Search moodle.org's
Developer Documentation


  • Bug fixes for general core bugs in 2.8.x ended 9 November 2015 (12 months).
  • Bug fixes for security issues in 2.8.x ended 9 May 2016 (18 months).
  • minimum PHP 5.4.4 (always use latest PHP 5.4.x or 5.5.x on Windows - http://windows.php.net/download/), PHP 7 is NOT supported
  • /course/ -> rest.php (source)

    Differences Between: [Versions 28 and 30] [Versions 28 and 31] [Versions 28 and 32] [Versions 28 and 33] [Versions 28 and 34] [Versions 28 and 35] [Versions 28 and 36] [Versions 28 and 37]

       1  <?php
       2  
       3  // This file is part of Moodle - http://moodle.org/
       4  //
       5  // Moodle is free software: you can redistribute it and/or modify
       6  // it under the terms of the GNU General Public License as published by
       7  // the Free Software Foundation, either version 3 of the License, or
       8  // (at your option) any later version.
       9  //
      10  // Moodle is distributed in the hope that it will be useful,
      11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
      12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      13  // GNU General Public License for more details.
      14  //
      15  // You should have received a copy of the GNU General Public License
      16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
      17  
      18  /**
      19   * Provide interface for topics AJAX course formats
      20   *
      21   * @copyright 1999 Martin Dougiamas  http://dougiamas.com
      22   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
      23   * @package course
      24   */
      25  
      26  if (!defined('AJAX_SCRIPT')) {
      27      define('AJAX_SCRIPT', true);
      28  }
      29  require_once(dirname(__FILE__) . '/../config.php');
      30  require_once($CFG->dirroot.'/course/lib.php');
      31  
      32  // Initialise ALL the incoming parameters here, up front.
      33  $courseid   = required_param('courseId', PARAM_INT);
      34  $class      = required_param('class', PARAM_ALPHA);
      35  $field      = optional_param('field', '', PARAM_ALPHA);
      36  $instanceid = optional_param('instanceId', 0, PARAM_INT);
      37  $sectionid  = optional_param('sectionId', 0, PARAM_INT);
      38  $beforeid   = optional_param('beforeId', 0, PARAM_INT);
      39  $value      = optional_param('value', 0, PARAM_INT);
      40  $column     = optional_param('column', 0, PARAM_ALPHA);
      41  $id         = optional_param('id', 0, PARAM_INT);
      42  $summary    = optional_param('summary', '', PARAM_RAW);
      43  $sequence   = optional_param('sequence', '', PARAM_SEQUENCE);
      44  $visible    = optional_param('visible', 0, PARAM_INT);
      45  $pageaction = optional_param('action', '', PARAM_ALPHA); // Used to simulate a DELETE command
      46  $title      = optional_param('title', '', PARAM_TEXT);
      47  
      48  $PAGE->set_url('/course/rest.php', array('courseId'=>$courseid,'class'=>$class));
      49  
      50  //NOTE: when making any changes here please make sure it is using the same access control as course/mod.php !!
      51  
      52  $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
      53  // Check user is logged in and set contexts if we are dealing with resource
      54  if (in_array($class, array('resource'))) {
      55      $cm = get_coursemodule_from_id(null, $id, $course->id, false, MUST_EXIST);
      56      require_login($course, false, $cm);
      57      $modcontext = context_module::instance($cm->id);
      58  } else {
      59      require_login($course);
      60  }
      61  $coursecontext = context_course::instance($course->id);
      62  require_sesskey();
      63  
      64  echo $OUTPUT->header(); // send headers
      65  
      66  // OK, now let's process the parameters and do stuff
      67  // MDL-10221 the DELETE method is not allowed on some web servers, so we simulate it with the action URL param
      68  $requestmethod = $_SERVER['REQUEST_METHOD'];
      69  if ($pageaction == 'DELETE') {
      70      $requestmethod = 'DELETE';
      71  }
      72  
      73  switch($requestmethod) {
      74      case 'POST':
      75  
      76          switch ($class) {
      77              case 'section':
      78  
      79                  if (!$DB->record_exists('course_sections', array('course'=>$course->id, 'section'=>$id))) {
      80                      throw new moodle_exception('AJAX commands.php: Bad Section ID '.$id);
      81                  }
      82  
      83                  switch ($field) {
      84                      case 'visible':
      85                          require_capability('moodle/course:sectionvisibility', $coursecontext);
      86                          $resourcestotoggle = set_section_visible($course->id, $id, $value);
      87                          echo json_encode(array('resourcestotoggle' => $resourcestotoggle));
      88                          break;
      89  
      90                      case 'move':
      91                          require_capability('moodle/course:movesections', $coursecontext);
      92                          move_section_to($course, $id, $value);
      93                          // See if format wants to do something about it
      94                          $response = course_get_format($course)->ajax_section_move();
      95                          if ($response !== null) {
      96                              echo json_encode($response);
      97                          }
      98                          break;
      99                  }
     100                  break;
     101  
     102              case 'resource':
     103                  switch ($field) {
     104                      case 'visible':
     105                          require_capability('moodle/course:activityvisibility', $modcontext);
     106                          set_coursemodule_visible($cm->id, $value);
     107                          \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
     108                          break;
     109  
     110                      case 'duplicate':
     111                          require_capability('moodle/course:manageactivities', $coursecontext);
     112                          require_capability('moodle/backup:backuptargetimport', $coursecontext);
