MDL-6805 Fixed redirects in blog; MDL-6807 partially fixed use of capabilitites - it needs more testing and possibly minor fixing, the commit contains other blog bugfixes too. In general it should work exactly the same. The introduction of roles makes proper setup more difficult :-(
Expect some more fixes soon, no other bigger changes...
require_once($CFG->dirroot .'/blog/lib.php');
class block_blog_menu extends block_base {
-
+
function init() {
$this->title = get_string('blockmenutitle', 'blog');
$this->content_type = BLOCK_TYPE_TEXT;
$this->version = 2004112000;
}
-
+
function get_content() {
global $CFG, $course;
$courseviewlink = '';
$addentrylink = '';
$coursearg = '';
-
+
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
-
+
if (isset($course) && isset($course->id)
&& $course->id != 0 && $course->id != SITEID) {
-
+
$incoursecontext = true;
$curcontext = get_context_instance(CONTEXT_COURSE, $course->id);
} else {
$incoursecontext = false;
$curcontext = $sitecontext;
}
-
+
$canviewblogs = has_capability('moodle/blog:view', $curcontext);
-
+
/// Accessibility: markup as a list.
-
+
if ( (isloggedin() && !isguest()) && $incoursecontext
&& $CFG->bloglevel >= BLOG_COURSE_LEVEL && $canviewblogs) {
-
+
$coursearg = '&courseid='.$course->id;
// a course is specified
-
+
$courseviewlink = '<li><a href="'. $CFG->wwwroot .'/blog/index.php?filtertype=course&filterselect='. $course->id .'">';
$courseviewlink .= get_string('viewcourseentries', 'blog') ."</a></li>\n";
}
-
+
$blogmodon = false;
if ( (isloggedin() && !isguest())
// show Add entry link - moderation is off, or moderation is on and the user is viewing the block within the context of a course
if (has_capability('moodle/blog:create', $curcontext)) {
- $addentrylink = '<li><a href="'. $CFG->wwwroot. '/blog/edit.php?userid='.
- $userBlog->userid . $coursearg .'">'.
- get_string('addnewentry', 'blog') ."</a></li>\n";
+ $addentrylink = '<li><a href="'. $CFG->wwwroot. '/blog/edit.php?action=add'
+ .$coursearg.'">'.get_string('addnewentry', 'blog') ."</a></li>\n";
}
// show View my entries link
$addentrylink .= '<li><a href="'. $CFG->wwwroot .'/blog/index.php?userid='.
$userBlog->userid.'">'.get_string('viewmyentries', 'blog').
"</a></li>\n";
-
+
// show link to manage blog prefs
$addentrylink .= '<li><a href="'. $CFG->wwwroot. '/blog/preferences.php?userid='.
$userBlog->userid . $coursearg .'">'.
$output .= '<li><a href="'. $CFG->wwwroot .'/blog/index.php?filtertype=site&">';
$output .= get_string('viewsiteentries', 'blog')."</a></li>\n";
}
-
+
if (isloggedin() && !isguest()
&& (has_capability('moodle/blog:manageofficialtags', $sitecontext)
|| has_capability('moodle/blog:managepersonaltags', $curcontext))) {
$output .= '<li>'. link_to_popup_window("/blog/tags.php",'popup',get_string('tagmanagement'), 400, 500, 'Popup window', 'none', true) ."</li>\n";
}
-
+
// show Help with blogging link
//$output .= '<li><a href="'. $CFG->wwwroot .'/help.php?module=blog&file=user.html">';
//$output .= get_string('helpblogging', 'blog') ."</a></li>\n";
function get_content() {
- global $CFG, $SITE, $COURSE;
+ global $CFG, $SITE, $COURSE, $USER;
if (empty($CFG->bloglevel)) {
$this->content->text = '';
/// Get a list of tags
$timewithin = $this->config->timewithin * 24 * 60 * 60; /// convert to seconds
-
+
$sql = 'SELECT t.id, t.type, t.text, COUNT(DISTINCT bt.id) as ct ';
$sql .= "FROM {$CFG->prefix}tags as t, {$CFG->prefix}blog_tag_instance as bt, {$CFG->prefix}post as p ";
$sql .= 'WHERE t.id = bt.tagid ';
/// 1. tags with the same count should have the same size class
/// 2. however many tags we have should be spread evenly over the
/// 20 size classes
-
+
$totaltags = count($tags);
$currenttag = 0;
$size = 20;
$lasttagct = -1;
-
+
$etags = array();
foreach ($tags as $tag) {
-
+
$currenttag++;
if ($currenttag == 1) {
$lasttagct = $tag->ct;
$size = 20 - ( (int)((($currenttag - 1) / $totaltags) * 20) );
}
-
+
$tag->class = "$tag->type s$size";
$etags[] = $tag;
/// Now we sort the tag display order
$CFG->tagsort = $this->config->sort;
usort($etags, "blog_tags_sort");
-
+
/// Finally we create the output
foreach ($etags as $tag) {
switch ($CFG->bloglevel) {
$filterselect = $USER->id;
break;
- case BLOG_GROUP_LEVEL:
+ case BLOG_GROUP_LEVEL:
$filtertype = 'group';
$filterselect = get_current_group($this->instance->pageid);
break;
case BLOG_COURSE_LEVEL:
$filtertype = 'course';
- if (isset($COURSE->id)) {
+ if (isset($COURSE->id)) {
$filterselect = $COURSE->id;
} else {
$filterselect = $this->instance->pageid;
break;
default:
- if (isset($COURSE->id) && $COURSE->id != SITEID) {
+ if (isset($COURSE->id) && $COURSE->id != SITEID) {
$filtertype = 'course';
$filterselect = $COURSE->id;
} else {
var $editing = false;
var $courserecord = NULL;
var $courseid = NULL;
-
+ var $filtertype = NULL;
+ var $filterselect = NULL;
+
// Mandatory; should return our identifier.
function get_type() {
global $CFG;
require_once($CFG->dirroot .'/blog/lib.php');
return PAGE_BLOG_VIEW;
}
-
+
// we have no format type, use 'blog'
//I think it's a bug, but if this is left the default NULL value then pages can
//fail to load completely
$this->id = 0; //set blog id to 0
}
}
-
+
// Here you should load up all heavy-duty data for your page. Basically everything that
// does not NEED to be loaded for the class to make basic decisions should NOT be loaded
// in init_quick() and instead deferred here. Of course this function had better recognize
}
}
$this->full_init_done = true;
- }
+ }
// For this test page, only admins are going to be allowed editing (for simplicity).
function user_allowed_editing() {
// Also, admins are considered to have "always on" editing (I wanted to avoid duplicating
// the code that turns editing on/off here; you can roll your own or copy course/view.php).
function user_is_editing() {
- if (isloggedin() && !isguest()) {
+ global $SESSION;
- global $SESSION;
- if (empty($SESSION->blog_editing_enabled)) {
- $SESSION->blog_editing_enabled = false;
- }
- $this->editing = $SESSION->blog_editing_enabled;
+ if (isloggedin() && !isguest()) {
+ $this->editing = !empty($SESSION->blog_editing_enabled);
return $this->editing;
}
return false;
//over-ride parent method's print_header because blog already passes more than just the title along
function print_header($pageTitle='', $pageHeading='', $pageNavigation='', $pageFocus='', $pageMeta='') {
global $USER;
+
$this->init_full();
$extraheader = '';
if (!empty($USER) && !empty($USER->id)) {
}
print_header($pageTitle, $pageHeading, $pageNavigation, $pageFocus, $pageMeta, true, $extraheader );
}
-
+
// This should point to the script that displays us
function url_get_path() {
global $CFG;
+
return $CFG->wwwroot .'/blog/index.php';
}
return $array;
}
- //I should likely just bring blog filter in here and return
- //the output of a filter method like get_params
- //instead let's simply return the userid and courseid
- $array['userid'] = $this->id;
if (!empty($this->courseid)) {
$array['courseid'] = $this->courseid;
}
+ if (!empty($this->filtertype)) {
+ $array['filtertype'] = $this->filtertype;
+ }
+ if (!empty($this->filterselect)) {
+ $array['filterselect'] = $this->filterselect;
+ }
return $array;
}
function blocks_get_positions() {
return array(BLOCK_POS_LEFT, BLOCK_POS_RIGHT);
}
-
+
// When a new block is created in this page, which position should it go to?
function blocks_default_position() {
return BLOCK_POS_RIGHT;
// colons (:) to delimit between block positions in the page. See blocks_get_positions() for additional info.
function blocks_get_default() {
global $CFG;
-
+
$this->init_full();
-
+
// It's a normal blog page
if (!empty($CFG->{'defaultblocks_'. $this->get_type()})) {
$blocknames = $CFG->{'defaultblocks_'. $this->get_type()};
/// Failsafe - in case nothing was defined.
$blocknames = 'admin,calendar_month,online_users,blog_menu';
}
-
+
return $blocknames;
- }
+ }
// And finally, a little block move logic. Given a block's previous position and where
// we want to move it to, return its new position. Pretty self-documenting.
function get_extra_header_string() {
global $SESSION, $CFG, $USER;
- $editformstring = '';
- if (isloggedin() && !isguest()) {
- if (!empty($SESSION->blog_editing_enabled) && ($SESSION->blog_editing_enabled)) {
+ $editformstring = '';
+ if ($this->user_allowed_editing()) {
+ if (!empty($SESSION->blog_editing_enabled)) {
$editingString = get_string('turneditingoff');
} else {
$editingString = get_string('turneditingon');
}
- $url = $this->url_get_full();
- $editval = empty($SESSION->blog_editing_enabled) ? 1 : 0;
- $editformstring = '<form target="'. $CFG->framename .'" method="get" action="'.$url.'/blog/index.php">'.
