📄 main_api.lib.php
字号:
* false otherwise.*/function api_is_allowed_to_create_course(){ return $_SESSION["is_allowedCreateCourse"];}/** * Check if the current user is a course administrator * @return boolean True if current user is a course administrator */function api_is_course_admin(){ return $_SESSION["is_courseAdmin"];}/** * Check if the current user is a course coach * @return bool True if current user is a course coach */function api_is_course_coach(){ return $_SESSION['is_courseCoach'];}/** * Check if the current user is a course tutor * @return bool True if current user is a course tutor */function api_is_course_tutor(){ return $_SESSION['is_courseTutor'];}/** * Check if the current user is a course or session coach * @return boolean True if current user is a course or session coach */function api_is_coach(){ global $_user; global $sessionIsCoach; $sql = "SELECT DISTINCT id, name, date_start, date_end FROM session INNER JOIN session_rel_course ON session_rel_course.id_coach = '".mysql_real_escape_string($_user['user_id'])."' ORDER BY date_start, date_end, name"; $result = api_sql_query($sql,__FILE__,__LINE__); $sessionIsCoach = api_store_result($result); $sql = "SELECT DISTINCT id, name, date_start, date_end FROM session WHERE session.id_coach = '".mysql_real_escape_string($_user['user_id'])."' ORDER BY date_start, date_end, name"; $result = api_sql_query($sql,__FILE__,__LINE__); $sessionIsCoach = array_merge($sessionIsCoach , api_store_result($result)); if(count($sessionIsCoach) > 0) { return true; } else { return false; }}/*============================================================================== DISPLAY OPTIONS student view, title, message boxes,...==============================================================================*//** * Displays the title of a tool. * Normal use: parameter is a string: * api_display_tool_title("My Tool") * * Optionally, there can be a subtitle below * the normal title, and / or a supra title above the normal title. * * e.g. supra title: * group * GROUP PROPERTIES * * e.g. subtitle: * AGENDA * calender & events tool * * @author Hugues Peeters <hugues.peeters@claroline.net> * @param mixed $titleElement - it could either be a string or an array * containing 'supraTitle', 'mainTitle', * 'subTitle' * @return void */function api_display_tool_title($titleElement){ if (is_string($titleElement)) { $tit = $titleElement; unset ($titleElement); $titleElement['mainTitle'] = $tit; } echo '<h3>'; if (!empty($titleElement['supraTitle'])) { echo '<small>'.$titleElement['supraTitle'].'</small><br>'; } if (!empty($titleElement['mainTitle'])) { echo $titleElement['mainTitle']; } if (!empty($titleElement['subTitle'])) { echo '<br><small>'.$titleElement['subTitle'].'</small>'; } echo '</h3>';}/*** Display options to switch between student view and course manager view** Changes in version 1.2 (Patrick Cool)* Student view switch now behaves as a real switch. It maintains its current state until the state* is changed explicitly** Changes in version 1.1 (Patrick Cool)* student view now works correctly in subfolders of the document tool* student view works correctly in the new links tool** Example code for using this in your tools:* //if ( $is_courseAdmin && api_get_setting('student_view_enabled') == 'true' )* //{* // display_tool_view_option($isStudentView);* //}* //and in later sections, use api_is_allowed_to_edit()* @author Roan Embrechts* @author Patrick Cool* @version 1.2* @todo rewrite code so it is easier to understand*/function api_display_tool_view_option(){ if (api_get_setting('student_view_enabled') != "true") { return ''; } $output_string=''; $sourceurl = ''; $is_framed = false; // Exceptions apply for all multi-frames pages if (strpos($_SERVER['REQUEST_URI'],'chat/chat_banner.php')!==false) { //the chat is a multiframe bit that doesn't work too well with the student_view, so do not show the link $is_framed = true; return ''; } // Uncomment to remove student view link from document view page if(strpos($_SERVER['REQUEST_URI'],'document/headerpage.php')!==false) { $sourceurl = str_replace('document/headerpage.php','document/showinframes.php',$_SERVER['REQUEST_URI']); //showinframes doesn't handle student view anyway... //return ''; $is_framed = true; } // Uncomment to remove student view link from document view page if(strpos($_SERVER['REQUEST_URI'],'newscorm/lp_header.php')!==false) { if(empty($_GET['lp_id'])) { return ''; } $sourceurl = substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],'?')); $sourceurl = str_replace('newscorm/lp_header.php','newscorm/lp_controller.php?'.api_get_cidreq().'&action=view&lp_id='.intval($_GET['lp_id']).'&isStudentView='.($_SESSION['studentview']=='studentview'?'false':'true'),$sourceurl); //showinframes doesn't handle student view anyway... //return ''; $is_framed = true; } // check if the $_SERVER['REQUEST_URI'] contains already url parameters (thus a questionmark) if(!$is_framed) { if (!strstr($_SERVER['REQUEST_URI'], "?")) { $sourceurl = api_get_self()."?".api_get_cidreq(); } else { $sourceurl = $_SERVER['REQUEST_URI']; //$sourceurl = str_replace('&', '&', $sourceurl); } } if(!empty($_SESSION['studentview'])) { if ($_SESSION['studentview']=='studentview') { // we have to remove the isStudentView=true from the $sourceurl $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= '<a href="'.$sourceurl.'&isStudentView=false" target="_top">'.get_lang("CourseManagerview").'</a>'; } elseif ($_SESSION['studentview']=='teacherview') { //switching to teacherview $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= '<a href="'.$sourceurl.'&isStudentView=true" target="_top">'.get_lang("StudentView").'</a>'; } } else { $output_string .= '<a href="'.$sourceurl.'&isStudentView=true" target="_top">'.get_lang("StudentView").'</a>'; } echo $output_string;}/** * Displays the contents of an array in a messagebox. * @param array $info_array An array with the messages to show */function api_display_array($info_array){ foreach ($info_array as $element) { $message .