     113                          require_capability('moodle/restore:restoretargetimport', $coursecontext);
     114                          if (!course_allowed_module($course, $cm->modname)) {
     115                              throw new moodle_exception('No permission to create that activity');
     116                          }
     117                          $sr = optional_param('sr', null, PARAM_INT);
     118                          $result = mod_duplicate_activity($course, $cm, $sr);
     119                          echo json_encode($result);
     120                          break;
     121  
     122                      case 'groupmode':
     123                          require_capability('moodle/course:manageactivities', $modcontext);
     124                          set_coursemodule_groupmode($cm->id, $value);
     125                          \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
     126                          break;
     127  
     128                      case 'indent':
     129                          require_capability('moodle/course:manageactivities', $modcontext);
     130                          $cm->indent = $value;
     131                          if ($cm->indent >= 0) {
     132                              $DB->update_record('course_modules', $cm);
     133                              rebuild_course_cache($cm->course);
     134                          }
     135                          break;
     136  
     137                      case 'move':
     138                          require_capability('moodle/course:manageactivities', $modcontext);
     139                          if (!$section = $DB->get_record('course_sections', array('course'=>$course->id, 'section'=>$sectionid))) {
     140                              throw new moodle_exception('AJAX commands.php: Bad section ID '.$sectionid);
     141                          }
     142  
     143                          if ($beforeid > 0){
     144                              $beforemod = get_coursemodule_from_id('', $beforeid, $course->id);
     145                              $beforemod = $DB->get_record('course_modules', array('id'=>$beforeid));
     146                          } else {
     147                              $beforemod = NULL;
     148                          }
     149  
     150                          $isvisible = moveto_module($cm, $section, $beforemod);
     151                          echo json_encode(array('visible' => (bool) $isvisible));
     152                          break;
     153                      case 'gettitle':
     154                          require_capability('moodle/course:manageactivities', $modcontext);
     155                          $cm = get_coursemodule_from_id('', $id, 0, false, MUST_EXIST);
     156                          $module = new stdClass();
     157                          $module->id = $cm->instance;
     158  
     159                          // Don't pass edit strings through multilang filters - we need the entire string
     160                          echo json_encode(array('instancename' => $cm->name));
     161                          break;
     162                      case 'updatetitle':
     163                          require_capability('moodle/course:manageactivities', $modcontext);
     164                          require_once($CFG->libdir . '/gradelib.php');
     165                          $cm = get_coursemodule_from_id('', $id, 0, false, MUST_EXIST);
     166                          $module = new stdClass();
     167                          $module->id = $cm->instance;
     168  
     169                          // Escape strings as they would be by mform
     170                          if (!empty($CFG->formatstringstriptags)) {
     171                              $module->name = clean_param($title, PARAM_TEXT);
     172                          } else {
     173                              $module->name = clean_param($title, PARAM_CLEANHTML);
     174                          }
     175  
     176                          if (strval($module->name) !== '') {
     177                              $DB->update_record($cm->modname, $module);
     178                              $cm->name = $module->name;
     179                              \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
     180                              rebuild_course_cache($cm->course);
     181                          } else {
     182                              $module->name = $cm->name;
     183                          }
     184  
     185                          // Attempt to update the grade item if relevant
     186                          $grademodule = $DB->get_record($cm->modname, array('id' => $cm->instance));
     187                          $grademodule->cmidnumber = $cm->idnumber;
     188                          $grademodule->modname = $cm->modname;
     189                          grade_update_mod_grades($grademodule);
     190  
     191                          // We need to return strings after they've been through filters for multilang
     192                          $stringoptions = new stdClass;
     193                          $stringoptions->context = $coursecontext;
     194                          echo json_encode(array('instancename' => html_entity_decode(format_string($module->name, true,  $stringoptions))));
     195                          break;
     196                  }
     197                  break;
     198  
     199              case 'course':
     200                  switch($field) {
     201                      case 'marker':
     202                          require_capability('moodle/course:setcurrentsection', $coursecontext);
     203                          course_set_marker($course->id, $value);
     204                          break;
     205                  }
     206                  break;
     207          }
     208          break;
     209  
     210      case 'DELETE':
     211          switch ($class) {
     212              case 'resource':
     213                  require_capability('moodle/course:manageactivities', $modcontext);
     214                  course_delete_module($cm->id);
     215                  break;
     216          }
     217          break;
     218  }
    

    Search This Site: