From: skodak Date: Fri, 6 Oct 2006 10:11:52 +0000 (+0000) Subject: Code cleanup in blog. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e96f2a77db6a4d7e40742f09e70237e8f5a4cd38;p=moodle.git Code cleanup in blog. MDL-6805 Fixed redirects in blog; MDL-6807 partially fixed use of capabilitites - it needs more testing and possibly minor fixing, the commit contains other blog bugfixes too. In general it should work exactly the same. The introduction of roles makes proper setup more difficult :-( Expect some more fixes soon, no other bigger changes... --- diff --git a/blocks/blog_menu/block_blog_menu.php b/blocks/blog_menu/block_blog_menu.php index 86714ecb03..340d2b0822 100755 --- a/blocks/blog_menu/block_blog_menu.php +++ b/blocks/blog_menu/block_blog_menu.php @@ -3,13 +3,13 @@ require_once($CFG->dirroot .'/blog/lib.php'); class block_blog_menu extends block_base { - + function init() { $this->title = get_string('blockmenutitle', 'blog'); $this->content_type = BLOCK_TYPE_TEXT; $this->version = 2004112000; } - + function get_content() { global $CFG, $course; @@ -55,33 +55,33 @@ class block_blog_menu extends block_base { $courseviewlink = ''; $addentrylink = ''; $coursearg = ''; - + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); - + if (isset($course) && isset($course->id) && $course->id != 0 && $course->id != SITEID) { - + $incoursecontext = true; $curcontext = get_context_instance(CONTEXT_COURSE, $course->id); } else { $incoursecontext = false; $curcontext = $sitecontext; } - + $canviewblogs = has_capability('moodle/blog:view', $curcontext); - + /// Accessibility: markup as a list. - + if ( (isloggedin() && !isguest()) && $incoursecontext && $CFG->bloglevel >= BLOG_COURSE_LEVEL && $canviewblogs) { - + $coursearg = '&courseid='.$course->id; // a course is specified - + $courseviewlink = '
  • '; $courseviewlink .= get_string('viewcourseentries', 'blog') ."
    • \n"; } - + $blogmodon = false; if ( (isloggedin() && !isguest()) @@ -90,15 +90,14 @@ class block_blog_menu extends block_base { // show Add entry link - moderation is off, or moderation is on and the user is viewing the block within the context of a course if (has_capability('moodle/blog:create', $curcontext)) { - $addentrylink = '
  • '. - get_string('addnewentry', 'blog') ."
    • \n"; + $addentrylink = '
  • '.get_string('addnewentry', 'blog') ."
    • \n"; } // show View my entries link $addentrylink .= '
  • '.get_string('viewmyentries', 'blog'). "
    • \n"; - + // show link to manage blog prefs $addentrylink .= '
  • '. @@ -113,14 +112,14 @@ class block_blog_menu extends block_base { $output .= '
  • '; $output .= get_string('viewsiteentries', 'blog')."
    • \n"; } - + if (isloggedin() && !isguest() && (has_capability('moodle/blog:manageofficialtags', $sitecontext) || has_capability('moodle/blog:managepersonaltags', $curcontext))) { $output .= '
  • '. link_to_popup_window("/blog/tags.php",'popup',get_string('tagmanagement'), 400, 500, 'Popup window', 'none', true) ."
    • \n"; } - + // show Help with blogging link //$output .= '
  • '; //$output .= get_string('helpblogging', 'blog') ."
    • \n"; diff --git a/blocks/blog_tags/block_blog_tags.php b/blocks/blog_tags/block_blog_tags.php index dd894bb77e..fae460d8b1 100644 --- a/blocks/blog_tags/block_blog_tags.php +++ b/blocks/blog_tags/block_blog_tags.php @@ -41,7 +41,7 @@ class block_blog_tags extends block_base { function get_content() { - global $CFG, $SITE, $COURSE; + global $CFG, $SITE, $COURSE, $USER; if (empty($CFG->bloglevel)) { $this->content->text = ''; @@ -75,7 +75,7 @@ class block_blog_tags extends block_base { /// Get a list of tags $timewithin = $this->config->timewithin * 24 * 60 * 60; /// convert to seconds - + $sql = 'SELECT t.id, t.type, t.text, COUNT(DISTINCT bt.id) as ct '; $sql .= "FROM {$CFG->prefix}tags as t, {$CFG->prefix}blog_tag_instance as bt, {$CFG->prefix}post as p "; $sql .= 'WHERE t.id = bt.tagid '; @@ -92,16 +92,16 @@ class block_blog_tags extends block_base { /// 1. tags with the same count should have the same size class /// 2. however many tags we have should be spread evenly over the /// 20 size classes - + $totaltags = count($tags); $currenttag = 0; $size = 20; $lasttagct = -1; - + $etags = array(); foreach ($tags as $tag) { - + $currenttag++; if ($currenttag == 1) { @@ -111,7 +111,7 @@ class block_blog_tags extends block_base { $lasttagct = $tag->ct; $size = 20 - ( (int)((($currenttag - 1) / $totaltags) * 20) ); } - + $tag->class = "$tag->type s$size"; $etags[] = $tag; @@ -120,7 +120,7 @@ class block_blog_tags extends block_base { /// Now we sort the tag display order $CFG->tagsort = $this->config->sort; usort($etags, "blog_tags_sort"); - + /// Finally we create the output foreach ($etags as $tag) { switch ($CFG->bloglevel) { @@ -129,14 +129,14 @@ class block_blog_tags extends block_base { $filterselect = $USER->id; break; - case BLOG_GROUP_LEVEL: + case BLOG_GROUP_LEVEL: $filtertype = 'group'; $filterselect = get_current_group($this->instance->pageid); break; case BLOG_COURSE_LEVEL: $filtertype = 'course'; - if (isset($COURSE->id)) { + if (isset($COURSE->id)) { $filterselect = $COURSE->id; } else { $filterselect = $this->instance->pageid; @@ -144,7 +144,7 @@ class block_blog_tags extends block_base { break; default: - if (isset($COURSE->id) && $COURSE->id != SITEID) { + if (isset($COURSE->id) && $COURSE->id != SITEID) { $filtertype = 'course'; $filterselect = $COURSE->id; } else { diff --git a/blog/blogpage.php b/blog/blogpage.php index f6db6db603..6d47048b46 100644 --- a/blog/blogpage.php +++ b/blog/blogpage.php @@ -11,14 +11,16 @@ class page_blog extends page_base { var $editing = false; var $courserecord = NULL; var $courseid = NULL; - + var $filtertype = NULL; + var $filterselect = NULL; + // Mandatory; should return our identifier. function get_type() { global $CFG; require_once($CFG->dirroot .'