_get_cidreq_params($cidReq, $id_session, $gidReq).
  394. '&parent_id='.$parent_id
  395. );
  396. if (api_get_setting('allow_my_files') === 'false') {
  397. $file_link = '';
  398. }
  399. if (file_exists($copyfile)) {
  400. $message = get_lang('CopyAlreadyDone').'</p><p>';
  401. $message .= '<a class = "btn btn-default" '
  402. .'href="'.api_get_self().'?'.api_get_cidreq().'&amp;id='
  403. .$parent_id.'">'
  404. .get_lang("No")
  405. .'</a>'
  406. .'&nbsp;&nbsp;|&nbsp;&nbsp;'
  407. .'<a class = "btn btn-default" href="'.api_get_self().'?'
  408. .api_get_cidreq().'&amp;action=copytomyfiles&amp;id='
  409. .$document_info['id']
  410. .'&amp;copy=yes">'
  411. .get_lang('Yes')
  412. .'</a></p>';
  413. if (!isset($_GET['copy'])) {
  414. Display::addFlash(Display::return_message($message, 'warning', false));
  415. }
  416. if ($_GET['copy'] === 'yes') {
  417. if (!copy($file, $copyfile)) {
  418. Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error'));
  419. } else {
  420. Display::addFlash(Display::return_message(
  421. get_lang('OverwritenFile').' '.$file_link,
  422. 'confirmation',
  423. false
  424. ));
  425. }
  426. }
  427. } else {
  428. if (!copy($file, $copyfile)) {
  429. Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error'));
  430. } else {
  431. Display::addFlash(
  432. Display::return_message(get_lang('CopyMade').' '.$file_link, 'confirmation', false)
  433. );
  434. }
  435. }
  436. }
  437. break;
  438. case 'convertToPdf':
  439. // PDF format as target by default
  440. $formatTarget = $_REQUEST['formatTarget']
  441. ? strtolower(Security::remove_XSS($_REQUEST['formatTarget']))
  442. : 'pdf';
  443. $formatType = $_REQUEST['formatType']
  444. ? strtolower(Security::remove_XSS($_REQUEST['formatType']))
  445. : 'text';
  446. // Get the document data from the ID
  447. $document_info = DocumentManager::get_document_data_by_id(
  448. $document_id,
  449. api_get_course_id(),
  450. true,
  451. $session_id
  452. );
  453. $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path'];
  454. $fileInfo = pathinfo($file);
  455. if ($fileInfo['extension'] == $formatTarget) {
  456. Display::addFlash(Display::return_message(
  457. get_lang('ConversionToSameFileFormat'),
  458. 'warning'
  459. ));
  460. } elseif (!(in_array($fileInfo['extension'], DocumentManager::getJodconverterExtensionList('from', $formatType))) ||
  461. !(in_array($formatTarget, DocumentManager::getJodconverterExtensionList('to', $formatType)))
  462. ) {
  463. Display::addFlash(Display::return_message(
  464. get_lang('FileFormatNotSupported'),
  465. 'warning'
  466. ));
  467. } else {
  468. $convertedFile = $fileInfo['dirname'].DIRECTORY_SEPARATOR
  469. .$fileInfo['filename'].'_from_'.$fileInfo['extension']
  470. .'.'.$formatTarget;
  471. $convertedTitle = $document_info['title'];
  472. $obj = new OpenofficePresentation(true);
  473. if (file_exists($convertedFile)) {
  474. Display::addFlash(Display::return_message(
  475. get_lang('FileExists'),
  476. 'error'
  477. ));
  478. } else {
  479. $result = $obj->convertCopyDocument(
  480. $file,
  481. $convertedFile,
  482. $convertedTitle
  483. );
  484. if (empty($result)) {
  485. Display::addFlash(Display::return_message(
  486. get_lang('CopyFailed'),
  487. 'error'
  488. ));
  489. } else {
  490. $cidReq = Security::remove_XSS($_GET['cidReq']);
  491. $id_session = api_get_session_id();
  492. $gidReq = Security::remove_XSS($_GET['gidReq']);
  493. $file_link = Display::url(
  494. get_lang('SeeFile'),
  495. api_get_path(WEB_CODE_PATH)
  496. .'document/showinframes.php?'
  497. .api_get_cidreq_params($cidReq, $id_session, $gidReq)
  498. .'&id='.current($result)
  499. );
  500. Display::addFlash(Display::return_message(
  501. get_lang('CopyMade').' '.$file_link,
  502. 'confirmation',
  503. false
  504. ));
  505. }
  506. }
  507. }
  508. break;
  509. }
  510. // If no actions we proceed to show the document (Hack in order to use document.php?id=X)
  511. if (isset($document_id) && empty($action)) {
  512. // Get the document data from the ID
  513. $document_data = DocumentManager::get_document_data_by_id(
  514. $document_id,
  515. api_get_course_id(),
  516. true,
  517. $sessionId
  518. );
  519. if ($sessionId != 0 && !$document_data) {
  520. // If there is a session defined and asking for the
  521. // document * from the session* didn't work, try it from the course
  522. // (out of a session context)
  523. $document_data = DocumentManager::get_document_data_by_id(
  524. $document_id,
  525. api_get_course_id(),
  526. true,
  527. 0
  528. );
  529. }
  530. // If the document is not a folder we show the document.
  531. if ($document_data) {
  532. $parent_id = $document_data['parent_id'];
  533. $visibility = DocumentManager::check_visibility_tree(
  534. $document_id,
  535. api_get_course_id(),
  536. $sessionId,
  537. api_get_user_id(),
  538. $groupIid
  539. );
  540. if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') {
  541. if ($visibility && api_is_allowed_to_session_edit()) {
  542. $url = api_get_path(WEB_COURSE_PATH).
  543. $courseInfo['path'].'/document'.$document_data['path'].'?'
  544. .api_get_cidreq();
  545. header("Location: $url");
  546. }
  547. exit;
  548. } else {
  549. if (!$visibility && !$isAllowedToEdit) {
  550. api_not_allowed();
  551. }
  552. }
  553. $_GET['curdirpath'] = $document_data['path'];
  554. }
  555. // What's the current path?
  556. // We will verify this a bit further down
  557. if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') {
  558. $curdirpath = Security::remove_XSS($_GET['curdirpath']);
  559. } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') {
  560. $curdirpath = Security::remove_XSS($_POST['curdirpath']);
  561. } else {
  562. $curdirpath = '/';
  563. }
  564. $curdirpathurl = urlencode($curdirpath);
  565. } else {
  566. // What's the current path?