- '<input type="hidden" name="edit" value="'.$editval.'" />'.
- '<input type="submit" value="'. $editingString .'" /></form>';
+
+ $params = $this->url_get_parameters();
+ $params['edit'] = empty($SESSION->blog_editing_enabled) ? 1 : 0;
+ $paramstring = '';
+ foreach ($params as $key=>$val) {
+ $paramstring .= '<input type="hidden" name="'.$key.'" value="'.s($val).'" />';
+ }
+ $editformstring = '<form target="'.$CFG->framename.'" method="get" action="'.$this->url_get_path().'">'
+ .$paramstring.'<input type="submit" value="'.$editingString.'" /></form>';
}
- return $editformstring;
- }
+ return $editformstring;
+ }
}
?>
<?php //$Id$
- if (!isset($post->groupid)) {
- $post->groupid = 0;
- }
-
// find all the tags this post uses
$usedtags = array();
- if (isset($post->postid)) {
- if ($tagsused = get_records('blog_tag_instance', 'entryid', $post->postid)) {
+ if (!empty($post->id)) {
+ if ($tagsused = get_records('blog_tag_instance', 'entryid', $post->id)) {
foreach ($tagsused as $usedtag) {
$usedtags[] = $usedtag -> tagid;
}
}
}
-?>
-<!-- the following form is based on moodle/mod/forum/post.html -->
-
-<form name="entry" method="post" action="<?php echo $CFG->wwwroot;?>/blog/edit.php" id="entry" <?php echo $onsubmit; ?> enctype="multipart/form-data">
-<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
-<input type="hidden" name="referrer" value="<?php echo $referrer; ?>" />
+ if ($usehtmleditor) {
+ // clean and convert to html before editting
+ $options = new object();
+ $options->smiley = false;
+ $options->filter = false;
+ $options->nocache = true;
+ $post->summary = format_text($post->summary, $post->format, $options);
+ }
+?>
+<form name="entry" method="post" action="edit.php" >
-<table border="0" cellpadding="5" id="edittable">
+<table border="0" cellpadding="5">
<tr valign="top">
<td align="right">
</td>
- <td colspan="2"><strong><?php echo $formHeading; ?></strong>
+ <td colspan="2"><strong><?php echo $strformheading; ?></strong>
</td>
</tr>
<tr valign="top">
<td align="right"><strong><?php print_string('entrytitle', 'blog'); ?>:</strong></td>
<td colspan="2">
- <input type="text" name="etitle" size="60" value="<?php p($post->etitle) ?>" id="etitle" />
+ <input type="text" name="subject" size="60" value="<?php p($post->subject) ?>" />
+ <?php if (isset($errors["subject"])) formerr($errors["subject"]); ?>
</td>
</tr>
<tr valign="top">
<tr valign="top">
<td align="right"><strong>
- <?php
- if (isset($post->useextendedbody) && $post->useextendedbody) {
- print_string('entryexcerpt', 'blog');
- } else {
- print_string('entrybody', 'blog');
- }
+ <?php
+ print_string('entrybody', 'blog');
?>:
</strong><br /><br />
<small><small>
} else {
emoticonhelpbutton('entry', 'body');
}
- ?>
- </small></small>
+ ?>
+ </small></small>
</td>
<td align="left" colspan="2">
- <?php print_textarea($usehtmleditor, 25, 62, 500, 600, 'body', $post->body); ?>
+ <?php print_textarea($usehtmleditor, 25, 62, 500, 600, 'summary', $post->summary); ?>
</td>
</tr>
<tr valign="top">
print_string('formathtml');
echo '<input type="hidden" name="format" value="'.FORMAT_HTML.'" />';
} else {
- choose_from_menu(format_text_menu(), "format", $post->format, "");
+ choose_from_menu(format_text_menu(), 'format', $post->format, '');
}
?>
<small><small>
helpbutton('textformat', get_string('helpformatting'));
?>
</small></small>
+ <?php if (isset($errors["summary"])) formerr($errors["summary"]); ?>
</td>
</tr>
<tr>
<td align="center" colspan="3">
- <input type="hidden" name="editform" value="1" id="editform" />
- <input type="hidden" name="userid" value="<?php echo $userid; ?>" id="userid" />
- <input type="hidden" name="tem" id="tem" />
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
+ <input type="hidden" name="action" value="<?php echo $action; ?>" />
+ <input type="hidden" name="courseid" value="<?php echo $courseid; ?>" />
<?php
- if (isset($post->postid) && ($post->postid != -1) ) {
+ if ($action == 'add') {
?>
- <input type="hidden" name="postid" value="<?php echo $post->postid; ?>" id="postid" />
- <input type="hidden" name="act" value="update" id="act" />
- <input type="submit" value="Update" id="Submit1" name="Submit1" />
- <input type="button" value="Cancel" onclick="javascript:history.go(-1)" id="cancel" name="cancel" />
+ <input type="hidden" name="action" value="add" />
+ <input type="submit" value="<?php print_string('add'); ?>" />
+ <input type="button" value="<?php print_string('cancel'); ?>" onclick="javascript:history.go(-1)" />
<?php
} else { ?>
- <input type="hidden" name="act" value="save" id="act" />
- <input type="submit" value="<?php print_string('savechanges'); ?>" id="savechanges" name="Submit2" />
+ <input type="hidden" name="id" value="<?php echo $post->id; ?>" />
+ <input type="submit" value="<?php print_string('savechanges'); ?>" />
+ <input type="button" value="<?php print_string('cancel'); ?>" onclick="javascript:history.go(-1)" />
<?php } ?>
</td>
</tr>
require_once('../config.php');
include_once('lib.php');
-require_login();
-$courseid = optional_param('courseid', SITEID, PARAM_INT);
-$act = optional_param('act','',PARAM_ALPHA);
+$action = required_param('action', PARAM_ALPHA);
+$id = optional_param('id', 0, PARAM_INT);
+$confirm = optional_param('confirm', 0, PARAM_BOOL);
+$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tab - does nothing here
+
+require_login();
if (empty($CFG->bloglevel)) {
error('Blogging is disabled!');
}
-// detemine where the user is coming from in case we need to send them back there
-if (!$referrer = optional_param('referrer','', PARAM_URL)) {
- if (isset($_SERVER['HTTP_REFERER'])) {
- $referrer = $_SERVER['HTTP_REFERER'];
- } else {
- $referrer = $CFG->wwwroot;
- }
+if (isguest()) {
+ error(get_string('noguestpost', 'blog'));
}
-
-$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
-if (!has_capability('moodle/blog:view', $context)) {
- error(get_string('nopost', 'blog'), $referrer);
+$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+if (!has_capability('moodle/blog:create', $sitecontext) and !has_capability('moodle/blog:manageentries', $sitecontext)) {
+ error('You can not post or edit blogs.');
}
-
// Make sure that the person trying to edit have access right
-if ($editid = optional_param('editid', 0, PARAM_INT)) {
-
- $blogEntry = get_record('post', 'id', $editid);
-
- if (!blog_user_can_edit_post($blogEntry, $context)) {
- error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
+if ($id) {
+ if (!$existing = get_record('post', 'id', $id)) {
+ error('Wrong blog post id');
}
-}
-// Check to see if there is a requested blog to edit
-if (isloggedin() && !isguest()) {
- $userid = $USER->id;
+ if (!blog_user_can_edit_post($existing)) {
+ error(get_string('notallowedtoedit', 'blog'));
+ }
+ $userid = $existing->userid;
+ $returnurl = $CFG->wwwroot.'/blog/index.php?userid='.$existing->userid;
} else {
- error(get_string('noblogspecified', 'blog') .'<a href="'. $CFG->blog_blogurl .'">' .get_string('viewentries', 'blog') .'</a>');
+ if (!has_capability('moodle/blog:create', $sitecontext)) {
+ error(get_string('nopost', 'blog')); // manageentries is not enough for adding
+ }
+ $existing = false;
+ $userid = $USER->id;
+ $returnurl = 'index.php?userid='.$USER->id;
}
-
-// If we are trying to delete an non-existing blog entry
-if (isset($act) && ($act == 'del') && (empty($blogEntry))) {
- error ('the entry you are trying to delete does not exist');
+if (!empty($courseid)) {
+ $returnurl .= '&courseid='.$courseid;
}
+$errors = array();
+$post = new object(); // editing form data
-$pageNavigation = 'edit';
-include($CFG->dirroot .'/blog/header.php');
+$usehtmleditor = can_use_richtext_editor();
+$strblogs = get_string('blogs','blog');
-//////////// SECURITY AND SETUP COMPLETE - NOW PAGE LOGIC ///////////////////
-if (isset($act) && ($act == 'del') && confirm_sesskey())
-{
- $postid = required_param('editid', PARAM_INT);
- if (optional_param('confirm',0,PARAM_INT)) {
- do_delete($postid, $context);
- } else {
+switch ($action) {
- /// prints blog entry and what confirmation form
- echo '<div align="center"><form method="GET" action="edit.php">';
- echo '<input type="hidden" name="act" value="del" />';
- echo '<input type="hidden" name="confirm" value="1" />';
- echo '<input type="hidden" name="editid" value="'.$postid.'" />';
- echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
-
- print_string('blogdeleteconfirm', 'blog');
- blog_print_entry($blogEntry);
-
- echo '<br />';
- echo '<input type="submit" value="'.get_string('delete').'" /> ';
- echo ' <input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
- echo '</form></div>';
- print_footer($course);
- exit;
- }
-}
+ case 'add':
+ if (data_submitted() and confirm_sesskey()) {
+ do_add($post, $errors);
+ if (empty($errors)) {
+ redirect($returnurl);
+ }
+ $post = stripslashes_safe($post); // no db access after this!!
