Home Explore Help
Register Sign In
piratas
/
moodle
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
moodle
/
portfolio
/
add.php

add.php 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268 
  1. <?php
    2. 

  2. // This file is part of Moodle - http://moodle.org/
    3. 

  3. //
    4. 

  4. // Moodle is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // Moodle is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU General Public License
    15. 

  15. // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. /**
    18. 

  18.  * This file is the main controller to do with the portfolio export wizard.
    19. 

  19.  *
    20. 

  20.  * @package core_portfolio
    21. 

  21.  * @copyright 2008 Penny Leach <penny@catalyst.net.nz>,
    22. 

  22.  *            Martin Dougiamas <http://dougiamas.com>
    23. 

  23.  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL
    24. 

  24.  */
    25. 

  25. require_once(__DIR__ . '/../config.php');
    26. 

  26. 

  27. if (empty($CFG->enableportfolios)) {
    28. 

  28.     print_error('disabled', 'portfolio');
    29. 

  29. }
    30. 

  30. 

  31. require_once($CFG->libdir . '/portfoliolib.php');
    32. 

  32. require_once($CFG->libdir . '/portfolio/exporter.php');
    33. 

  33. require_once($CFG->libdir . '/portfolio/caller.php');
    34. 

  34. require_once($CFG->libdir . '/portfolio/plugin.php');
    35. 

  35. 

  36. $dataid = optional_param('id', 0, PARAM_INT); // The ID of partially completed export, corresponds to a record in portfolio_tempdata.
    37. 

  37. $type = optional_param('type', null, PARAM_SAFEDIR); // If we're returning from an external system (postcontrol) for a single-export only plugin.
    38. 

  38. $cancel = optional_param('cancel', 0, PARAM_RAW); // User has cancelled the request.
    39. 

  39. $cancelsure = optional_param('cancelsure', 0, PARAM_BOOL); // Make sure they confirm first.
    40. 

  40. $logreturn = optional_param('logreturn', 0, PARAM_BOOL); // When cancelling, we can also come from the log page, rather than the caller.
    41. 

  41. $instanceid = optional_param('instance', 0, PARAM_INT); // The instance of configured portfolio plugin.
    42. 

  42. $courseid = optional_param('course', 0, PARAM_INT); // The courseid the data being exported belongs to (caller object should provide this later).
    43. 

  43. $stage = optional_param('stage', PORTFOLIO_STAGE_CONFIG, PARAM_INT); // Stage of the export we're at (stored in the exporter).
    44. 

  44. $postcontrol = optional_param('postcontrol', 0, PARAM_INT); // When returning from some bounce to an external system, this gets passed.
    45. 

  45. $callbackcomponent = optional_param('callbackcomponent', null, PARAM_PATH); // Callback component eg mod_forum - the component of the exporting content.
    46. 

  46. $callbackclass = optional_param('callbackclass', null, PARAM_ALPHAEXT); // Callback class eg forum_portfolio_caller - the class to handle the exporting content.
    47. 

  47. $callerformats = optional_param('callerformats', null, PARAM_TAGLIST); // Comma separated list of formats the specific place exporting content supports.
    48. 

  48. 

  49. require_login();  // this is selectively called again with $course later when we know for sure which one we're in.
    50. 

  50. $PAGE->set_context(context_system::instance());
    51. 

  51. $PAGE->set_url('/portfolio/add.php', array('id' => $dataid, 'sesskey' => sesskey()));
    52. 

  52. $PAGE->set_pagelayout('admin');
    53. 

  53. $exporter = null;
    54. 

  54. 

  55. if ($postcontrol && $type && !$dataid) {
    56. 

  56.     // we're returning from an external system that can't construct dynamic return urls
    57. 

  57.     // this is a special "one export of this type only per session" case
    58. 

  58.     if (portfolio_static_function($type, 'allows_multiple_exports')) {
    59. 

  59.         throw new portfolio_exception('multiplesingleresume', 'portfolio');
    60. 

  60.     }
    61. 

  61. 