  567. // We will verify this a bit further down
  568. if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') {
  569. $curdirpath = Security::remove_XSS($_GET['curdirpath']);
  570. } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') {
  571. $curdirpath = Security::remove_XSS($_POST['curdirpath']);
  572. } else {
  573. $curdirpath = '/';
  574. }
  575. $curdirpathurl = urlencode($curdirpath);
  576. // Check the path
  577. // If the path is not found (no document id), set the path to /
  578. $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath);
  579. if (!$document_id) {
  580. $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath, 0);
  581. }
  582. $document_data = DocumentManager::get_document_data_by_id(
  583. $document_id,
  584. api_get_course_id(),
  585. true
  586. );
  587. $parent_id = $document_data['parent_id'];
  588. }
  589. if (isset($document_data) && $document_data['path'] == '/certificates') {
  590. $is_certificate_mode = true;
  591. }
  592. if (!$parent_id) {
  593. $testParentId = 0;
  594. // Get parent id from current path
  595. if (!empty($document_data['path'])) {
  596. $testParentId = DocumentManager::get_document_id(
  597. api_get_course_info(),
  598. dirname($document_data['path']),
  599. 0
  600. );
  601. }
  602. $parent_id = 0;
  603. if (!empty($testParentId)) {
  604. $parent_id = $testParentId;
  605. }
  606. }
  607. $current_folder_id = $document_id;
  608. // Show preview
  609. if (isset($_GET['curdirpath']) && $_GET['curdirpath'] == '/certificates' &&
  610. isset($_GET['set_preview']) &&
  611. $_GET['set_preview'] == strval(intval($_GET['set_preview']))
  612. ) {
  613. if (isset($_GET['set_preview'])) {
  614. // Generate document HTML
  615. $content_html = DocumentManager::replace_user_info_into_html(
  616. api_get_user_id(),
  617. api_get_course_id(),
  618. api_get_session_id(),
  619. true
  620. );
  621. $filename = 'certificate_preview/'.api_get_unique_id().'.png';
  622. $qr_code_filename = api_get_path(SYS_ARCHIVE_PATH).$filename;
  623. $temp_folder = api_get_path(SYS_ARCHIVE_PATH).'certificate_preview';
  624. if (!is_dir($temp_folder)) {
  625. mkdir($temp_folder, api_get_permissions_for_new_directories());
  626. }
  627. $qr_code_web_filename = api_get_path(WEB_ARCHIVE_PATH).$filename;
  628. $certificate = new Certificate();
  629. $text = $certificate->parse_certificate_variables($content_html['variables']);
  630. $result = $certificate->generate_qr($text, $qr_code_filename);
  631. $new_content_html = $content_html['content'];
  632. $path_image = api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document/images/gallery';
  633. $new_content_html = str_replace('../images/gallery', $path_image, $new_content_html);
  634. $path_image_in_default_course = api_get_path(WEB_CODE_PATH).'default_course_document';
  635. $new_content_html = str_replace(
  636. '/main/default_course_document',
  637. $path_image_in_default_course,
  638. $new_content_html
  639. );
  640. $new_content_html = str_replace(
  641. SYS_CODE_PATH.'img/',
  642. api_get_path(WEB_IMG_PATH),
  643. $new_content_html
  644. );
  645. Display::display_reduced_header();
  646. echo '<style>body {background:none;}</style>
  647. <style media="print" type="text/css"> #print_div { visibility:hidden; } </style>';
  648. echo '<a href="javascript:window.print();" style="float:right; padding:4px;" id="print_div">';
  649. echo Display::return_icon('printmgr.gif', get_lang('Print'));
  650. echo '</a>';
  651. if (is_file($qr_code_filename) && is_readable($qr_code_filename)) {
  652. $new_content_html = str_replace(
  653. '((certificate_barcode))',
  654. Display::img($qr_code_web_filename),
  655. $new_content_html
  656. );
  657. }
  658. print_r($new_content_html);
  659. exit;
  660. }
  661. }
  662. // Is the document tool visible?
  663. // Check whether the tool is actually visible
  664. /*$table_course_tool = Database::get_course_table(TABLE_TOOL_LIST);
  665. $course_id = api_get_course_int_id();
  666. $tool_sql = 'SELECT visibility FROM '.$table_course_tool.'
  667. WHERE c_id = '.$course_id.' AND name = "'.TOOL_DOCUMENT.'"
  668. LIMIT 1';
  669. $tool_result = Database::query($tool_sql);
  670. $tool_row = Database::fetch_array($tool_result);
  671. $tool_visibility = $tool_row['visibility'];*/
  672. $htmlHeadXtra[] = '<script>
  673. function confirmation (name) {
  674. if (confirm(" '.get_lang('AreYouSureToDeleteJS').' "+ name + " ?")) {
  675. return true;
  676. } else {
  677. return false;
  678. }
  679. }
  680. $(document).ready(function() {
  681. $(".convertAction").click(function() {
  682. var id = $(this).attr("data-documentId");
  683. var format = $(this).attr("data-formatType");
  684. convertModal(id, format);
  685. });
  686. });
  687. function convertModal (id, format) {
  688. $("#convertModal").modal("show");
  689. $("." + format + "FormatType").show();
  690. $("#convertSelect").change(function() {
  691. var formatTarget = $(this).val();
  692. window.location.href = "'
  693. .api_get_self().'?'.api_get_cidreq()
  694. .'&curdirpath='.$curdirpath
  695. .'&action=convertToPdf&formatTarget='
  696. .'" + formatTarget + "&id=" + id + "&'
  697. .api_get_cidreq().'&formatType=" + format;
  698. });
  699. $("#convertModal").on("hidden", function(){
  700. $("." + format + "FormatType").hide();
  701. });
  702. }
  703. </script>';
  704. // If they are looking at group documents they can't see the root
  705. if ($groupId != 0 && $curdirpath == '/') {
  706. $curdirpath = $group_properties['directory'];
  707. $curdirpathurl = urlencode($group_properties['directory']);
  708. }
  709. // Check visibility of the current dir path. Don't show anything if not allowed
  710. //@todo check this validation for coaches
  711. //if (!$isAllowedToEdit || api_is_coach()) { before
  712. if (!$isAllowedToEdit && api_is_coach()) {
  713. if ($curdirpath != '/' &&
  714. !(DocumentManager::is_visible($curdirpath, $courseInfo, $sessionId, 'folder'))
  715. ) {
  716. api_not_allowed(true);
  717. }
  718. }
  719. /* Create shared folders */
  720. if ($sessionId == 0) {
  721. //Create shared folder. Necessary for recycled courses.
  722. // session_id should always be zero and should always be created from a
  723. // base course, never from a session.
  724. if (!file_exists($base_work_dir.'/shared_folder')) {
  725. $usf_dir_title = get_lang('UserFolders');
  726. $usf_dir_name = '/shared_folder';
  727. //$groupId = 0;
  728. $visibility = 0;
  729. create_unexisting_directory(
  730. $courseInfo,
  731. api_get_user_id(),
  732. $sessionId,
  733. 0,
  734. $to_user_id,
  735. $base_work_dir,
  736. $usf_dir_name,
  737. $usf_dir_title,
  738. $visibility
  739. );
  740. }
  741. // Create dynamic user shared folder
  742. if (!file_exists($base_work_dir.'/shared_folder/sf_user_'.$userId)) {
  743. $usf_dir_title = $userInfo['complete_name'];
  744. $usf_dir_name = '/shared_folder/sf_user_'.$userId;
  745. //$groupId = 0;
  746. $visibility = 1;
  747. create_unexisting_directory(
  748. $courseInfo,
  749. api_get_user_id(),
  750. $sessionId,
  751. 0,
  752. $to_user_id,
  753. $base_work_dir,
  754. $usf_dir_name,
  755. $usf_dir_title,
  756. $visibility
  757. );
  758. }
  759. } else {
  760. // Create shared folder session.