/blog/lib.php'); return PAGE_BLOG_VIEW; } - + // we have no format type, use 'blog' //I think it's a bug, but if this is left the default NULL value then pages can //fail to load completely @@ -37,7 +39,7 @@ class page_blog extends page_base { $this->id = 0; //set blog id to 0 } } - + // Here you should load up all heavy-duty data for your page. Basically everything that // does not NEED to be loaded for the class to make basic decisions should NOT be loaded // in init_quick() and instead deferred here. Of course this function had better recognize @@ -58,7 +60,7 @@ class page_blog extends page_base { } } $this->full_init_done = true; - } + } // For this test page, only admins are going to be allowed editing (for simplicity). function user_allowed_editing() { @@ -71,13 +73,10 @@ class page_blog extends page_base { // Also, admins are considered to have "always on" editing (I wanted to avoid duplicating // the code that turns editing on/off here; you can roll your own or copy course/view.php). function user_is_editing() { - if (isloggedin() && !isguest()) { + global $SESSION; - global $SESSION; - if (empty($SESSION->blog_editing_enabled)) { - $SESSION->blog_editing_enabled = false; - } - $this->editing = $SESSION->blog_editing_enabled; + if (isloggedin() && !isguest()) { + $this->editing = !empty($SESSION->blog_editing_enabled); return $this->editing; } return false; @@ -86,6 +85,7 @@ class page_blog extends page_base { //over-ride parent method's print_header because blog already passes more than just the title along function print_header($pageTitle='', $pageHeading='', $pageNavigation='', $pageFocus='', $pageMeta='') { global $USER; + $this->init_full(); $extraheader = ''; if (!empty($USER) && !empty($USER->id)) { @@ -93,10 +93,11 @@ class page_blog extends page_base { } print_header($pageTitle, $pageHeading, $pageNavigation, $pageFocus, $pageMeta, true, $extraheader ); } - + // This should point to the script that displays us function url_get_path() { global $CFG; + return $CFG->wwwroot .'/blog/index.php'; } @@ -107,13 +108,15 @@ class page_blog extends page_base { return $array; } - //I should likely just bring blog filter in here and return - //the output of a filter method like get_params - //instead let's simply return the userid and courseid - $array['userid'] = $this->id; if (!empty($this->courseid)) { $array['courseid'] = $this->courseid; } + if (!empty($this->filtertype)) { + $array['filtertype'] = $this->filtertype; + } + if (!empty($this->filterselect)) { + $array['filterselect'] = $this->filterselect; + } return $array; } @@ -123,7 +126,7 @@ class page_blog extends page_base { function blocks_get_positions() { return array(BLOCK_POS_LEFT, BLOCK_POS_RIGHT); } - + // When a new block is created in this page, which position should it go to? function blocks_default_position() { return BLOCK_POS_RIGHT; @@ -134,9 +137,9 @@ class page_blog extends page_base { // colons (:) to delimit between block positions in the page. See blocks_get_positions() for additional info. function blocks_get_default() { global $CFG; - + $this->init_full(); - + // It's a normal blog page if (!empty($CFG->{'defaultblocks_'. $this->get_type()})) { $blocknames = $CFG->{'defaultblocks_'. $this->get_type()}; @@ -144,9 +147,9 @@ class page_blog extends page_base { /// Failsafe - in case nothing was defined. $blocknames = 'admin,calendar_month,online_users,blog_menu'; } - + return $blocknames; - } + } // And finally, a little block move logic. Given a block's previous position and where // we want to move it to, return its new position. Pretty self-documenting. @@ -163,21 +166,25 @@ class page_blog extends page_base { function get_extra_header_string() { global $SESSION, $CFG, $USER; - $editformstring = ''; - if (isloggedin() && !isguest()) { - if (!empty($SESSION->blog_editing_enabled) && ($SESSION->blog_editing_enabled)) { + $editformstring = ''; + if ($this->user_allowed_editing()) { + if (!empty($SESSION->blog_editing_enabled)) { $editingString = get_string('turneditingoff'); } else { $editingString = get_string('turneditingon'); } - $url = $this->url_get_full(); - $editval = empty($SESSION->blog_editing_enabled) ? 1 : 0; - $editformstring = '
    '. - ''. - '
    '; + + $params = $this->url_get_parameters(); + $params['edit'] = empty($SESSION->blog_editing_enabled) ? 1 : 0; + $paramstring = ''; + foreach ($params as $key=>$val) { + $paramstring .= ''; + } + $editformstring = '
    ' + .$paramstring.'
