$courseid = $course->id;
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
require_login($course->id);
- if (!has_capability('moodle/blog:view', $sitecontext)) {
+ if (!has_capability('moodle/blog:view', $coursecontext)) {
error('You do not have the required permissions to view blogs in this course');
}
break;
if ($USER->id == $filterselect) {
if (!has_capability('moodle/blog:create', $sitecontext)
and !has_capability('moodle/blog:view', $sitecontext)) {
- error('You do not have your own a blog, sorry.');
+ error('You do not have your own blog, sorry.');
}
} else {
$personalcontext = get_context_instance(CONTEXT_USER, $filterselect);
if (has_capability('moodle/blog:manageentries', $sitecontext)) {
return true; // can manage all posts
}
-
+
+ // coming for 1 post, make sure it's not a draft
if ($blogEntry and $blogEntry->publishstate == 'draft') {
return false; // can not view draft of others
}
+
+ // coming for 1 post, make sure user is logged in, if not a public blog
+ if ($blogEntry && $blogEntry->publishstate != 'public' && !isloggedin()) {
+ return false;
+ }
switch ($CFG->bloglevel) {
case BLOG_GLOBAL_LEVEL:
if ($post = get_record('post', 'id', $postid)) {
- if (blog_user_can_view_user_post($post->userid)) {
+ if (blog_user_can_view_user_post($post->userid, $post)) {
if ($user = get_record('user', 'id', $post->userid)) {
$post->email = $user->email;
projects / moodle.git / commitdiff