  761. if (!file_exists($base_work_dir.'/shared_folder_session_'.$sessionId)) {
  762. $usf_dir_title = get_lang('UserFolders').' ('.api_get_session_name($sessionId).')';
  763. $usf_dir_name = '/shared_folder_session_'.$sessionId;
  764. //$groupId = 0;
  765. $visibility = 0;
  766. create_unexisting_directory(
  767. $courseInfo,
  768. api_get_user_id(),
  769. $sessionId,
  770. 0,
  771. $to_user_id,
  772. $base_work_dir,
  773. $usf_dir_name,
  774. $usf_dir_title,
  775. $visibility
  776. );
  777. }
  778. //Create dynamic user shared folder into a shared folder session
  779. if (!file_exists($base_work_dir.'/shared_folder_session_'.$sessionId.'/sf_user_'.$userId)) {
  780. $usf_dir_title = $userInfo['complete_name'].'('.api_get_session_name($sessionId).')';
  781. $usf_dir_name = '/shared_folder_session_'.$sessionId.'/sf_user_'.$userId;
  782. //$groupId = 0;
  783. $visibility = 1;
  784. create_unexisting_directory(
  785. $courseInfo,
  786. $userId,
  787. $sessionId,
  788. 0,
  789. $to_user_id,
  790. $base_work_dir,
  791. $usf_dir_name,
  792. $usf_dir_title,
  793. $visibility
  794. );
  795. }
  796. }
  797. /* MAIN SECTION */
  798. // Slideshow inititalisation
  799. $_SESSION['image_files_only'] = '';
  800. $image_files_only = '';
  801. if ($is_certificate_mode) {
  802. $interbreadcrumb[] = array(
  803. 'url' => '../gradebook/index.php',
  804. 'name' => get_lang('Gradebook')
  805. );
  806. } else {
  807. if ((isset($_GET['id']) && $_GET['id'] != 0) || isset($_GET['curdirpath']) || isset($_GET['createdir'])) {
  808. $interbreadcrumb[] = array(
  809. 'url' => 'document.php',
  810. 'name' => get_lang('Documents')
  811. );
  812. } else {
  813. $interbreadcrumb[] = array(
  814. 'url' => '#',
  815. 'name' => get_lang('Documents')
  816. );
  817. }
  818. }
  819. // Interbreadcrumb for the current directory root path
  820. if (empty($document_data['parents'])) {
  821. if (isset($_GET['createdir'])) {
  822. $interbreadcrumb[] = array(
  823. 'url' => $document_data['document_url'],
  824. 'name' => $document_data['title'],
  825. );
  826. } else {
  827. $interbreadcrumb[] = array(
  828. 'url' => '#',
  829. 'name' => $document_data['title']
  830. );
  831. }
  832. } else {
  833. $counter = 0;
  834. foreach ($document_data['parents'] as $document_sub_data) {
  835. //fixing double group folder in breadcrumb
  836. if ($groupId) {
  837. if ($counter == 0) {
  838. $counter++;
  839. continue;
  840. }
  841. }
  842. if (!isset($_GET['createdir']) && $document_sub_data['id'] == $document_data['id']) {
  843. $document_sub_data['document_url'] = '#';
  844. }
  845. $interbreadcrumb[] = array(
  846. 'url' => $document_sub_data['document_url'],
  847. 'name' => $document_sub_data['title'],
  848. );
  849. $counter++;
  850. }
  851. }
  852. if (isset($_GET['createdir'])) {
  853. $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('CreateDir'));
  854. }
  855. $js_path = api_get_path(WEB_LIBRARY_PATH).'javascript/';
  856. $htmlHeadXtra[] = '<link rel="stylesheet" href="'.$js_path
  857. .'jquery-jplayer/skin/chamilo/jplayer.blue.monday.css" type="text/css">';
  858. $htmlHeadXtra[] = '<script type="text/javascript" src="'.$js_path
  859. .'jquery-jplayer/jplayer/jquery.jplayer.min.js"></script>';
  860. $mediaplayer_path = api_get_path(WEB_LIBRARY_PATH).'mediaplayer/player.swf';
  861. $documentAndFolders = DocumentManager::get_all_document_data(
  862. $courseInfo,
  863. $curdirpath,
  864. $groupIid,
  865. null,
  866. $isAllowedToEdit || $group_member_with_upload_rights,
  867. false
  868. );
  869. $count = 1;
  870. $jquery = null;
  871. if (!empty($documentAndFolders)) {
  872. foreach ($documentAndFolders as $file) {
  873. if ($file['filetype'] == 'file') {
  874. $path_info = pathinfo($file['path']);
  875. $extension = '';
  876. if (!empty($path_info['extension'])) {
  877. $extension = strtolower($path_info['extension']);
  878. }
  879. //@todo use a js loop to auto generate this code
  880. if (in_array($extension, array('ogg', 'mp3', 'wav'))) {
  881. // Get the document data from the ID
  882. $document_data = DocumentManager::get_document_data_by_id(
  883. $file['id'],
  884. api_get_course_id(),
  885. false,
  886. $sessionId
  887. );
  888. if ($sessionId != 0 && !$document_data) {
  889. /* If there is a session defined and asking for the document
  890. * from the session* didn't work, try it from the
  891. course (out of a session context) */
  892. $document_data = DocumentManager::get_document_data_by_id(
  893. $file['id'],
  894. api_get_course_id(),
  895. false,
  896. 0
  897. );
  898. }
  899. if ($extension == 'ogg') {
  900. $extension = 'oga';
  901. }
  902. $params = array(
  903. 'url' => $document_data['direct_url'],
  904. 'extension' => $extension,
  905. 'count' => $count
  906. );
  907. $jquery .= DocumentManager::generate_jplayer_jquery($params);
  908. $count++;
  909. }
  910. }
  911. }
  912. }
  913. $htmlHeadXtra[] = '
  914. <script>
  915. $(document).ready( function() {
  916. //Experimental changes to preview mp3, ogg files'
  917. .$jquery.'
  918. });
  919. </script>
  920. ';
  921. // Lib for event log, stats & tracking & record of the access
  922. Event::event_access_tool(TOOL_DOCUMENT);
  923. /* DISPLAY */
  924. if ($groupId != 0) { // Add group name after for group documents
  925. $add_group_to_title = ' ('.$group_properties['name'].')';
  926. }
  927. $moveForm = '';
  928. /* MOVE FILE OR DIRECTORY */
  929. //Only teacher and all users into their group and each user into his/her shared folder
  930. if ($isAllowedToEdit || $group_member_with_upload_rights ||
  931. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ||
  932. DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId)
  933. ) {
  934. if (isset($_GET['move']) && $_GET['move'] != '') {
  935. $my_get_move = intval($_REQUEST['move']);
  936. if (api_is_coach()) {
  937. if (!DocumentManager::is_visible_by_id($my_get_move, $courseInfo, $sessionId, api_get_user_id())) {
  938. api_not_allowed(true);
  939. }
  940. }
  941. if (!$isAllowedToEdit) {
  942. if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), $my_get_move)) {
  943. api_not_allowed(true);
  944. }
  945. }
  946. // Get the document data from the ID
  947. $document_to_move = DocumentManager::get_document_data_by_id(
  948. $my_get_move,
  949. api_get_course_id(),
  950. false,
  951. $sessionId
  952. );
  953. $move_path = $document_to_move['path'];
  954. if (!empty($document_to_move)) {
  955. $folders = DocumentManager::get_all_document_folders(
  956. $courseInfo,
  957. $groupIid,
  958. $isAllowedToEdit || $group_member_with_upload_rights,
  959. false,
  960. $curdirpath
  961. );
  962. // filter if is my shared folder. TODO: move this code to build_move_to_selector function
  963. if (DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) &&
  964. !$isAllowedToEdit
  965. ) {
  966. //only main user shared folder
  967. $main_user_shared_folder_main = '/shared_folder/sf_user_'.api_get_user_id();
  968. $main_user_shared_folder_sub = '/shared_folder\/sf_user_'.api_get_user_id().'\//'; //all subfolders
  969. $user_shared_folders = array();
  970. foreach ($folders as $fold) {
  971. if ($main_user_shared_folder_main == $fold ||
  972. preg_match($main_user_shared_folder_sub, $fold)
  973. ) {
  974. $user_shared_folders[] = $fold;
  975. }
  976. }
  977. $moveForm .= '<legend>'.get_lang('Move').'</legend>';
  978. $moveForm .= DocumentManager::build_move_to_selector(
  979. $user_shared_folders,
  980. $move_path,
  981. $my_get_move,
  982. $group_properties['directory']
  983. );
  984. } else {
  985. $moveForm .= '<legend>'.get_lang('Move').'</legend>';
  986. $moveForm .= DocumentManager::build_move_to_selector(
  987. $folders,
  988. $move_path,
  989. $my_get_move,
  990. $group_properties['directory']
  991. );
  992. }
  993. }
  994. }
  995. if (!empty($moveTo) && isset($_POST['move_file'])) {
  996. if (!$isAllowedToEdit) {
  997. if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), $_POST['move_file'])) {
  998. api_not_allowed(true);
  999. }
  1000. }
  1001. if (api_is_coach()) {
  1002. if (!DocumentManager::is_visible_by_id($_POST['move_file'], $courseInfo, $sessionId, api_get_user_id())) {
  1003. api_not_allowed(true);
  1004. }
  1005. }