  62.     if (!$dataid = portfolio_export_type_to_id($type, $USER->id)) {
    63. 

  63.         throw new portfolio_exception('invalidtempid', 'portfolio');
    64. 

  64.     }
    65. 

  65. } else {
    66. 

  66.     // we can't do this in the above case, because we're redirecting straight back from an external system
    67. 

  67.     // this is not really ideal, but since we're in a "staged" wizard, the session key is checked in other stages.
    68. 

  68.     require_sesskey(); // pretty much everything in this page is a write that could be hijacked, so just do this at the top here
    69. 

  69. }
    70. 

  70. 

  71. // if we have a dataid, it means we're in the middle of an export,
    72. 

  72. // so rewaken it and continue.
    73. 

  73. if (!empty($dataid)) {
    74. 

  74.     try {
    75. 

  75.         $exporter = portfolio_exporter::rewaken_object($dataid);
    76. 

  76.     } catch (portfolio_exception $e) {
    77. 

  77.         // this can happen in some cases, a cancel request is sent when something is already broken
    78. 

  78.         // so process it elegantly and move on.
    79. 

  79.         if ($cancel) {
    80. 

  80.             if ($logreturn) {
    81. 

  81.                 redirect($CFG->wwwroot . '/user/portfoliologs.php');
    82. 

  82.             }
    83. 

  83.             redirect($CFG->wwwroot);
    84. 

  84.         } else {
    85. 

  85.             throw $e;
    86. 

  86.         }
    87. 

  87.     }
    88. 

  88.     // we have to wake it up first before we can cancel it
    89. 

  89.     // so temporary directories etc get cleaned up.
    90. 

  90.     if ($cancel) {
    91. 

  91.         if ($cancelsure) {
    92. 

  92.             $exporter->cancel_request($logreturn);
    93. 

  93.         } else {
    94. 

  94.             portfolio_export_pagesetup($PAGE, $exporter->get('caller'));
    95. 

  95.             $exporter->print_header(get_string('confirmcancel', 'portfolio'));
    96. 

  96.             echo $OUTPUT->box_start();
    97. 

  97.             $yesbutton = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid, 'cancel' => 1, 'cancelsure' => 1, 'logreturn' => $logreturn)), get_string('yes'));
    98. 

  98.             if ($logreturn) {
    99. 

  99.                 $nobutton  = new single_button(new moodle_url('/user/portfoliologs.php'), get_string('no'));
    100. 

  100.             } else {
    101. 

  101.                 $nobutton  = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid)), get_string('no'));
    102. 

  102.             }
    103. 

  103.             echo $OUTPUT->confirm(get_string('confirmcancel', 'portfolio'), $yesbutton, $nobutton);
    104. 

  104.             echo $OUTPUT->box_end();
    105. 

  105.             echo $OUTPUT->footer();
    106. 

  106.             exit;
    107. 

  107.         }
    108. 

  108.     }
    109. 

  109.     // verify we still belong to the correct user and permissions are still ok
    110. 

  110.     $exporter->verify_rewaken();
    111. 

  111.     // if we don't have an instanceid in the exporter
    112. 

  112.     // it means we've just posted from the 'choose portfolio instance' page
    113. 

  113.     // so process that and start up the portfolio plugin
    114. 

  114.     if (!$exporter->get('instance')) {
    115. 

  115.         if ($instanceid) {
    116. 

  116.             try {
    117. 

  117.                 $instance = portfolio_instance($instanceid);
    118. 

  118.             } catch (portfolio_exception $e) {
    119. 

  119.                 portfolio_export_rethrow_exception($exporter, $e);
    120. 

  120.             }
    121. 

  121.             // this technically shouldn't happen but make sure anyway
    122. 

  122.             if ($broken = portfolio_instance_sanity_check($instance)) {
    123. 

  123.                 throw new portfolio_export_exception($exporter, $broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin'));
    124. 

  124.             }
    125. 

  125.             // now we're all set up, ready to go
    126. 

  126.             $instance->set('user', $USER);
    127. 

