NOBUG: Fixed file access permissions
[moodle.git] / course / mod.php
blob54f6f9cb5a2937a6220c1ac668c629d7541cda2c
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 /**
19 * Moves, adds, updates, duplicates or deletes modules in a course
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package course
26 require("../config.php");
27 require_once("lib.php");
29 $sectionreturn = optional_param('sr', null, PARAM_INT);
30 $add = optional_param('add', '', PARAM_ALPHA);
31 $type = optional_param('type', '', PARAM_ALPHA);
32 $indent = optional_param('indent', 0, PARAM_INT);
33 $update = optional_param('update', 0, PARAM_INT);
34 $duplicate = optional_param('duplicate', 0, PARAM_INT);
35 $hide = optional_param('hide', 0, PARAM_INT);
36 $stealth = optional_param('stealth', 0, PARAM_INT);
37 $show = optional_param('show', 0, PARAM_INT);
38 $copy = optional_param('copy', 0, PARAM_INT);
39 $moveto = optional_param('moveto', 0, PARAM_INT);
40 $movetosection = optional_param('movetosection', 0, PARAM_INT);
41 $delete = optional_param('delete', 0, PARAM_INT);
42 $course = optional_param('course', 0, PARAM_INT);
43 $groupmode = optional_param('groupmode', -1, PARAM_INT);
44 $cancelcopy = optional_param('cancelcopy', 0, PARAM_BOOL);
45 $confirm = optional_param('confirm', 0, PARAM_BOOL);
47 // This page should always redirect
48 $url = new moodle_url('/course/mod.php');
49 foreach (compact('indent','update','hide','show','copy','moveto','movetosection','delete','course','cancelcopy','confirm') as $key=>$value) {
50 if ($value !== 0) {
51 $url->param($key, $value);
54 $url->param('sr', $sectionreturn);
55 if ($add !== '') {
56 $url->param('add', $add);
58 if ($type !== '') {
59 $url->param('type', $type);
61 if ($groupmode !== '') {
62 $url->param('groupmode', $groupmode);
64 $PAGE->set_url($url);
66 require_login();
68 //check if we are adding / editing a module that has new forms using formslib
69 if (!empty($add)) {
70 $id = required_param('id', PARAM_INT);
71 $section = required_param('section', PARAM_INT);
72 $type = optional_param('type', '', PARAM_ALPHA);
73 $returntomod = optional_param('return', 0, PARAM_BOOL);
75 redirect("$CFG->wwwroot/course/modedit.php?add=$add&type=$type&course=$id&section=$section&return=$returntomod&sr=$sectionreturn");
77 } else if (!empty($update)) {
78 $cm = get_coursemodule_from_id('', $update, 0, true, MUST_EXIST);
79 $returntomod = optional_param('return', 0, PARAM_BOOL);
80 redirect("$CFG->wwwroot/course/modedit.php?update=$update&return=$returntomod&sr=$sectionreturn");
82 } else if (!empty($duplicate) and confirm_sesskey()) {
83 $cm = get_coursemodule_from_id('', $duplicate, 0, true, MUST_EXIST);
84 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
86 require_login($course, false, $cm);
87 $modcontext = context_module::instance($cm->id);
88 require_capability('moodle/course:manageactivities', $modcontext);
90 // Duplicate the module.
91 $newcm = duplicate_module($course, $cm);
92 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
94 } else if (!empty($delete)) {
95 $cm = get_coursemodule_from_id('', $delete, 0, true, MUST_EXIST);
96 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
98 require_login($course, false, $cm);
99 $modcontext = context_module::instance($cm->id);
100 require_capability('moodle/course:manageactivities', $modcontext);
102 $return = course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn));
104 if (!$confirm or !confirm_sesskey()) {
105 $fullmodulename = get_string('modulename', $cm->modname);
107 $optionsyes = array('confirm'=>1, 'delete'=>$cm->id, 'sesskey'=>sesskey(), 'sr' => $sectionreturn);
109 $strdeletecheck = get_string('deletecheck', '', $fullmodulename);
110 $strparams = (object)array('type' => $fullmodulename, 'name' => $cm->name);
111 $strdeletechecktypename = get_string('deletechecktypename', '', $strparams);
113 $PAGE->set_pagetype('mod-' . $cm->modname . '-delete');
114 $PAGE->set_title($strdeletecheck);
115 $PAGE->set_heading($course->fullname);
116 $PAGE->navbar->add($strdeletecheck);
118 echo $OUTPUT->header();
119 echo $OUTPUT->box_start('noticebox');
120 $formcontinue = new single_button(new moodle_url("$CFG->wwwroot/course/mod.php", $optionsyes), get_string('yes'));
121 $formcancel = new single_button($return, get_string('no'), 'get');
122 echo $OUTPUT->confirm($strdeletechecktypename, $formcontinue, $formcancel);
123 echo $OUTPUT->box_end();
124 echo $OUTPUT->footer();
126 exit;
129 // Delete the module.