  1006. // Get the document data from the ID
  1007. $document_to_move = DocumentManager::get_document_data_by_id(
  1008. $_POST['move_file'],
  1009. api_get_course_id(),
  1010. false,
  1011. $sessionId
  1012. );
  1013. // Security fix: make sure they can't move files that are not in the document table
  1014. if (!empty($document_to_move)) {
  1015. $real_path_target = $base_work_dir.$moveTo.'/'.basename($document_to_move['path']);
  1016. $fileExist = false;
  1017. if (file_exists($real_path_target)) {
  1018. $fileExist = true;
  1019. }
  1020. if (move($base_work_dir.$document_to_move['path'], $base_work_dir.$moveTo)) {
  1021. DocumentManager::updateDbInfo(
  1022. 'update',
  1023. $document_to_move['path'],
  1024. $moveTo.'/'.basename($document_to_move['path'])
  1025. );
  1026. //update database item property
  1027. $doc_id = $_POST['move_file'];
  1028. if (is_dir($real_path_target)) {
  1029. api_item_property_update(
  1030. $courseInfo,
  1031. TOOL_DOCUMENT,
  1032. $doc_id,
  1033. 'FolderMoved',
  1034. api_get_user_id(),
  1035. $group_properties,
  1036. null,
  1037. null,
  1038. null,
  1039. $sessionId
  1040. );
  1041. Display::addFlash(Display::return_message(get_lang('DirMv'), 'confirmation'));
  1042. } elseif (is_file($real_path_target)) {
  1043. api_item_property_update(
  1044. $courseInfo,
  1045. TOOL_DOCUMENT,
  1046. $doc_id,
  1047. 'DocumentMoved',
  1048. api_get_user_id(),
  1049. $group_properties,
  1050. null,
  1051. null,
  1052. null,
  1053. $sessionId
  1054. );
  1055. Display::addFlash(
  1056. Display::return_message(
  1057. get_lang('DocMv'),
  1058. 'confirmation'
  1059. )
  1060. );
  1061. }
  1062. // Set the current path
  1063. $curdirpath = $_POST['move_to'];
  1064. $curdirpathurl = urlencode($_POST['move_to']);
  1065. } else {
  1066. if ($fileExist) {
  1067. if (is_dir($real_path_target)) {
  1068. $message = Display::return_message(get_lang('DirExists'), 'error');
  1069. } elseif (is_file($real_path_target)) {
  1070. $message = Display::return_message(get_lang('FileExists'), 'v');
  1071. }
  1072. Display::addFlash($message);
  1073. } else {
  1074. Display::addFlash(Display::return_message(get_lang('Impossible'), 'error'));
  1075. }
  1076. }
  1077. } else {
  1078. Display::addFlash(Display::return_message(get_lang('Impossible'), 'error'));
  1079. }
  1080. }
  1081. }
  1082. /* DELETE FILE OR DIRECTORY */
  1083. //Only teacher and all users into their group
  1084. if ($isAllowedToEdit ||
  1085. $group_member_with_upload_rights ||
  1086. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1087. ) {
  1088. if (isset($_POST['action']) && isset($_POST['ids'])) {
  1089. $files = $_POST['ids'];
  1090. $readonlyAlreadyChecked = false;
  1091. $messages = '';
  1092. $items = array(
  1093. '/audio',
  1094. '/flash',
  1095. '/images',
  1096. '/shared_folder',
  1097. '/video',
  1098. '/chat_files',
  1099. '/certificates'
  1100. );
  1101. foreach ($files as $documentId) {
  1102. $data = DocumentManager::get_document_data_by_id($documentId, $courseInfo['code']);
  1103. if (in_array($data['path'], $items)) {
  1104. // exclude system directories (do not allow deletion)
  1105. continue;
  1106. } else {
  1107. switch ($_POST['action']) {
  1108. case 'set_invisible':
  1109. $visibilityCommand = 'invisible';
  1110. if (api_item_property_update(
  1111. $courseInfo,
  1112. TOOL_DOCUMENT,
  1113. $documentId,
  1114. $visibilityCommand,
  1115. api_get_user_id(),
  1116. null,
  1117. null,
  1118. null,
  1119. null,
  1120. $sessionId
  1121. )) {
  1122. $messages .= Display::return_message(
  1123. get_lang('VisibilityChanged').': '.$data['title'],
  1124. 'confirmation'
  1125. );
  1126. } else {
  1127. $messages .= Display::return_message(get_lang('ViModProb'), 'error');
  1128. }
  1129. break;
  1130. case 'set_visible':
  1131. $visibilityCommand = 'visible';
  1132. if (api_item_property_update(
  1133. $courseInfo,
  1134. TOOL_DOCUMENT,
  1135. $documentId,
  1136. $visibilityCommand,
  1137. api_get_user_id(),
  1138. null,
  1139. null,
  1140. null,
  1141. null,
  1142. $sessionId
  1143. )) {
  1144. $messages .= Display::return_message(
  1145. get_lang('VisibilityChanged').': '.$data['title'],
  1146. 'confirmation'
  1147. );
  1148. } else {
  1149. $messages .= Display::return_message(get_lang('ViModProb'), 'error');
  1150. }
  1151. break;
  1152. case 'delete':
  1153. // Check all documents scheduled for deletion
  1154. // If one of them is read-only, abandon deletion
  1155. // Note: this is only executed once
  1156. if (!$readonlyAlreadyChecked) {
  1157. foreach ($files as $id) {
  1158. if (!$isAllowedToEdit) {
  1159. if (DocumentManager::check_readonly(
  1160. $courseInfo,
  1161. api_get_user_id(),
  1162. null,
  1163. $id,
  1164. false,
  1165. $sessionId
  1166. )) {
  1167. $messages .= Display::return_message(
  1168. get_lang('CantDeleteReadonlyFiles'),
  1169. 'error'
  1170. );
  1171. break 2;
  1172. }
  1173. }
  1174. }
  1175. $readonlyAlreadyChecked = true;
  1176. }
  1177. $deleteDocument = DocumentManager::delete_document(
  1178. $courseInfo,
  1179. null,
  1180. $base_work_dir,
  1181. $sessionId,
  1182. $documentId,
  1183. $groupIid
  1184. );
  1185. if (!empty($deleteDocument)) {
  1186. $messages .= Display::return_message(
  1187. get_lang('DocDeleted').': '.$data['title'],
  1188. 'confirmation'
  1189. );
  1190. }
  1191. break;
  1192. }
  1193. }
  1194. } // endforeach
  1195. Display::addFlash($messages);
  1196. header('Location: '.$currentUrl);
  1197. exit;
  1198. }
  1199. }
  1200. $dirForm = '';
  1201. /* CREATE DIRECTORY */
  1202. //Only teacher and all users into their group and any user into his/her shared folder
  1203. if ($isAllowedToEdit ||
  1204. $group_member_with_upload_rights ||
  1205. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1206. ) {
  1207. // Create directory with $_POST data
  1208. if (isset($_POST['create_dir']) && $_POST['dirname'] != '') {
  1209. // Needed for directory creation
  1210. $post_dir_name = $_POST['dirname'];
  1211. if ($post_dir_name == '../' || $post_dir_name == '.' || $post_dir_name == '..') {
  1212. $message = Display::return_message(get_lang('CannotCreateDir'), 'error');
  1213. } else {
  1214. // dir_id is the parent folder id.
  1215. if (!empty($_POST['dir_id'])) {
  1216. // Get the document data from the ID
  1217. $document_data = DocumentManager::get_document_data_by_id(
  1218. $_POST['dir_id'],
  1219. api_get_course_id(),
  1220. false,
  1221. $sessionId
  1222. );
  1223. if ($sessionId != 0 && !$document_data) {
  1224. // If there is a session defined and asking for the
  1225. // document * from the session* didn't work, try it from
  1226. // the course (out of a session context)
  1227. $document_data = DocumentManager::get_document_data_by_id(
  1228. $_POST['dir_id'],
  1229. api_get_course_id(),
  1230. false,
  1231. 0
  1232. );
  1233. }
  1234. $curdirpath = $document_data['path'];
  1235. }
  1236. $added_slash = ($curdirpath == '/') ? '' : '/';
  1237. $dir_name = $curdirpath.$added_slash.api_replace_dangerous_char($post_dir_name);
  1238. $dir_name = disable_dangerous_file($dir_name);
  1239. $dir_check = $base_work_dir.$dir_name;
  1240. $visibility = empty($groupId) ? null : 1;
  1241. $newFolderData = create_unexisting_directory(
  1242. $courseInfo,
  1243. api_get_user_id(),
  1244. $sessionId,
  1245. $groupIid,
  1246. $to_user_id,
  1247. $base_work_dir,
  1248. $dir_name,
  1249. $post_dir_name,
  1250. $visibility
  1251. );
  1252. if (!empty($newFolderData)) {
  1253. $message = Display::return_message(
  1254. get_lang('DirCr').' '.$newFolderData['title'],
  1255. 'confirmation'
  1256. );
  1257. } else {
  1258. $message = Display::return_message(
  1259. get_lang('CannotCreateDir'),
  1260. 'error'
  1261. );
  1262. }
  1263. }
  1264. Display::addFlash($message);
  1265. }
  1266. // Show them the form for the directory name
  1267. if (isset($_GET['createdir'])) {
  1268. $dirForm = DocumentManager::create_dir_form($document_id);
  1269. }
  1270. }
  1271. /* VISIBILITY COMMANDS */
  1272. if ($isAllowedToEdit) {
  1273. if ((isset($_GET['set_invisible']) && !empty($_GET['set_invisible'])) ||
  1274. (isset($_GET['set_visible']) && !empty($_GET['set_visible']))
  1275. ) {
  1276. // Make visible or invisible?