    '; } - return $editformstring; - } + return $editformstring; + } } ?> diff --git a/blog/edit.html b/blog/edit.html index 6bc848742d..93d1dda047 100755 --- a/blog/edit.html +++ b/blog/edit.html @@ -1,38 +1,39 @@ groupid)) { - $post->groupid = 0; - } - // find all the tags this post uses $usedtags = array(); - if (isset($post->postid)) { - if ($tagsused = get_records('blog_tag_instance', 'entryid', $post->postid)) { + if (!empty($post->id)) { + if ($tagsused = get_records('blog_tag_instance', 'entryid', $post->id)) { foreach ($tagsused as $usedtag) { $usedtags[] = $usedtag -> tagid; } } } -?> - - -
    enctype="multipart/form-data"> - - + if ($usehtmleditor) { + // clean and convert to html before editting + $options = new object(); + $options->smiley = false; + $options->filter = false; + $options->nocache = true; + $post->summary = format_text($post->summary, $post->format, $options); + } +?> + - +
    - @@ -104,12 +105,8 @@ @@ -136,7 +133,7 @@ print_string('formathtml'); echo ''; } else { - choose_from_menu(format_text_menu(), "format", $post->format, ""); + choose_from_menu(format_text_menu(), 'format', $post->format, ''); } ?> @@ -144,24 +141,25 @@ helpbutton('textformat', get_string('helpformatting')); ?> + diff --git a/blog/edit.php b/blog/edit.php index 075a6a0cb6..16bd106803 100755 --- a/blog/edit.php +++ b/blog/edit.php @@ -2,262 +2,207 @@ require_once('../config.php'); include_once('lib.php'); -require_login(); -$courseid = optional_param('courseid', SITEID, PARAM_INT); -$act = optional_param('act','',PARAM_ALPHA); +$action = required_param('action', PARAM_ALPHA); +$id = optional_param('id', 0, PARAM_INT); +$confirm = optional_param('confirm', 0, PARAM_BOOL); +$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tab - does nothing here + +require_login(); if (empty($CFG->bloglevel)) { error('Blogging is disabled!'); } -// detemine where the user is coming from in case we need to send them back there -if (!$referrer = optional_param('referrer','', PARAM_URL)) { - if (isset($_SERVER['HTTP_REFERER'])) { - $referrer = $_SERVER['HTTP_REFERER']; - } else { - $referrer = $CFG->wwwroot; - } +if (isguest()) { + error(get_string('noguestpost', 'blog')); } - -$context = get_context_instance(CONTEXT_SYSTEM, SITEID); -if (!has_capability('moodle/blog:view', $context)) { - error(get_string('nopost', 'blog'), $referrer); +$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); +if (!has_capability('moodle/blog:create', $sitecontext) and !has_capability('moodle/blog:manageentries', $sitecontext)) { + error('You can not post or edit blogs.'); } - // Make sure that the person trying to edit have access right -if ($editid = optional_param('editid', 0, PARAM_INT)) { - - $blogEntry = get_record('post', 'id', $editid); - - if (!blog_user_can_edit_post($blogEntry, $context)) { - error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php'); +if ($id) { + if (!$existing = get_record('post', 'id', $id)) { + error('Wrong blog post id'); } -} -// Check to see if there is a requested blog to edit -if (isloggedin() && !isguest()) { - $userid = $USER->id; + if (!blog_user_can_edit_post($existing)) { + error(get_string('notallowedtoedit', 'blog')); + } + $userid = $existing->userid; + $returnurl = $CFG->wwwroot.'/blog/index.php?userid='.$existing->userid; } else { - error(get_string('noblogspecified', 'blog') .'' .get_string('viewentries', 'blog') .''); + if (!has_capability('moodle/blog:create', $sitecontext)) { + error(get_string('nopost', 'blog')); // manageentries is not enough for adding + } + $existing = false; + $userid = $USER->id; + $returnurl = 'index.php?userid='.$USER->id; } - -// If we are trying to delete an non-existing blog entry -if (isset($act) && ($act == 'del') && (empty($blogEntry))) { - error ('the entry you are trying to delete does not exist'); +if (!empty($courseid)) { + $returnurl .= '&courseid='.$courseid; } +$errors = array(); +$post = new object(); // editing form data -$pageNavigation = 'edit'; -include($CFG->dirroot .'/blog/header.php'); +$usehtmleditor = can_use_richtext_editor(); +$strblogs = get_string('blogs','blog'); -//////////// SECURITY AND SETUP COMPLETE - NOW PAGE LOGIC /////////////////// -if (isset($act) && ($act == 'del') && confirm_sesskey()) -{ - $postid = required_param('editid', PARAM_INT); - if (optional_param('confirm',0,PARAM_INT)) { - do_delete($postid, $context); - } else { +switch ($action) { - /// prints blog entry and what confirmation form - echo '
    '; - echo ''; - echo ''; - echo ''; - echo ''; - - print_string('blogdeleteconfirm', 'blog'); - blog_print_entry($blogEntry); - - echo '
    '; - echo ' '; - echo ' '; - echo '
    '; - print_footer($course); - exit; - } -} + case 'add': + if (data_submitted() and confirm_sesskey()) { + do_add($post, $errors); + if (empty($errors)) { + redirect($returnurl); + } + $post = stripslashes_safe($post); // no db access after this!! + // print form again + } else { + // prepare new empty form + $post->subject = ''; + $post->summary = ''; + $post->publishstate = 'draft'; + $post->format = $usehtmleditor ? FORMAT_HTML : FORMAT_MOODLE; -if ($usehtmleditor = can_use_richtext_editor()) { - $defaultformat = FORMAT_HTML; - $onsubmit = ''; -} else { - $defaultformat = FORMAT_MOODLE; - $onsubmit = ''; -} + } + $strformheading = get_string('addnewentry', 'blog'); + break; -if (($post = data_submitted( get_referer() )) && confirm_sesskey()) { - if (!empty($post->editform)) { //make sure we're processing the edit form here - //print_object($post); //debug + case 'edit': + if (!$existing) { + error('Incorrect blog post id'); + } + if (data_submitted() and confirm_sesskey()) { + do_edit($post, $errors); + if (empty($errors)) { + redirect($returnurl); + } + $post = stripslashes_safe($post); // no db access after this!! + // print form again + } else { + $post->id = $existing->id; + $post->subject = $existing->subject; + $post->summary = $existing->summary; + $post->publishstate = $existing->publishstate; + $post->format = $existing->format; + } + $strformheading = get_string('updateentrywithid', 'blog'); + break; - if (!$post->etitle or !$post->body) { - $post->error = get_string('emptymessage', 'forum'); + case 'delete': + if (!$existing) { + error('Incorrect blog post id'); } - if ($post->act == 'save') { - do_save($post); - } else if ($post->act == 'update') { - do_update($post); - } else if ($post->act == 'del') { - $postid = required_param('postid', PARAM_INT); - do_delete($postid, $context); + if (data_submitted() and $confirm and confirm_sesskey()) { + do_delete($existing); + redirect($returnurl); + } else { + $optionsyes = array('id'=>$id, 'action'=>'delete', 'confirm'=>1, 'sesskey'=>sesskey(), 'courseid'=>$courseid); + $optionsno = array('userid'=>$existing->userid, 'courseid'=>$courseid); + print_header("$SITE->shortname: $strblogs", $SITE->fullname); + blog_print_entry($existing); + echo '
