123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268 |
- <?php
- // This file is part of Moodle - http://moodle.org/
- //
- // Moodle is free software: you can redistribute it and/or modify
- // it under the terms of the GNU General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
- // (at your option) any later version.
- //
- // Moodle is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY; without even the implied warranty of
- // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- // GNU General Public License for more details.
- //
- // You should have received a copy of the GNU General Public License
- // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
- /**
- * This file is the main controller to do with the portfolio export wizard.
- *
- * @package core_portfolio
- * @copyright 2008 Penny Leach <penny@catalyst.net.nz>,
- * Martin Dougiamas <http://dougiamas.com>
- * @license http://www.gnu.org/copyleft/gpl.html GNU GPL
- */
- require_once(__DIR__ . '/../config.php');
- if (empty($CFG->enableportfolios)) {
- print_error('disabled', 'portfolio');
- }
- require_once($CFG->libdir . '/portfoliolib.php');
- require_once($CFG->libdir . '/portfolio/exporter.php');
- require_once($CFG->libdir . '/portfolio/caller.php');
- require_once($CFG->libdir . '/portfolio/plugin.php');
- $dataid = optional_param('id', 0, PARAM_INT); // The ID of partially completed export, corresponds to a record in portfolio_tempdata.
- $type = optional_param('type', null, PARAM_SAFEDIR); // If we're returning from an external system (postcontrol) for a single-export only plugin.
- $cancel = optional_param('cancel', 0, PARAM_RAW); // User has cancelled the request.
- $cancelsure = optional_param('cancelsure', 0, PARAM_BOOL); // Make sure they confirm first.
- $logreturn = optional_param('logreturn', 0, PARAM_BOOL); // When cancelling, we can also come from the log page, rather than the caller.
- $instanceid = optional_param('instance', 0, PARAM_INT); // The instance of configured portfolio plugin.
- $courseid = optional_param('course', 0, PARAM_INT); // The courseid the data being exported belongs to (caller object should provide this later).
- $stage = optional_param('stage', PORTFOLIO_STAGE_CONFIG, PARAM_INT); // Stage of the export we're at (stored in the exporter).
- $postcontrol = optional_param('postcontrol', 0, PARAM_INT); // When returning from some bounce to an external system, this gets passed.
- $callbackcomponent = optional_param('callbackcomponent', null, PARAM_PATH); // Callback component eg mod_forum - the component of the exporting content.
- $callbackclass = optional_param('callbackclass', null, PARAM_ALPHAEXT); // Callback class eg forum_portfolio_caller - the class to handle the exporting content.
- $callerformats = optional_param('callerformats', null, PARAM_TAGLIST); // Comma separated list of formats the specific place exporting content supports.
- require_login(); // this is selectively called again with $course later when we know for sure which one we're in.
- $PAGE->set_context(context_system::instance());
- $PAGE->set_url('/portfolio/add.php', array('id' => $dataid, 'sesskey' => sesskey()));
- $PAGE->set_pagelayout('admin');
- $exporter = null;
- if ($postcontrol && $type && !$dataid) {
- // we're returning from an external system that can't construct dynamic return urls
- // this is a special "one export of this type only per session" case
- if (portfolio_static_function($type, 'allows_multiple_exports')) {
- throw new portfolio_exception('multiplesingleresume', 'portfolio');
- }
- if (!$dataid = portfolio_export_type_to_id($type, $USER->id)) {
- throw new portfolio_exception('invalidtempid', 'portfolio');
- }
- } else {
- // we can't do this in the above case, because we're redirecting straight back from an external system
- // this is not really ideal, but since we're in a "staged" wizard, the session key is checked in other stages.
- require_sesskey(); // pretty much everything in this page is a write that could be hijacked, so just do this at the top here
- }
- // if we have a dataid, it means we're in the middle of an export,
- // so rewaken it and continue.
- if (!empty($dataid)) {
- try {
- $exporter = portfolio_exporter::rewaken_object($dataid);
- } catch (portfolio_exception $e) {
- // this can happen in some cases, a cancel request is sent when something is already broken
- // so process it elegantly and move on.
- if ($cancel) {
- if ($logreturn) {
- redirect($CFG->wwwroot . '/user/portfoliologs.php');
- }
- redirect($CFG->wwwroot);
- } else {
- throw $e;
- }
- }
- // we have to wake it up first before we can cancel it
- // so temporary directories etc get cleaned up.
- if ($cancel) {
- if ($cancelsure) {
- $exporter->cancel_request($logreturn);
- } else {
- portfolio_export_pagesetup($PAGE, $exporter->get('caller'));
- $exporter->print_header(get_string('confirmcancel', 'portfolio'));
- echo $OUTPUT->box_start();
- $yesbutton = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid, 'cancel' => 1, 'cancelsure' => 1, 'logreturn' => $logreturn)), get_string('yes'));
- if ($logreturn) {
- $nobutton = new single_button(new moodle_url('/user/portfoliologs.php'), get_string('no'));
- } else {
- $nobutton = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid)), get_string('no'));
- }
- echo $OUTPUT->confirm(get_string('confirmcancel', 'portfolio'), $yesbutton, $nobutton);
- echo $OUTPUT->box_end();
- echo $OUTPUT->footer();
- exit;
- }
- }
- // verify we still belong to the correct user and permissions are still ok
- $exporter->verify_rewaken();
- // if we don't have an instanceid in the exporter
- // it means we've just posted from the 'choose portfolio instance' page
- // so process that and start up the portfolio plugin
- if (!$exporter->get('instance')) {
- if ($instanceid) {
- try {
- $instance = portfolio_instance($instanceid);
- } catch (portfolio_exception $e) {
- portfolio_export_rethrow_exception($exporter, $e);
- }
- // this technically shouldn't happen but make sure anyway
- if ($broken = portfolio_instance_sanity_check($instance)) {
- throw new portfolio_export_exception($exporter, $broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin'));
- }
- // now we're all set up, ready to go
- $instance->set('user', $USER);
- $exporter->set('instance', $instance);
- $exporter->save();
- }
- }
- portfolio_export_pagesetup($PAGE, $exporter->get('caller')); // this calls require_login($course) if it can..