  1277. if (isset($_GET['set_visible'])) {
  1278. $update_id = intval($_GET['set_visible']);
  1279. $visibility_command = 'visible';
  1280. } else {
  1281. $update_id = intval($_GET['set_invisible']);
  1282. $visibility_command = 'invisible';
  1283. }
  1284. if (!$isAllowedToEdit) {
  1285. if (api_is_coach()) {
  1286. if (!DocumentManager::is_visible_by_id($update_id, $courseInfo, $sessionId, api_get_user_id())) {
  1287. api_not_allowed(true);
  1288. }
  1289. }
  1290. if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $update_id)) {
  1291. api_not_allowed(true);
  1292. }
  1293. }
  1294. // Update item_property to change visibility
  1295. if (api_item_property_update(
  1296. $courseInfo,
  1297. TOOL_DOCUMENT,
  1298. $update_id,
  1299. $visibility_command,
  1300. api_get_user_id(),
  1301. null,
  1302. null,
  1303. null,
  1304. null,
  1305. $sessionId
  1306. )
  1307. ) {
  1308. Display::addFlash(
  1309. Display::return_message(get_lang('VisibilityChanged'), 'confirmation')
  1310. );
  1311. } else {
  1312. Display::addFlash(
  1313. Display::return_message(get_lang('ViModProb'), 'error')
  1314. );
  1315. }
  1316. header('Location: '.$currentUrl);
  1317. exit;
  1318. }
  1319. }
  1320. $templateForm = '';
  1321. /* TEMPLATE ACTION */
  1322. //Only teacher and all users into their group
  1323. if ($isAllowedToEdit ||
  1324. $group_member_with_upload_rights ||
  1325. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1326. ) {
  1327. if (isset($_GET['add_as_template']) && !isset($_POST['create_template'])) {
  1328. $document_id_for_template = intval($_GET['add_as_template']);
  1329. // Create the form that asks for the directory name
  1330. $templateForm .= '
  1331. <form name="set_document_as_new_template" class="form-horizontal" enctype="multipart/form-data"
  1332. action="'.api_get_self().'?add_as_template='.$document_id_for_template.'" method="post">
  1333. <fieldset>
  1334. <legend>'.get_lang('AddAsTemplate').'</legend>
  1335. <div class="form-group">
  1336. <label for="template_title" class="col-sm-2 control-label">'.get_lang('TemplateName').'</label>
  1337. <div class="col-sm-10">
  1338. <input type="text" class="form-control" id="template_title" name="template_title">
  1339. </div>
  1340. </div>
  1341. <div class="form-group">
  1342. <label for="template_image" class="col-sm-2 control-label">'.get_lang('TemplateImage').'</label>
  1343. <div class="col-sm-10">
  1344. <input type="file" name="template_image" id="template_image">
  1345. </div>
  1346. </div>
  1347. <div class="form-group">
  1348. <div class="col-sm-offset-2 col-sm-10">
  1349. <button type="submit" name="create_template" class="btn btn-primary">'
  1350. .get_lang('CreateTemplate').'
  1351. </button>
  1352. </div>
  1353. </div>
  1354. <input type="hidden" name="curdirpath" value="'.$curdirpath.'" />
  1355. </fieldset>
  1356. </form>
  1357. <hr>
  1358. ';
  1359. } elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) {
  1360. $document_id_for_template = intval($_GET['add_as_template']);
  1361. $title = Security::remove_XSS($_POST['template_title']);
  1362. $user_id = api_get_user_id();
  1363. // Create the template_thumbnails folder in the upload folder (if needed)
  1364. if (!is_dir(api_get_path(SYS_COURSE_PATH).$courseInfo['directory'].'/upload/template_thumbnails/')) {
  1365. @mkdir(
  1366. api_get_path(SYS_COURSE_PATH).$courseInfo['directory'].'/upload/template_thumbnails/',
  1367. api_get_permissions_for_new_directories()
  1368. );
  1369. }
  1370. // Upload the file
  1371. if (!empty($_FILES['template_image']['name'])) {
  1372. $upload_ok = process_uploaded_file($_FILES['template_image']);
  1373. if ($upload_ok) {
  1374. // Try to add an extension to the file if it hasn't one
  1375. $new_file_name = $courseInfo['code'].'-'
  1376. .add_ext_on_mime(
  1377. stripslashes($_FILES['template_image']['name']),
  1378. $_FILES['template_image']['type']
  1379. );
  1380. // Upload dir
  1381. $upload_dir = api_get_path(SYS_COURSE_PATH).$courseInfo['directory'].'/upload/template_thumbnails/';
  1382. // Resize image to max default and end upload
  1383. $temp = new Image($_FILES['template_image']['tmp_name']);
  1384. $picture_info = $temp->get_image_info();
  1385. $max_width_for_picture = 100;
  1386. if ($picture_info['width'] > $max_width_for_picture) {
  1387. $temp->resize($max_width_for_picture);
  1388. }
  1389. $temp->send_image($upload_dir.$new_file_name);
  1390. }
  1391. }
  1392. DocumentManager::set_document_as_template(
  1393. $title,
  1394. '',
  1395. $document_id_for_template,
  1396. $course_code,
  1397. $user_id,
  1398. $new_file_name
  1399. );
  1400. Display::addFlash(
  1401. Display::return_message(get_lang('DocumentSetAsTemplate'), 'confirmation')
  1402. );
  1403. }
  1404. if (isset($_GET['remove_as_template'])) {
  1405. $document_id_for_template = intval($_GET['remove_as_template']);
  1406. $user_id = api_get_user_id();
  1407. DocumentManager::unset_document_as_template(
  1408. $document_id_for_template,
  1409. $course_code,
  1410. $user_id
  1411. );
  1412. Display::addFlash(
  1413. Display::return_message(get_lang('DocumentUnsetAsTemplate'), 'confirmation')
  1414. );
  1415. }
  1416. }
  1417. // END ACTION MENU
  1418. // Attach certificate in the gradebook
  1419. if (isset($_GET['curdirpath']) &&
  1420. $_GET['curdirpath'] == '/certificates' &&
  1421. isset($_GET['set_certificate']) &&
  1422. $_GET['set_certificate'] == strval(intval($_GET['set_certificate']))
  1423. ) {
  1424. if (isset($_GET['cidReq'])) {
  1425. $course_id = Security::remove_XSS($_GET['cidReq']); // course id
  1426. $document_id = Security::remove_XSS($_GET['set_certificate']); // document id
  1427. DocumentManager::attach_gradebook_certificate($course_id, $document_id);
  1428. $message = Display::return_message(get_lang('IsDefaultCertificate'), 'normal');
  1429. Display::addFlash(
  1430. $message
  1431. );
  1432. }
  1433. }
  1434. /* GET ALL DOCUMENT DATA FOR CURDIRPATH */
  1435. if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
  1436. $documentAndFolders = DocumentManager::get_all_document_data(
  1437. $courseInfo,
  1438. $curdirpath,
  1439. $groupIid,
  1440. null,
  1441. $isAllowedToEdit || $group_member_with_upload_rights,
  1442. true
  1443. );
  1444. } else {
  1445. $documentAndFolders = DocumentManager::get_all_document_data(
  1446. $courseInfo,
  1447. $curdirpath,
  1448. $groupIid,
  1449. null,
  1450. $isAllowedToEdit || $group_member_with_upload_rights,
  1451. false
  1452. );
  1453. }
  1454. if ($groupId != 0) {
  1455. $userAccess = GroupManager::user_has_access(
  1456. api_get_user_id(),
  1457. $groupIid,
  1458. GroupManager::GROUP_TOOL_DOCUMENTS
  1459. );
  1460. if ($userAccess) {
  1461. $folders = DocumentManager::get_all_document_folders(
  1462. $courseInfo,
  1463. $groupIid,
  1464. $isAllowedToEdit || $group_member_with_upload_rights,
  1465. false,
  1466. $curdirpath
  1467. );
  1468. }
  1469. } else {
  1470. $folders = DocumentManager::get_all_document_folders(
  1471. $courseInfo,
  1472. 0,
  1473. $isAllowedToEdit || $group_member_with_upload_rights,
  1474. false,
  1475. $curdirpath
  1476. );
  1477. }
  1478. if (!isset($folders) || $folders === false) {
  1479. $folders = array();
  1480. }
  1481. $btngroup = array('class' => 'btn btn-default');
  1482. /* GO TO PARENT DIRECTORY */
  1483. $actionsLeft = '';
  1484. if ($curdirpath != '/' &&
  1485. $curdirpath != $group_properties['directory'] &&
  1486. !$is_certificate_mode
  1487. ) {
  1488. $actionsLeft = '<a href="'.api_get_self().'?'.api_get_cidreq().'&id='.$parent_id.'">';
  1489. $actionsLeft .= Display::return_icon('folder_up.png', get_lang('Up'), '', ICON_SIZE_MEDIUM);
  1490. $actionsLeft .= '</a>';
  1491. }
  1492. if ($is_certificate_mode && $curdirpath != '/certificates') {
  1493. $actionsLeft .= Display::url(
  1494. Display::return_icon('folder_up.png', get_lang('Up'), '', ICON_SIZE_MEDIUM),
  1495. api_get_self().'?'.api_get_cidreq().'&curdirpath='.$curdirpath
  1496. );
  1497. }
  1498. $column_show = array();
  1499. if ($isAllowedToEdit ||
  1500. $group_member_with_upload_rights ||
  1501. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1502. ) {
  1503. // TODO:check enable more options for shared folders
  1504. /* CREATE NEW DOCUMENT OR NEW DIRECTORY / GO TO UPLOAD / DOWNLOAD ZIPPED FOLDER */
  1505. // Create new document
  1506. if (!$is_certificate_mode) {
  1507. $actionsLeft .= Display::url(
  1508. Display::return_icon('new_document.png', get_lang('CreateDoc'), '',
  1509. ICON_SIZE_MEDIUM),
  1510. api_get_path(WEB_CODE_PATH).'document/create_document.php?'
