function init() {
$this->title = get_string('feedstitle', 'block_rss_client');
- $this->version = 2005111400;
+ $this->version = 2006091100;
}
function preferred_width() {
}
function get_content() {
- global $CFG, $editing, $COURSE;
+ global $CFG, $editing, $COURSE, $USER;
+
+ if (!empty($COURSE)) {
+ $this->courseid = $COURSE->id;
+ }
require_once($CFG->libdir .'/rsslib.php');
if (isset($CFG->block_rss_client_num_entries) && is_numeric($CFG->block_rss_client_num_entries) ) {
$shownumentries = intval($CFG->block_rss_client_num_entries);
} else {
- $shownumentries = 5; //default to 5 entries is not specified by admin or instance
+ $shownumentries = 5; //default to 5 entries is not specified in admin section or instance
}
if (!empty($this->config)) {
if (!empty($this->config->rssid)) {
if (is_array($this->config->rssid)) {
$rssidarray = $this->config->rssid;
- } else { // Make an array of the single value
+ } else { // Make an array of the single value
$rssidarray = array($this->config->rssid);
}
}
$shownumentries = intval($this->config->shownumentries);
}
}
-
- $submitters = $CFG->block_rss_client_submitters;
-
- $isteacher = false;
- $this->courseid = SITEID;
- if ($this->instance->pagetype == PAGE_COURSE_VIEW) {
- $this->courseid = $COURSE->id;
- $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_BLOCK, $this->instance->id));
- }
-
- //if the user is an admin, course teacher, or all users are allowed
- // then allow the user to add rss feeds
- global $USER;
- $userisloggedin = false;
- if (isset($USER) && !empty($USER->id) && $USER->id && !isguest()) {
- $userisloggedin = true;
- }
- if ( $userisloggedin && ($submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher)) ) {
+ $context = get_context_instance(CONTEXT_BLOCK, $this->instance->id);
+
+ if (has_capability('block/rss_client:createsharedfeeds', $context)) {
$page = page_create_object($this->instance->pagetype, $this->instance->pageid);
- if ($page->user_allowed_editing()) { // for SUBMITTERS_ALL_ACCOUNT_HOLDERS we're going to run into trouble later if we show it and then they don't have write access to the page.
- if (isset($this->config)) {
- // this instance is configured - show Add/Edit feeds link
- $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'managefeeds', 'id' => $this->courseid));
- $output .= '<div align="center"><a title="'. get_string('feedsaddedit', 'block_rss_client') .'" href="'. $script .'">'. get_string('feedsaddedit', 'block_rss_client') .'</a></div>';
- } else {
- // this instance has not been configured yet - show configure link
- $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $this->courseid));
+ //if ($page->user_allowed_editing()) { // for SUBMITTERS_ALL_ACCOUNT_HOLDERS we're going to run into trouble later if we show it and then they don't have write access to the page.
+ if (isset($this->config)) {
+ // This instance is configured - show Add/Edit feeds link.
+ $script = $page->url_get_full(
+ array('instanceid' => $this->instance->id,
+ 'sesskey' => $USER->sesskey,
+ 'blockaction' => 'config',
+ 'currentaction' => 'managefeeds',
+ 'id' => $this->courseid
+ ));
+ $output .= '<div align="center"><a title="'. get_string('feedsaddedit', 'block_rss_client') .'" href="'. $script .'">'. get_string('feedsaddedit', 'block_rss_client') .'</a></div>';
+ } else {
+ // This instance has not been configured yet - show configure link?