  127.             $exporter->set('instance', $instance);
    128. 

  128.             $exporter->save();
    129. 

  129.         }
    130. 

  130.     }
    131. 

  131. 

  132.     portfolio_export_pagesetup($PAGE, $exporter->get('caller')); // this calls require_login($course) if it can..
    133. 

  133. 

  134. // completely new request, look to see what information we've been passed and set up the exporter object.
    135. 

  135. } else {
    136. 

  136.     // you cannot get here with no information for us, we must at least have the caller.
    137. 

  137.     if (empty($_GET) && empty($_POST)) {
    138. 

  138.         portfolio_exporter::print_expired_export();
    139. 

  139.     }
    140. 

  140.     // we'e just posted here for the first time and have might the instance already
    141. 

  141.     if ($instanceid) {
    142. 

  142.         // this can throw exceptions but there's no point catching and rethrowing here
    143. 

  143.         // as the exporter isn't created yet.
    144. 

  144.         $instance = portfolio_instance($instanceid);
    145. 

  145.         if ($broken = portfolio_instance_sanity_check($instance)) {
    146. 

  146.             throw new portfolio_exception($broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin'));
    147. 

  147.         }
    148. 

  148.         $instance->set('user', $USER);
    149. 

  149.     } else {
    150. 

  150.         $instance = null;
    151. 

  151.     }
    152. 

  152. 

  153.     // we must be passed this from the caller, we cannot start a new export
    154. 

  154.     // without knowing information about what part of moodle we come from.
    155. 

  155.     if (empty($callbackcomponent) || empty($callbackclass)) {
    156. 

  156.         debugging('no callback file or class');
    157. 

  157.         portfolio_exporter::print_expired_export();
    158. 

  158.     }
    159. 

  159. 

  160.     // so each place in moodle can pass callback args here
    161. 

  161.     // process the entire request looking for ca_*
    162. 

  162.     // be as lenient as possible while still being secure
    163. 

  163.     // so only accept certain parameter types.
    164. 

  164.     $callbackargs = array();
    165. 

  165.     foreach (array_keys(array_merge($_GET, $_POST)) as $key) {
    166. 

  166.         if (strpos($key, 'ca_') === 0) {
    167. 

  167.             if (!$value =  optional_param($key, false, PARAM_ALPHAEXT)) {
    168. 

  168.                 if (!$value = optional_param($key, false, PARAM_FLOAT)) {
    169. 

  169.                     $value = optional_param($key, false, PARAM_PATH);
    170. 

  170.                 }
    171. 

  171.             }
    172. 

  172.             // strip off ca_ for niceness
    173. 

  173.             $callbackargs[substr($key, 3)] = $value;
    174. 

  174.         }
    175. 

  175.     }
    176. 

  176. 

  177.     // Ensure that we found a file we can use, if not throw an exception.
    178. 

  178.     portfolio_include_callback_file($callbackcomponent, $callbackclass);
    179. 

  179. 

  180.     $caller = new $callbackclass($callbackargs);
    181. 

  181.     $caller->set('user', $USER);
    182. 

  182.     if ($formats = explode(',', $callerformats)) {
    183. 

  183.         $caller->set_formats_from_button($formats);
    184. 

  184.     }
    185. 

  185.     $caller->load_data();
    186. 

  186.     // this must check capabilities and either throw an exception or return false.
    187. 

  187.     if (!$caller->check_permissions()) {
    188. 

  188.         throw new portfolio_caller_exception('nopermissions', 'portfolio', $caller->get_return_url());
    189. 

  189.     }
    190. 

  190. 

  191.     portfolio_export_pagesetup($PAGE, $caller); // this calls require_login($course) if it can..
    192. 

  192. 

  193.     // finally! set up the exporter object with the portfolio instance, and caller information elements
    194. 

  194.     $exporter = new portfolio_exporter($instance, $caller, $callbackcomponent);
    195. 

  195. 

  196.     // set the export-specific variables, and save.
    197. 

  197.     $exporter->set('user', $USER);
    198. 

  198.     $exporter->save();
    199. 