= $element."<br>"; } Display :: display_normal_message($message);}/*** Displays debug info* @param string $debug_info The message to display* @author Roan Embrechts* @version 1.1, March 2004*/function api_display_debug_info($debug_info){ $message = "<i>Debug info</i><br>"; $message .= $debug_info; Display :: display_normal_message($message);}/*** @deprecated, use api_is_allowed_to_edit() instead*/function is_allowed_to_edit(){ return api_is_allowed_to_edit();}/*** Function that removes the need to directly use is_courseAdmin global in* tool scripts. It returns true or false depending on the user's rights in* this particular course.* Optionally checking for tutor and coach roles here allows us to use the* student_view feature altogether with these roles as well.* @param bool Whether to check if the user has the tutor role* @param bool Whether to check if the user has the coach role** @author Roan Embrechts* @author Patrick Cool* @version 1.1, February 2004* @return boolean, true: the user has the rights to edit, false: he does not*/function api_is_allowed_to_edit($tutor=false,$coach=false){ $is_courseAdmin = api_is_course_admin() || api_is_platform_admin(); if(!$is_courseAdmin && $tutor == true) { //if we also want to check if the user is a tutor... $is_courseAdmin = $is_courseAdmin || api_is_course_tutor(); } if(!$is_courseAdmin && $coach == true) { //if we also want to check if the user is a coach... $is_courseAdmin = $is_courseAdmin || api_is_course_coach(); } if(api_get_setting('student_view_enabled') == 'true') { //check if the student_view is enabled, and if so, if it is activated $is_allowed = $is_courseAdmin && $_SESSION['studentview'] != "studentview"; return $is_allowed; } else return $is_courseAdmin;}/*** this fun* @param $tool the tool we are checking ifthe user has a certain permission* @param $action the action we are checking (add, edit, delete, move, visibility)* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University* @version 1.0*/function api_is_allowed($tool, $action, $task_id = 0){ global $_course; global $_user; if(api_is_course_admin()) return true; //if(!$_SESSION['total_permissions'][$_course['code']] and $_course) if($_course) { require_once(api_get_path(SYS_CODE_PATH) . 'permissions/permissions_functions.inc.php'); require_once(api_get_path(LIBRARY_PATH) . "/groupmanager.lib.php"); // getting the permissions of this user if($task_id == 0) { $user_permissions = get_permissions('user', $_user['user_id']); $_SESSION['total_permissions'][$_course['code']] = $user_permissions; } // getting the permissions of the task if($task_id != 0) { $task_permissions = get_permissions('task', $task_id); /* !!! */$_SESSION['total_permissions'][$_course['code']] = $task_permissions; } //print_r($_SESSION['total_permissions']); // getting the permissions of the groups of the user //$groups_of_user = GroupManager::get_group_ids($_course['db_name'], $_user['user_id']); //foreach($groups_of_user as $group) //$this_group_permissions = get_permissions('group', $group); // getting the permissions of the courseroles of the user $user_courserole_permissions = get_roles_permissions('user', $_user['user_id']); // getting the permissions of the platformroles of the user //$user_platformrole_permissions = get_roles_permissions('user', $_user['user_id'], ', platform'); // getting the permissions of the roles of the groups of the user //foreach($groups_of_user as $group) //$this_group_courserole_permissions = get_roles_permissions('group', $group); // getting the permissions of the platformroles of the groups of the user //foreach($groups_of_user as $group) //$this_group_platformrole_permissions = get_roles_permissions('group', $group, 'platform'); } // ifthe permissions are limited we have to map the extended ones to the limited ones if(api_get_setting('permissions') == 'limited') { if($action == 'Visibility') $action = 'Edit'; if($action == 'Move') $action = 'Edit'; } // the session that contains all the permissions already exists for this course // so there is no need to requery everything. //my_print_r($_SESSION['total_permissions'][$_course['code']][$tool]); if(in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) return true; else return false;}/** * Tells whether this user is an anonymous user * @param int User ID (optional, will take session ID if not provided) * @param bool Whether to check in the database (true) or simply in the session (false) to see if the current user is the anonymous user * @return bool true if this user is anonymous, false otherwise */function api_is_anonymous($user_id=null,$db_check=false){ if(!isset($user_id)) { $user_id = api_get_user_id(); } if($db_check) { $info = api_get_user_info($user_id); if($info['status'] == 6) { return true; } } else { global $_user; if(!isset($_user)){ //in some cases, api_set_anonymous doesn't seem to be //triggered in local.inc.php. Make sure it is. //Occurs in agenda for admin links - YW global $use_anonymous; if(isset($use_anonymous) && $use_anonymous == true) { api_set_anonymous(); } return true; } if(isset($_user['is_anonymous']) and $_user['is_anonymous'] === true) { return true; } } return false;}/** * Displays message "You are not allowed here..." and exits the entire script. * @param bool Whether or not to print headers (default = false -> does not print them) * * @author Roan Embrechts * @author Yannick Warnier * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University* * @version 1.0, February 2004 * @version dokeos 1.8, August 2006*/function api_not_allowed($print_headers = false){ $home_url = api_get_path(WEB_PATH); $user = api_get_user_id(); $course = api_get_course_id(); if((isset($user) && !api_is_anonymous()) && (!isset($course) || $course==-1) && empty($_GET['cidReq'])) {//if the access is not authorized and there is some login information // but the cidReq is not found, assume we are missing course data and send the user⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -