search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
weekly release 2.9.3+
[moodle.git] / course / rest.php
blob675f3671e961a4eb49c728bdb1ef50c9458f1d00
1 <?php
2
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18 /**
19 * Provide interface for topics AJAX course formats
20 *
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package course
24 */
25
26 if (!defined('AJAX_SCRIPT')) {
27 define('AJAX_SCRIPT', true);
28 }
29 require_once(dirname(__FILE__) . '/../config.php');
30 require_once($CFG->dirroot.'/course/lib.php');
31
32 // Initialise ALL the incoming parameters here, up front.
33 $courseid = required_param('courseId', PARAM_INT);
34 $class = required_param('class', PARAM_ALPHA);
35 $field = optional_param('field', '', PARAM_ALPHA);
36 $instanceid = optional_param('instanceId', 0, PARAM_INT);
37 $sectionid = optional_param('sectionId', 0, PARAM_INT);
38 $beforeid = optional_param('beforeId', 0, PARAM_INT);
39 $value = optional_param('value', 0, PARAM_INT);
40 $column = optional_param('column', 0, PARAM_ALPHA);
41 $id = optional_param('id', 0, PARAM_INT);
42 $summary = optional_param('summary', '', PARAM_RAW);
43 $sequence = optional_param('sequence', '', PARAM_SEQUENCE);
44 $visible = optional_param('visible', 0, PARAM_INT);
45 $pageaction = optional_param('action', '', PARAM_ALPHA); // Used to simulate a DELETE command
46 $title = optional_param('title', '', PARAM_TEXT);
47
48 $PAGE->set_url('/course/rest.php', array('courseId'=>$courseid,'class'=>$class));
49
50 //NOTE: when making any changes here please make sure it is using the same access control as course/mod.php !!
51
52 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
53 // Check user is logged in and set contexts if we are dealing with resource
54 if (in_array($class, array('resource'))) {
55 $cm = get_coursemodule_from_id(null, $id, $course->id, false, MUST_EXIST);
56 require_login($course, false, $cm);
57 $modcontext = context_module::instance($cm->id);
58 } else {
59 require_login($course);
60 }
61 $coursecontext = context_course::instance($course->id);
62 require_sesskey();
63
64 echo $OUTPUT->header(); // send headers
65
66 // OK, now let's process the parameters and do stuff
67 // MDL-10221 the DELETE method is not allowed on some web servers, so we simulate it with the action URL param
68 $requestmethod = $_SERVER['REQUEST_METHOD'];
69 if ($pageaction == 'DELETE') {
70 $requestmethod = 'DELETE';
71 }
72
73 switch($requestmethod) {
74 case 'POST':
75
76 switch ($class) {
77 case 'section':
78
79 if (!$DB->record_exists('course_sections', array('course'=>$course->id, 'section'=>$id))) {
80 throw new moodle_exception('AJAX commands.php: Bad Section ID '.$id);
81 }
82
83 switch ($field) {
84 case 'visible':
85 require_capability('moodle/course:sectionvisibility', $coursecontext);
86 $resourcestotoggle = set_section_visible($course->id, $id, $value);
87 echo json_encode(array('resourcestotoggle' => $resourcestotoggle));
88 break;
89
90 case 'move':
91 require_capability('moodle/course:movesections', $coursecontext);
92 move_section_to($course, $id, $value);
93 // See if format wants to do something about it
94 $response = course_get_format($course)->ajax_section_move();
95 if ($response !== null) {
96 echo json_encode($response);
97 }
98 break;
99 }
100 break;
101
102 case 'resource':
103 switch ($field) {
104 case 'visible':
105 require_capability('moodle/course:activityvisibility', $modcontext);
106 set_coursemodule_visible($cm->id, $value);
107 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
108 break;
109
110 case 'duplicate':
111 require_capability('moodle/course:manageactivities', $coursecontext);
112 require_capability('moodle/backup:backuptargetimport', $coursecontext);