  199. }
    200. 

  200. 

  201. if (!$exporter->get('instance')) {
    202. 

  202.     // we've just arrived but have no instance
    203. 

  203.     // in this case the exporter object and the caller object have been set up above
    204. 

  204.     // so just make a little form to select the portfolio plugin instance,
    205. 

  205.     // which is the last thing to do before starting the export.
    206. 

  206.     //
    207. 

  207.     // first check to make sure there is actually a point
    208. 

  208.     $options = portfolio_instance_select(
    209. 

  209.         portfolio_instances(),
    210. 

  210.         $exporter->get('caller')->supported_formats(),
    211. 

  211.         get_class($exporter->get('caller')),
    212. 

  212.         $exporter->get('caller')->get_mimetype(),
    213. 

  213.         'instance',
    214. 

  214.         true,
    215. 

  215.         true
    216. 

  216.     );
    217. 

  217.     if (empty($options)) {
    218. 

  218.         throw new portfolio_export_exception($exporter, 'noavailableplugins', 'portfolio');
    219. 

  219.     } else if (count($options) == 1) {
    220. 

  220.         // no point displaying a form, just redirect.
    221. 

  221.         $optionskeys = array_keys($options);
    222. 

  222.         $instance = array_shift($optionskeys);
    223. 

  223.         redirect($CFG->wwwroot . '/portfolio/add.php?id= ' . $exporter->get('id') . '&instance=' . $instance . '&sesskey=' . sesskey());
    224. 

  224.     }
    225. 

  225.     // be very selective about not including this unless we really need to
    226. 

  226.     require_once($CFG->libdir . '/portfolio/forms.php');
    227. 

  227.     $mform = new portfolio_instance_select('', array('id' => $exporter->get('id'), 'caller' => $exporter->get('caller'), 'options' => $options));
    228. 

  228.     if ($mform->is_cancelled()) {
    229. 

  229.         $exporter->cancel_request();
    230. 

  230.     } else if ($fromform = $mform->get_data()){
    231. 

  231.         redirect($CFG->wwwroot . '/portfolio/add.php?instance=' . $fromform->instance . '&amp;id=' . $exporter->get('id'));
    232. 

  232.         exit;
    233. 

  233.     }
    234. 

  234.     else {
    235. 

  235.         $exporter->print_header(get_string('selectplugin', 'portfolio'));
    236. 

  236.         echo $OUTPUT->box_start();
    237. 

  237.         $mform->display();
    238. 

  238.         echo $OUTPUT->box_end();
    239. 

  239.         echo $OUTPUT->footer();
    240. 

  240.         exit;
    241. 

  241.     }
    242. 

  242. }
    243. 

  243. 

  244. // if we haven't been passed &stage= grab it from the exporter.
    245. 

  245. if (!$stage) {
    246. 

  246.     $stage = $exporter->get('stage');
    247. 

  247. }
    248. 

  248. 

  249. // for places returning control to pass (rather than PORTFOLIO_STAGE_PACKAGE
    250. 

  250. // which is unstable if they can't get to the constant (eg external system)
    251. 

  251. $alreadystolen = false;
    252. 

  252. if ($postcontrol) { // the magic request variable plugins must pass on returning here
    253. 

  253.     try {
    254. 

  254.         // allow it to read whatever gets sent back in the request
    255. 

  255.         // this is useful for plugins that redirect away and back again
    256. 

  256.         // adding a token to the end of the url, for example box.net
    257. 

  257.         $exporter->instance()->post_control($stage, array_merge($_GET, $_POST));
    258. 

  258.     } catch (portfolio_plugin_exception $e) {
    259. 

  259.         portfolio_export_rethrow_exception($exporter, $e);
    260. 

  260.     }
    261. 

  261.     $alreadystolen = true; // remember this so we don't get caught in a steal control loop!
    262. 

  262. }
    263. 

  263. 

  264. // actually do the work now..
    265. 

  265. $exporter->process_stage($stage, $alreadystolen);
    266. 

  266. 

  267. 

  268.