- // completely new request, look to see what information we've been passed and set up the exporter object.
- } else {
- // you cannot get here with no information for us, we must at least have the caller.
- if (empty($_GET) && empty($_POST)) {
- portfolio_exporter::print_expired_export();
- }
- // we'e just posted here for the first time and have might the instance already
- if ($instanceid) {
- // this can throw exceptions but there's no point catching and rethrowing here
- // as the exporter isn't created yet.
- $instance = portfolio_instance($instanceid);
- if ($broken = portfolio_instance_sanity_check($instance)) {
- throw new portfolio_exception($broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin'));
- }
- $instance->set('user', $USER);
- } else {
- $instance = null;
- }
- // we must be passed this from the caller, we cannot start a new export
- // without knowing information about what part of moodle we come from.
- if (empty($callbackcomponent) || empty($callbackclass)) {
- debugging('no callback file or class');
- portfolio_exporter::print_expired_export();
- }
- // so each place in moodle can pass callback args here
- // process the entire request looking for ca_*
- // be as lenient as possible while still being secure
- // so only accept certain parameter types.
- $callbackargs = array();
- foreach (array_keys(array_merge($_GET, $_POST)) as $key) {
- if (strpos($key, 'ca_') === 0) {
- if (!$value = optional_param($key, false, PARAM_ALPHAEXT)) {
- if (!$value = optional_param($key, false, PARAM_FLOAT)) {
- $value = optional_param($key, false, PARAM_PATH);
- }
- }
- // strip off ca_ for niceness
- $callbackargs[substr($key, 3)] = $value;
- }
- }
- // Ensure that we found a file we can use, if not throw an exception.
- portfolio_include_callback_file($callbackcomponent, $callbackclass);
- $caller = new $callbackclass($callbackargs);
- $caller->set('user', $USER);
- if ($formats = explode(',', $callerformats)) {
- $caller->set_formats_from_button($formats);
- }
- $caller->load_data();
- // this must check capabilities and either throw an exception or return false.
- if (!$caller->check_permissions()) {
- throw new portfolio_caller_exception('nopermissions', 'portfolio', $caller->get_return_url());
- }
- portfolio_export_pagesetup($PAGE, $caller); // this calls require_login($course) if it can..
- // finally! set up the exporter object with the portfolio instance, and caller information elements
- $exporter = new portfolio_exporter($instance, $caller, $callbackcomponent);
- // set the export-specific variables, and save.
- $exporter->set('user', $USER);
- $exporter->save();
- }
- if (!$exporter->get('instance')) {
- // we've just arrived but have no instance
- // in this case the exporter object and the caller object have been set up above
- // so just make a little form to select the portfolio plugin instance,
- // which is the last thing to do before starting the export.
- //
- // first check to make sure there is actually a point
- $options = portfolio_instance_select(
- portfolio_instances(),
- $exporter->get('caller')->supported_formats(),
- get_class($exporter->get('caller')),
- $exporter->get('caller')->get_mimetype(),
- 'instance',
- true,
- true
- );
- if (empty($options)) {
- throw new portfolio_export_exception($exporter, 'noavailableplugins', 'portfolio');
- } else if (count($options) == 1) {
- // no point displaying a form, just redirect.
- $optionskeys = array_keys($options);
- $instance = array_shift($optionskeys);
- redirect($CFG->wwwroot . '/portfolio/add.php?id= ' . $exporter->get('id') . '&instance=' . $instance . '&sesskey=' . sesskey());
- }
- // be very selective about not including this unless we really need to
- require_once($CFG->libdir . '/portfolio/forms.php');
- $mform = new portfolio_instance_select('', array('id' => $exporter->get('id'), 'caller' => $exporter->get('caller'), 'options' => $options));
- if ($mform->is_cancelled()) {
- $exporter->cancel_request();
- } else if ($fromform = $mform->get_data()){
- redirect($CFG->wwwroot . '/portfolio/add.php?instance=' . $fromform->instance . '&id=' . $exporter->get('id'));
- exit;
- }
- else {
- $exporter->print_header(get_string('selectplugin', 'portfolio'));
- echo $OUTPUT->box_start();
- $mform->display();
- echo $OUTPUT->box_end();
- echo $OUTPUT->footer();
- exit;
- }
- }
- // if we haven't been passed &stage= grab it from the exporter.
- if (!$stage) {
- $stage = $exporter->get('stage');
- }
- // for places returning control to pass (rather than PORTFOLIO_STAGE_PACKAGE
- // which is unstable if they can't get to the constant (eg external system)
- $alreadystolen = false;
- if ($postcontrol) { // the magic request variable plugins must pass on returning here
- try {
- // allow it to read whatever gets sent back in the request
- // this is useful for plugins that redirect away and back again
- // adding a token to the end of the url, for example box.net
- $exporter->instance()->post_control($stage, array_merge($_GET, $_POST));
- } catch (portfolio_plugin_exception $e) {
- portfolio_export_rethrow_exception($exporter, $e);
- }
- $alreadystolen = true; // remember this so we don't get caught in a steal control loop!
- }
- // actually do the work now..
- $exporter->process_stage($stage, $alreadystolen);
|