    '; + notice_yesno(get_string('blogdeleteconfirm', 'blog'), 'edit.php', 'index.php', $optionsyes, $optionsno, 'post', 'get'); + print_footer(); + die; } - } -} else { + break; - //no post data yet, so load up the post array with default information - $post->etitle = ''; - $post->userid = $USER->id; - $post->body = ''; - $post->format = $defaultformat; - $post->publishstate = 'draft'; + default: + error('Unknown action!'); + break; } -if ($editid) { // User is editing a post - // ensure that editing is allowed first - admin users can edit any posts - - $blogEntry = get_record('post','id',$editid); +// gui setup - //using an unformatted entry body here so that extra formatting information is not stored in the db - $post->body = stripslashes_safe($blogEntry->summary); - $post->etitle = stripslashes_safe($blogEntry->subject); - $post->postid = $editid; - $post->userid = $blogEntry->userid; - $post->format = $blogEntry->format; - $post->publishstate = $blogEntry->publishstate; +// done here in order to allow deleting of posts with wrong user id above +if (!$user = get_record('user', 'id', $userid)) { + error('Incorrect user id'); } -if (isset($post->postid) && ($post->postid != -1) ) { - $formHeading = get_string('updateentrywithid', 'blog'); -} else { - $formHeading = get_string('addnewentry', 'blog'); -} +print_header("$SITE->shortname: $strblogs", $SITE->fullname, + ''.fullname($user).' -> + '.$strblogs.' -> '.$strformheading,'','',true); -if (isset($post->error)) { - notify($post->error); -} - -print_simple_box_start("center"); +echo '
    '; +print_simple_box_start('center'); require('edit.html'); print_simple_box_end(); -include($CFG->dirroot .'/blog/footer.php'); +if ($usehtmleditor) { + use_html_editor(); +} + +print_footer(); + +die; /***************************** edit.php functions ***************************/ /* -* do_delete -* takes $bloginfo_arg argument as reference to a blogInfo object. -* also takes the postid - the id of the entry to be removed +* Delete blog post from database */ -function do_delete($postid, $context) { - global $CFG, $USER, $referrer; - // make sure this user is authorized to delete this entry. - // cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post. - // check ownership - $blogEntry = get_record('post', 'id', $postid); - - if (blog_user_can_edit_post($blogEntry, $context)) { - if (delete_records('post', 'id', $postid)) { - //echo "bloginfo_arg:"; //debug - //print_object($bloginfo_arg); //debug - //echo "pid to delete:".$postid; //debug - delete_records('blog_tag_instance', 'entryid', $postid); - print ''. get_string('entrydeleted', 'blog') .'

    '; - - //record a log message of this entry deletion - if ($site = get_site()) { - add_to_log($site->id, 'blog', 'delete', 'index.php?userid='. $blogEntry->userid, 'deleted blog entry with entry id# '. $postid); - } - } - } - else { - error(get_string('entryerrornotyours', 'blog')); - } +function do_delete($post) { + global $returnurl; - //comment out this redirect to debug the deletion of entries + $status = delete_records('post', 'id', $post->id); + $status = delete_records('blog_tag_instance', 'entryid', $post->id) and $status; - redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid); + add_to_log(SITEID, 'blog', 'delete', 'index.php?userid='. $post->userid, 'deleted blog entry with entry id# '. $post->id); + + if (!$status) { + error('Error occured while deleting post', $returnurl); + } } /** -* do_save -* -* @param object $post argument is a reference to the post object which is used to store information for the form -* @param object $bloginfo_arg argument is reference to a blogInfo object. -*/ -function do_save($post) { - global $USER, $CFG, $referrer; -// echo 'Debug: Post object in do_save function of edit.php
    '; //debug -// print_object($post); //debug + * Write a new blog entry into database + */ +function do_add(&$post, &$errors) { + global $CFG, $USER, $returnurl; - if ($post->body == '') { - $post->error = get_string('nomessagebodyerror', 'blog'); - } else { + $post->subject = required_param('subject', PARAM_MULTILANG); + $post->summary = required_param('summary', PARAM_RAW); + $post->format = required_param('format', PARAM_INT); + $post->publishstate = required_param('publishstate', PARAM_ALPHA);; - /// Write a blog entry into database - $blogEntry = new object; - $blogEntry->subject = addslashes($post->etitle); - $blogEntry->summary = addslashes($post->body); - $blogEntry->module = 'blog'; - $blogEntry->userid = $USER->id; - $blogEntry->format = $post->format; - $blogEntry->publishstate = $post->publishstate; - $blogEntry->lastmodified = time(); - $blogEntry->created = time(); - - // Insert the new blog entry. - $entryID = insert_record('post',$blogEntry); - -// print 'Debug: created a new entry - entryId = '.$entryID.'
    '; //debug -// echo 'Debug: do_save() in edit.php calling blog_do_*back_pings
    '."\n"; //debug - if ($entryID) { - - /// Creates a unique hash. I don't know what this is for (Yu) - $dataobject = new object; - $dataobject->uniquehash = md5($blogEntry->userid.$CFG->wwwroot.$entryID); - update_record('post', $dataobject); - - /// Associate tags with entries - - $tag = NULL; - $tag->entryid = $entryID; - $tag->userid = $USER->id; - $tag->timemodified = time(); - - /// Add tags information - if ($otags = optional_param('otags','', PARAM_INT)) { - foreach ($otags as $otag) { - $tag->tagid = $otag; - insert_record('blog_tag_instance',$tag); - } - } + if ($post->summary == '
    ') { + $post->summary = ''; + } - if ($ptags = optional_param('ptags','', PARAM_INT)) { - foreach ($ptags as $ptag) { - $tag->tagid = $ptag; - insert_record('blog_tag_instance',$tag); - } - } + if ($post->subject == '') { + $errors['subject'] = get_string('emptytitle', 'blog'); + } + if ($post->summary == '') { + $errors['summary'] = get_string('emptybody', 'blog'); + } - print ''. get_string('entrysaved', 'blog') .'
