Skip to content
Permalink
Browse files

Allow to session admin upload files to BasicCourseDocuments folder - …

…refs BT#15362
  • Loading branch information...
AngelFQC committed Mar 28, 2019
1 parent 5ca3c81 commit 09b447d1f6bac26058bcd58f716206fc9bb8a299
@@ -217,6 +217,7 @@
case 'delete_item':
if ($isAllowedToEdit ||
$groupMemberWithUploadRights ||
DocumentManager::isBasicCourseFolder($curdirpath, $sessionId) ||
DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ||
DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId)
) {
@@ -35,6 +35,17 @@
api_protect_course_script(true);
// User access same as upload.php
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$sessionId = api_get_session_id();
if (!$is_allowed_to_edit && $sessionId && $_REQUEST['curdirpath'] == "/basic-course-documents__{$sessionId}__0") {
$session = SessionManager::fetch($sessionId);
if (!empty($session) && $session['session_admin_id'] == api_get_user_id()) {
$is_allowed_to_edit = true;
}
}
// This needs cleaning!
if (api_get_group_id()) {
$groupInfo = GroupManager::get_group_properties(api_get_group_id());
@@ -243,6 +243,197 @@
echo json_encode($courseListToSelect);
break;
case 'get_basic_course_documents_list':
case 'get_basic_course_documents_form':
$courseId = isset($_GET['course']) ? (int) $_GET['course'] : 0;
$sessionId = isset($_GET['session']) ? (int) $_GET['session'] : 0;
$currentUserId = api_get_user_id();
$em = Database::getManager();
$course = $em->find('ChamiloCoreBundle:Course', $courseId);
$session = $em->find('ChamiloCoreBundle:Session', $sessionId);
if (!$course || !$session) {
break;
}
if (!api_is_platform_admin(true) || $session->getSessionAdminId() != $currentUserId) {
break;
}
$folderName = '/basic-course-documents__'.$session->getId().'__0';
if ('get_basic_course_documents_list' === $action) {
$courseInfo = api_get_course_info_by_id($course->getId());
$exists = DocumentManager::folderExists('/basic-course-documents', $courseInfo, $session->getId(), 0);
if (!$exists) {
$courseDir = $courseInfo['directory'].'/document';
$sysCoursePath = api_get_path(SYS_COURSE_PATH);
$baseWorkDir = $sysCoursePath.$courseDir;
$newFolderData = create_unexisting_directory(
$courseInfo,
$currentUserId,
$session->getId(),
0,
0,
$baseWorkDir,
'/basic-course-documents',
get_lang('BasicCourseDocuments'),
1
);
$id = (int) $newFolderData['iid'];
} else {
$id = DocumentManager::get_document_id($courseInfo, $folderName, $session->getId());
}
$http_www = api_get_path(WEB_COURSE_PATH).$courseInfo['directory'].'/document';
$documentAndFolders = DocumentManager::getAllDocumentData(
$courseInfo,
$folderName,
0,
0,
false,
false,
$session->getId()
);
$documentAndFolders = array_filter(
$documentAndFolders,
function (array $documentData) {
return $documentData['filetype'] != 'folder';
}
);
$documentAndFolders = array_map(
function (array $documentData) use ($course, $session, $courseInfo, $currentUserId, $http_www, $folderName, $id) {
$downloadUrl = api_get_path(WEB_CODE_PATH).'document/document.php?'
.api_get_cidreq_params($course->getCode(), $session->getId()).'&'
.http_build_query(['action' => 'download', 'id' => $documentData['id']]);
$deleteUrl = api_get_path(WEB_AJAX_PATH).'session.ajax.php?'
.http_build_query(
[
'a' => 'delete_basic_course_documents',
'deleteid' => $documentData['id'],
'curdirpath' => $folderName,
'course' => $course->getId(),
'session' => $session->getId(),
]
);
$row = [];
$row[] = DocumentManager::build_document_icon_tag($documentData['filetype'], $documentData['path']);
$row[] = Display::url($documentData['title'], $downloadUrl);
$row[] = format_file_size($documentData['size']);
$row[] = date_to_str_ago($documentData['lastedit_date']).PHP_EOL
.'<div class="muted"><small>'
.api_get_local_time($documentData['lastedit_date'])
."</small></div>";
$row[] = Display::url(
Display::return_icon('save.png', get_lang('Download')),
$downloadUrl
)
.PHP_EOL
.Display::url(
Display::return_icon('delete.png', get_lang('Delete')),
$deleteUrl,
[
'class' => 'delete_document',
'data-course' => $course->getId(),
'data-session' => $session->getId(),
]
);
return $row;
},
$documentAndFolders
);
$table = new SortableTableFromArray($documentAndFolders, 1, count($documentAndFolders));
$table->set_header(0, get_lang('Type'), false, [], ['class' => 'text-center', 'width' => '60px']);
$table->set_header(1, get_lang('Name'), false);
$table->set_header(2, get_lang('Size'), false, [], ['class' => 'text-right', 'style' => 'width: 80px;']);
$table->set_header(3, get_lang('Date'), false, [], ['class' => 'text-center', 'style' => 'width: 200px;']);
$table->set_header(4, get_lang('Actions'), false, [], ['class' => 'text-center']);
$table->display();
}
if ('get_basic_course_documents_form' === $action) {
$form = new FormValidator('get_basic_course_documents_form_'.$session->getId());
$form->addMultipleUpload(
api_get_path(WEB_AJAX_PATH).'document.ajax.php?'