+ if (has_capability('block/rss_client:manageanyfeeds', $context)) {
+ $script = $page->url_get_full(
+ array('instanceid' => $this->instance->id,
+ 'sesskey' => $USER->sesskey,
+ 'blockaction' => 'config',
+ 'currentaction' => 'configblock',
+ 'id' => $this->courseid
+ ));
$output .= '<div align="center"><a title="'. get_string('feedsconfigurenewinstance', 'block_rss_client') .'" href="'. $script.'">'. get_string('feedsconfigurenewinstance', 'block_rss_client') .'</a></div>';
}
}
+ //}
}
// Daryl Hawes note: if count of rssidarray is greater than 1
return '<a href="'. $CFG->wwwroot .'/blocks/rss_client/block_rss_client_error.php?error='. urlencode($rsserror) .'">Error loading a feed.</a><br />'; //Daryl Hawes note: localize this line
}
}
-
+
if ($shownumentries > 0 && $shownumentries < count($rss->items) ) {
$rss->items = array_slice($rss->items, 0, $shownumentries);
}
}
}
}
-?>
+?>
\ No newline at end of file
require_login();
global $USER;
-//ensure that the logged in user is not using the guest account
+
if (isset($_SERVER['HTTP_REFERER'])) {
$referrer = $_SERVER['HTTP_REFERER'];
} else {
$referrer = $CFG->wwwroot;
}
+
+
+// Ensure that the logged in user is not using the guest account
if (isguest()) {
error(get_string('noguestpost', 'forum'), $referrer);
}
+
$url = optional_param('url','',PARAM_URL);
if (!empty($url)) {
$id = optional_param('id', SITEID, PARAM_INT);
//$url = clean_param($url, PARAM_URL);
$preferredtitle = optional_param('preferredtitle', '', PARAM_ALPHA);
+$shared = optional_param('shared', 0, PARAM_INT);
+
if (!defined('MAGPIE_OUTPUT_ENCODING')) {
define('MAGPIE_OUTPUT_ENCODING', current_charset()); // see bug 3107
}
$straddedit = get_string('feedsaddedit', 'block_rss_client');
-if ( isadmin() ) {
- $navigation = '<a href="'.$CFG->wwwroot.'/'.$CFG->admin.'/index.php">'.get_string('administration').'</a> -> '.
- '<a href="'.$CFG->wwwroot.'/'.$CFG->admin.'/configure.php">'.get_string('configuration').'</a> -> '.$straddedit;
-} else if (!empty($course)) {
+
+if (!empty($course)) {
$navigation = '<a href="'.$CFG->wwwroot.'/course/view.php?id='.$id.'">'.$course->shortname.'</a> -> '.$straddedit;
} else {
$navigation = $straddedit;
print_header($straddedit, $straddedit, $navigation);
-//check to make sure that the user is allowed to post new feeds
-$submitters = $CFG->block_rss_client_submitters;
-if (empty($course)) {
- $isteacher = false;
-} else {
- if ($id == SITEID) {
- $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SITE, SITEID));
- } else {
- $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_COURSE, $id));
- }
-}
if ( !isset($act) ) {
- rss_display_feeds($id);
- rss_print_form($act, $url, $rssid, $preferredtitle, $id);
+ rss_display_feeds($id, $USER->id, '', $context);
+ rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context);
print_footer();
die();
}
$rss_record = get_record('block_rss_client', 'id', $rssid);
}
-//if the user is an admin or course teacher then allow the user to
-//assign categories to other uses than personal
-if (isset($rss_record) && !( has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS ||
- ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher) ||
- ( ($act == 'rssedit' || $act == 'delfeed' || $act == 'updfeed') && $USER->id == $rss_record->userid) ) ) {
- error(get_string('noguestpost', 'forum').' You are not allowed to make modifications to this RSS feed at this time.', $referrer);
+
+$block = get_record('block', 'name', 'rss_client');
+$blockinstance = get_record('block_instance', 'blockid', $block->id, 'pagetype', 'course-view', 'pageid', id);
+$context = get_context_instance(CONTEXT_BLOCK, $blockinstance->id);
+
+
+if (isset($rss_record)) {
+ $managefeeds = ($rss_record->userid == $USER->id && has_capability('block/rss_client:manageownfeeds', $context))
+ || ($rss_record->userid != $USER->id && has_capability('block/rss_client:manageanyfeeds', $context));
}
+
if ($act == 'updfeed') {
+
+ if (!$managefeeds) {
+ error(get_string('noguestpost', 'forum').