  1511. .api_get_cidreq().'&id='.$document_id
  1512. );
  1513. // Create new draw
  1514. if (api_get_setting('enabled_support_svg') == 'true') {
  1515. if (api_browser_support('svg')) {
  1516. $actionsLeft .= Display::url(
  1517. Display::return_icon('new_draw.png', get_lang('Draw'), '', ICON_SIZE_MEDIUM),
  1518. api_get_path(WEB_CODE_PATH).'document/create_draw.php?'.api_get_cidreq().'&id='.$document_id
  1519. );
  1520. } else {
  1521. $actionsLeft .= Display::return_icon(
  1522. 'new_draw_na.png',
  1523. get_lang('BrowserDontSupportsSVG'),
  1524. '',
  1525. ICON_SIZE_MEDIUM
  1526. );
  1527. }
  1528. }
  1529. // Create new paint
  1530. if (api_get_setting('enabled_support_pixlr') == 'true') {
  1531. $actionsLeft .= Display::url(
  1532. Display::return_icon('new_paint.png',
  1533. get_lang('PhotoRetouching'), '', ICON_SIZE_MEDIUM),
  1534. api_get_path(WEB_CODE_PATH).'document/create_paint.php?'
  1535. .api_get_cidreq().'&id='.$document_id
  1536. );
  1537. }
  1538. // Record an image clip from my webcam
  1539. if (api_get_setting('enable_webcam_clip') == 'true') {
  1540. $actionsLeft .= Display::url(
  1541. Display::return_icon('webcam.png', get_lang('WebCamClip'), '', ICON_SIZE_MEDIUM),
  1542. api_get_path(WEB_CODE_PATH).'document/webcam_clip.php?'.api_get_cidreq().'&id='.$document_id
  1543. );
  1544. }
  1545. // Record audio (nanogong)
  1546. if (api_get_setting('enable_record_audio') === 'true') {
  1547. $actionsLeft .= Display::url(
  1548. Display::return_icon('new_recording.png', get_lang('RecordMyVoice'), '', ICON_SIZE_MEDIUM),
  1549. api_get_path(WEB_CODE_PATH).'document/record_audio.php?'.api_get_cidreq().'&id='.$document_id
  1550. );
  1551. }
  1552. // Create new audio from text
  1553. if (api_get_setting('enabled_text2audio') == 'true') {
  1554. $actionsLeft .= Display::url(
  1555. Display::return_icon('new_sound.png', get_lang('CreateAudio'), '', ICON_SIZE_MEDIUM),
  1556. api_get_path(WEB_CODE_PATH).'document/create_audio.php?'.api_get_cidreq().'&id='.$document_id
  1557. );
  1558. }
  1559. }
  1560. // Create new certificate
  1561. if ($is_certificate_mode) {
  1562. $actionsLeft .= Display::url(
  1563. Display::return_icon('new_certificate.png',
  1564. get_lang('CreateCertificate'),
  1565. '',
  1566. ICON_SIZE_MEDIUM
  1567. ),
  1568. api_get_path(WEB_CODE_PATH).'document/create_document.php?'
  1569. .api_get_cidreq().'&id='.$document_id.'&certificate=true&selectcat='
  1570. .$selectcat
  1571. );
  1572. }
  1573. // File upload link
  1574. if ($is_certificate_mode) {
  1575. $actionsLeft .= Display::url(
  1576. Display::return_icon('upload_certificate.png', get_lang('UploadCertificate'), '', ICON_SIZE_MEDIUM),
  1577. api_get_path(WEB_CODE_PATH).'document/upload.php?'.api_get_cidreq()
  1578. .'&id='.$current_folder_id.'&certificate=true'
  1579. );
  1580. } else {
  1581. $actionsLeft .= Display::url(
  1582. Display::return_icon('upload_file.png', get_lang('UplUploadDocument'), '', ICON_SIZE_MEDIUM),
  1583. api_get_path(WEB_CODE_PATH).'document/upload.php?'.api_get_cidreq().'&id='.$current_folder_id
  1584. );
  1585. }
  1586. /*echo '<a href="#" id="jcapture">';
  1587. echo Display::display_icon('capture.png', get_lang('CatchScreenCasts'), '', ICON_SIZE_MEDIUM).'</a>';*/
  1588. if ($capturePluginInstalled) {
  1589. $actionsLeft .= '<span id="appletplace"></span>';
  1590. $actionsLeft .= Display::url(
  1591. Display::return_icon('capture.png', get_lang('CatchScreenCasts'), '', ICON_SIZE_MEDIUM),
  1592. '#',
  1593. array('id' => 'jcapture')
  1594. );
  1595. }
  1596. // Create directory
  1597. if (!$is_certificate_mode) {
  1598. $actionsLeft .= Display::url(
  1599. Display::return_icon('new_folder.png', get_lang('CreateDir'), '', ICON_SIZE_MEDIUM),
  1600. api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&id='.$document_id.'&createdir=1'
  1601. );
  1602. }
  1603. }
  1604. require 'document_slideshow.inc.php';
  1605. if ($image_present && !isset($_GET['keyword'])) {
  1606. $actionsLeft .= Display::url(
  1607. Display::return_icon('slideshow.png', get_lang('ViewSlideshow'), '', ICON_SIZE_MEDIUM),
  1608. api_get_path(WEB_CODE_PATH).'document/slideshow.php?'.api_get_cidreq().'&curdirpath='.$curdirpathurl
  1609. );
  1610. }
  1611. if ($isAllowedToEdit) {
  1612. $actionsLeft .= Display::url(
  1613. Display::return_icon('percentage.png', get_lang('DocumentQuota'), '', ICON_SIZE_MEDIUM),
  1614. api_get_path(WEB_CODE_PATH).'document/document_quota.php?'.api_get_cidreq()
  1615. );
  1616. }
  1617. if (!$is_certificate_mode) {
  1618. /* BUILD SEARCH FORM */
  1619. $form = new FormValidator(
  1620. 'search_document',
  1621. 'get',
  1622. api_get_self().'?'.api_get_cidreq(),
  1623. '',
  1624. array(),
  1625. FormValidator::LAYOUT_INLINE
  1626. );
  1627. $form->addText('keyword', '', false, array('class' => 'col-md-2'));
  1628. $form->addElement('hidden', 'cidReq', api_get_course_id());
  1629. $form->addElement('hidden', 'id_session', api_get_session_id());
  1630. $form->addElement('hidden', 'gidReq', $groupId);
  1631. $form->addButtonSearch(get_lang('Search'));
  1632. $actionsRight = $form->returnForm();
  1633. }
  1634. $table_footer = '';
  1635. $total_size = 0;
  1636. $sortable_data = array();
  1637. $row = array();
  1638. $userIsSubscribed = CourseManager::is_user_subscribed_in_course(
  1639. api_get_user_id(),
  1640. $courseInfo['code']
  1641. );
  1642. $getSizeURL = api_get_path(WEB_AJAX_PATH).'document.ajax.php?a=get_dir_size&'.api_get_cidreq();
  1643. if (isset($documentAndFolders) && is_array($documentAndFolders)) {
  1644. if ($groupId == 0 || $userAccess) {
  1645. $count = 1;
  1646. $countedPaths = array();
  1647. foreach ($documentAndFolders as $key => $document_data) {
  1648. $row = array();
  1649. $row['id'] = $document_data['id'];
  1650. $row['type'] = $document_data['filetype'];
  1651. // If the item is invisible, wrap it in a span with class invisible.