    '; - } - //record a log message of this entry addition - if ($site = get_site()) { - add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject); - } - - redirect($referrer); - /* - //to debug this save function comment out the following redirect code - if ($courseid == SITEID || $courseid == 0 || $courseid == '') { - redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid); - } else { - redirect($CFG->wwwroot .'/course/view.php?id='. $courseid); - }*/ + if (!empty($errors)) { + return; // no saving } + + $post->module = 'blog'; + $post->userid = $USER->id; + $post->lastmodified = time(); + $post->created = time(); + + + // Insert the new blog entry. + if ($id = insert_record('post', $post)) { + $post->id = $id; + add_tags_info($post->id); + add_to_log(SITEID, 'blog', 'add', 'index.php?userid='.$post->userid.'&postid='.$posz->id, $post->subject); + + } else { + error('There was an error adding this post in the database', $returnurl); + } + } /** @@ -265,65 +210,66 @@ function do_save($post) { * @param . $bloginfo_arg argument is reference to a blogInfo object. * @todo complete documenting this function. enable trackback and pingback between entries on the same server */ -function do_update($post) { - // here post = data_submitted(); - global $CFG, $USER, $referrer; - $blogEntry = get_record('post','id',$post->postid); -// echo "id id ".$post->postid; -// print_object($blogentry); //debug - - $blogEntry->subject = addslashes($post->etitle); - $blogEntry->summary = addslashes($post->body); - if ($blogEntry->summary == '
    ') { - $blogEntry->summary = ''; +function do_edit(&$post, &$errors) { + + global $CFG, $USER, $returnurl; + + $post->id = required_param('id', PARAM_INT); + $post->subject = required_param('subject', PARAM_MULTILANG); + $post->summary = required_param('summary', PARAM_RAW); + $post->format = required_param('format', PARAM_INT); + $post->publishstate = required_param('publishstate', PARAM_ALPHA);; + + if ($post->summary == '
    ') { + $post->summary = ''; } - $blogEntry->format = $post->format; - $blogEntry->publishstate = $post->publishstate; //we don't care about the return value here - - if ( update_record('post',$blogEntry)) { - delete_records('blog_tag_instance', 'entryid', $blogEntry->id); - - $tag = NULL; - $tag->entryid = $blogEntry->id; - $tag->userid = $USER->id; - $tag->timemodified = time(); - - /// Add tags information - if ($otags = optional_param('otags','', PARAM_INT)) { - foreach ($otags as $otag) { - $tag->tagid = $otag; - insert_record('blog_tag_instance',$tag); - } - } - if ($ptags = optional_param('ptags','', PARAM_INT)) { - foreach ($ptags as $ptag) { - $tag->tagid = $ptag; - insert_record('blog_tag_instance',$tag); - } + if ($post->subject == '') { + $errors['subject'] = get_string('emptytitle', 'blog'); + } + if ($post->summary == '') { + $errors['summary'] = get_string('emptybody', 'blog'); + } + + if (!empty($errors)) { + return; // no saving + } + + $post->lastmodified = time(); + + // update record + if (update_record('post', $post)) { + delete_records('blog_tag_instance', 'entryid', $post->id); + add_tags_info($post->id); + add_to_log(SITEID, 'blog', 'update', 'index.php?userid='.$post->userid.'&postid='.$post->id, $post->subject); + + } else { + error('There was an error updating this post in the database', $returnurl); + } + +} + +function add_tags_info($postid) { + $post = get_record('post', 'id', $postid); + + $tag = new object(); + $tag->entryid = $post->id; + $tag->userid = $post->userid; + $tag->timemodified = time(); + + /// Add tags information + if ($otags = optional_param('otags','', PARAM_INT)) { + foreach ($otags as $otag) { + $tag->tagid = $otag; + insert_record('blog_tag_instance', $tag); } - - // only do pings if the entry is published to the world - // Daryl Hawes note - eventually should check if it's on the same server - // and if so allow pb/tb as well - especially now that moderation is in place - print ''. get_string('entryupdated', 'blog') .'

    '; - - //record a log message of this entry update action - if ($site = get_site()) { - add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject); + } + + if ($ptags = optional_param('ptags','', PARAM_INT)) { + foreach ($ptags as $ptag) { + $tag->tagid = $ptag; + insert_record('blog_tag_instance', $tag); } - - redirect($referrer); - //to debug this save function comment out the following redirect code -/* - if ($courseid == SITEID || $courseid == 0 || $courseid == '') { - redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid); - } else { - redirect($CFG->wwwroot .'/course/view.php?id='. $courseid); - }*/ - } else { -// get_string('', 'blog') //Daryl Hawes note: localize this line - $post->error = 'There was an error updating this post in the database'; } } ?> \ No newline at end of file diff --git a/blog/footer.php b/blog/footer.php index f74356f933..85f72f698c 100644 --- a/blog/footer.php +++ b/blog/footer.php @@ -2,7 +2,7 @@

      +
    : - + +
    - useextendedbody) && $post->useextendedbody) { - print_string('entryexcerpt', 'blog'); - } else { - print_string('entrybody', 'blog'); - } + :

    @@ -121,11 +118,11 @@ } else { emoticonhelpbutton('entry', 'body'); } - ?> - + ?> +     		- body); ?> + summary); ?>
    - - - + + + postid) && ($post->postid != -1) ) { + if ($action == 'add') { ?> - - -   - + +   + - -   + +   +