+ ' You are not allowed to make modifications to this RSS feed at this time.',
+ $referrer);
+ }
+
+
if (empty($url)) {
- error( 'url not defined for rss feed' );
+ error( 'URL not defined for rss feed' );
}
// By capturing the output from fetch_rss this way
}
ob_end_clean();
+ $canaddsharedfeeds = has_capability('block/rss_client:createsharedfeeds', $context);
+
$dataobject->id = $rssid;
if ($rss === false) {
$dataobject->description = '';
$dataobject->title = '';
$dataobject->preferredtitle = '';
+ $dataobject->shared = 0;
} else {
$dataobject->description = addslashes($rss->channel['description']);
$dataobject->title = addslashes($rss->channel['title']);
$dataobject->preferredtitle = addslashes($preferredtitle);
+ if ($shared == 1 && $canaddsharedfeeds) {
+ $dataobject->shared = 1;
+ } else {
+ $dataobject->shared = 0;
+ }
}
$dataobject->url = addslashes($url);
redirect($referrer, $message);
} else if ($act == 'addfeed' ) {
+
+ $canaddprivfeeds = has_capability('block/rss_client:createprivatefeeds', $context);
+ $canaddsharedfeeds = has_capability('block/rss_client:createsharedfeeds', $context);
+
+ if (!$canaddprivfeeds && !$canaddsharedfeeds) {
+ error('You do not have the permission to add RSS feeds');
+ }
if (empty($url)) {
- error('url not defined for rss feed');
+ error('URL not defined for rss feed');
}
$dataobject->userid = $USER->id;
$dataobject->description = '';
$dataobject->title = '';
$dataobject->url = addslashes($url);
$dataobject->preferredtitle = addslashes($preferredtitle);
-
+
+ if ($shared == 1 && $canaddsharedfeeds) {
+ $dataobject->shared = 1;
+ } else {
+ $dataobject->shared = 0;
+ }
+
$rssid = insert_record('block_rss_client', $dataobject);
if (!$rssid) {
error('There was an error trying to add a new rss feed:'. $url);
}
redirect($referrer, $message);
/*
- rss_display_feeds($id);
- rss_print_form($act, $dataobject->url, $dataobject->id, $dataobject->preferredtitle, $id);
+ rss_display_feeds($id, $USER->id, '', $context);
+ rss_print_form($act, $dataobject->url, $dataobject->id, $dataobject->preferredtitle, $shared, $id, $context);
*/
} else if ( isset($rss_record) && $act == 'rssedit' ) {
$preferredtitle = stripslashes_safe($rss_record->title);
}
$url = stripslashes_safe($rss_record->url);
- rss_display_feeds($id, '', $rssid);
- rss_print_form($act, $url, $rssid, $preferredtitle, $id);
+ $shared = stripslashes_safe($rss_record->shared);
+ rss_display_feeds($id, '', $rssid, $context);
+ rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context);
} else if ($act == 'delfeed') {
+
+ if (!$managefeeds) {
+ error(get_string('noguestpost', 'forum').
+ ' You are not allowed to make modifications to this RSS feed at this time.',
+ $referrer);
+ }
$file = $CFG->dataroot .'/cache/rsscache/'. $rssid .'.xml';
if (file_exists($file)) {
print '</table>'."\n";
}
} else {
- rss_display_feeds($id);
- rss_print_form($act, $url, $rssid, $preferredtitle, $id);
+ rss_display_feeds($id, $USER->id, '', $context);
+ rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context);
}
print_footer();
-?>
+?>
\ No newline at end of file
<?php // $Id$ //
require_once($CFG->libdir .'/rsslib.php');
-$id = optional_param('id', SITEID, PARAM_INT);
+$id = optional_param('id', SITEID, PARAM_INT);
//create a page object for url_get_full()
$page = page_create_object($this->instance->pagetype, $this->instance->pageid);
+
/// Print tabs at top
$currentaction = optional_param('currentaction', '', PARAM_ALPHA);
if (empty($currentaction) || $currentaction == 'configblock') {
}
}
global $USER;
- $admins = get_admins();
- $adminsql = '';
- if (!empty($admins)) {
- foreach ($admins as $admin) {
- $adminsql = ' OR userid = '.$admin->id;
- }
- }
- if ($rssfeeds = get_records_select('block_rss_client','userid = '.$USER->id . $adminsql)) {
+
+ if ($rssfeeds = get_records_select('block_rss_client', 'userid = '.$USER->id.' OR shared = 1')) {
foreach($rssfeeds as $rssfeed) {
if (!empty($rssfeed->preferredtitle)) {
$feedtitle = stripslashes_safe($rssfeed->preferredtitle);
print_string('nofeeds', 'block_rss_client');
