MDL-15262 Added a two capabilities to prevent certain users from changing a course...
[moodle.git] / course / rest.php
CommitLineData
d9cb06dc 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Provide interface for topics AJAX course formats
20 *
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package course
24 */
b2054038 25
26require_once('../config.php');
27require_once($CFG->dirroot.'/course/lib.php');
b2054038 28
29ca8b88 29// Initialise ALL the incoming parameters here, up front.
30$courseid = required_param('courseId', PARAM_INT);
31$class = required_param('class', PARAM_ALPHA);
b2054038 32$field = optional_param('field', '', PARAM_ALPHA);
33$instanceid = optional_param('instanceId', 0, PARAM_INT);
34$sectionid = optional_param('sectionId', 0, PARAM_INT);
35$beforeid = optional_param('beforeId', 0, PARAM_INT);
36$value = optional_param('value', 0, PARAM_INT);
37$column = optional_param('column', 0, PARAM_ALPHA);
38$id = optional_param('id', 0, PARAM_INT);
39$summary = optional_param('summary', '', PARAM_RAW);
40$sequence = optional_param('sequence', '', PARAM_SEQUENCE);
41$visible = optional_param('visible', 0, PARAM_INT);
42
d9cb06dc 43$PAGE->set_url(new moodle_url($CFG->wwwroot.'/course/rest.php', array('courseId'=>$courseId,'class'=>$class)));
b2054038 44
29ca8b88 45// Authorise the user and verify some incoming data
6bb08163 46if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
b2054038 47 error_log('AJAX commands.php: Course does not exist');
48 die;
49}
50
b2054038 51$context = get_context_instance(CONTEXT_COURSE, $course->id);
cd9224ab 52require_login($course);
b2054038 53require_capability('moodle/course:update', $context);
54
29ca8b88 55// OK, now let's process the parameters and do stuff
b2054038 56switch($_SERVER['REQUEST_METHOD']) {
57 case 'POST':
29ca8b88 58
b2054038 59 switch ($class) {
29ca8b88 60 case 'block':
61
62 switch ($field) {
3440ec12 63 case 'visible':
29ca8b88 64 blocks_execute_action($PAGE, $pageblocks, 'toggle', $blockinstance);
65 break;
66
67 case 'position': // Misleading case. Should probably call it 'move'.
68 // We want to move the block around. This means changing
69 // the column (position field) and/or block sort order
70 // (weight field).
71 blocks_move_block($PAGE, $blockinstance, $column, $value);
72 break;
73 }
74 break;
b2054038 75
76 case 'section':
3440ec12 77
6bb08163 78 if (!$DB->record_exists('course_sections', array('course'=>$course->id, 'section'=>$id))) {
b2054038 79 error_log('AJAX commands.php: Bad Section ID '.$id);
80 die;
81 }
3440ec12 82
b2054038 83 switch ($field) {
84 case 'visible':
85 set_section_visible($course->id, $id, $value);
86 break;
87
88 case 'move':
3440ec12 89 move_section_to($course, $id, $value);
b2054038 90 break;
91 }
edc06a53 92 rebuild_course_cache($course->id);
b2054038 93 break;
94
95 case 'resource':
cd9224ab 96 if (!$cm = get_coursemodule_from_id('', $id, $course->id)) {
b2054038 97 error_log('AJAX commands.php: Bad course module ID '.$id);
98 die;
99 }
100 switch ($field) {
101 case 'visible':
cd9224ab 102 set_coursemodule_visible($cm->id, $value);
b2054038 103 break;
104
105 case 'groupmode':
cd9224ab 106 set_coursemodule_groupmode($cm->id, $value);
b2054038 107 break;
108
607c1bc1 109 case 'indentleft':
cd9224ab 110 if ($cm->indent > 0) {
111 $cm->indent--;
112 $DB->update_record('course_modules', $cm);
607c1bc1 113 }
114 break;
115
116 case 'indentright':
cd9224ab 117 $cm->indent++;
118 $DB->update_record('course_modules', $cm);
607c1bc1 119 break;
120
b2054038 121 case 'move':
6bb08163 122 if (!$section = $DB->get_record('course_sections', array('course'=>$course->id, 'section'=>$sectionid))) {
b2054038 123 error_log('AJAX commands.php: Bad section ID '.$sectionid);
124 die;
125 }
3440ec12 126
b2054038 127 if ($beforeid > 0){
cd9224ab 128 $beforemod = get_coursemodule_from_id('', $beforeid, $course->id);
6bb08163 129 $beforemod = $DB->get_record('course_modules', array('id'=>$beforeid));
b2054038 130 } else {
131 $beforemod = NULL;
132 }
133
1bbcb7c0 134 if (debugging('',DEBUG_DEVELOPER)) {
135 error_log(serialize($beforemod));
136 }
137
cd9224ab 138 moveto_module($cm, $section, $beforemod);
b2054038 139 break;
140 }
edc06a53 141 rebuild_course_cache($course->id);
b2054038 142 break;
3440ec12 143
144 case 'course':
b2054038 145 switch($field) {
146 case 'marker':
147 $newcourse = new object;
148 $newcourse->id = $course->id;
149 $newcourse->marker = $value;
bb4b6010 150 $DB->update_record('course', $newcourse);
b2054038 151 break;
152 }
153 break;
154 }
155 break;
156
157 case 'DELETE':
158 switch ($class) {
159 case 'block':
160 blocks_execute_action($PAGE, $pageblocks, 'delete', $blockinstance);
3440ec12 161 break;
162
b2054038 163 case 'resource':
cd9224ab 164 if (!$cm = get_coursemodule_from_id('', $id, $course->id)) {
37fb48e0 165 error_log('AJAX rest.php: Bad course module ID '.$id);
166 die;
167 }
cd9224ab 168 $modlib = "$CFG->dirroot/mod/$cm->modname/lib.php";
37fb48e0 169
170 if (file_exists($modlib)) {
171 include_once($modlib);
172 } else {
cd9224ab 173 error_log("Ajax rest.php: This module is missing mod/$cm->modname/lib.php");
b2054038 174 die;
175 }
cd9224ab 176 $deleteinstancefunction = $cm->modname."_delete_instance";
37fb48e0 177
178 // Run the module's cleanup funtion.
179 if (!$deleteinstancefunction($cm->instance)) {
cd9224ab 180 error_log("Ajax rest.php: Could not delete the $cm->modname $cm->name (instance)");
37fb48e0 181 die;
182 }
cd9224ab 183
184 $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
185
186 // remove all module files in case modules forget to do that
187 $fs = get_file_storage();
188 $fs->delete_area_files($modcontext->id);
189
37fb48e0 190 if (!delete_course_module($cm->id)) {
cd9224ab 191 error_log("Ajax rest.php: Could not delete the $cm->modname $cm->name (coursemodule)");
192 }
193 // Remove the course_modules entry.
194 if (!delete_mod_from_section($cm->id, $cm->section)) {
195 error_log("Ajax rest.php: Could not delete the $cm->modname $cm->name from section");
37fb48e0 196 }
197
c4ce5def 198 rebuild_course_cache($course->id);
199
37fb48e0 200 add_to_log($courseid, "course", "delete mod",
201 "view.php?id=$courseid",
cd9224ab 202 "$cm->modname $cm->instance", $cm->id);
b2054038 203 break;
204 }
205 break;
206}
207
3440ec12 208?>