.api_get_cidreq_params($course->getCode(), $session->getId())
.'&a=upload_file&curdirpath='.$folderName,
''
);
$form->display();
}
break;
case 'delete_basic_course_documents':
$curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
$docId = isset($_GET['deleteid']) ? (int) $_GET['deleteid'] : 0;
$courseId = isset($_GET['course']) ? (int) $_GET['course'] : 0;
$sessionId = isset($_GET['session']) ? (int) $_GET['session'] : 0;
if (empty($curdirpath) || empty($docId) || empty($courseId) || empty($sessionId)) {
break;
}
$em = Database::getManager();
$courseInfo = api_get_course_info_by_id($courseId);
$session = $em->find('ChamiloCoreBundle:Session', $sessionId);
$currentUserId = api_get_user_id();
if (empty($courseInfo) || !$session) {
break;
}
if (!api_is_platform_admin(true) || $session->getSessionAdminId() != $currentUserId) {
break;
}
$sysCoursePath = api_get_path(SYS_COURSE_PATH);
$courseDir = $courseInfo['directory'].'/document';
$baseWorkDir = $sysCoursePath.$courseDir;
$documentInfo = DocumentManager::get_document_data_by_id(
$docId,
$courseInfo['code'],
false,
$session->getId()
);
if (empty($documentInfo)) {
break;
}
if ($documentInfo['filetype'] != 'link') {
$deletedDocument = DocumentManager::delete_document(
$courseInfo,
null,
$baseWorkDir,
$session->getId(),
$docId
);
} else {
$deletedDocument = DocumentManager::deleteCloudLink(
$courseInfo,
$docId
);
}
if (!$deletedDocument) {
break;
}
echo true;
break;
default:
echo '';
}
@@ -5014,6 +5014,9 @@ public static function create_document_link(
$path = $document_data['path'];
$url_path = urlencode($document_data['path']);
$basePageUrl = api_get_path(WEB_CODE_PATH).'document/';
$pageUrl = $basePageUrl.'document.php';
// Add class="invisible" on invisible files
$visibility_class = $visibility == false ? ' class="muted"' : '';
$forcedownload_link = '';
@@ -5023,7 +5026,9 @@ public static function create_document_link(
if (!$show_as_icon) {
// Build download link (icon)
$forcedownload_link = $filetype == 'folder' ? api_get_self().'?'.$courseParams.'&action=downloadfolder&id='.$document_data['id'] : api_get_self().'?'.$courseParams.'&amp;action=download&amp;id='.$document_data['id'];
$forcedownload_link = $filetype == 'folder'
? $pageUrl.'?'.$courseParams.'&action=downloadfolder&id='.$document_data['id']
: $pageUrl.'?'.$courseParams.'&amp;action=download&amp;id='.$document_data['id'];
// Folder download or file download?
$forcedownload_icon = $filetype == 'folder' ? 'save_pack.png' : 'save.png';
// Prevent multiple clicks on zipped folder download
@@ -5042,17 +5047,17 @@ public static function create_document_link(
$is_browser_viewable_file = self::isBrowserViewable($ext);
if ($is_browser_viewable_file) {
if ($ext == 'pdf' || in_array($ext, $webODFList)) {
$url = api_get_self().'?'.$courseParams.'&amp;action=download&amp;id='.$document_data['id'];
$url = $pageUrl.'?'.$courseParams.'&amp;action=download&amp;id='.$document_data['id'];
} else {
$url = 'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
$url = $basePageUrl.'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
}
} else {
// url-encode for problematic characters (we may not call them dangerous characters...)
//$path = str_replace('%2F', '/', $url_path).'?'.$courseParams;
$url = $www.str_replace('%2F', '/', $url_path).'?'.$courseParams;
}
} else {
$url = api_get_self().'?'.$courseParams.'&id='.$document_data['id'];
$url = $pageUrl.'?'.$courseParams.'&id='.$document_data['id'];
}
if ($isCertificateMode) {
@@ -5130,7 +5135,7 @@ public static function create_document_link(
if (api_get_setting('allow_my_files') === 'true' &&
api_get_setting('users_copy_files') === 'true' && api_is_anonymous() === false
) {
$copy_myfiles_link = $filetype == 'file' ? api_get_self().'?'.$courseParams.'&action=copytomyfiles&id='.$document_data['id'] : api_get_self().'?'.$courseParams;
$copy_myfiles_link = $filetype == 'file' ? $pageUrl.'?'.$courseParams.'&action=copytomyfiles&id='.$document_data['id'] : api_get_self().'?'.$courseParams;
if ($filetype == 'file') {
$copyToMyFiles = '<a href="'.$copy_myfiles_link.'" style="float:right"'.$prevent_multiple_click.'>'.