if ( isadmin() ) {
$addrsspage = $page->url_get_full(array('instanceid' => $this->instance->id,
- 'sesskey' => $USER->sesskey, 'blockaction' => 'config',
- 'currentaction' => 'managefeeds', 'id' => $id));
+ 'sesskey' => $USER->sesskey,
+ 'blockaction' => 'config',
+ 'currentaction' => 'managefeeds',
+ 'id' => $id));
print ' <a href="'.$addrsspage.'">'. get_string('editnewsfeeds', 'block_rss_client') .'</a><br />';
}
}
</table>
<?php
} else {
- global $act, $url, $rssid, $preferredtitle;
+ global $act, $url, $rssid, $preferredtitle, $shared;
print '<table cellpadding="9" cellspacing="0" class="blockconfigtable">';
print '<tr valign="top"><td>';
- rss_display_feeds($id,$USER->id);
+ $context = get_context_instance(CONTEXT_BLOCK, $this->instance->id);
+ rss_display_feeds($id, $USER->id, '', $context);
print '</form>'; //not sure that this is needed
- rss_print_form($act, $url, $rssid, $preferredtitle, $id);
+ rss_print_form($act, $url, $rssid, $preferredtitle, $shared, $id, $context);
print '</td></tr></table>';
} ?>
global $USER;
$tabs = $row = array();
-$script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $id));
-$row[] = new tabobject('configblock', $script,
- get_string('configblock', 'block_rss_client'));
+
+$context = get_context_instance(CONTEXT_BLOCK, $this->instance->id);
+
+if (has_capability('moodle/site:manageblocks', $context)) {
+ $script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'configblock', 'id' => $id));
+ $row[] = new tabobject('configblock', $script,
+ get_string('configblock', 'block_rss_client'));
+}
$script = $page->url_get_full(array('instanceid' => $this->instance->id, 'sesskey' => $USER->sesskey, 'blockaction' => 'config', 'currentaction' => 'managefeeds', 'id' => $id));
$row[] = new tabobject('managefeeds', $script,
--- /dev/null
+<?php
+//
+// Capability definitions for the rss_client block.
+//
+// The capabilities are loaded into the database table when the block is
+// installed or updated. Whenever the capability definitions are updated,
+// the module version number should be bumped up.
+//
+// The system has four possible values for a capability:
+// CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
+//
+//
+// CAPABILITY NAMING CONVENTION
+//
+// It is important that capability names are unique. The naming convention
+// for capabilities that are specific to modules and blocks is as follows:
+// [mod/block]/<component_name>:<capabilityname>
+//
+// component_name should be the same as the directory name of the mod or block.
+//
+// Core moodle capabilities are defined thus:
+// moodle/<capabilityclass>:<capabilityname>
+//
+// Examples: mod/forum:viewpost
+// block/recent_activity:view
+// moodle/site:deleteuser
+//
+// The variable name for the capability definitions array follows the format
+// $<componenttype>_<component_name>_capabilities
+//
+// For the core capabilities, the variable is $moodle_capabilities.
+
+
+$block_rss_client_capabilities = array(
+
+ 'block/rss_client:createprivatefeeds' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_ALLOW,
+ 'editingteacher' => CAP_ALLOW,
+ 'coursecreator' => CAP_ALLOW,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
+ 'block/rss_client:createsharedfeeds' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_PREVENT,
+ 'editingteacher' => CAP_PREVENT,
+ 'coursecreator' => CAP_PREVENT,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
+ 'block/rss_client:manageownfeeds' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_ALLOW,
+ 'editingteacher' => CAP_ALLOW,
+ 'coursecreator' => CAP_ALLOW,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
+ 'block/rss_client:managesharedfeeds' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_PREVENT,
+ 'editingteacher' => CAP_PREVENT,
+ 'coursecreator' => CAP_PREVENT,
+ 'admin' => CAP_ALLOW
+ )
+ )
+
+);
+
+?>
\ No newline at end of file
table_column('block_rss_client','description','description','text',10,'unsigned','');
}
+
+ if ($oldversion < 2006091100) {
+
+ // We need a new field to store whether an RSS feed is shared or private.