+ // print form again
+ } else {
+ // prepare new empty form
+ $post->subject = '';
+ $post->summary = '';
+ $post->publishstate = 'draft';
+ $post->format = $usehtmleditor ? FORMAT_HTML : FORMAT_MOODLE;
-if ($usehtmleditor = can_use_richtext_editor()) {
- $defaultformat = FORMAT_HTML;
- $onsubmit = '';
-} else {
- $defaultformat = FORMAT_MOODLE;
- $onsubmit = '';
-}
+ }
+ $strformheading = get_string('addnewentry', 'blog');
+ break;
-if (($post = data_submitted( get_referer() )) && confirm_sesskey()) {
- if (!empty($post->editform)) { //make sure we're processing the edit form here
- //print_object($post); //debug
+ case 'edit':
+ if (!$existing) {
+ error('Incorrect blog post id');
+ }
+ if (data_submitted() and confirm_sesskey()) {
+ do_edit($post, $errors);
+ if (empty($errors)) {
+ redirect($returnurl);
+ }
+ $post = stripslashes_safe($post); // no db access after this!!
+ // print form again
+ } else {
+ $post->id = $existing->id;
+ $post->subject = $existing->subject;
+ $post->summary = $existing->summary;
+ $post->publishstate = $existing->publishstate;
+ $post->format = $existing->format;
+ }
+ $strformheading = get_string('updateentrywithid', 'blog');
+ break;
- if (!$post->etitle or !$post->body) {
- $post->error = get_string('emptymessage', 'forum');
+ case 'delete':
+ if (!$existing) {
+ error('Incorrect blog post id');
}
- if ($post->act == 'save') {
- do_save($post);
- } else if ($post->act == 'update') {
- do_update($post);
- } else if ($post->act == 'del') {
- $postid = required_param('postid', PARAM_INT);
- do_delete($postid, $context);
+ if (data_submitted() and $confirm and confirm_sesskey()) {
+ do_delete($existing);
+ redirect($returnurl);
+ } else {
+ $optionsyes = array('id'=>$id, 'action'=>'delete', 'confirm'=>1, 'sesskey'=>sesskey(), 'courseid'=>$courseid);
+ $optionsno = array('userid'=>$existing->userid, 'courseid'=>$courseid);
+ print_header("$SITE->shortname: $strblogs", $SITE->fullname);
+ blog_print_entry($existing);
+ echo '<br />';
+ notice_yesno(get_string('blogdeleteconfirm', 'blog'), 'edit.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
+ print_footer();
+ die;
}
- }
-} else {
+ break;
- //no post data yet, so load up the post array with default information
- $post->etitle = '';
- $post->userid = $USER->id;
- $post->body = '';
- $post->format = $defaultformat;
- $post->publishstate = 'draft';
+ default:
+ error('Unknown action!');
+ break;
}
-if ($editid) { // User is editing a post
- // ensure that editing is allowed first - admin users can edit any posts
-
- $blogEntry = get_record('post','id',$editid);
+// gui setup
- //using an unformatted entry body here so that extra formatting information is not stored in the db
- $post->body = stripslashes_safe($blogEntry->summary);
- $post->etitle = stripslashes_safe($blogEntry->subject);
- $post->postid = $editid;
- $post->userid = $blogEntry->userid;
- $post->format = $blogEntry->format;
- $post->publishstate = $blogEntry->publishstate;
+// done here in order to allow deleting of posts with wrong user id above
+if (!$user = get_record('user', 'id', $userid)) {
+ error('Incorrect user id');
}
-if (isset($post->postid) && ($post->postid != -1) ) {
- $formHeading = get_string('updateentrywithid', 'blog');
-} else {
- $formHeading = get_string('addnewentry', 'blog');
-}
+print_header("$SITE->shortname: $strblogs", $SITE->fullname,
+ '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$userid.'">'.fullname($user).'</a> ->
+ <a href="'.$CFG->wwwroot.'/blog/index.php?userid='.$userid.'">'.$strblogs.'</a> -> '.$strformheading,'','',true);
-if (isset($post->error)) {
- notify($post->error);
-}
-
-print_simple_box_start("center");
+echo '<br />';
+print_simple_box_start('center');
require('edit.html');
print_simple_box_end();
-include($CFG->dirroot .'/blog/footer.php');
+if ($usehtmleditor) {
+ use_html_editor();
+}
+
+print_footer();
+
+die;
/***************************** edit.php functions ***************************/
/*
-* do_delete
-* takes $bloginfo_arg argument as reference to a blogInfo object.
-* also takes the postid - the id of the entry to be removed
+* Delete blog post from database
*/
-function do_delete($postid, $context) {
- global $CFG, $USER, $referrer;
- // make sure this user is authorized to delete this entry.
- // cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post.
- // check ownership
- $blogEntry = get_record('post', 'id', $postid);
-
- if (blog_user_can_edit_post($blogEntry, $context)) {
- if (delete_records('post', 'id', $postid)) {
- //echo "bloginfo_arg:"; //debug
- //print_object($bloginfo_arg); //debug
- //echo "pid to delete:".$postid; //debug
- delete_records('blog_tag_instance', 'entryid', $postid);
- print '<strong>'. get_string('entrydeleted', 'blog') .'</strong><p>';
-
- //record a log message of this entry deletion
- if ($site = get_site()) {
- add_to_log($site->id, 'blog', 'delete', 'index.php?userid='. $blogEntry->userid, 'deleted blog entry with entry id# '. $postid);
- }
- }
- }
- else {
- error(get_string('entryerrornotyours', 'blog'));
- }
+function do_delete($post) {
+ global $returnurl;
- //comment out this redirect to debug the deletion of entries
+ $status = delete_records('post', 'id', $post->id);
+ $status = delete_records('blog_tag_instance', 'entryid', $post->id) and $status;
- redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
+ add_to_log(SITEID, 'blog', 'delete', 'index.php?userid='. $post->userid, 'deleted blog entry with entry id# '. $post->id);
+
+ if (!$status) {
+ error('Error occured while deleting post', $returnurl);
+ }
}
/**
-* do_save
-*
-* @param object $post argument is a reference to the post object which is used to store information for the form
-* @param object $bloginfo_arg argument is reference to a blogInfo object.
-*/
-function do_save($post) {
- global $USER, $CFG, $referrer;
-// echo 'Debug: Post object in do_save function of edit.php<br />'; //debug
-// print_object($post); //debug
+ * Write a new blog entry into database
+ */
+function do_add(&$post, &$errors) {
+ global $CFG, $USER, $returnurl;
- if ($post->body == '') {
- $post->error = get_string('nomessagebodyerror', 'blog');
- } else {
+ $post->subject = required_param('subject', PARAM_MULTILANG);
+ $post->summary = required_param('summary', PARAM_RAW);
+ $post->format = required_param('format', PARAM_INT);
+ $post->publishstate = required_param('publishstate', PARAM_ALPHA);;
- /// Write a blog entry into database
- $blogEntry = new object;
- $blogEntry->subject = addslashes($post->etitle);
- $blogEntry->summary = addslashes($post->body);
- $blogEntry->module = 'blog';
- $blogEntry->userid = $USER->id;
- $blogEntry->format = $post->format;
- $blogEntry->publishstate = $post->publishstate;
- $blogEntry->lastmodified = time();
- $blogEntry->created = time();
-
- // Insert the new blog entry.
- $entryID = insert_record('post',$blogEntry);
-
-// print 'Debug: created a new entry - entryId = '.$entryID.'<br />'; //debug
-// echo 'Debug: do_save() in edit.php calling blog_do_*back_pings<br />'."\n"; //debug
- if ($entryID) {
-
- /// Creates a unique hash. I don't know what this is for (Yu)
- $dataobject = new object;
- $dataobject->uniquehash = md5($blogEntry->userid.$CFG->wwwroot.$entryID);
- update_record('post', $dataobject);
-
- /// Associate tags with entries
-
- $tag = NULL;
- $tag->entryid = $entryID;
- $tag->userid = $USER->id;
- $tag->timemodified = time();
-
- /// Add tags information
- if ($otags = optional_param('otags','', PARAM_INT)) {
- foreach ($otags as $otag) {
- $tag->tagid = $otag;
- insert_record('blog_tag_instance',$tag);
- }
- }
+ if ($post->summary == '<br />') {
+ $post->summary = '';
+ }
- if ($ptags = optional_param('ptags','', PARAM_INT)) {
- foreach ($ptags as $ptag) {
- $tag->tagid = $ptag;
- insert_record('blog_tag_instance',$tag);
- }
- }
+ if ($post->subject == '') {
+ $errors['subject'] = get_string('emptytitle', 'blog');
+ }
+ if ($post->summary == '') {
+ $errors['summary'] = get_string('emptybody', 'blog');
+ }
- print '<strong>'. get_string('entrysaved', 'blog') .'</strong><br />';
- }
- //record a log message of this entry addition
- if ($site = get_site()) {
- add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject);
- }
-
- redirect($referrer);
- /*
- //to debug this save function comment out the following redirect code
- if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
- redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
- } else {
- redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
- }*/
+ if (!empty($errors)) {
+ return; // no saving
}
+
+ $post->module = 'blog';
+ $post->userid = $USER->id;
+ $post->lastmodified = time();
+ $post->created = time();
+
+
+ // Insert the new blog entry.