  1652. $is_visible = DocumentManager::is_visible_by_id(
  1653. $document_data['id'],
  1654. $courseInfo,
  1655. $sessionId,
  1656. api_get_user_id(),
  1657. false,
  1658. $userIsSubscribed
  1659. );
  1660. $invisibility_span_open = ($is_visible == 0) ? '<span class="muted">' : '';
  1661. $invisibility_span_close = ($is_visible == 0) ? '</span>' : '';
  1662. $size = 1;
  1663. // Get the title or the basename depending on what we're using
  1664. if ($document_data['title'] != '') {
  1665. $document_name = $document_data['title'];
  1666. } else {
  1667. $document_name = basename($document_data['path']);
  1668. }
  1669. $row['name'] = $document_name;
  1670. // Data for checkbox
  1671. if (($isAllowedToEdit || $group_member_with_upload_rights) && count($documentAndFolders) > 1) {
  1672. $row[] = $document_data['id'];
  1673. }
  1674. if (DocumentManager::is_folder_to_avoid($document_data['path'], $is_certificate_mode)) {
  1675. continue;
  1676. }
  1677. // Show the owner of the file only in groups
  1678. $user_link = '';
  1679. if (!empty($groupId)) {
  1680. if (!empty($document_data['insert_user_id'])) {
  1681. $userInfo = api_get_user_info(
  1682. $document_data['insert_user_id'],
  1683. false,
  1684. false,
  1685. false,
  1686. false,
  1687. false
  1688. );
  1689. $user_link = '<div class="document_owner">'
  1690. .get_lang('Owner').': '.UserManager::getUserProfileLink($userInfo)
  1691. .'</div>';
  1692. }
  1693. }
  1694. // Icons (clickable)
  1695. $row[] = DocumentManager::create_document_link(
  1696. $document_data,
  1697. $courseInfo,
  1698. true,
  1699. $count,
  1700. $is_visible,
  1701. $size,
  1702. $isAllowedToEdit
  1703. );
  1704. $path_info = pathinfo($document_data['path']);
  1705. if (isset($path_info['extension']) &&
  1706. in_array($path_info['extension'], array('ogg', 'mp3', 'wav'))
  1707. ) {
  1708. $count++;
  1709. }
  1710. // Validation when belongs to a session
  1711. $session_img = api_get_session_image($document_data['session_id'], $_user['status']);
  1712. $link = DocumentManager::create_document_link(
  1713. $document_data,
  1714. $courseInfo,
  1715. false,
  1716. null,
  1717. $is_visible,
  1718. $size,
  1719. $isAllowedToEdit
  1720. );
  1721. // Document title with link
  1722. $row[] = $link.$session_img.'<br />'.$invisibility_span_open.'<i>'
  1723. .nl2br(htmlspecialchars($document_data['comment'], ENT_QUOTES, $charset))
  1724. .'</i>'.$invisibility_span_close.$user_link;
  1725. if ($document_data['filetype'] == 'folder') {
  1726. $displaySize = '<span id="document_size_'.$document_data['id']
  1727. .'" data-path= "'.$document_data['path']
  1728. .'" class="document_size"></span>';
  1729. } else {
  1730. $displaySize = format_file_size($document_data['size']);
  1731. }
  1732. $row[] = '<span style="display:none;">'.$size.'</span>'.
  1733. $invisibility_span_open.
  1734. $displaySize.
  1735. $invisibility_span_close;
  1736. // Last edit date
  1737. $last_edit_date = api_get_local_time($document_data['lastedit_date']);
  1738. $display_date = date_to_str_ago($document_data['lastedit_date']).
  1739. ' <div class="muted"><small>'.$last_edit_date."</small></div>";
  1740. $row[] = $invisibility_span_open.$display_date.$invisibility_span_close;
  1741. // Admins get an edit column
  1742. if ($isAllowedToEdit ||
  1743. $groupMemberWithEditRights ||
  1744. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ||
  1745. $document_data['insert_user_id'] == api_get_user_id()
  1746. ) {
  1747. $is_template = isset($document_data['is_template']) ? $document_data['is_template'] : false;
  1748. // If readonly, check if it the owner of the file or if the user is an admin
  1749. if ($document_data['insert_user_id'] == api_get_user_id() || api_is_platform_admin()) {
  1750. $edit_icons = DocumentManager::build_edit_icons(
  1751. $document_data,
  1752. $key,
  1753. $is_template,
  1754. 0,
  1755. $is_visible
  1756. );
  1757. } else {
  1758. $edit_icons = DocumentManager::build_edit_icons(
  1759. $document_data,
  1760. $key,
  1761. $is_template,
  1762. $document_data['readonly'],
  1763. $is_visible
  1764. );
  1765. }
  1766. $row[] = $edit_icons;
  1767. } else {
  1768. $row[] = '';
  1769. }
  1770. $row[] = $last_edit_date;
  1771. $row[] = $size;
  1772. $row[] = $document_name;
  1773. $total_size = $total_size + $size;
  1774. if (!isset($countedPaths[$document_data['path']])) {
  1775. $total_size = $total_size + $size;
  1776. $countedPaths[$document_data['path']] = true;
  1777. }
  1778. if ((isset($_GET['keyword']) && DocumentManager::search_keyword($document_name, $_GET['keyword'])) ||
  1779. !isset($_GET['keyword']) ||
  1780. empty($_GET['keyword'])
  1781. ) {
  1782. $sortable_data[] = $row;
  1783. }
  1784. }
  1785. }
  1786. } else {
  1787. $sortable_data = '';
  1788. $table_footer = get_lang('NoDocsInFolder');
  1789. }
  1790. if (!is_null($documentAndFolders)) {
  1791. // Show download zipped folder icon
  1792. if (!$is_certificate_mode && $total_size != 0
  1793. && (
  1794. api_get_setting('students_download_folders') == 'true' ||
  1795. $isAllowedToEdit ||
  1796. api_is_platform_admin()
  1797. )
  1798. ) {
  1799. //for student does not show icon into other shared folder, and does not show into main path (root)
  1800. if (DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) &&
  1801. $curdirpath != '/' ||
  1802. $isAllowedToEdit ||
  1803. api_is_platform_admin()
  1804. ) {
  1805. $actionsLeft .= Display::url(
  1806. Display::return_icon(
  1807. 'save_pack.png',
  1808. get_lang('Save').' (ZIP)',
  1809. '',
  1810. ICON_SIZE_MEDIUM
  1811. ),
  1812. api_get_path(WEB_CODE_PATH).'document/document.php?'