Display::return_icon('briefcase.png', get_lang('CopyToMyFiles'), [], ICON_SIZE_SMALL).'&nbsp;&nbsp;</a>';
@@ -5147,7 +5152,7 @@ public static function create_document_link(
$filetype == 'file' &&
in_array($extension, ['html', 'htm'])
) {
$pdf_icon = ' <a style="float:right".'.$prevent_multiple_click.' href="'.api_get_self().'?'.$courseParams.'&action=export_to_pdf&id='.$document_data['id'].'&curdirpath='.$curdirpath.'">'.
$pdf_icon = ' <a style="float:right".'.$prevent_multiple_click.' href="'.$pageUrl.'?'.$courseParams.'&action=export_to_pdf&id='.$document_data['id'].'&curdirpath='.$curdirpath.'">'.
Display::return_icon('pdf.png', get_lang('Export2PDF'), [], ICON_SIZE_SMALL).'</a> ';
}
@@ -5198,7 +5203,7 @@ public static function create_document_link(
// For a "PDF Download" of the file.
$pdfPreview = null;
if ($ext != 'pdf' && !in_array($ext, $webODFList)) {
$url = 'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
$url = $basePageUrl.'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
} else {
$pdfPreview = Display::url(
Display::return_icon('preview.png', get_lang('Preview'), null, ICON_SIZE_SMALL),
@@ -5239,7 +5244,7 @@ public static function create_document_link(
preg_match('/bmp$/i', urldecode($checkExtension)) ||
preg_match('/svg$/i', urldecode($checkExtension))
) {
$url = 'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
$url = $basePageUrl.'showinframes.php?'.$courseParams.'&id='.$document_data['id'];
return '<a href="'.$url.'" title="'.$tooltip_title_alt.'" '.$visibility_class.' style="float:left">'.
self::build_document_icon_tag($filetype, $path, $isAllowedToEdit).
@@ -5278,7 +5283,7 @@ public static function create_document_link(
preg_match('/bmp$/i', urldecode($checkExtension)) ||
preg_match('/svg$/i', urldecode($checkExtension))
) {
$url = 'showinframes.php?'.$courseParams.'&id='.$document_data['id']; //without preview
$url = $basePageUrl.'showinframes.php?'.$courseParams.'&id='.$document_data['id']; //without preview
return '<a href="'.$url.'" title="'.$tooltip_title_alt.'" '.$visibility_class.' style="float:left">'.
self::build_document_icon_tag($filetype, $path, $isAllowedToEdit).
'</a>';
@@ -5840,6 +5845,14 @@ public static function is_my_shared_folder($user_id, $path, $sessionId)
}
}
public static function isBasicCourseFolder($path, $sessionId)
{
$cleanPath = Security::remove_XSS($path);
$basicCourseFolder = '/basic-course-documents__'.$sessionId.'__0';
return $cleanPath == $basicCourseFolder;
}
/**
* Check if the file name or folder searched exist.
*
@@ -253,6 +253,15 @@ function ($index, SessionRelCourseRelUser $subscription) use (&$namesOfCoaches)
Display::return_icon('teacher.png', get_lang('ModifyCoach')),
$codePath."session/session_course_edit.php?id_session=$sessionId&page=resume_session.php&course_code={$course->getCode()}$orig_param"
);
$courseItem .= Display::url(
Display::return_icon('folder_document.png', get_lang('UploadFile')),
'#',
[
'class' => 'session-upload-file-btn',
'data-session' => $sessionId,
'data-course' => $course->getId(),
]
);
$courseItem .= Display::url(
Display::return_icon('delete.png', get_lang('Delete')),
api_get_self()."?id_session=$sessionId&action=delete&idChecked[]={$course->getCode()}",
@@ -390,6 +399,8 @@ function ($index, SessionRelCourseRelUser $subscription) use (&$namesOfCoaches)
$programmedAnnouncement = new ScheduledAnnouncement();
$programmedAnnouncement = $programmedAnnouncement->allowed();
$htmlHeadXtra[] = api_get_jquery_libraries_js(['jquery-ui', 'jquery-upload']);
$tpl = new Template($tool_name);
$tpl->assign('session_header', $sessionHeader);
$tpl->assign('title', $sessionTitle);

0 comments on commit 09b447d

Please sign in to comment.
You can’t perform that action at this time.