    -'."\n"; // The right column @@ -21,20 +21,5 @@ if (blocks_have_content($pageblocks, BLOCK_POS_RIGHT) || $editing) { id)) { - print_footer($course); -} else { - print_footer(); -} +print_footer($course); ?> diff --git a/blog/header.php b/blog/header.php index dbc7973b57..a9efda524a 100755 --- a/blog/header.php +++ b/blog/header.php @@ -1,6 +1,6 @@ dirroot .'/blog/lib.php'); require_once($CFG->libdir .'/pagelib.php'); @@ -9,21 +9,15 @@ require_once($CFG->libdir .'/blocklib.php'); require_once($CFG->dirroot .'/course/lib.php'); $blockaction = optional_param('blockaction','', PARAM_ALPHA); -$instanceid = optional_param('instanceid', 0, PARAM_INT); -$blockid = optional_param('blockid', 0, PARAM_INT); +$instanceid = optional_param('instanceid', 0, PARAM_INT); +$blockid = optional_param('blockid', 0, PARAM_INT); /// If user has never visited this page before, install 2 blocks for him blog_check_and_install_blocks(); -// now check that they are logged in and allowed into the course (if specified) -if ($courseid != SITEID) { - if (!$course = get_record('course', 'id', $courseid)) { - error('The course number was incorrect ('. $courseid .')'); - } - require_login($course->id); -} else { - $course = $SITE; +if (!$course = get_record('course', 'id', $courseid)) { + error('The course number was incorrect ('. $courseid .')'); } // Bounds for block widths within this page @@ -38,7 +32,7 @@ $pageclass = 'page_blog'; // map our page identifier to the actual name // of the class which will be handling its operations. -page_map_class($pagetype, $pageclass); +page_map_class($pagetype, $pageclass); // Now, create our page object. if (empty($USER->id)) { @@ -46,9 +40,41 @@ if (empty($USER->id)) { } else { $PAGE = page_create_object($pagetype, $USER->id); } -$PAGE->courseid = $courseid; +$PAGE->courseid = $courseid; +$PAGE->filtertype = $filtertype; +$PAGE->filterselect = $filterselect; + $PAGE->init_full(); //init the BlogInfo object and the courserecord object +$editing = false; +if ($PAGE->user_allowed_editing()) { + $editing = $PAGE->user_is_editing(); +} + +// Calculate the preferred width for left, right and center (both center positions will use the same) +$preferred_width_left = bounded_number(BLOCK_L_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]), + BLOCK_L_MAX_WIDTH); +$preferred_width_right = bounded_number(BLOCK_R_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]), + BLOCK_R_MAX_WIDTH); + +// Display the blocks and allow blocklib to handle any block action requested +$pageblocks = blocks_get_by_page($PAGE); + +if ($editing) { + if (!empty($blockaction) && confirm_sesskey()) { + if (!empty($blockid)) { + blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), intval($blockid)); + } else if (!empty($instanceid)) { + $instance = blocks_find_instance($instanceid, $pageblocks); + blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $instance); + } + // This re-query could be eliminated by judicious programming in blocks_execute_action(), + // but I'm not sure if it's worth the complexity increase... + $pageblocks = blocks_get_by_page($PAGE); + } + $missingblocks = blocks_get_missing($PAGE, $pageblocks); +} + if (!empty($tagid)) { $taginstance = get_record('tags', 'id', $tagid); } else { @@ -59,10 +85,6 @@ if (!empty($tagid)) { $taginstance = get_record('tags', 'id', $tagid); } } -if (!isset($filtertype)) { - $filtertype = 'user'; - $filterselect = $USER->id; -} /// navigations /// site blogs - sitefullname -> blogs -> (?tag) @@ -73,27 +95,11 @@ if (!isset($filtertype)) { $blogstring = get_string('blogs','blog'); $tagstring = get_string('tag'); -if ($ME == $CFG->wwwroot.'/blog/edit.php') { /// We are in edit mode, print the editing header - - // first we need to identify the user - if ($editid) { // if we are editing a post - $blogEntry = get_record('post','id',$editid); - $user = get_record('user','id',$blogEntry->userid); - } else { - $user = get_record('user','id',$filterselect); - } - - if ($editid) { - $formHeading = get_string('updateentrywithid', 'blog'); - } else { - $formHeading = get_string('addnewentry', 'blog'); - } - - print_header("$SITE->shortname: $blogstring", "$SITE->fullname", - ''.fullname($user).' -> - '.$blogstring.' -> '. $formHeading,'','',true); +// needed also for user tabs later +if (!$course = get_record('course', 'id', $courseid)) { + error('Wrong course id'); +} -} else { // else, we are in view mode /// This is very messy atm. @@ -136,16 +142,18 @@ if ($ME == $CFG->wwwroot.'/blog/edit.php') { /// We are in edit mode, print the break; case 'user': - $user = get_record('user', 'id', $filterselect); $participants = get_string('participants'); + if (!$user = get_record('user', 'id', $filterselect)) { + error('Wrong user id'); + } - if (isset($course->id) && $course->id && $course->id != SITEID) { + if ($course->id != SITEID) { if ($tagid || !empty($tag)) { print_header("$course->shortname: $blogstring", $course->fullname, ''.$course->shortname.' -> '.$participants.' -> '.fullname($user).' -> - '. "$blogstring -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string()); + '. "$blogstring -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string()); } else { print_header("$course->shortname: $blogstring", $course->fullname, @@ -155,9 +163,9 @@ if ($ME == $CFG->wwwroot.'/blog/edit.php') { /// We are in edit mode, print the '.$blogstring,'','',true,$PAGE->get_extra_header_string()); } - } + } else { + //in top view - else { if ($tagid || !empty($tag)) { print_header("$SITE->shortname: $blogstring", $SITE->fullname, @@ -174,54 +182,22 @@ if ($ME == $CFG->wwwroot.'/blog/edit.php') { /// We are in edit mode, print the } break; - default: //user click on add from block - print_header("$SITE->shortname: $blogstring", $SITE->fullname, - ''.fullname($user).' -> - '.$blogstring.' -> '.get_string('addentry','blog'),'','',true,$PAGE->get_extra_header_string()); + default: + error ('Error unknown filtertype'); break; } -} /// close switch // prints the tabs if ($filtertype=='user') { - $showroles = 1; + $showroles = true; +} else { + $showroles = false; } $currenttab = 'blogs'; -$user = $USER; -if (!$course) { - $course = get_record('course','id',optional_param('courseid', SITEID, PARAM_INT)); -} -require_once($CFG->dirroot .'/user/tabs.php'); -$editing = false; -if ($PAGE->user_allowed_editing()) { - $editing = $PAGE->user_is_editing(); -} - -// Calculate the preferred width for left, right and center (both center positions will use the same) -$preferred_width_left = bounded_number(BLOCK_L_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]), - BLOCK_L_MAX_WIDTH); -$preferred_width_right = bounded_number(BLOCK_R_MIN_WIDTH, blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]), - BLOCK_R_MAX_WIDTH); - -// Display the blocks and allow blocklib to handle any block action requested -$pageblocks = blocks_get_by_page($PAGE); +require_once($CFG->dirroot .'