on-demand release 4.4dev+
[moodle.git] / h5p / ajax.php
blobf02f098e5e1e37075d7c41dcf1ff451d8b535ee5
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * Responsible for handling AJAX requests related to H5P.
20 * @package core_h5p
21 * @copyright 2020 Victor Deniz <victor@moodle.com>, based on code by Joubel AS
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 use core_h5p\factory;
26 use core_h5p\framework;
27 use core_h5p\local\library\autoloader;
28 use Moodle\H5PCore;
29 use Moodle\H5PEditorEndpoints;
31 define('AJAX_SCRIPT', true);
33 require(__DIR__ . '/../config.php');
34 require_once($CFG->libdir . '/filelib.php');
36 if (!confirm_sesskey()) {
37 autoloader::register();
38 H5PCore::ajaxError(get_string('invalidsesskey', 'error'));
39 header('HTTP/1.1 403 Forbidden');
40 return;
42 require_login();
44 $action = required_param('action', PARAM_ALPHA);
46 $factory = new factory();
47 $editor = $factory->get_editor();
49 // Set context to default system context.
50 $PAGE->set_context(null);
52 switch ($action) {
53 // Load list of libraries or details for library.
54 case 'libraries':
55 // Get parameters.
56 $name = optional_param('machineName', '', PARAM_TEXT);
57 $major = optional_param('majorVersion', 0, PARAM_INT);
58 $minor = optional_param('minorVersion', 0, PARAM_INT);
60 // Normalise Moodle language using underscore, as opposed to H5P which uses dash.
61 $language = optional_param('default-language', '', PARAM_RAW);
62 $language = clean_param(str_replace('-', '_', $language), PARAM_LANG);
64 if (!empty($name)) {
65 $editor->ajax->action(H5PEditorEndpoints::SINGLE_LIBRARY, $name,
66 $major, $minor, framework::get_language(), '', '', $language);
67 } else {
68 $editor->ajax->action(H5PEditorEndpoints::LIBRARIES);
71 break;
73 // Load content type cache list to display available libraries in hub.
74 case 'contenttypecache':
75 $editor->ajax->action(H5PEditorEndpoints::CONTENT_TYPE_CACHE);
76 break;
78 // Handle file upload through the editor.
79 // This endpoint needs a token that only users with H5P editor access could get.
80 // TODO: MDL-68907 to check capabilities.
81 case 'files':
82 $token = required_param('token', PARAM_RAW);
83 $contentid = required_param('contentId', PARAM_INT);
85 $maxsize = get_max_upload_file_size($CFG->maxbytes);
86 // Check size of each uploaded file and scan for viruses.
87 foreach ($_FILES as $uploadedfile) {
88 $filename = clean_param($uploadedfile['name'], PARAM_FILE);
89 if ($uploadedfile['size'] > $maxsize) {
90 H5PCore::ajaxError(get_string('maxbytesfile', 'error', ['file' => $filename, 'size' => display_size($maxsize, 0)]));
91 return;
93 \core\antivirus\manager::scan_file($uploadedfile['tmp_name'], $filename, true);
96 $editor->ajax->action(H5PEditorEndpoints::FILES, $token, $contentid);
97 break;
99 // Get the $language libraries translations.
100 case 'translations':
101 $language = required_param('language', PARAM_RAW);
102 $editor->ajax->action(H5PEditorEndpoints::TRANSLATIONS, $language);
103 break;
105 // Handle filtering of parameters through AJAX.
106 case 'filter':
107 $token = required_param('token', PARAM_RAW);
108 $libraryparameters = required_param('libraryParameters', PARAM_RAW);
110 $editor->ajax->action(H5PEditorEndpoints::FILTER, $token, $libraryparameters);
111 break;
113 // Throw error if AJAX action is not handled.
114 default:
115 throw new coding_exception('Unhandled AJAX');
116 break;