  1813. .api_get_cidreq().'&action=downloadfolder&id='.$document_id
  1814. );
  1815. }
  1816. }
  1817. }
  1818. if (api_is_platform_admin()) {
  1819. if (api_get_configuration_value('document_manage_deleted_files')) {
  1820. $actionsLeft .= Display::url(
  1821. get_lang('Recycle'),
  1822. api_get_path(WEB_CODE_PATH).'document/recycle.php?'.api_get_cidreq(),
  1823. array('class' => 'btn btn-default')
  1824. );
  1825. }
  1826. }
  1827. if (!empty($moveTo)) {
  1828. $document_id = DocumentManager::get_document_id($courseInfo, $moveTo);
  1829. }
  1830. if (isset($_GET['createdir']) && isset($_POST['dirname']) && $_POST['dirname'] != '') {
  1831. $post_dir_name = $_POST['dirname'];
  1832. $document_id = DocumentManager::get_document_id($courseInfo, $_POST['dirname']);
  1833. }
  1834. $selector = '';
  1835. if (!$is_certificate_mode && !isset($_GET['move'])) {
  1836. $selector = DocumentManager::build_directory_selector(
  1837. $folders,
  1838. $document_id,
  1839. (isset($group_properties['directory']) ? $group_properties['directory'] : array())
  1840. );
  1841. }
  1842. if (($isAllowedToEdit || $group_member_with_upload_rights) && count($documentAndFolders) > 1) {
  1843. $column_show[] = 1;
  1844. }
  1845. $column_show[] = 1;
  1846. $column_show[] = 1;
  1847. $column_show[] = 1;
  1848. $column_show[] = 1;
  1849. if ($isAllowedToEdit ||
  1850. $group_member_with_upload_rights ||
  1851. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1852. ) {
  1853. $column_show[] = 1;
  1854. }
  1855. $column_show[] = 0;
  1856. $column_show[] = 0;
  1857. $column_order = array();
  1858. if (count($row) == 12) {
  1859. //teacher
  1860. $column_order[2] = 8; //name
  1861. $column_order[3] = 7;
  1862. $column_order[4] = 6;
  1863. } elseif (count($row) == 10) {
  1864. //student
  1865. $column_order[1] = 6;
  1866. $column_order[2] = 5;
  1867. $column_order[3] = 4;
  1868. }
  1869. $default_column = $isAllowedToEdit ? 2 : 1;
  1870. $tableName = $isAllowedToEdit ? 'teacher_table' : 'student_table';
  1871. $table = new SortableTableFromArrayConfig(
  1872. $sortable_data,
  1873. $default_column,
  1874. 20,
  1875. $tableName,
  1876. $column_show,
  1877. $column_order,
  1878. 'ASC',
  1879. true
  1880. );
  1881. $query_vars = array();
  1882. if (isset($_GET['keyword'])) {
  1883. $query_vars['keyword'] = Security::remove_XSS($_GET['keyword']);
  1884. } else {
  1885. $query_vars['curdirpath'] = $curdirpath;
  1886. }
  1887. if ($groupId) {
  1888. $query_vars['gidReq'] = $groupId;
  1889. }
  1890. $query_vars['cidReq'] = api_get_course_id();
  1891. $table->set_additional_parameters($query_vars);
  1892. $column = 0;
  1893. if (($isAllowedToEdit || $group_member_with_upload_rights) &&
  1894. count($documentAndFolders) > 1
  1895. ) {
  1896. $table->set_header($column++, '', false, array('style' => 'width:12px;'));
  1897. }
  1898. $table->set_header($column++, get_lang('Type'), true, array('style' => 'width:30px;'));
  1899. $table->set_header($column++, get_lang('Name'));
  1900. $table->set_header($column++, get_lang('Size'), true, array('style' => 'width:50px;'));
  1901. $table->set_header($column++, get_lang('Date'), true, array('style' => 'width:150px;'));
  1902. // Admins get an edit column
  1903. if ($isAllowedToEdit ||
  1904. $group_member_with_upload_rights ||
  1905. DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId)
  1906. ) {
  1907. $table->set_header($column++, get_lang('Actions'), false, array('class' => 'td_actions'));
  1908. }
  1909. // Actions on multiple selected documents
  1910. // TODO: Currently only delete action -> take only DELETE permission into account
  1911. if (count($documentAndFolders) > 1) {
  1912. if ($isAllowedToEdit || $groupMemberWithEditRights) {
  1913. $form_actions = array();
  1914. $form_action['set_invisible'] = get_lang('SetInvisible');
  1915. $form_action['set_visible'] = get_lang('SetVisible');
  1916. $form_action['delete'] = get_lang('Delete');
  1917. /*$portfolio_actions = Portfolio::actions();
  1918. foreach ($portfolio_actions as $action) {
  1919. $form_action[$action->get_name()] = $action->get_title();
  1920. }*/
  1921. $table->set_form_actions($form_action, 'ids');
  1922. }
  1923. }
  1924. Display::display_header('', 'Doc');
  1925. /* Introduction section (editable by course admins) */
  1926. if (!empty($groupId)) {
  1927. Display::display_introduction_section(TOOL_DOCUMENT.$groupId);
  1928. } else {
  1929. Display::display_introduction_section(TOOL_DOCUMENT);
  1930. }
  1931. $toolbar = Display::toolbarAction(
  1932. 'toolbar-document',
  1933. array($actionsLeft, $actionsRight)
  1934. );
  1935. echo $toolbar;
  1936. echo $templateForm;
  1937. echo $moveForm;
  1938. echo $dirForm;
  1939. echo $selector;
  1940. $table->display();
  1941. $ajaxURL = api_get_path(WEB_AJAX_PATH).'document.ajax.php?a=get_document_quota&'.api_get_cidreq();
  1942. if (count($documentAndFolders) > 1) {
  1943. if ($isAllowedToEdit || $group_member_with_upload_rights) {
  1944. echo '<script>
  1945. $(document).ready(function() {
  1946. $.ajax({
  1947. url:"'.$ajaxURL.'",
  1948. success:function(data){
  1949. $("#course_quota").html(data);
  1950. }
  1951. });
  1952. $(".document_size").each(function(i, obj) {
  1953. var path = obj.getAttribute("data-path");
  1954. $.ajax({
  1955. url:"'.$getSizeURL.'&path="+path,
  1956. success:function(data){
  1957. $(obj).html(data);
  1958. }
  1959. });
  1960. });
  1961. });
  1962. </script>';
  1963. echo '<span id="course_quota"></span>';
  1964. }
  1965. }
  1966. if (!empty($table_footer)) {
  1967. echo Display::return_message($table_footer, 'warning');
  1968. }
  1969. echo '
  1970. <div id="convertModal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="true">
  1971. <div class="modal-dialog">
  1972. <div class="modal-content">
  1973. <div class="modal-header" style="text-align: center;">
  1974. <button type="button" class="close" data-dismiss="modal" aria-label="'.get_lang('Close').'">
  1975. <span aria-hidden="true">&times;</span>
  1976. </button>
  1977. <h4 class="modal-title">'.get_lang('Convert').'</h4>
  1978. </div>
  1979. <div class="modal-body">
  1980. <form action="#" class="form-horizontal">
  1981. <div class="form-group">
  1982. <label class="col-sm-4 control-label" for="convertSelect">'.get_lang('ConvertFormats').'</label>
  1983. <div class="col-sm-8">
  1984. <select id="convertSelect">
  1985. <option value="">'.get_lang('Select').'</option>
  1986. <option value="pdf">
  1987. PDF - Portable Document File
  1988. </option>
  1989. <option value="odt" style="display:none;" class="textFormatType">
  1990. ODT - Open Document Text
  1991. </option>
  1992. <option value="odp" style="display:none;" class="presentationFormatType">
  1993. ODP - Open Document Portable
  1994. </option>
  1995. <option value="ods" style="display:none;" class="spreadsheetFormatType">
  1996. ODS - Open Document Spreadsheet
  1997. </option>
  1998. </select>
  1999. </div>
  2000. </div>
  2001. </form>
  2002. </div>
  2003. <div class="modal-footer">
  2004. <button type="button" class="btn btn-default" data-dismiss="modal">'.get_lang('Close').'</button>
  2005. </div>
  2006. </div>
  2007. </div>
  2008. ';
  2009. // Footer
  2010. Display::display_footer();