+ if ($id = insert_record('post', $post)) {
+ $post->id = $id;
+ add_tags_info($post->id);
+ add_to_log(SITEID, 'blog', 'add', 'index.php?userid='.$post->userid.'&postid='.$posz->id, $post->subject);
+
+ } else {
+ error('There was an error adding this post in the database', $returnurl);
+ }
+
}
/**
* @param . $bloginfo_arg argument is reference to a blogInfo object.
* @todo complete documenting this function. enable trackback and pingback between entries on the same server
*/
-function do_update($post) {
- // here post = data_submitted();
- global $CFG, $USER, $referrer;
- $blogEntry = get_record('post','id',$post->postid);
-// echo "id id ".$post->postid;
-// print_object($blogentry); //debug
-
- $blogEntry->subject = addslashes($post->etitle);
- $blogEntry->summary = addslashes($post->body);
- if ($blogEntry->summary == '<br />') {
- $blogEntry->summary = '';
+function do_edit(&$post, &$errors) {
+
+ global $CFG, $USER, $returnurl;
+
+ $post->id = required_param('id', PARAM_INT);
+ $post->subject = required_param('subject', PARAM_MULTILANG);
+ $post->summary = required_param('summary', PARAM_RAW);
+ $post->format = required_param('format', PARAM_INT);
+ $post->publishstate = required_param('publishstate', PARAM_ALPHA);;
+
+ if ($post->summary == '<br />') {
+ $post->summary = '';
}
- $blogEntry->format = $post->format;
- $blogEntry->publishstate = $post->publishstate; //we don't care about the return value here
-
- if ( update_record('post',$blogEntry)) {
- delete_records('blog_tag_instance', 'entryid', $blogEntry->id);
-
- $tag = NULL;
- $tag->entryid = $blogEntry->id;
- $tag->userid = $USER->id;
- $tag->timemodified = time();
-
- /// Add tags information
- if ($otags = optional_param('otags','', PARAM_INT)) {
- foreach ($otags as $otag) {
- $tag->tagid = $otag;
- insert_record('blog_tag_instance',$tag);
- }
- }
- if ($ptags = optional_param('ptags','', PARAM_INT)) {
- foreach ($ptags as $ptag) {
- $tag->tagid = $ptag;
- insert_record('blog_tag_instance',$tag);
- }
+ if ($post->subject == '') {
+ $errors['subject'] = get_string('emptytitle', 'blog');
+ }
+ if ($post->summary == '') {
+ $errors['summary'] = get_string('emptybody', 'blog');
+ }
+
+ if (!empty($errors)) {
+ return; // no saving
+ }
+
+ $post->lastmodified = time();
+
+ // update record
+ if (update_record('post', $post)) {
+ delete_records('blog_tag_instance', 'entryid', $post->id);
+ add_tags_info($post->id);
+ add_to_log(SITEID, 'blog', 'update', 'index.php?userid='.$post->userid.'&postid='.$post->id, $post->subject);
+
+ } else {
+ error('There was an error updating this post in the database', $returnurl);
+ }
+
+}
+
+function add_tags_info($postid) {
+ $post = get_record('post', 'id', $postid);
+
+ $tag = new object();
+ $tag->entryid = $post->id;
+ $tag->userid = $post->userid;
+ $tag->timemodified = time();
+
+ /// Add tags information
+ if ($otags = optional_param('otags','', PARAM_INT)) {
+ foreach ($otags as $otag) {
+ $tag->tagid = $otag;
+ insert_record('blog_tag_instance', $tag);
}
-
- // only do pings if the entry is published to the world
- // Daryl Hawes note - eventually should check if it's on the same server
- // and if so allow pb/tb as well - especially now that moderation is in place
- print '<strong>'. get_string('entryupdated', 'blog') .'</strong><p>';
-
- //record a log message of this entry update action
- if ($site = get_site()) {
- add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject);
+ }
+
+ if ($ptags = optional_param('ptags','', PARAM_INT)) {
+ foreach ($ptags as $ptag) {
+ $tag->tagid = $ptag;
+ insert_record('blog_tag_instance', $tag);
}
-
- redirect($referrer);
- //to debug this save function comment out the following redirect code
-/*
- if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
- redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
- } else {
- redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
- }*/
- } else {
-// get_string('', 'blog') //Daryl Hawes note: localize this line
- $post->error = 'There was an error updating this post in the database';
}
}
?>
\ No newline at end of file
</tr>
</table>
</td>
-<?php
+<?php
print '<!-- End page content -->'."\n";
// The right column
<?php
-// Janne comment: Let's move this in here
-// so IE gets more time to load the
-// Page.
-
-if (isset($usehtmleditor) && $usehtmleditor) {
- // Janne comment: there are two text fields in form
- // so lets try to replace them both with
- // HTMLArea editors
- use_html_editor();
-}
-
-if (isset($course) && ($course->id)) {
- print_footer($course);
-} else {
- print_footer();
-}
+print_footer($course);
?>
<?php //$Id$
-/// Sets up blocks and navigation for index.php, edit.php
+/// Sets up blocks and navigation for index.php
require_once($CFG->dirroot .'/blog/lib.php');
require_once($CFG->libdir .'/pagelib.php');
require_once($CFG->dirroot .'/course/lib.php');
$blockaction = optional_param('blockaction','', PARAM_ALPHA);
-$instanceid = optional_param('instanceid', 0, PARAM_INT);
-$blockid = optional_param('blockid', 0, PARAM_INT);
+$instanceid = optional_param('instanceid', 0, PARAM_INT);
+$blockid = optional_param('blockid', 0, PARAM_INT);
/// If user has never visited this page before, install 2 blocks for him
blog_check_and_install_blocks();
-// now check that they are logged in and allowed into the course (if specified)
-if ($courseid != SITEID) {
- if (!$course = get_record('course', 'id', $courseid)) {
- error('The course number was incorrect ('. $courseid .')');
- }
- require_login($course->id);
-} else {
- $course = $SITE;
+if (!$course = get_record('course', 'id', $courseid)) {
+ error('The course number was incorrect ('. $courseid .')');
}
// Bounds for block widths within this page
// map our page identifier to the actual name
// of the class which will be handling its operations.
-page_map_class($pagetype, $pageclass);
+page_map_class($pagetype, $pageclass);
// Now, create our page object.
if (empty($USER->id)) {
} else {
$PAGE = page_create_object($pagetype, $USER->id);
}
-$PAGE->courseid = $courseid;
+$PAGE->courseid = $courseid;
+$PAGE->filtertype = $filtertype;
+$PAGE->filterselect = $filterselect;
+
$PAGE->init_full(); //init the BlogInfo object and the courserecord object
+$editing = false;
+if ($PAGE->user_allowed_editing()) {
+ $editing = $PAGE->user_is_editing();
+}
+
+// Calculate the preferred width for left, right and center (both center positions will use the same)
+$preferred_width_left = bounded_number(BLOCK_L_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]),
+ BLOCK_L_MAX_WIDTH);
+$preferred_width_right = bounded_number(BLOCK_R_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]),
+ BLOCK_R_MAX_WIDTH);
+
+// Display the blocks and allow blocklib to handle any block action requested
+$pageblocks = blocks_get_by_page($PAGE);
+
+if ($editing) {
+ if (!empty($blockaction) && confirm_sesskey()) {
+ if (!empty($blockid)) {
+ blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), intval($blockid));
+ } else if (!empty($instanceid)) {
+ $instance = blocks_find_instance($instanceid, $pageblocks);
+ blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $instance);
+ }
+ // This re-query could be eliminated by judicious programming in blocks_execute_action(),
+ // but I'm not sure if it's worth the complexity increase...
+ $pageblocks = blocks_get_by_page($PAGE);
+ }
+ $missingblocks = blocks_get_missing($PAGE, $pageblocks);
+}
+
if (!empty($tagid)) {
$taginstance = get_record('tags', 'id', $tagid);
} else {
$taginstance = get_record('tags', 'id', $tagid);
}
}
-if (!isset($filtertype)) {
- $filtertype = 'user';
- $filterselect = $USER->id;
-}
/// navigations
/// site blogs - sitefullname -> blogs -> (?tag)
$blogstring = get_string('blogs','blog');
$tagstring = get_string('tag');
-if ($ME == $CFG->wwwroot.'/blog/edit.php') { /// We are in edit mode, print the editing header
-
- // first we need to identify the user
- if ($editid) { // if we are editing a post
- $blogEntry = get_record('post','id',$editid);
- $user = get_record('user','id',$blogEntry->userid);
- } else {
- $user = get_record('user','id',$filterselect);
- }
-
- if ($editid) {
- $formHeading = get_string('updateentrywithid', 'blog');
- } else {
- $formHeading = get_string('addnewentry', 'blog');
- }
-
- print_header("$SITE->shortname: $blogstring", "$SITE->fullname",
- '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$filterselect.'">'.fullname($user).'</a> ->
- <a href="'.$CFG->wwwroot.'/blog/index.php?userid='.$user->id.'">'.$blogstring.'</a> -> '. $formHeading,'','',true);
+// needed also for user tabs later
+if (!$course = get_record('course', 'id', $courseid)) {
+ error('Wrong course id');
+}
-} else { // else, we are in view mode
/// This is very messy atm.