+ table_column('block_rss_client', '', 'shared', 'integer');
+
+ // Admin feeds used to be displayed to everybody (shared feeds).
+ $admins = get_admins();
+ if (!empty($admins)) {
+ $count = 0;
+ foreach($admins as $admin) {
+ if (!$count) {
+ $adminsql = 'userid = '.$admin->id;
+ } else {
+ $adminsql .= ' OR userid = '.$admin->id;
+ }
+ $count++;
+ }
+ if ($rssfeeds = get_records_select('block_rss_client', $adminsql)) {
+ foreach ($rssfeeds as $rssfeed) {
+ $rssfeed->shared = 1;
+ if (!update_record('block_rss_client', $rssfeed)) {
+ notice('Could not set '.$rssfeed->title.' as a shared RSS feed.');
+ }
+ }
+ }
+ }
+
+ // Upgrade block to use the Roles System.
+ $block = get_record('block', 'name', 'rss_client');
+
+ if ($blockinstances = get_records('block_instance', 'blockid', $block->id)) {
+
+ if (!$adminroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW)) {
+ notice('Default student role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+ if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) {
+ notice('Default teacher role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+ if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) {
+ notice('Default student role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+
+ foreach ($blockinstances as $bi) {
+ $context = get_context_instance(CONTEXT_MODULE, $bi->id);
+
+ if ($bi->pagetype == 'course-view' && $bi->pageid == SITEID) {
+
+ // Only the admin was allowed to manage the RSS feed block
+ // on the site home page.
+
+ // Since this is already the default behavior set in
+ // blocks/rss_client/db/access.php, we don't need to
+ // specifically assign the capabilities here.
+
+ } else {
+
+ // Who can add shared feeds? This was defined in lib/rsslib.php
+ // for config var block_rss_client_submitters.
+ switch ($CFG->block_rss_client_submitters) {
+
+ case 0:
+ // SUBMITTERS_ALL_ACCOUNT_HOLDERS
+
+ foreach ($adminroles as $adminrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id);
+ }
+ foreach ($teacherroles as $teacherrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id);
+ }
+ foreach ($studentroles as $studentrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $studentrole->id, $context->id);
+ }
+ break;
+
+ case 1:
+ // SUBMITTERS_ADMIN_ONLY
+
+ // Since this is already the default behavior set in
+ // blocks/rss_client/db/access.php, we don't need to
+ // specifically assign the capabilities here.
+ break;
+
+ case 2:
+ // SUBMITTERS_ADMIN_AND_TEACHER
+
+ foreach ($adminroles as $adminrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id);
+ }
+ foreach ($teacherroles as $teacherrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id);
+ }
+ foreach ($studentroles as $studentrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_PREVENT, $studentrole->id, $context->id);
+ }
+ break;
+
+ } // End switch.
+
+ }
+ }
+ }
+ }
+
return true;
}
-?>
+?>
\ No newline at end of file
`title` text NOT NULL default '',
`preferredtitle` varchar(64) NOT NULL default '',
`description` text NOT NULL default '',
+ `shared` int(2) NOT NULL default '0',
`url` varchar(255) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM COMMENT='Remote news feed information. Contains the news feed id, the userid of the user who added the feed, the title of the feed itself and a description of the feed contents along with the url used to access the remote feed. Preferredtitle is a field for future use - intended to allow for custom titles rather than those found in the feed.';
\ No newline at end of file
ALTER COLUMN description SET DEFAULT \'\'');
}
+
+ if ($oldversion < 2006091100) {
+
+ // We need a new field to store whether an RSS feed is shared or private.
+ table_column('block_rss_client', '', 'shared', 'integer');
+
+ // Admin feeds used to be displayed to everybody (shared feeds).
