fixing blog logs, also added code to prevent browsing blogs using other user's userid

diff --git a/blog/edit.php b/blog/edit.php
index 751d54fb41cafbacd4444ca733f33148dafa27f7..01bc0c41ce87dff28ea2b26fe634fca768dd00c5 100755 (executable)
--- a/blog/edit.php
+++ b/blog/edit.php
@@ -251,7 +251,7 @@ function do_save($post) {
         }
         //record a log message of this entry addition
         if ($site = get_site()) {
-            add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID);
+            add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject);
         }
         
         redirect($referrer);
@@ -315,7 +315,7 @@ function do_update($post) {
 
         //record a log message of this entry update action
         if ($site = get_site()) {
-            add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, 'updated existing blog entry with entry id# '. $post->postid);
+            add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject);
         }
         
         redirect($referrer);

diff --git a/blog/index.php b/blog/index.php
index 7897f00a16bc88299e5603986317a3f82e33fb55..9a57c4f18f25911d08503531fb55421b850a1ba8 100755 (executable)
--- a/blog/index.php
+++ b/blog/index.php
@@ -87,14 +87,14 @@ if ($filtertype) {
 
 switch ($filtertype) {
     case 'site':
-        if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
+        if ($CFG->bloglevel < BLOG_SITE_LEVEL && (!isadmin())) {
             error ('site blogs is not enabled');
         } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
             require_login();
         }
     break;
     case 'course':
-        if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
+        if ($CFG->bloglevel < BLOG_COURSE_LEVEL && (!isadmin())) {
             error ('course blogs is not enabled');
         }
 
@@ -104,7 +104,7 @@ switch ($filtertype) {
         /// check if viewer is student
     break;
     case 'group':
-        if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
+        if ($CFG->bloglevel < BLOG_GROUP_LEVEL && (!isadmin())) {
             error ('group blogs is not enabled');
         }
         if (!isteacheredit($course) and (groupmode($course) == SEPARATEGROUPS)) {
@@ -115,7 +115,7 @@ switch ($filtertype) {
         /// check if user is editting teacher, or if spg, is member
     break;
     case 'user':
-        if ($CFG->bloglevel < BLOG_USER_LEVEL) {
+        if ($CFG->bloglevel < BLOG_USER_LEVEL && (!isadmin())) {
             error ('Blogs is not enabled');
         }
         

diff --git a/blog/lib.php b/blog/lib.php
index b62c28927384aeec33c2435b0d5387fbdd7afea5..f13f3e4f8476f1594b124e8d5ce1fb598550dce7 100755 (executable)
--- a/blog/lib.php
+++ b/blog/lib.php
@@ -370,14 +370,19 @@
 
             if ($post = get_record('post', 'id', $postid)) {
 
-                if ($user = get_record('user', 'id', $post->userid)) {
-                    $post->email = $user->email;
-                    $post->firstname = $user->firstname;
-                    $post->lastname = $user->lastname;
-                }
-                $retarray[] = $post;
-                return $retarray;
+                if (blog_user_can_view_user_post($post->userid)) {
 
+                    if ($user = get_record('user', 'id', $post->userid)) {
+                        $post->email = $user->email;
+                        $post->firstname = $user->firstname;
+                        $post->lastname = $user->lastname;
+                    }
+                    $retarray[] = $post;
+                    return $retarray;
+                } else {
+                    return null;
+                }
+                
             } else { // bad postid
                 return null;
             }