break;
case 'user':
- $user = get_record('user', 'id', $filterselect);
$participants = get_string('participants');
+ if (!$user = get_record('user', 'id', $filterselect)) {
+ error('Wrong user id');
+ }
- if (isset($course->id) && $course->id && $course->id != SITEID) {
+ if ($course->id != SITEID) {
if ($tagid || !empty($tag)) {
print_header("$course->shortname: $blogstring", $course->fullname,
'<a href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'.$course->shortname.'</a> ->
<a href="'.$CFG->wwwroot.'/user/index.php?id='.$course->id.'">'.$participants.'</a> ->
<a href="'.$CFG->wwwroot.'/user/view.php?id='.$filterselect.'&course='.$course->id.'">'.fullname($user).'</a> ->
- <a href="index.php?courseid='.optional_param('courseid', 0, PARAM_INT).'&filtertype=user&filterselect='.$filterselect.'">'. "$blogstring</a> -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string());
+ <a href="index.php?courseid='.$course->id.'&filtertype=user&filterselect='.$filterselect.'">'. "$blogstring</a> -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string());
} else {
print_header("$course->shortname: $blogstring", $course->fullname,
'.$blogstring,'','',true,$PAGE->get_extra_header_string());
}
- }
+ } else {
+
//in top view
- else {
if ($tagid || !empty($tag)) {
print_header("$SITE->shortname: $blogstring", $SITE->fullname,
}
break;
- default: //user click on add from block
- print_header("$SITE->shortname: $blogstring", $SITE->fullname,
- '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$filterselect.'">'.fullname($user).'</a> ->
- <a href="'.$CFG->wwwroot.'/blog/index.php?userid='.$user->id.'">'.$blogstring.'</a> -> '.get_string('addentry','blog'),'','',true,$PAGE->get_extra_header_string());
+ default:
+ error ('Error unknown filtertype');
break;
}
-} /// close switch
// prints the tabs
if ($filtertype=='user') {
- $showroles = 1;
+ $showroles = true;
+} else {
+ $showroles = false;
}
$currenttab = 'blogs';
-$user = $USER;
-if (!$course) {
- $course = get_record('course','id',optional_param('courseid', SITEID, PARAM_INT));
-}
-require_once($CFG->dirroot .'/user/tabs.php');
-$editing = false;
-if ($PAGE->user_allowed_editing()) {
- $editing = $PAGE->user_is_editing();
-}
-
-// Calculate the preferred width for left, right and center (both center positions will use the same)
-$preferred_width_left = bounded_number(BLOCK_L_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]),
- BLOCK_L_MAX_WIDTH);
-$preferred_width_right = bounded_number(BLOCK_R_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]),
- BLOCK_R_MAX_WIDTH);
-
-// Display the blocks and allow blocklib to handle any block action requested
-$pageblocks = blocks_get_by_page($PAGE);
+require_once($CFG->dirroot .'/user/tabs.php');
-if ($editing) {
- if (!empty($blockaction) && confirm_sesskey()) {
- if (!empty($blockid)) {
- blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), intval($blockid));
- } else if (!empty($instanceid)) {
- $instance = blocks_find_instance($instanceid, $pageblocks);
- blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $instance);
- }
- // This re-query could be eliminated by judicious programming in blocks_execute_action(),
- // but I'm not sure if it's worth the complexity increase...
- $pageblocks = blocks_get_by_page($PAGE);
- }
- $missingblocks = blocks_get_missing($PAGE, $pageblocks);
-}
/// Layout the whole page as three big columns.
print '<table border="0" cellpadding="3" cellspacing="0" width="100%">' . "\n";
* if a blog id is specified then the latest entries from that blog are shown
*/
-if (!file_exists('../config.php')) {
- header('Location: ../install.php');
- die;
-}
-
require_once('../config.php');
require_once($CFG->dirroot .'/blog/lib.php');
require_once($CFG->libdir .'/blocklib.php');
$id = optional_param('id', 0, PARAM_INT);
-$limit = optional_param('limit', 0, PARAM_INT);
$start = optional_param('formstart', 0, PARAM_INT);
$userid = optional_param('userid',0,PARAM_INT);
-$courseid = optional_param('courseid',SITEID,PARAM_INT);
$tag = optional_param('tag', '', PARAM_NOTAGS);
$tagid = optional_param('tagid', 0, PARAM_INT);
$postid = optional_param('postid',0,PARAM_INT);
$filtertype = optional_param('filtertype', '', PARAM_ALPHA);
$filterselect = optional_param('filterselect', 0, PARAM_INT);
+
$edit = optional_param('edit', -1, PARAM_BOOL);
+$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs and course tracking
+
if (empty($CFG->bloglevel)) {
error('Blogging is disabled!');
}
-
-// Blogs are only global for now.
-// 'post' table will have to be changed to use contextid instead of courseid,
-// modileid, etc. because they are obsolete now.
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$SESSION->blog_editing_enabled = $edit;
}
-/// overwrite filter code here
-
-if ($filtertype) {
- switch ($filtertype) {
-
- case 'site':
- if ($filterselect) {
- $userid = $filterselect;
- } else {
- $userid = 0;
- }
- $course = get_site();
- $courseid = SITEID;
- break;
-
- case 'course':
- if ($filterselect) {
- $courseid = $filterselect;
- $course = get_record('course','id',$courseid);
- }
- $userid =0;
- $groupid = 0;
- break;
-
- case 'group':
- if ($filterselect) {
- $groupid = $filterselect;
- $group = get_record('groups','id',$groupid);
- $course = get_record('course','id',$group->courseid);
- $courseid = $course->id;
- } else {
- $groupid = 0;
- }
- $userid = 0;
- break;
-
- case 'user':
- if ($filterselect) {
- $userid = $filterselect;
- }
- $groupid = 0;
- break;
- default:
- break;
+if (empty($filtertype)) {
+ if ($userid) { // default to user if specified
+ $filtertype = 'user';
+ $filterselect = $userid;
+ } else if (has_capability('moodle/blog:view', $sitecontext) and $CFG->bloglevel > BLOG_USER_LEVEL) {
+ $filtertype = 'site';
+ $filterselect = '';
+ } else {
+ // user might have capability to write blogs, but not read blogs at site level
+ // users might enter this url manually without parameters
+ $filtertype = 'user';
+ $filterselect = $USER->id;
}
-
-} else if ($userid) { // default to user
- $filtertype = 'user';
- $filterselect = $userid;
-} else {
- $filtertype = 'site';
- $filterselect = '';
}
-
-
-
-/// Rights checking.
+/// check access and prepare filters
switch ($filtertype) {
+
case 'site':
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
error('Site blogs is not enabled');
- } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
+ }
+ if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
require_login();
}
+ if (!has_capability('moodle/blog:view', $sitecontext)) {
+ error('You do not have the required permissions to view all site blogs');
+ }
break;
+
case 'course':
- $context = get_context_instance(CONTEXT_COURSE, $courseid);
if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
error('Course blogs is not enabled');
}
+ if (!$course = get_record('course', 'id', $filterselect)) {
+ error('Incorrect course id specified');
+ }
+ $courseid = $course->id;
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
+ require_login($course->id);
+ if (!has_capability('moodle/blog:view', $sitecontext)) {
+ error('You do not have the required permissions to view blogs in this course');
+ }
break;
+
case 'group':
- $context = get_context_instance(CONTEXT_GROUP, $groupid);
if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
- error ('Group blogs is not enabled');
+ error('Group blogs is not enabled');
+ }
+ if (!$group = get_record('groups','id',$groupid)) {
+ error('Incorrect group id specified');
+ }
+ if (!$course = get_record('course', 'id', $group->courseid)) {
+ error('Incorrect course id specified');
}
- if (groupmode($course) == SEPARATEGROUPS &&
- !has_capability('moodle/site:accessallgroups', $context)) {
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
+ $courseid = $course->id;
+ require_login($course->id);
+ if (!has_capability('moodle/blog:view', $coursecontext)) {
+ error('You do not have the required permissions to view blogs in this course/group');
+ }
+ if (groupmode($course) == SEPARATEGROUPS
+ and !has_capability('moodle/site:accessallgroups', $coursecontext)) {
if (!ismember($filterselect)) {
- error ('You are not a member of this group');
+ error ('You are not a member of this course group');
}
}
- /// check if user is editting teacher, or if spg, is member
+
break;
+
case 'user':
- $context = get_context_instance(CONTEXT_USER, $userid);
if ($CFG->bloglevel < BLOG_USER_LEVEL) {
- error ('Blogs is not enabled');
+ error('Blogs is not enabled');
}
- if ($CFG->bloglevel == BLOG_USER_LEVEL && $USER->id != $filterselect) {
- error ('Under this setting, you can only view your own blogs');
+ if (!$user = get_record('user', 'id', $filterselect)) {
+ error('Incorrect user id');
}
-
- /// check to see if the viewer is sharing no_group, visible group course.