113 require_capability('moodle/restore:restoretargetimport', $coursecontext);
114 if (!course_allowed_module($course, $cm->modname)) {
115 throw new moodle_exception('No permission to create that activity');
116 }
117 $sr = optional_param('sr', null, PARAM_INT);
118 $result = mod_duplicate_activity($course, $cm, $sr);
119 echo json_encode($result);
120 break;
121
122 case 'groupmode':
123 require_capability('moodle/course:manageactivities', $modcontext);
124 set_coursemodule_groupmode($cm->id, $value);
125 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
126 break;
127
128 case 'indent':
129 require_capability('moodle/course:manageactivities', $modcontext);
130 $cm->indent = $value;
131 if ($cm->indent >= 0) {
132 $DB->update_record('course_modules', $cm);
133 rebuild_course_cache($cm->course);
134 }
135 break;
136
137 case 'move':
138 require_capability('moodle/course:manageactivities', $modcontext);
139 if (!$section = $DB->get_record('course_sections', array('course'=>$course->id, 'section'=>$sectionid))) {
140 throw new moodle_exception('AJAX commands.php: Bad section ID '.$sectionid);
141 }
142
143 if ($beforeid > 0){
144 $beforemod = get_coursemodule_from_id('', $beforeid, $course->id);
145 $beforemod = $DB->get_record('course_modules', array('id'=>$beforeid));
146 } else {
147 $beforemod = NULL;
148 }
149
150 $isvisible = moveto_module($cm, $section, $beforemod);
151 echo json_encode(array('visible' => (bool) $isvisible));
152 break;
153 case 'gettitle':
154 require_capability('moodle/course:manageactivities', $modcontext);
155 $cm = get_coursemodule_from_id('', $id, 0, false, MUST_EXIST);
156 $module = new stdClass();
157 $module->id = $cm->instance;
158
159 // Don't pass edit strings through multilang filters - we need the entire string
160 echo json_encode(array('instancename' => $cm->name));
161 break;
162 case 'updatetitle':
163 require_capability('moodle/course:manageactivities', $modcontext);
164 require_once($CFG->libdir . '/gradelib.php');
165 $cm = get_coursemodule_from_id('', $id, 0, false, MUST_EXIST);
166 $module = new stdClass();
167 $module->id = $cm->instance;
168
169 // Escape strings as they would be by mform
170 if (!empty($CFG->formatstringstriptags)) {
171 $module->name = clean_param($title, PARAM_TEXT);
172 } else {
173 $module->name = clean_param($title, PARAM_CLEANHTML);
174 }
175
176 if (strval($module->name) !== '') {
177 $DB->update_record($cm->modname, $module);
178 $cm->name = $module->name;
179 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
180 rebuild_course_cache($cm->course);
181 } else {
182 $module->name = $cm->name;
183 }
184
185 // Attempt to update the grade item if relevant
186 $grademodule = $DB->get_record($cm->modname, array('id' => $cm->instance));
187 $grademodule->cmidnumber = $cm->idnumber;
188 $grademodule->modname = $cm->modname;
189 grade_update_mod_grades($grademodule);
190
191 // We need to return strings after they've been through filters for multilang
192 $stringoptions = new stdClass;
193 $stringoptions->context = $coursecontext;
194 echo json_encode(array('instancename' => html_entity_decode(format_string($module->name, true, $stringoptions))));
195 break;
196 }
197 break;
198
199 case 'course':
200 switch($field) {
201 case 'marker':
202 require_capability('moodle/course:setcurrentsection', $coursecontext);
203 course_set_marker($course->id, $value);
204 break;
205 }
206 break;
207 }
208 break;
209
210 case 'DELETE':
211 switch ($class) {
212 case 'resource':
213 require_capability('moodle/course:manageactivities', $modcontext);
214 course_delete_module($cm->id);
215 break;
216 }
217 break;
218 }
Read-only mirror of the Moodle CVS