. /** * This page receives ajax rating submissions * * It is similar to rate.php. Unlike rate.php a return url is NOT required. * * @package moodlecore * @copyright 2010 Andrew Davis * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ define('AJAX_SCRIPT', true); require_once('../config.php'); require_once('lib.php'); $contextid = required_param('contextid', PARAM_INT); $itemid = required_param('itemid', PARAM_INT); $scaleid = required_param('scaleid', PARAM_INT); $userrating = required_param('rating', PARAM_INT); $rateduserid = required_param('rateduserid', PARAM_INT);//which user is being rated. Required to update their grade $aggregationmethod = optional_param('aggregation', PARAM_INT);//we're going to calculate the aggregate and return it to the client $result = new stdClass; //if session has expired and its an ajax request so we cant do a page redirect if( !isloggedin() ){ $result->error = get_string('sessionerroruser', 'error'); echo json_encode($result); die(); } list($context, $course, $cm) = get_context_info_array($contextid); require_login($course, false, $cm); $contextid = null;//now we have a context object throw away the id from the user if (!confirm_sesskey() || $USER->id==$rateduserid) { echo $OUTPUT->header(); echo get_string('ratepermissiondenied', 'ratings'); echo $OUTPUT->footer(); die(); } $rm = new rating_manager(); //check the module rating permissions //doing this check here rather than within rating_manager::get_ratings so we can return a json error response $pluginrateallowed = true; $pluginpermissionsarray = null; if ($context->contextlevel==CONTEXT_MODULE) { $plugintype = 'mod'; $pluginname = $cm->modname; $pluginpermissionsarray = $rm->get_plugin_permissions_array($context->id, $plugintype, $pluginname); $pluginrateallowed = $pluginpermissionsarray['rate']; if ($pluginrateallowed) { //check the item exists and isn't owned by the current user $pluginrateallowed = $rm->check_item_and_owner($plugintype, $pluginname, $itemid); } } if (!$pluginrateallowed || !has_capability('moodle/rating:rate',$context)) { $result->error = get_string('ratepermissiondenied', 'ratings'); echo json_encode($result); die(); } $PAGE->set_url('/lib/rate.php', array('contextid'=>$context->id)); //rating options used to update the rating then retrieve the aggregate $ratingoptions = new stdclass; $ratingoptions->context = $context; $ratingoptions->itemid = $itemid; $ratingoptions->scaleid = $scaleid; $ratingoptions->userid = $USER->id; if ($userrating != RATING_UNSET_RATING) { $rating = new rating($ratingoptions); $rating->update_rating($userrating); } else { //delete the rating if the user set to Rate... $options = new stdClass(); $options->contextid = $context->id; $options->userid = $USER->id; $options->itemid = $itemid; $rm->delete_ratings($options); } //Future possible enhancement: add a setting to turn grade updating off for those who don't want them in gradebook //note that this would need to be done in both rate.php and rate_ajax.php if(true){ if ($context->contextlevel==CONTEXT_MODULE) { //tell the module that its grades have changed if ( $modinstance = $DB->get_record($cm->modname, array('id' => $cm->instance)) ) { $modinstance->cmidnumber = $cm->id; //MDL-12961 $functionname = $cm->modname.'_update_grades'; require_once("../mod/{$cm->modname}/lib.php"); if(function_exists($functionname)) { $functionname($modinstance, $rateduserid); } } } } //object to return to client as json $result = new stdClass; $result->success = true; //need to retrieve the updated item to get its new aggregate value $item = new stdclass(); $item->id = $itemid; $items = array($item); //most of $ratingoptions variables were previously set $ratingoptions->items = $items; $ratingoptions->aggregate = $aggregationmethod; $items = $rm->get_ratings($ratingoptions); //for custom scales return text not the value //this scales weirdness will go away when scales are refactored $scalearray = null; $aggregatetoreturn = round($items[0]->rating->aggregate,1); // Output a dash if aggregation method == COUNT as the count is output next to the aggregate anyway if ($items[0]->rating->settings->aggregationmethod==RATING_AGGREGATE_COUNT or $items[0]->rating->count == 0) { $aggregatetoreturn = ' - '; } else if($rating->scaleid < 0) { //if its non-numeric scale //dont use the scale item if the aggregation method is sum as adding items from a custom scale makes no sense if ($items[0]->rating->settings->aggregationmethod!= RATING_AGGREGATE_SUM) { $scalerecord = $DB->get_record('scale', array('id' => -$rating->scaleid)); if ($scalerecord) { $scalearray = explode(',', $scalerecord->scale); $aggregatetoreturn = $scalearray[$aggregatetoreturn-1]; } } } //See if the user has permission to see the rating aggregate //we could do this check as "if $userid==$rateduserid" but going to the database to determine item owner id seems more secure //if we accept the item owner user id from the http request a user could alter the URL and erroneously get access to the rating aggregate if (($USER->id==$items[0]->rating->itemuserid && has_capability('moodle/rating:view',$context) && $pluginpermissionsarray['view']) || ($USER->id!=$items[0]->rating->itemuserid && has_capability('moodle/rating:viewany',$context) && $pluginpermissionsarray['viewany'])) { $result->aggregate = $aggregatetoreturn; $result->count = $items[0]->rating->count; $result->itemid = $itemid; } echo json_encode($result);