forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 1
/
rate_ajax.php
170 lines (142 loc) · 6.63 KB
/
rate_ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This page receives ajax rating submissions
*
* It is similar to rate.php. Unlike rate.php a return url is NOT required.
*
* @package core
* @subpackage rating
* @copyright 2010 Andrew Davis
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
define('AJAX_SCRIPT', true);
require_once('../config.php');
require_once('lib.php');
$contextid = required_param('contextid', PARAM_INT);
$itemid = required_param('itemid', PARAM_INT);
$scaleid = required_param('scaleid', PARAM_INT);
$userrating = required_param('rating', PARAM_INT);
$rateduserid = required_param('rateduserid', PARAM_INT);//which user is being rated. Required to update their grade
$aggregationmethod = optional_param('aggregation', RATING_AGGREGATE_NONE, PARAM_INT);//we're going to calculate the aggregate and return it to the client
$result = new stdClass;
//if session has expired and its an ajax request so we cant do a page redirect
if( !isloggedin() ){
$result->error = get_string('sessionerroruser', 'error');
echo json_encode($result);
die();
}
list($context, $course, $cm) = get_context_info_array($contextid);
require_login($course, false, $cm);
$contextid = null;//now we have a context object throw away the id from the user
if (!confirm_sesskey() || $USER->id==$rateduserid) {
echo $OUTPUT->header();
echo get_string('ratepermissiondenied', 'rating');
echo $OUTPUT->footer();
die();
}
$rm = new rating_manager();
//check the module rating permissions
//doing this check here rather than within rating_manager::get_ratings so we can return a json error response
$pluginrateallowed = true;
$pluginpermissionsarray = null;
if ($context->contextlevel==CONTEXT_MODULE) {
$plugintype = 'mod';
$pluginname = $cm->modname;
$pluginpermissionsarray = $rm->get_plugin_permissions_array($context->id, $plugintype, $pluginname);
$pluginrateallowed = $pluginpermissionsarray['rate'];
if ($pluginrateallowed) {
//check the item exists and isn't owned by the current user
$pluginrateallowed = $rm->check_item_and_owner($plugintype, $pluginname, $itemid);
}
}
if (!$pluginrateallowed || !has_capability('moodle/rating:rate',$context)) {
$result->error = get_string('ratepermissiondenied', 'rating');
echo json_encode($result);
die();
}
$PAGE->set_url('/lib/rate.php', array('contextid'=>$context->id));
//rating options used to update the rating then retrieve the aggregate
$ratingoptions = new stdClass();
$ratingoptions->context = $context;
$ratingoptions->itemid = $itemid;
$ratingoptions->scaleid = $scaleid;
$ratingoptions->userid = $USER->id;
if ($userrating != RATING_UNSET_RATING) {
$rating = new rating($ratingoptions);
$rating->update_rating($userrating);
} else { //delete the rating if the user set to Rate...
$options = new stdClass();
$options->contextid = $context->id;
$options->userid = $USER->id;
$options->itemid = $itemid;
$rm->delete_ratings($options);
}
//Future possible enhancement: add a setting to turn grade updating off for those who don't want them in gradebook
//note that this would need to be done in both rate.php and rate_ajax.php
if ($context->contextlevel==CONTEXT_MODULE) {
//tell the module that its grades have changed
if ( $modinstance = $DB->get_record($cm->modname, array('id' => $cm->instance)) ) {
$modinstance->cmidnumber = $cm->id; //MDL-12961
$functionname = $cm->modname.'_update_grades';
require_once("../mod/{$cm->modname}/lib.php");
if(function_exists($functionname)) {
$functionname($modinstance, $rateduserid);
}
}
}
//object to return to client as json
$result = new stdClass;
$result->success = true;
//need to retrieve the updated item to get its new aggregate value
$item = new stdclass();
$item->id = $itemid;
$items = array($item);
//most of $ratingoptions variables were previously set
$ratingoptions->items = $items;
$ratingoptions->aggregate = $aggregationmethod;
$items = $rm->get_ratings($ratingoptions);
//for custom scales return text not the value
//this scales weirdness will go away when scales are refactored
$scalearray = null;
$aggregatetoreturn = round($items[0]->rating->aggregate,1);
// Output a dash if aggregation method == COUNT as the count is output next to the aggregate anyway
if ($items[0]->rating->settings->aggregationmethod==RATING_AGGREGATE_COUNT or $items[0]->rating->count == 0) {
$aggregatetoreturn = ' - ';
} else if($rating->scaleid < 0) { //if its non-numeric scale
//dont use the scale item if the aggregation method is sum as adding items from a custom scale makes no sense
if ($items[0]->rating->settings->aggregationmethod!= RATING_AGGREGATE_SUM) {
$scalerecord = $DB->get_record('scale', array('id' => -$rating->scaleid));
if ($scalerecord) {
$scalearray = explode(',', $scalerecord->scale);
$aggregatetoreturn = $scalearray[$aggregatetoreturn-1];
}
}
}
//See if the user has permission to see the rating aggregate
//we could do this check as "if $userid==$rateduserid" but going to the database to determine item owner id seems more secure
//if we accept the item owner user id from the http request a user could alter the URL and erroneously get access to the rating aggregate
//if its their own item and they have view permission
if (($USER->id==$items[0]->rating->itemuserid && has_capability('moodle/rating:view',$context)
&& (empty($pluginpermissionsarray) or $pluginpermissionsarray['view']))
//or if its not their item or if no user created the item (the hub did) and they have viewany permission
|| (($USER->id!=$items[0]->rating->itemuserid or empty($items[0]->rating->itemuserid)) && has_capability('moodle/rating:viewany',$context)
&& (empty($pluginpermissionsarray) or $pluginpermissionsarray['viewany']))) {
$result->aggregate = $aggregatetoreturn;
$result->count = $items[0]->rating->count;
$result->itemid = $itemid;
}
echo json_encode($result);