TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade 1-11.38

Browse Source
This commit is contained in:
xesmyd
2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main/webservices/api/v2.php
+179 -34
View File
@@ -25,38 +25,31 @@ $httpRequest = HttpRequest::createFromGlobals();
$jsonContent = 'application/json' === $httpRequest->headers->get('Content-Type')
? json_decode($httpRequest->getContent(), true)
: null;
: [];
if ($jsonContent) {
foreach ($jsonContent as $key => $value) {
$value = Security::remove_XSS($value);
foreach ($jsonContent as $key => $value) {
$value = Security::remove_XSS($value);
$httpRequest->query->set($key, $value);
$httpRequest->request->set($key, $value);
$httpRequest->overrideGlobals();
$httpRequest->query->set($key, $value);
$httpRequest->request->set($key, $value);
$httpRequest->overrideGlobals();
}
if ($hash = $httpRequest->query->get('hash')) {
foreach (Rest::decodeParams($hash) as $key => $value) {
$httpRequest->query->set($key, Security::remove_XSS($value));
}
}
$hash = $httpRequest->query->get('hash');
if ($hash) {
$hashParams = Rest::decodeParams($hash);
if (!empty($hashParams)) {
foreach ($hashParams as $key => $value) {
$httpRequest->query->set($key, Security::remove_XSS($value));
}
}
}
$action = $httpRequest->query->get('action') ?: $httpRequest->request->get('action');
$action = $httpRequest->query->get('action', $httpRequest->request->get('action'));
$username = Security::remove_XSS(
$httpRequest->query->get('username') ?: $httpRequest->request->get('username')
$httpRequest->query->get('username', $httpRequest->request->get('username'))
);
$apiKey = Security::remove_XSS(
$httpRequest->query->get('api_key') ?: $httpRequest->request->get('api_key')
$httpRequest->query->get('api_key', $httpRequest->request->get('api_key'))
);
$course = $httpRequest->query->getInt('course') ?: $httpRequest->request->getInt('course');
$session = $httpRequest->query->getInt('session') ?: $httpRequest->request->getInt('session');
$course = $httpRequest->query->getInt('course', $httpRequest->request->getInt('course'));
$session = $httpRequest->query->getInt('session', $httpRequest->request->getInt('session'));
$restResponse = new RestResponse();
@@ -237,6 +230,19 @@ try {
Event::addEvent(LOG_WS.$action, 'username', $username);
$restApi->viewCourseHome();
break;
case REST::GET_COURSE_BY_CODE:
$q = $httpRequest->query->get('q');
$sessionId = $httpRequest->query->getInt('session_id');
Event::addEvent(
LOG_WS.$action,
'course_code_session_id',
$q.'__'.$sessionId
);
$courses = $restApi->getCourseByCode($q, $sessionId);
$restResponse->setData($courses);
break;
case Rest::GET_COURSE_INFO:
Event::addEvent(LOG_WS.$action, 'course_id', (int) $_POST['course']);
$courseInfo = $restApi->getCourseInfo();
@@ -331,6 +337,13 @@ try {
$restApi->getCourseExercises($fields)
);
break;
case Rest::GET_COURSE_GRADEBOOK:
Event::addEvent(LOG_WS.$action, 'course_id', $course);
$restResponse->setData(
$restApi->getCourseGradebook()
);
break;
case Rest::SAVE_COURSE_NOTEBOOK:
$title = !empty($_POST['title']) ? $_POST['title'] : null;
$text = !empty($_POST['text']) ? $_POST['text'] : null;
@@ -568,10 +581,20 @@ try {
$restResponse->setData($data);
break;
case Rest::GET_USER_INFO_FROM_USERNAME:
if (empty($_POST['loginname'])) {
if (!api_is_platform_admin()) {
throw new Exception(get_lang('NotAllowed'));
}
$loginname = trim($httpRequest->request->get('loginname'));
if (empty($loginname)) {
throw new Exception(get_lang('NoData'));
}
$item = api_get_user_info_from_username($_POST['loginname']);
$item = api_get_user_info_from_username($loginname);
if (!$item) {
throw new Exception(get_lang('NoUser'));
}
$userInfo = [
'id' => $item['user_id'],
'firstname' => $item['firstname'],
@@ -580,10 +603,17 @@ try {
'username' => $item['username'],
'active' => $item['active'],
];
if (api_is_teacher()) {
$extraInfo = (new ExtraFieldValue('user'))->getAllValuesForAnItem($item['user_id'], true);
$userInfo['extra'] = ExtraFieldValue::formatValues($extraInfo);
}
Event::addEvent(
LOG_WS.$action,
'username',
Database::escape_string($_POST['loginname'])
Database::escape_string($loginname)
);
$restResponse->setData($userInfo);
break;
@@ -768,7 +798,7 @@ try {
$restResponse->setData($courseList);
break;
case Rest::SAVE_COURSE:
$data = $restApi->addCourse($_POST);
$data = $restApi->addCourse($httpRequest->request);
Event::addEvent(LOG_WS.$action, 'course_id', $data['id']);
$restResponse->setData($data);
break;
@@ -798,28 +828,32 @@ try {
$restResponse->setData(['status' => $result]);
break;
case Rest::GET_SESSION_FROM_EXTRA_FIELD:
if (empty($_POST['field_name']) || empty($_POST['field_value'])) {
$fieldName = trim($httpRequest->request->get('field_name'));
$fieldValue = trim($httpRequest->request->get('field_value'));
if (empty($fieldName) || empty($fieldValue)) {
throw new Exception(get_lang('NoData'));
}
$idSession = $restApi->getSessionFromExtraField($_POST['field_name'], $_POST['field_value']);
$idSession = $restApi->getSessionFromExtraField($fieldName, $fieldValue);
Event::addEvent(
LOG_WS.$action,