/user/tabs.php'); -if ($editing) { - if (!empty($blockaction) && confirm_sesskey()) { - if (!empty($blockid)) { - blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), intval($blockid)); - } else if (!empty($instanceid)) { - $instance = blocks_find_instance($instanceid, $pageblocks); - blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $instance); - } - // This re-query could be eliminated by judicious programming in blocks_execute_action(), - // but I'm not sure if it's worth the complexity increase... - $pageblocks = blocks_get_by_page($PAGE); - } - $missingblocks = blocks_get_missing($PAGE, $pageblocks); -} /// Layout the whole page as three big columns. print '' . "\n"; diff --git a/blog/index.php b/blog/index.php index ec3dec710d..c1465945f3 100755 --- a/blog/index.php +++ b/blog/index.php @@ -6,35 +6,27 @@ * if a blog id is specified then the latest entries from that blog are shown */ -if (!file_exists('../config.php')) { - header('Location: ../install.php'); - die; -} - require_once('../config.php'); require_once($CFG->dirroot .'/blog/lib.php'); require_once($CFG->libdir .'/blocklib.php'); $id = optional_param('id', 0, PARAM_INT); -$limit = optional_param('limit', 0, PARAM_INT); $start = optional_param('formstart', 0, PARAM_INT); $userid = optional_param('userid',0,PARAM_INT); -$courseid = optional_param('courseid',SITEID,PARAM_INT); $tag = optional_param('tag', '', PARAM_NOTAGS); $tagid = optional_param('tagid', 0, PARAM_INT); $postid = optional_param('postid',0,PARAM_INT); $filtertype = optional_param('filtertype', '', PARAM_ALPHA); $filterselect = optional_param('filterselect', 0, PARAM_INT); + $edit = optional_param('edit', -1, PARAM_BOOL); +$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs and course tracking + if (empty($CFG->bloglevel)) { error('Blogging is disabled!'); } - -// Blogs are only global for now. -// 'post' table will have to be changed to use contextid instead of courseid, -// modileid, etc. because they are obsolete now. $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); @@ -43,132 +35,114 @@ if (isloggedin() and !isguest() and $edit != -1) { $SESSION->blog_editing_enabled = $edit; } -/// overwrite filter code here - -if ($filtertype) { - switch ($filtertype) { - - case 'site': - if ($filterselect) { - $userid = $filterselect; - } else { - $userid = 0; - } - $course = get_site(); - $courseid = SITEID; - break; - - case 'course': - if ($filterselect) { - $courseid = $filterselect; - $course = get_record('course','id',$courseid); - } - $userid =0; - $groupid = 0; - break; - - case 'group': - if ($filterselect) { - $groupid = $filterselect; - $group = get_record('groups','id',$groupid); - $course = get_record('course','id',$group->courseid); - $courseid = $course->id; - } else { - $groupid = 0; - } - $userid = 0; - break; - - case 'user': - if ($filterselect) { - $userid = $filterselect; - } - $groupid = 0; - break; - default: - break; +if (empty($filtertype)) { + if ($userid) { // default to user if specified + $filtertype = 'user'; + $filterselect = $userid; + } else if (has_capability('moodle/blog:view', $sitecontext) and $CFG->bloglevel > BLOG_USER_LEVEL) { + $filtertype = 'site'; + $filterselect = ''; + } else { + // user might have capability to write blogs, but not read blogs at site level + // users might enter this url manually without parameters + $filtertype = 'user'; + $filterselect = $USER->id; } - -} else if ($userid) { // default to user - $filtertype = 'user'; - $filterselect = $userid; -} else { - $filtertype = 'site'; - $filterselect = ''; } - - - -/// Rights checking. +/// check access and prepare filters switch ($filtertype) { + case 'site': - $context = get_context_instance(CONTEXT_SYSTEM, SITEID); if ($CFG->bloglevel < BLOG_SITE_LEVEL) { error('Site blogs is not enabled'); - } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { + } + if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { require_login(); } + if (!has_capability('moodle/blog:view', $sitecontext)) { + error('You do not have the required permissions to view all site blogs'); + } break; + case 'course': - $context = get_context_instance(CONTEXT_COURSE, $courseid); if ($CFG->bloglevel < BLOG_COURSE_LEVEL) { error('Course blogs is not enabled'); } + if (!$course = get_record('course', 'id', $filterselect)) { + error('Incorrect course id specified'); + } + $courseid = $course->id; + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + require_login($course->id); + if (!has_capability('moodle/blog:view', $sitecontext)) { + error('You do not have the required permissions to view blogs in this course'); + } break; + case 'group': - $context = get_context_instance(CONTEXT_GROUP, $groupid); if ($CFG->bloglevel < BLOG_GROUP_LEVEL) { - error ('Group blogs is not enabled'); + error('Group blogs is not enabled'); + } + if (!$group = get_record('groups','id',$groupid)) { + error('Incorrect group id specified'); + } + if (!$course = get_record('course', 'id', $group->courseid)) { + error('Incorrect course id specified'); } - if (groupmode($course) == SEPARATEGROUPS && - !has_capability('moodle/site:accessallgroups', $context)) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + $courseid = $course->id; + require_login($course->id); + if (!has_capability('moodle/blog:view', $coursecontext)) { + error('You do not have the required permissions to view blogs in this course/group'); + } + if (groupmode($course) == SEPARATEGROUPS + and !has_capability('moodle/site:accessallgroups', $coursecontext)) { if (!ismember($filterselect)) { - error ('You are not a member of this group'); + error ('You are not a member of this course group'); } } - /// check if user is editting teacher, or if spg, is member + break; + case 'user': - $context = get_context_instance(CONTEXT_USER, $userid); if ($CFG->bloglevel < BLOG_USER_LEVEL) { - error ('Blogs is not enabled'); + error('Blogs is not enabled'); } - if ($CFG->bloglevel == BLOG_USER_LEVEL && $USER->id != $filterselect) { - error ('Under this setting, you can only view your own blogs'); + if (!