- /// if not , check if the viewer is in any spg group as the user
- blog_user_can_view_user_post($filterselect);
+ if ($USER->id == $filterselect) {
+ if (!has_capability('moodle/blog:create', $sitecontext)
+ and !has_capability('moodle/blog:view', $sitecontext)) {
+ error('You do not have your own a blog, sorry.');
+ }
+ } else {
+ $personalcontext = get_context_instance(CONTEXT_USER, $filterselect);
+ if (!has_capability('moodle/blog:view', $sitecontext)
+ and !has_capability('moodle/user:readuserblogs', $personalcontext)) {
+ error('You do not have the required permissions to read user blogs');
+ }
+ if (!blog_user_can_view_user_post($filterselect)) {
+ error('You can not view blog of this user, sorry.');
+ }
+ }
+ $userid = $filterselect;
break;
+
default:
+ error('Incorrect blog filter type specified');
break;
}
-if (!has_capability('moodle/blog:view', $context)) {
- error('You do not have the required permissions to to view blogs');
-}
-
-
-// first set the start and end day equal to the day argument passed in from the get vars
-if ($limit == 'none') {
- $limit = get_user_preferences('blogpagesize', 10);
+if (empty($courseid)) {
+ $courseid = SITEID;
}
include($CFG->dirroot .'/blog/header.php');
-// prints the tabs
-$currenttab = 'blogs';
-$user = $USER;
-if (!$course) {
- $course = get_record('course', 'id', optional_param('courseid', SITEID, PARAM_INT));
-}
-
-$blogpage = optional_param('blogpage', 0, PARAM_INT);
-
-blog_print_html_formatted_entries($userid, $postid, $limit, ($blogpage * $limit) ,$filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect);
+blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag);
add_to_log($courseid, 'blog', 'view', 'index.php?filtertype='.$filtertype.'&filterselect='.$filterselect.'&postid='.$postid.'&tagid='.$tagid.'&tag='.$tag, 'view blog entry');
*/
require_once($CFG->libdir .'/blocklib.php');
require_once($CFG->libdir .'/pagelib.php');
- require_once('rsslib.php');
+ require_once($CFG->dirroot .'/blog/rsslib.php');
require_once($CFG->dirroot .'/blog/blogpage.php');
//not used at the moment, and may not need to be
define('PAGE_BLOG_COURSE_VIEW', 'blog_course-view');
- $BLOG_YES_NO_MODES = array ( '0' => get_string('no'),
- '1' => get_string('yes') );
- // Set default setting for $CFG->blog_* vars used by blog's blocks.
- // If they are not already. Otherwise errors are thrown when an attempt
- // is made to use an empty var.
- if (empty($SESSION->blog_editing_enabled)) {
- $SESSION->blog_editing_enabled = false;
- }
-
-
- /**
+ /**
* Checks to see if user has visited blogpages before, if not, install 2
* default blocks (blog_menu and blog_tags).
*/
// add those 2 into block_instance page
// add blog_menu block
- $newblock = new object;
- $newblock -> blockid = $menublock->id;
- $newblock -> pageid = $USER->id;
+ $newblock = new object();
+ $newblock -> blockid = $menublock->id;
+ $newblock -> pageid = $USER->id;
$newblock -> pagetype = 'blog-view';
$newblock -> position = 'r';
- $newblock -> weight = 0;
- $newblock -> visible = 1;
+ $newblock -> weight = 0;
+ $newblock -> visible = 1;
insert_record('block_instance', $newblock);
// add blog_tags menu
$newblock -> blockid = $tagsblock->id;
- $newblock -> weight = 1;
+ $newblock -> weight = 1;
insert_record('block_instance', $newblock);
// finally we set the page size pref
- set_user_preference('blogpagesize',8);
+ set_user_preference('blogpagesize', 10);
}
}
}
*/
function blog_isediting() {
global $SESSION;
- if (! isset($SESSION->blog_editing_enabled)) {
- $SESSION->blog_editing_enabled = false;
- }
- return ($SESSION->blog_editing_enabled);
+
+ return !empty($SESSION->blog_editing_enabled);
}
*
* $@param ...
*/
- function blog_print_html_formatted_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect) {
+ function blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag) {
global $CFG, $USER;
- $blogpage = optional_param('blogpage', 0, PARAM_INT);
- $bloglimit = get_user_preferences('blogpagesize',10);
+ $blogpage = optional_param('blogpage', 0, PARAM_INT);
+ $bloglimit = optional_param('limit', get_user_preferences('blogpagesize', 10), PARAM_INT);
+ $start = $blogpage * $bloglimit;
- // First let's see if the batchpublish form has submitted data
- $post = data_submitted();
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$morelink = '<br /> ';
- $blogEntries = fetch_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', $limit=true);
-
- print_paging_bar(get_viewable_entry_count($userid, $postid, $limit, $start,$filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC'), $blogpage, $bloglimit, get_baseurl($filtertype, $filterselect), 'blogpage');
+ $blogEntries = fetch_entries($postid, $bloglimit, $start, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', true);
+
+ print_paging_bar(count($blogEntries), $blogpage, $bloglimit, get_baseurl($filtertype, $filterselect), 'blogpage');
if ($CFG->enablerssfeeds) {
blog_rss_print_link($filtertype, $filterselect, $tag);
}
- if (isloggedin() && !isguest()) {
+ if (has_capability('moodle/blog:create', $sitecontext)) {
//the user's blog is enabled and they are viewing their own blog
$addlink = '<div align="center">';
- $addlink .= '<a href="'.$CFG->wwwroot .'/blog/edit.php'.'">'. get_string('addnewentry', 'blog').'</a>';
- $addlink .='</div>';
+ $addlink .= '<a href="'.$CFG->wwwroot .'/blog/edit.php?action=add'.'">'. get_string('addnewentry', 'blog').'</a>';
+ $addlink .= '</div>';
echo $addlink;
}
*/
function blog_print_entry($blogEntry, $viewtype='full', $filtertype='', $filterselect='', $mode='loud') {
- global $USER, $CFG, $course, $ME;
+ global $USER, $CFG, $COURSE, $ME;
- $template['body'] = get_formatted_entry_body(stripslashes_safe($blogEntry->summary), $blogEntry->format);
+ $template['body'] = format_text(stripslashes_safe($blogEntry->summary), $blogEntry->format);
$template['title'] = '<a name="'. $blogEntry->subject .'"></a>';
//enclose the title in nolink tags so that moodle formatting doesn't autolink the text
$template['title'] .= '<span class="nolink">'. stripslashes_safe($blogEntry->subject);
echo '<td class="topic starter"><div class="subject">'.$template['title'].'</div><div class="author">';
$fullname = fullname($user, $template['userid']);
+ $by = new object();
$by->name = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.
- $user->id.'&course='.$course->id.'">'.$fullname.'</a>';
+ $user->id.'&course='.$COURSE->id.'">'.$fullname.'</a>';
$by->date = $template['lastmod'];
print_string('bynameondate', 'forum', $by);
echo '</div></td></tr>';
$blogtype = '';
break;
- }
+ }
- echo '<div class="audience">'.$blogtype.'</div>';
+ echo '<div class="audience">'.$blogtype.'</div>';
// Print whole message
echo format_text($template['body']);
echo '<div class="commands">';
- if (!empty($USER->id)) {
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
- $canmanage = has_capability('moodle/blog:manageentries', $context);
-
- if (($template['userid'] == $USER->id) or $canmanage) {
- echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?editid='.$blogEntry->id.'&sesskey='.sesskey().'">'.$stredit.'</a>';
- }
-
- if (($template['userid'] == $USER->id) or $canmanage) {
- echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?act=del&editid='.$blogEntry->id.'&sesskey='.sesskey().'">'.$strdelete.'</a>';
- }
+ if (blog_user_can_edit_post($blogEntry)) {
+ echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?action=edit&id='.$blogEntry->id.'">'.$stredit.'</a>';
+ echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?action=delete&id='.$blogEntry->id.'">'.$strdelete.'</a>';
}
echo '</div>';
* User can edit a blog entry if this is their own blog post and they have
* the capability moodle/blog:create, or if they have the capability
* moodle/blog:manageentries.
+ *
+ * This also applies to deleting of posts.
*/
- function blog_user_can_edit_post($blogEntry, $context) {
-
+ function blog_user_can_edit_post($blogEntry) {
+
global $CFG, $USER;
-
- return ((has_capability('moodle/blog:create', $context) &&
- $blogEntry->userid == $USER->id) ||
- has_capability('moodle/blog:manageentries', $context));
+
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
+ if (has_capability('moodle/blog:manageentries', $sitecontext)) {
+ return true; // can edit any blog post
+ }
+
+ if ($blogEntry->userid == $USER->id
+ and has_capability('moodle/blog:create', $sitecontext)) {
+ return true; // can edit own when having blog:create capability
+ }
+
+ return false;
}
/**
* Checks to see if a user can view the blogs of another user.
- * He can do so, if he has the moodle/blog:view capability. In the
- * case of spg group course, the user also needs to be in the same group.
+ * Only blog level is checked here, the capabilities are enforced
+ * in blog/index.php
*/
function blog_user_can_view_user_post($targetuserid, $blogEntry=null) {
-
global $CFG, $USER;
- $canview = 0; //bad start
-
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
-
- if (!has_capability('moodle/blog:view', $context)) {
- return false;
- }
-
- if ($USER->id && ($USER->id == $targetuserid)) {
- return true;
+
+ if (empty($CFG->bloglevel)) {
+ return false; // blog system disabled
}
- if ($blogEntry and $blogEntry->publishstate == 'draft') { // can not view draft
- return false;
+ if (!empty($USER->id) and $USER->id == $targetuserid) {
+ return true; // can view own posts in any case
}
-
- $usercourses = get_my_courses($targetuserid);
- foreach ($usercourses as $usercourse) {
- // If the viewer and user are sharing same non-spg course, then
- // grant permission.
- if (groupmode($usercourse) != SEPARATEGROUPS) {
- $canview = 1;
- return $canview;
- } else {
- // Now we need every group the user is in, and check to see
- // if view is a member.