+ $admins = get_admins();
+ if (!empty($admins)) {
+ $count = 0;
+ foreach($admins as $admin) {
+ if (!$count) {
+ $adminsql = 'userid = '.$admin->id;
+ } else {
+ $adminsql .= ' OR userid = '.$admin->id;
+ }
+ $count++;
+ }
+ if ($rssfeeds = get_records_select('block_rss_client', $adminsql)) {
+ foreach ($rssfeeds as $rssfeed) {
+ $rssfeed->shared = 1;
+ if (!update_record('block_rss_client', $rssfeed)) {
+ notice('Could not set '.$rssfeed->title.' as a shared RSS feed.');
+ }
+ }
+ }
+ }
+
+ // Upgrade block to use the Roles System.
+ $block = get_record('block', 'name', 'rss_client');
+
+ if ($blockinstances = get_records('block_instance', 'blockid', $block->id)) {
+
+ if (!$adminroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW)) {
+ notice('Default student role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+ if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) {
+ notice('Default teacher role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+ if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) {
+ notice('Default student role was not found. Roles and permissions '.
+ 'for all your Remote RSS Feed blocks will have to be '.
+ 'manually set after this upgrade.');
+ }
+
+ foreach ($blockinstances as $bi) {
+ $context = get_context_instance(CONTEXT_MODULE, $bi->id);
+
+ if ($bi->pagetype == 'course-view' && $bi->pageid == SITEID) {
+
+ // Only the admin was allowed to manage the RSS feed block
+ // on the site home page.
+
+ // Since this is already the default behavior set in
+ // blocks/rss_client/db/access.php, we don't need to
+ // specifically assign the capabilities here.
+
+ } else {
+
+ // Who can add shared feeds? This was defined in lib/rsslib.php
+ // for config var block_rss_client_submitters.
+ switch ($CFG->block_rss_client_submitters) {
+
+ case 0:
+ // SUBMITTERS_ALL_ACCOUNT_HOLDERS
+
+ foreach ($adminroles as $adminrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id);
+ }
+ foreach ($teacherroles as $teacherrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id);
+ }
+ foreach ($studentroles as $studentrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $studentrole->id, $context->id);
+ }
+ break;
+
+ case 1:
+ // SUBMITTERS_ADMIN_ONLY
+
+ // Since this is already the default behavior set in
+ // blocks/rss_client/db/access.php, we don't need to
+ // specifically assign the capabilities here.
+ break;
+
+ case 2:
+ // SUBMITTERS_ADMIN_AND_TEACHER
+
+ foreach ($adminroles as $adminrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $adminrole->id, $context->id);
+ }
+ foreach ($teacherroles as $teacherrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_ALLOW, $teacherrole->id, $context->id);
+ }
+ foreach ($studentroles as $studentrole) {
+ assign_capability('block/rss_client:createsharedfeeds', CAP_PREVENT, $studentrole->id, $context->id);
+ }
+ break;
+
+ } // End switch.
+
+ }
+ }
+ }
+ }
+
return true;
}
title text NOT NULL default '',
preferredtitle varchar(64) NOT NULL default '',
description text NOT NULL default '',
+ shared INTEGER NOT NULL default '0',
url varchar(255) NOT NULL default ''
);
/**
* @param int $courseid The id of the course the user is currently viewing
- * @param int $userid If present only entries added by this userid will be displayed
+ * @param int $userid We need this to know which feeds the user is allowed to manage
* @param int $rssid If present the rss entry matching this id alone will be displayed
+ * as long as the user is allowed to manage this feed
+ * @param object $context we need the context object to check what the user is allowed to do.
*/
-function rss_display_feeds($courseid='', $userid='', $rssid='') {
+function rss_display_feeds($courseid, $userid, $rssid='', $context) {
global $db, $USER, $CFG;
global $blogid; //hackish, but if there is a blogid it would be good to preserve it
require_once($CFG->libdir.'/tablelib.php');
$select = '';
-
- if (!isadmin()) {
- $userid = $USER->id;
+ $managesharedfeeds = has_capability('block/rss_client:managesharedfeeds', $context);
+ $manageownfeeds = has_capability('block/rss_client:manageownfeeds', $context);
+
+ if ($rssid != '') {
+ $select = 'id = '.$rssid.' AND ';
}
-
- if ($userid != '' && is_numeric($userid)) {
- // if a user is specified and not an admin then only show their own feeds
- $select = 'userid='. $userid;
- } else if ($rssid != ''){
- $select = 'id='. $rssid;
+ if ($managesharedfeeds) {
+ $select .= '(userid = '.$userid.' OR shared = 1)';
+ } else if ($manageownfeeds) {
+ $select .= 'userid = '.$userid;
}
$table = new flexible_table('rss-display-feeds');
$feedtitle = stripslashes_safe($feed->title);
}
- if ($feed->userid == $USER->id || isadmin()) {
+ if ( ($feed->userid == $USER->id && $manageownfeeds)
+ || ($feed->shared && $managesharedfeeds) ) {
- $feedicons = '<a href="'. $CFG->wwwroot .'/blocks/rss_client/block_rss_client_action.php?id='. $courseid .'&act=rssedit&rssid='. $feed->id .'&blogid='. $blogid .'">'.