130 course_delete_module($cm->id);
132 redirect($return);
136 if ((!empty($movetosection) or !empty($moveto)) and confirm_sesskey()) {
137 $cm = get_coursemodule_from_id('', $USER->activitycopy, 0, true, MUST_EXIST);
138 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
140 require_login($course, false, $cm);
141 $coursecontext = context_course::instance($course->id);
142 $modcontext = context_module::instance($cm->id);
143 require_capability('moodle/course:manageactivities', $modcontext);
145 if (!empty($movetosection)) {
146 if (!$section = $DB->get_record('course_sections', array('id'=>$movetosection, 'course'=>$cm->course))) {
147 print_error('sectionnotexist');
149 $beforecm = NULL;
151 } else { // normal moveto
152 if (!$beforecm = get_coursemodule_from_id('', $moveto, $cm->course, true)) {
153 print_error('invalidcoursemodule');
155 if (!$section = $DB->get_record('course_sections', array('id'=>$beforecm->section, 'course'=>$cm->course))) {
156 print_error('sectionnotexist');
160 if (!ismoving($section->course)) {
161 print_error('needcopy', '', "view.php?id=$section->course");
164 moveto_module($cm, $section, $beforecm);
166 $sectionreturn = $USER->activitycopysectionreturn;
167 unset($USER->activitycopy);
168 unset($USER->activitycopycourse);
169 unset($USER->activitycopyname);
170 unset($USER->activitycopysectionreturn);
172 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
174 } else if (!empty($indent) and confirm_sesskey()) {
175 $id = required_param('id', PARAM_INT);
177 $cm = get_coursemodule_from_id('', $id, 0, true, MUST_EXIST);
178 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
180 require_login($course, false, $cm);
181 $coursecontext = context_course::instance($course->id);
182 $modcontext = context_module::instance($cm->id);
183 require_capability('moodle/course:manageactivities', $modcontext);
185 $cm->indent += $indent;
187 if ($cm->indent < 0) {
188 $cm->indent = 0;
191 $DB->set_field('course_modules', 'indent', $cm->indent, array('id'=>$cm->id));
193 rebuild_course_cache($cm->course);
195 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
197 } else if (!empty($hide) and confirm_sesskey()) {
198 $cm = get_coursemodule_from_id('', $hide, 0, true, MUST_EXIST);
199 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
201 require_login($course, false, $cm);
202 $coursecontext = context_course::instance($course->id);
203 $modcontext = context_module::instance($cm->id);
204 require_capability('moodle/course:activityvisibility', $modcontext);
206 if (set_coursemodule_visible($cm->id, 0)) {
207 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
209 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
211 } else if (!empty($stealth) and confirm_sesskey()) {
212 list($course, $cm) = get_course_and_cm_from_cmid($stealth);
213 require_login($course, false, $cm);
214 require_capability('moodle/course:activityvisibility', $cm->context);
216 if (set_coursemodule_visible($cm->id, 1, 0)) {
217 \core\event\course_module_updated::create_from_cm($cm)->trigger();
219 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
221 } else if (!empty($show) and confirm_sesskey()) {
222 list($course, $cm) = get_course_and_cm_from_cmid($show);
223 require_login($course, false, $cm);
224 require_capability('moodle/course:activityvisibility', $cm->context);
225 $section = $cm->get_section_info();
227 if (set_coursemodule_visible($cm->id, 1)) {
228 \core\event\course_module_updated::create_from_cm($cm)->trigger();
230 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
232 } else if ($groupmode > -1 and confirm_sesskey()) {
233 $id = required_param('id', PARAM_INT);
235 $cm = get_coursemodule_from_id('', $id, 0, true, MUST_EXIST);
236 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
238 require_login($course, false, $cm);
239 $coursecontext = context_course::instance($course->id);
240 $modcontext = context_module::instance($cm->id);
241 require_capability('moodle/course:manageactivities', $modcontext);
243 set_coursemodule_groupmode($cm->id, $groupmode);
244 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
245 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
247 } else if (!empty($copy) and confirm_sesskey()) { // value = course module
248 $cm = get_coursemodule_from_id('', $copy, 0, true, MUST_EXIST);
249 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
251 require_login($course, false, $cm);
252 $coursecontext = context_course::instance($course->id);
253 $modcontext = context_module::instance($cm->id);
254 require_capability('moodle/course:manageactivities', $modcontext);
256 $section = $DB->get_record('course_sections', array('id'=>$cm->section), '*', MUST_EXIST);
258 $USER->activitycopy = $copy;
259 $USER->activitycopycourse = $cm->course;
260 $USER->activitycopyname = $cm->name;
261 $USER->activitycopysectionreturn = $sectionreturn;
263 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
265 } else if (!empty($cancelcopy) and confirm_sesskey()) { // value = course module
267 $courseid = $USER->activitycopycourse;
268 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
270 $cm = get_coursemodule_from_id('', $USER->activitycopy, 0, true, IGNORE_MISSING);
271 $sectionreturn = $USER->activitycopysectionreturn;
272 unset($USER->activitycopy);
273 unset($USER->activitycopycourse);
274 unset($USER->activitycopyname);
275 unset($USER->activitycopysectionreturn);
276 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
277 } else {
278 print_error('unknowaction');