- if ($usergroups = user_group($usercourse->id, $targetuserid)) {
- foreach ($usergroups as $usergroup) {
- if (ismember($usergroup->id)) {
- $canview = 1;
- return $canview;
- }
- }
- }
- }
+
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ if (has_capability('moodle/blog:manageentries', $sitecontext)) {
+ return true; // can manage all posts
}
- if (!$canview && $CFG->bloglevel < BLOG_SITE_LEVEL) {
- error ('You can not view this user\'s blogs');
+ if ($blogEntry and $blogEntry->publishstate == 'draft') {
+ return false; // can not view draft of others
}
- return $canview;
- }
+ switch ($CFG->bloglevel) {
+ case BLOG_GLOBAL_LEVEL:
+ return true;
+ break;
+ case BLOG_SITE_LEVEL:
+ if (!empty($USER->id)) { // not logged in viewers forbidden
+ return true;
+ }
+ return false;
+ break;
+
+ case BLOG_COURSE_LEVEL:
+ $mycourses = array_keys(get_my_courses($targetuserid));
+ $usercourses = array_keys(get_my_courses($targetuserid));
+ $shared = array_intersect($mycourses, $usercourses);
+ if (!empty($shared)) {
+ return true;
+ }
+ return false;
+ break;
+
+ case BLOG_GROUP_LEVEL:
+ $mycourses = array_keys(get_my_courses($targetuserid));
+ $usercourses = array_keys(get_my_courses($targetuserid));
+ $shared = array_intersect($mycourses, $usercourses);
+ foreach ($shared as $courseid) {
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid);
+ if (has_capability('moodle/site:accessallgroups', $coursecontext)
+ or groupmode($courseid) != SEPARATEGROUPS) {
+ return true;
+ } else {
+ if ($usergroups = user_group($courseid, $targetuserid)) {
+ foreach ($usergroups as $usergroup) {
+ if (ismember($usergroup->id)) {
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ break;
+
+ case BLOG_USER_LEVEL:
+ default:
+ $personalcontext = get_context_instance(CONTEXT_USER, $targetuserid);
+ return has_capability('moodle/user:readuserblogs', $personalcontext);
+ break;
- /**
- * Moved from BlogEntry class.
- */
- function get_formatted_entry_body($body, $format) {
- global $CFG;
- include_once($CFG->libdir .'/weblib.php');
- if ($format) {
- return format_text($body, $format);
}
- return stripslashes_safe($body);
}
/**
* Main filter function.
*/
- function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) {
+ function fetch_entries($postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) {
global $CFG, $USER;
- if (!isset($USER->id)) {
- $USER->id = 0; //hack, for guests
- }
-
/// set the tag id for searching
if ($tagid) {
$tag = $tagid;
} else {
return null;
}
-
+
} else { // bad postid
return null;
}
case 'site':
if (isloggedin()) {
-
+
$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
.$CFG->prefix.'user u
WHERE p.userid = u.id '.$tagquerysql.'
case 'course':
if ($filterselect != SITEID) {
-
+
// all users with a role assigned
$context = get_context_instance(CONTEXT_COURSE, $filterselect);
-
+
$SQL = '(SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
.$CFG->prefix.'role_assignments ra, '.$CFG->prefix.'user u
WHERE p.userid = ra.userid '.$tagquerysql.'
break;
case 'user':
-
+
if (isloggedin()) {
-
+
$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
.$CFG->prefix.'user u
WHERE p.userid = u.id '.$tagquerysql.'
AND u.id = '.$filterselect.'
AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
} else {
-
+
$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
.$CFG->prefix.'user u
WHERE p.userid = u.id '.$tagquerysql.'
AND u.id = '.$filterselect.'
- AND p.publishstate = \'public\'';
-
+ AND p.publishstate = \'public\'';
+
}
break;
* this is not ideal, but because of the UNION in the sql in fetch_entries,
* it is hard to use count_records_sql
*/
- function get_viewable_entry_count($userid, $postid='', $fetchlimit=10,
+ function get_viewable_entry_count($postid='', $fetchlimit=10,
$fetchstart='', $filtertype='', $filterselect='', $tagid='',
$tag ='', $sort='lastmodified DESC') {
- $blogEntries = fetch_entries($userid, $postid, $fetchlimit,
+ $blogEntries = fetch_entries($postid, $fetchlimit,
$fetchstart, $filtertype, $filterselect, $tagid, $tag,
$sort='lastmodified DESC', false);
-
+
return count($blogEntries);
}
<form method="post" action="preferences.php" name="entry" id="entry">
-<input type="hidden" name="referrer" value="<?php echo $referrer; ?>" />
<table cellpadding="9" cellspacing="0">
<tr>
<td><?php print_string('pagesize', 'blog');?>:</td>
</tr>
<tr>
<td colspan="2" align="center">
+ <input type="hidden" name="courseid" value="<?php echo $courseid; ?>" />
<input type="submit" value="<?php print_string("savechanges"); ?>" />
<input type="button" value="<?php print_string('cancel'); ?>" onclick="javascript:history.go(-1)" /></td>
</tr>
require_once('../config.php');
require_once($CFG->dirroot.'/blog/lib.php');
- require_login();
+ $courseid = optional_param('courseid', SITEID, PARAM_INT);
+
+ if ($courseid == SITEID) {
+ require_login();
+ $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ } else {
+ require_login($courseid);
+ $context = get_context_instance(CONTEXT_COURSE, $courseid);
+ }
if (empty($CFG->bloglevel)) {
error('Blogging is disabled!');
}
- $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
-
- // Ensure that the logged in user has the capability to view blog entries for now,
- // because there is only $pagesize which affects the viewing ;-)
- require_capability('moodle/blog:view', $sitecontext);
+ require_capability('moodle/blog:view', $context);
/// If data submitted, then process and store.
if (data_submitted()) {
+ $pagesize = required_param('pagesize', PARAM_INT);
- $pagesize = optional_param('pagesize', 10, PARAM_INT);
- if ($pagesize < 1 ) {
- error ('invalid page size');
+ if ($pagesize < 1) {
+ error('invalid page size');
}
set_user_preference('blogpagesize', $pagesize);
- // the best guess is IMHO to redirect to blog page, so that user reviews the changed preferences - skodak
- redirect($CFG->wwwroot.'/blog/index.php');
+
+ // now try to guess where to go from here ;-)
+ if ($courseid == SITEID) {
+ redirect($CFG->wwwroot.'/blog/index.php');
+ } else {
+ redirect($CFG->wwwroot.'/blog/index.php?filtertype=course&filterselect='.$courseid);
+ }
}
$site = get_site();
- $pageMeta = '' . "\n";
$strpreferences = get_string('preferences');
- $strblogs = get_string('blogs', 'blog');
+ $strblogs = get_string('blogs', 'blog');
$navigation = "<a href='".$CFG->wwwroot."/blog/'>$strblogs</a> -> $strpreferences";
- print_header("$site->shortname: $strblogs : $strpreferences", $strblogs, $navigation, '', $pageMeta, true, '', '');
-
+ print_header("$site->shortname: $strblogs : $strpreferences", $strblogs, $navigation);
print_heading($strpreferences);
print_simple_box_start('center', '', '');
-
- include('./preferences.html');
+ require('./preferences.html');
print_simple_box_end();
print_footer();
<?php
+$otags = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'official\' ORDER by text ASC');
+$ptags1 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid = '.$USER->id.' ORDER by text ASC');
+$ptags2 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid <> '.$USER->id.' ORDER by text ASC');
+
print_heading(get_string('tagmanagement'));
?>
<td width="50%"><?php print_string('otags','blog');?></td>
<td width="50%"><?php print_string('ptags','blog');?></td>
</tr>
-
+
<tr>
<td>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
- if (has_capability('moodle/blog:manageofficialtags', $context)) {
+ if (has_capability('moodle/blog:manageofficialtags', $sitecontext)) {
?>
<select name="tags[]" multiple="multiple" size="8">
<?php
- $otags = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'official\' ORDER by text ASC');
foreach ($otags as $otag) {
echo '<option value="'.$otag->id.'">'.$otag->text.'</option>';
}
?>
</select>
- <input type="hidden" name="mode" value="delete" />
+ <input type="hidden" name="action" value="delete" />
<br />
<input type="submit" value="<?php print_string('delete');?>" />
<?php }
else {
- if ($otags = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'official\' ORDER by text ASC')) {
+ if ($otags) {
foreach ($otags as $otag) {
echo '<br />'.$otag->text;
}
?>
</form>
</td>
-
+
<td>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<select name="tags[]" multiple="multiple" size="8">
<?php
- $ptags1 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid = '.$USER->id.' ORDER by text ASC');
- $ptags2 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid <> '.$USER->id.' ORDER by text ASC');
-
+
$ptags = array();
-
+
if (!empty($ptags1)) { // user's own tag exists
if (!empty($ptags2)) { // user's own tags, and other users tags exist, we merge
$ptags = array_merge($ptags1, $ptags2);
}
} else if (!empty($ptags2)) {
$ptags = $ptags2;
- }
+ }
if (!empty($ptags)) {
foreach ($ptags as $ptag) {
}
?>
</select>
- <input type="hidden" name="mode" value="delete" />
+ <input type="hidden" name="action" value="delete" />
<br />
<input type="submit" value="<?php print_string('delete');?>" />
</form>
</td>
</tr>
-
+
<tr>
<td>
- <?php if (has_capability('moodle/blog:manageofficialtags', $context)) { ?>
+ <?php if (has_capability('moodle/blog:manageofficialtags', $sitecontext)) { ?>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php print_string('addotags','blog');?>:<br/>
<input type="text" name="otag" />
<input type="submit" value="<?php print_string('add');?>" />
- <input type="hidden" name="mode" value="addofficial" />
+ <input type="hidden" name="action" value="addofficial" />
</form>
<?php }?>
</td>
-
+
<td>
<form action="tags.php" method="POST">
<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php print_string('addptags','blog');?><br/>
<input type="text" name="ptag" />
<input type="submit" value="<?php print_string('add');?>" />
- <input type="hidden" name="mode" value="addpersonal" />
+ <input type="hidden" name="action" value="addpersonal" />
</form>
</td>
</tr>
-
+
</table>
<p align="center">
<?php
require_once('../config.php');
-require_login();
+$action = optional_param('action','',PARAM_ALPHA);
-//form process
-$mode = optional_param('mode','',PARAM_ALPHA);
+require_login();
if (empty($CFG->bloglevel)) {
error('Blogging is disabled!');
}
-$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+if (isguest()) {
+ error(get_string('noguestpost', 'blog'));
+}
+
+$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+$error = '';
-switch ($mode) {
+switch ($action) {
case 'addofficial':
- /// Adding official tags.
