From: toyomoyo <toyomoyo>
Date: Thu, 15 Mar 2007 06:13:12 +0000 (+0000)
Subject: merged fix for MDL-8908, draft blogs should not be visible
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=11b03793e74e7714fb294a34103d0fe1afd8f657;p=moodle.git

merged fix for MDL-8908, draft blogs should not be visible
---

diff --git a/blog/index.php b/blog/index.php
index 4ea6ceccb5..1120a0cc9a 100755
--- a/blog/index.php
+++ b/blog/index.php
@@ -75,7 +75,7 @@ switch ($filtertype) {
         $courseid = $course->id;
         $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
         require_login($course->id);
-        if (!has_capability('moodle/blog:view', $sitecontext)) {
+        if (!has_capability('moodle/blog:view', $coursecontext)) {
             error('You do not have the required permissions to view blogs in this course');
         }
     break;
@@ -115,7 +115,7 @@ switch ($filtertype) {
         if ($USER->id == $filterselect) {
             if (!has_capability('moodle/blog:create', $sitecontext)
               and !has_capability('moodle/blog:view', $sitecontext)) {
-                error('You do not have your own a blog, sorry.');
+                error('You do not have your own blog, sorry.');
             }
         } else {
             $personalcontext = get_context_instance(CONTEXT_USER, $filterselect);
diff --git a/blog/lib.php b/blog/lib.php
index 80a8b1cc64..a986cb06c1 100755
--- a/blog/lib.php
+++ b/blog/lib.php
@@ -391,10 +391,16 @@
         if (has_capability('moodle/blog:manageentries', $sitecontext)) {
             return true; // can manage all posts
         }
-
+        
+        // coming for 1 post, make sure it's not a draft
         if ($blogEntry and $blogEntry->publishstate == 'draft') {
             return false;  // can not view draft of others
         }
+        
+        // coming for 1 post, make sure user is logged in, if not a public blog
+        if ($blogEntry && $blogEntry->publishstate != 'public' && !isloggedin()) {
+            return false;  
+        }
 
         switch ($CFG->bloglevel) {
             case BLOG_GLOBAL_LEVEL:
@@ -478,7 +484,7 @@
 
             if ($post = get_record('post', 'id', $postid)) {
 
-                if (blog_user_can_view_user_post($post->userid)) {
+                if (blog_user_can_view_user_post($post->userid, $post)) {
 
                     if ($user = get_record('user', 'id', $post->userid)) {
                         $post->email = $user->email;