MDL-42131 editpdf: Add missing require_login() to entry pages
[moodle.git] / mod / assign / feedback / editpdf / ajax.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Process ajax requests
19  *
20  * @package assignfeedback_editpdf
21  * @copyright  2012 Davo Smith
22  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23  */
25 use \assignfeedback_editpdf\document_services;
26 use \assignfeedback_editpdf\page_editor;
27 use \assignfeedback_editpdf\comments_quick_list;
29 define('AJAX_SCRIPT', true);
31 require('../../../../config.php');
32 require_once($CFG->dirroot . '/mod/assign/locallib.php');
34 require_sesskey();
36 $action = optional_param('action', '', PARAM_ALPHANUM);
37 $assignmentid = required_param('assignmentid', PARAM_INT);
38 $userid = required_param('userid', PARAM_INT);
39 $attemptnumber = required_param('attemptnumber', PARAM_INT);
41 $cm = \get_coursemodule_from_instance('assign', $assignmentid, 0, false, MUST_EXIST);
42 $context = \context_module::instance($cm->id);
44 $assignment = new \assign($context, null, null);
46 require_login($assignment->get_course(), false, $cm);
48 if (!$assignment->can_view_submission($userid)) {
49     print_error('nopermission');
50 }
52 if ($action == 'loadallpages') {
53     $draft = true;
54     if (!has_capability('mod/assign:grade', $context)) {
55         $draft = false;
56         require_capability('mod/assign:submit', $context);
57     }
59     $pages = document_services::get_page_images_for_attempt($assignment,
60                                                             $userid,
61                                                             $attemptnumber);
63     $response = new stdClass();
64     $response->pagecount = count($pages);
65     $response->pages = array();
67     $grade = $assignment->get_user_grade($userid, true);
69     foreach ($pages as $id => $pagefile) {
70         $index = count($response->pages);
71         $page = new stdClass();
72         $comments = page_editor::get_comments($grade->id, $index, $draft);
73         $page->url = moodle_url::make_pluginfile_url($context->id,
74                                                      'assignfeedback_editpdf',
75                                                      document_services::PAGE_IMAGE_FILEAREA,
76                                                      $grade->id,
77                                                      '/',
78                                                      $pagefile->get_filename())->out();
79         $page->comments = $comments;
80         $annotations = page_editor::get_annotations($grade->id, $index, $draft);
81         $page->annotations = $annotations;
82         array_push($response->pages, $page);
83     }
85     echo json_encode($response);
86     die();
87 } else if ($action == 'savepage') {
88     require_capability('mod/assign:grade', $context);
90     $response = new stdClass();
91     $response->errors = array();
93     $grade = $assignment->get_user_grade($userid, true);
95     $pagejson = required_param('page', PARAM_RAW);
96     $page = json_decode($pagejson);
97     $index = required_param('index', PARAM_INT);
99     $added = page_editor::set_comments($grade->id, $index, $page->comments);
100     if ($added != count($page->comments)) {
101         array_push($response->errors, get_string('couldnotsavepage', 'assignfeedback_editpdf', $index+1));
102     }
103     $added = page_editor::set_annotations($grade->id, $index, $page->annotations);
104     if ($added != count($page->annotations)) {
105         array_push($response->errors, get_string('couldnotsavepage', 'assignfeedback_editpdf', $index+1));
106     }
107     echo json_encode($response);
108     die();
110 } else if ($action == 'generatepdf') {
112     require_capability('mod/assign:grade', $context);
113     $response = new stdClass();
114     $grade = $assignment->get_user_grade($userid, true);
115     $file = document_services::generate_feedback_document($assignment, $userid, $attemptnumber);
117     $response->url = '';
118     if ($file) {
119         $url = moodle_url::make_pluginfile_url($assignment->get_context()->id,
120                                                'assignfeedback_editpdf',
121                                                document_services::FINAL_PDF_FILEAREA,
122                                                $grade->id,
123                                                '/',
124                                                $file->get_filename(),
125                                                false);
126         $response->url = $url->out(true);
127         $response->filename = $file->get_filename();
128     }
130     echo json_encode($response);
131     die();
132 } else if ($action == 'loadquicklist') {
133     require_capability('mod/assign:grade', $context);
135     $result = comments_quick_list::get_comments();
137     echo json_encode($result);
138     die();
140 } else if ($action == 'addtoquicklist') {
141     require_capability('mod/assign:grade', $context);
143     $comment = required_param('commenttext', PARAM_RAW);
144     $width = required_param('width', PARAM_INT);
145     $colour = required_param('colour', PARAM_ALPHA);
147     $result = comments_quick_list::add_comment($comment, $width, $colour);
149     echo json_encode($result);
150     die();
151 } else if ($action == 'revertchanges') {
152     require_capability('mod/assign:grade', $context);
154     $grade = $assignment->get_user_grade($userid, true);
156     $result = page_editor::revert_drafts($gradeid);
158     echo json_encode($result);
159     die();
160 } else if ($action == 'removefromquicklist') {
161     require_capability('mod/assign:grade', $context);
163     $commentid = required_param('commentid', PARAM_INT);
165     $result = comments_quick_list::remove_comment($commentid);
167     echo json_encode($result);
168     die();
169 } else if ($action == 'deletefeedbackdocument') {
170     require_capability('mod/assign:grade', $context);
172     $grade = $assignment->get_user_grade($userid, true);
173     $result = document_services::delete_feedback_document($assignment, $userid, $attemptnumber);
175     $result = $result && page_editor::unrelease_drafts($grade->id);
176     echo json_encode($result);
177     die();