+ $feedicons = '<a href="'. $CFG->wwwroot .'/blocks/rss_client/block_rss_client_action.php?id='. $courseid .'&act=rssedit&rssid='. $feed->id .'&shared='.$feed->shared.'&blogid='. $blogid .'">'.
'<img src="'. $CFG->pixpath .'/t/edit.gif" alt="'. get_string('edit').'" title="'. get_string('edit') .'" /></a> '.
- '<a href="'. $CFG->wwwroot .'/blocks/rss_client/block_rss_client_action.php?id='. $courseid .'&act=delfeed&rssid='. $feed->id.'&blogid='. $blogid .'"
+ '<a href="'. $CFG->wwwroot .'/blocks/rss_client/block_rss_client_action.php?id='. $courseid .'&act=delfeed&rssid='. $feed->id.'&shared='.$feed->shared.'blogid='. $blogid .'"
onclick="return confirm(\''. get_string('deletefeedconfirm', 'block_rss_client') .'\');">'.
'<img src="'. $CFG->pixpath .'/t/delete.gif" alt="'. get_string('delete').'" title="'. get_string('delete') .'" /></a>';
}
}
$table->print_html();
-
}
/**
* Wrapper function for rss_get_form
*/
-function rss_print_form($act='none', $url='', $rssid='', $preferredtitle='', $courseid='') {
- print rss_get_form($act, $url, $rssid, $preferredtitle, $courseid);
+function rss_print_form($act='none', $url='', $rssid='', $preferredtitle='', $shared=0, $courseid='', $context) {
+ print rss_get_form($act, $url, $rssid, $preferredtitle, $shared, $courseid, $context);
}
* @param string $act The current action. If "rssedit" then and "update" button is used, otherwise "add" is used.
* @param string $url The url of the feed that is being updated or NULL
* @param int $rssid The dataabse id of the feed that is being updated or NULL
- * @param int $id The id of the course that is currently being viewed if applicable
+ * @param string $preferredtitle The preferred title to display for this feed
+ * @param int $shared Whether this feed is to be shared or not
+ * @param int $courseid The id of the course that is currently being viewed if applicable
+ * @param object $context The context that we will use to check for permissions
* @return string Either the form is printed directly and nothing is returned or the form is returned as a string
*/
-function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $courseid='') {
+function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $shared=0, $courseid='', $context) {
global $USER, $CFG, $_SERVER, $blockid, $blockaction;
global $blogid; //hackish, but if there is a blogid it would be good to preserve it
$stredit = get_string('edit');
$returnstring .= '" />'."\n";
$returnstring .= '<br />'. get_string('customtitlelabel', 'block_rss_client');
-// $returnstring .= '<br /><input type="text" size="60" maxlength="64" name="preferredtitle" value="';
$returnstring .= '<br /><input type="text" size="60" maxlength="128" name="preferredtitle" value="';
if ($act == 'rssedit') {
}
$returnstring .= '" />'."\n";
+
+ if (has_capability('block/rss_client:createsharedfeeds', $context)) {
+ $returnstring .= '<br /><input type="checkbox" name="shared" value="1" ';
+ if ($shared) {
+ $returnstring .= 'checked="checked" ';
+ }
+ $returnstring .= '/> ';
+ $returnstring .= get_string('sharedfeed', 'block_rss_client');
+ $returnstring .= '<br />'."\n";
+ }
+
$returnstring .= '<input type="hidden" name="act" value="';
if ($act == 'rssedit') {