[moodle.git] / mod / assign / feedback / file / lib.php

<?PHP
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * This file contains the moodle hooks for the feedback file plugin
 *
 * @package   assignfeedback_file
 * @copyright 2012 NetSpot {@link http://www.netspot.com.au}
 * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
defined('MOODLE_INTERNAL') || die();

/**
 * Serves assignment feedback and other files.
 *
 * @param mixed $course course or id of the course
 * @param mixed $cm course module or id of the course module
 * @param context $context
 * @param string $filearea
 * @param array $args
 * @param bool $forcedownload
 * @return bool false if file not found, does not return if found - just send the file
 */
function assignfeedback_file_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) {
    global $USER, $DB;

    if ($context->contextlevel != CONTEXT_MODULE) {
        return false;
    }

    require_login($course, false, $cm);
    $itemid = (int)array_shift($args);
    $record = $DB->get_record('assign_grades', array('id'=>$itemid), 'userid,assignment', MUST_EXIST);
    $userid = $record->userid;


    if (!$assign = $DB->get_record('assign', array('id'=>$cm->instance))) {
        return false;
    }

    if ($assign->id != $record->assignment) {
        return false;
    }


    // check is users feedback or has grading permission
    if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) {
        return false;
    }

    $relativepath = implode('/', $args);

    $fullpath = "/{$context->id}/assignfeedback_file/$filearea/$itemid/$relativepath";

    $fs = get_file_storage();
    if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
        return false;
    }
    send_stored_file($file, 0, 0, true); // download MUST be forced - security!
}
Commit	Line	Data
bbd0e548 DW	1	<?PHP
	2	// This file is part of Moodle - http://moodle.org/
	3	//
	4	// Moodle is free software: you can redistribute it and/or modify
	5	// it under the terms of the GNU General Public License as published by
	6	// the Free Software Foundation, either version 3 of the License, or
	7	// (at your option) any later version.
	8	//
	9	// Moodle is distributed in the hope that it will be useful,
	10	// but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	// GNU General Public License for more details.
	13	//
	14	// You should have received a copy of the GNU General Public License
	15	// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
	16
	17	/**
	18	* This file contains the moodle hooks for the feedback file plugin
	19	*
	20	* @package assignfeedback_file
	21	* @copyright 2012 NetSpot {@link http://www.netspot.com.au}
	22	* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
	23	*/
	24	defined('MOODLE_INTERNAL') \|\| die();
	25
	26	/**
	27	* Serves assignment feedback and other files.
	28	*
	29	* @param mixed $course course or id of the course
	30	* @param mixed $cm course module or id of the course module
	31	* @param context $context
	32	* @param string $filearea
	33	* @param array $args
	34	* @param bool $forcedownload
	35	* @return bool false if file not found, does not return if found - just send the file
	36	*/
	37	function assignfeedback_file_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) {
	38	global $USER, $DB;
	39
	40	if ($context->contextlevel != CONTEXT_MODULE) {
	41	return false;
	42	}
	43
	44	require_login($course, false, $cm);
	45	$itemid = (int)array_shift($args);
	46	$record = $DB->get_record('assign_grades', array('id'=>$itemid), 'userid,assignment', MUST_EXIST);
	47	$userid = $record->userid;
	48
	49
	50	if (!$assign = $DB->get_record('assign', array('id'=>$cm->instance))) {
	51	return false;
	52	}
	53
	54	if ($assign->id != $record->assignment) {
	55	return false;
	56	}
	57
	58
	59	// check is users feedback or has grading permission
	60	if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) {
	61	return false;
	62	}
	63
	64	$relativepath = implode('/', $args);
65
66	$fullpath = "/{$context->id}/assignfeedback_file/$filearea/$itemid/$relativepath";
67
68	$fs = get_file_storage();
69	if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
70	return false;
71	}
72	send_stored_file($file, 0, 0, true); // download MUST be forced - security!
73	}