'extra_field_name-extra_field_value',
Database::escape_string($_POST['field_name']).':'.Database::escape_string($_POST['field_value'])
$fieldName.':'.$fieldValue
);
$restResponse->setData([$idSession]);
break;
case Rest::GET_SESSION_INFO_FROM_EXTRA_FIELD:
if (empty($_POST['field_name']) || empty($_POST['field_value'])) {
$fieldName = trim($httpRequest->request->get('field_name'));
$fieldValue = trim($httpRequest->request->get('field_value'));
if (empty($fieldName) || empty($fieldValue)) {
throw new Exception(get_lang('NoData'));
}
$idSession = $restApi->getSessionInfoFromExtraField($_POST['field_name'], $_POST['field_value']);
$sessionInfo = $restApi->getSessionInfoFromExtraField($fieldName, $fieldValue);
Event::addEvent(
LOG_WS.$action,
'extra_field_name-extra_field_value',
Database::escape_string($_POST['field_name']).':'.Database::escape_string($_POST['field_value'])
$fieldName.':'.$fieldValue
);
$restResponse->setData([$idSession]);
$restResponse->setData($sessionInfo);
break;
case Rest::SAVE_SESSION:
$data = $restApi->addSession($_POST);
@@ -891,6 +925,10 @@ try {
);
$restResponse->setData($data);
break;
case Rest::ADD_SESSION_COURSE_COACHES:
$restApi->addSessionCourseCoaches($httpRequest->request);
$restResponse->setData([]);
break;
case Rest::UNSUBSCRIBE_USERS_FROM_SESSION:
$data = $restApi->unsubscribeUsersFromSession($_POST);
Event::addEvent(
@@ -1085,6 +1123,113 @@ try {
Event::addEvent(LOG_WS.$action, 'success', 'true');
$restResponse->setData($data);
break;
/**
* Subscribe a course to a session using extra field values for identification.
*
* Validates parameters from $_POST and calls the Rest method.
*
* Required POST parameters:
* - api_key: API key for authentication.
* - username: Username for authentication.
* - session_field_name: Name of the extra field for sessions.
* - session_field_value: Value of the session extra field.
* - course_field_name: Name of the extra field for courses.
* - course_field_value: Value of the course extra field.
*
* @return void Outputs JSON response via existing echo.
*/
case Rest::SUBSCRIBE_COURSE_TO_SESSION_FROM_EXTRA_FIELD:
$required_params = ['api_key', 'username', 'session_field_name', 'session_field_value', 'course_field_name', 'course_field_value'];
$missing = [];
foreach ($required_params as $param) {
if (empty($_POST[$param])) {
$missing[] = $param;
}
}
if (!empty($missing)) {
$result = [
'error' => true,
'message' => 'Missing required parameters: '.implode(', ', $missing),
];
break;
}
$params = $_POST;
$result = $restApi->subscribeCourseToSessionFromExtraField($params);
if ($result['error']) {
$restResponse->setErrorMessage($result['message']);
} else {
$restResponse->setData($result['data']);
}
break;
/**
* Subscribe a user to a session using extra field values for identification.
*
* Validates parameters from $_POST and calls the Rest method, handling response via $restResponse.
*
* Required POST parameters:
* - api_key: API key for authentication.
* - username: Username for authentication.
* - session_field_name: Name of the extra field for sessions.
* - session_field_value: Value of the session extra field.
* - user_field_name: Name of the extra field for users.
* - user_field_value: Value of the user extra field.
*
* @return void Sets response via existing $restResponse object.
*/
case Rest::SUBSCRIBE_USER_TO_SESSION_FROM_EXTRA_FIELD:
$required_params = ['api_key', 'username', 'session_field_name', 'session_field_value', 'user_field_name', 'user_field_value'];
$missing = [];
foreach ($required_params as $param) {
if (empty($_POST[$param])) {
$missing[] = $param;
}
}
if (!empty($missing)) {
$restResponse->setErrorMessage('Missing required parameters: '.implode(', ', $missing));
break;
}
$params = $_POST;
$result = $restApi->subscribeUserToSessionFromExtraField($params);
if ($result['error']) {
$restResponse->setErrorMessage($result['message']);
} else {
$restResponse->setData($result['data']);
}
break;
/**
* Update a session using extra field value for identification.
*
* Validates parameters from $_POST and calls the Rest method, handling response via $restResponse.
*
* Required POST parameters:
* - api_key: API key for authentication.
* - username: Username for authentication.
* - field_name: Name of the extra field for sessions.
* - field_value: Value of the session extra field.
* - Optional: name, coach_username, access_start_date, access_end_date, etc.
*
* @return void Sets response via existing $restResponse object.
*/
case Rest::UPDATE_SESSION_FROM_EXTRA_FIELD:
$required_params = ['api_key', 'username', 'field_name', 'field_value'];
$missing = [];
foreach ($required_params as $param) {
if (empty($_POST[$param])) {
$missing[] = $param;
}
}
if (!empty($missing)) {
$restResponse->setErrorMessage('Missing required parameters: '.implode(', ', $missing));
break;
}
$params = $_POST;
$result = $restApi->updateSessionFromExtraField($params);
if ($result['error']) {
$restResponse->setErrorMessage($result['message']);
} else {
$restResponse->setData($result['data']);
}
break;
default:
throw new Exception(get_lang('InvalidAction'));
}