- if (!has_capability('moodle/blog:manageofficialtags', $context) || !confirm_sesskey()) {
- die('you can not add official tags');
+ // only approved uses can add official tags
+ if (!has_capability('moodle/blog:manageofficialtags', $sitecontext)) {
+ error('Can not add official tags tags');
}
-
- if (($otag = optional_param('otag', '', PARAM_NOTAGS)) && (!get_record('tags','text',$otag))) {
+ if (data_submitted() and confirm_sesskey()) {
+ $otag = trim(required_param('otag', PARAM_NOTAGS));
+
+ if (get_record('tags', 'text', $otag)) {
+ $error = get_string('tagalready');
+ break;
+ }
+ $tag = new object();
$tag->userid = $USER->id;
- $tag->text = $otag;
- $tag->type = 'official';
- $tagid = insert_record('tags', $tag);
-
+ $tag->text = $otag;
+ $tag->type = 'official';
+ if (!$tagid = insert_record('tags', $tag)) {
+ error('Can not create tag!');
+ }
+
/// Write newly added tags back into window opener.
echo '<script language="JavaScript" type="text/javascript">
var o = opener.document.createElement("option");
o.value = '.$tagid.';
opener.document.entry[\'otags[]\'].insertBefore(o, null);
</script>';
- } else {
- /// Tag already exists.
- notify(get_string('tagalready'));
}
break;
-
+
case 'addpersonal':
/// Everyone can add personal tags as long as they can write blog entries.
- if (!confirm_sesskey() ||
- !has_capability('moodle/blog:create', $context) ||
- empty($USER->id)) {
- error ('you can not add tags');
+ if (!has_capability('moodle/blog:manageofficialtags', $sitecontext)
+ and !has_capability('moodle/blog:create', $sitecontext)) {
+ error('Can not add personal tags');
}
-
- if (($ptag = optional_param('ptag', '', PARAM_NOTAGS)) && (!get_record('tags','text',$ptag))) {
+ if (data_submitted() and confirm_sesskey()) {
+ $ptag = trim(required_param('ptag', PARAM_NOTAGS));
+
+ if (get_record('tags', 'text', $ptag)) {
+ $error = get_string('tagalready');
+ break;
+ }
+ $tag = new object();
$tag->userid = $USER->id;
- $tag->text = $ptag;
- $tag->type = 'personal';
- $tagid = insert_record('tags', $tag);
+ $tag->text = $ptag;
+ $tag->type = 'personal';
+ if (!$tagid = insert_record('tags', $tag)) {
+ error('Can not create tag!');
+ }
/// Write newly added tags back into window opener.
echo '<script language="JavaScript" type="text/javascript">
o.value = '.$tagid.';
opener.document.entry[\'ptags[]\'].insertBefore(o, null);
</script>';
- } else {
- /// Tag already exists.
- notify(get_string('tagalready'));
}
-
+
break;
-
+
case 'delete':
/// Delete a tag.
- if (!confirm_sesskey()) {
- error('you can not delete tags');
- }
-
- if ($tags = optional_param('tags', 0, PARAM_INT)) {
-
- foreach ($tags as $tag) {
-
- $blogtag = get_record('tags','id',$tag);
-
- // You can only delete your own tags, or you have to have the
- // moodle/blog:manageofficialtags capability.
- if (!has_capability('moodle/blog:manageofficialtags', $context)
- && $USER->id != $blogtag->userid) {
- notify(get_string('norighttodeletetag','blog', $blogtag->text));
- continue;
+ if (data_submitted() and confirm_sesskey()) {
+ $tagids = optional_param('tags', array(), PARAM_INT);
+
+ if (empty($tagids) or !is_array($tagids)) {
+ // TODO add error message here
+ // $error = 'no data selected';
+ break;
+ }
+
+ foreach ($tagids as $tagid) {
+
+ if (!$tag = get_record('tags', 'id', $tagid)) {
+ continue; // page refreshed?
}
- // You can only delete tags that are referenced if you have
- // the moodle/blog:manageofficialtags capability.
- if (!has_capability('moodle/blog:manageofficialtags', $context)
- && get_records('blog_tag_instance','tagid', $tag)) {
- notify('tag is used by other users, can not delete!');
+ if ($tag->type == 'official' and !has_capability('moodle/blog:manageofficialtags', $sitecontext)) {
+ //can not delete
continue;
}
- delete_records('tags','id',$tag);
- delete_records('blog_tag_instance', 'tagid', $tag);
+ if ($tag->type == 'personal') {
+ if (has_capability('moodle/blog:managepersonaltags', $sitecontext)) {
+ //ok - can delete any personal tag
+ } else if (!has_capability('moodle/blog:create', $sitecontext) or $USER->id != $tag->userid) {
+ // no delete - you must own the tag and be able to create blog entries
+ continue;
+ }
+ }
+
+
+ if (!delete_records('tags', 'id', $tagid)) {
+ error('Can not delete tag');
+ }
+ if (!delete_records('blog_tag_instance', 'tagid', $tagid)) {
+ error('Can not delete blog tag instances');
+ }
/// Remove parent window option via javascript.
echo '<script>
var i=0;
while (i < window.opener.document.entry[\'otags[]\'].length) {
- if (window.opener.document.entry[\'otags[]\'].options[i].value == '.$tag.') {
+ if (window.opener.document.entry[\'otags[]\'].options[i].value == '.$tagid.') {
window.opener.document.entry[\'otags[]\'].removeChild(opener.document.entry[\'otags[]\'].options[i]);
}
i++;
var i=0;
while (i < window.opener.document.entry[\'ptags[]\'].length) {
- if (window.opener.document.entry[\'ptags[]\'].options[i].value == '.$tag.') {
+ if (window.opener.document.entry[\'ptags[]\'].options[i].value == '.$tagid.') {
window.opener.document.entry[\'ptags[]\'].removeChild(opener.document.entry[\'ptags[]\'].options[i]);
}
i++;
</script>';
}
+
}
break;
-
+
default:
/// Just display the tags form.
break;
$string['noguestpost'] = 'Guest can not post blogs!';
$string['norighttodeletetag'] = 'You have no rights to delete this tag - $a';
$string['notallowedtoedit'] = 'You are not allowed to edit this entry';
+$string['emptybody'] = 'Blog entry body can not be empty';
+$string['emptytitle'] = 'Blog entry title can not be empty';
$string['numberofentries'] = 'Entries: $a';
$string['numberoftags'] = 'Number of tags to display';
$string['otags'] = 'Official tags';
$toprow[] = new tabobject('profile', $CFG->wwwroot.'/user/view.php?id='.$user->id.'&course='.$course->id, get_string('profile'));
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
/// Can only edit profile if it belongs to user or current user is admin and not editing primary admin
$mainadmin->id = 0; /// Weird - no primary admin!
}
if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or
- (has_capability('moodle/user:editprofile', get_context_instance(CONTEXT_USER, $user->id)) and ($user->id != $mainadmin->id)) ) {
+ (has_capability('moodle/user:editprofile', $personalcontext) and ($user->id != $mainadmin->id)) ) {
if(empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
}
}
- /// Blog entry, everyone can view
- if ($CFG->bloglevel > 0 && has_capability('moodle/user:readuserblogs')) { // only if blog is enabled. Permission check kicks in when display list
- $toprow[] = new tabobject('blogs', $CFG->wwwroot.'/blog/index.php?userid='.$user->id.'&courseid='.$course->id, get_string('blogs', 'blog'));
+
+ /// Personal blog entries tab
+ if ($CFG->bloglevel > 0
+ and (has_capability('moodle/user:readuserblogs', $personalcontext) // can review students posts
+ or has_capability('moodle/blog:manageentries', $sitecontext) // entry manager can see all posts
+ or ($user->id == $USER->id and has_capability('moodle/blog:create', $sitecontext)) // viewing self
+ or ($CFG->bloglevel > 1 and has_capability('moodle/blog:create', $sitecontext, $user->id) and (has_capability('moodle/blog:view', $sitecontext) or has_capability('moodle/blog:view', $coursecontext)))
+ )) {
+
+ $toprow[] = new tabobject('blogs', $CFG->wwwroot.'/blog/index.php?userid='.$user->id.'&courseid='.$course->id, get_string('blog', 'blog'));
}
-
/// Current user must be teacher of the course or the course allows user to view their reports
projects / moodle.git / commitdiff