$user = get_record('user', 'id', $filterselect)) { + error('Incorrect user id'); } - - /// check to see if the viewer is sharing no_group, visible group course. - /// if not , check if the viewer is in any spg group as the user - blog_user_can_view_user_post($filterselect); + if ($USER->id == $filterselect) { + if (!has_capability('moodle/blog:create', $sitecontext) + and !has_capability('moodle/blog:view', $sitecontext)) { + error('You do not have your own a blog, sorry.'); + } + } else { + $personalcontext = get_context_instance(CONTEXT_USER, $filterselect); + if (!has_capability('moodle/blog:view', $sitecontext) + and !has_capability('moodle/user:readuserblogs', $personalcontext)) { + error('You do not have the required permissions to read user blogs'); + } + if (!blog_user_can_view_user_post($filterselect)) { + error('You can not view blog of this user, sorry.'); + } + } + $userid = $filterselect; break; + default: + error('Incorrect blog filter type specified'); break; } -if (!has_capability('moodle/blog:view', $context)) { - error('You do not have the required permissions to to view blogs'); -} - - -// first set the start and end day equal to the day argument passed in from the get vars -if ($limit == 'none') { - $limit = get_user_preferences('blogpagesize', 10); +if (empty($courseid)) { + $courseid = SITEID; } include($CFG->dirroot .'/blog/header.php'); -// prints the tabs -$currenttab = 'blogs'; -$user = $USER; -if (!$course) { - $course = get_record('course', 'id', optional_param('courseid', SITEID, PARAM_INT)); -} - -$blogpage = optional_param('blogpage', 0, PARAM_INT); - -blog_print_html_formatted_entries($userid, $postid, $limit, ($blogpage * $limit) ,$filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect); +blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag); add_to_log($courseid, 'blog', 'view', 'index.php?filtertype='.$filtertype.'&filterselect='.$filterselect.'&postid='.$postid.'&tagid='.$tagid.'&tag='.$tag, 'view blog entry'); diff --git a/blog/lib.php b/blog/lib.php index 9e723a31a4..b1466bd3f5 100755 --- a/blog/lib.php +++ b/blog/lib.php @@ -5,7 +5,7 @@ */ require_once($CFG->libdir .'/blocklib.php'); require_once($CFG->libdir .'/pagelib.php'); - require_once('rsslib.php'); + require_once($CFG->dirroot .'/blog/rsslib.php'); require_once($CFG->dirroot .'/blog/blogpage.php'); @@ -25,18 +25,8 @@ //not used at the moment, and may not need to be define('PAGE_BLOG_COURSE_VIEW', 'blog_course-view'); - $BLOG_YES_NO_MODES = array ( '0' => get_string('no'), - '1' => get_string('yes') ); - // Set default setting for $CFG->blog_* vars used by blog's blocks. - // If they are not already. Otherwise errors are thrown when an attempt - // is made to use an empty var. - if (empty($SESSION->blog_editing_enabled)) { - $SESSION->blog_editing_enabled = false; - } - - - /** + /** * Checks to see if user has visited blogpages before, if not, install 2 * default blocks (blog_menu and blog_tags). */ @@ -51,22 +41,22 @@ // add those 2 into block_instance page // add blog_menu block - $newblock = new object; - $newblock -> blockid = $menublock->id; - $newblock -> pageid = $USER->id; + $newblock = new object(); + $newblock -> blockid = $menublock->id; + $newblock -> pageid = $USER->id; $newblock -> pagetype = 'blog-view'; $newblock -> position = 'r'; - $newblock -> weight = 0; - $newblock -> visible = 1; + $newblock -> weight = 0; + $newblock -> visible = 1; insert_record('block_instance', $newblock); // add blog_tags menu $newblock -> blockid = $tagsblock->id; - $newblock -> weight = 1; + $newblock -> weight = 1; insert_record('block_instance', $newblock); // finally we set the page size pref - set_user_preference('blogpagesize',8); + set_user_preference('blogpagesize', 10); } } } @@ -78,10 +68,8 @@ */ function blog_isediting() { global $SESSION; - if (! isset($SESSION->blog_editing_enabled)) { - $SESSION->blog_editing_enabled = false; - } - return ($SESSION->blog_editing_enabled); + + return !empty($SESSION->blog_editing_enabled); } @@ -91,31 +79,31 @@ * * $@param ... */ - function blog_print_html_formatted_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect) { + function blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag) { global $CFG, $USER; - $blogpage = optional_param('blogpage', 0, PARAM_INT); - $bloglimit = get_user_preferences('blogpagesize',10); + $blogpage = optional_param('blogpage', 0, PARAM_INT); + $bloglimit = optional_param('limit', get_user_preferences('blogpagesize', 10), PARAM_INT); + $start = $blogpage * $bloglimit; - // First let's see if the batchpublish form has submitted data - $post = data_submitted(); + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); $morelink = '
      '; - $blogEntries = fetch_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', $limit=true); - - print_paging_bar(get_viewable_entry_count($userid, $postid, $limit, $start,$filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC'), $blogpage, $bloglimit, get_baseurl($filtertype, $filterselect), 'blogpage'); + $blogEntries = fetch_entries($postid, $bloglimit, $start, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', true); + + print_paging_bar(count($blogEntries), $blogpage, $bloglimit, get_baseurl($filtertype, $filterselect), 'blogpage'); if ($CFG->enablerssfeeds) { blog_rss_print_link($filtertype, $filterselect, $tag); } - if (isloggedin() && !isguest()) { + if (has_capability('moodle/blog:create', $sitecontext)) { //the user's blog is enabled and they are viewing their own blog $addlink = '
    '; - $addlink .= ''. get_string('addnewentry', 'blog').''; - $addlink .='
    '; + $addlink .= ''. get_string('addnewentry', 'blog').''; + $addlink .= ''; echo $addlink; } @@ -157,9 +145,9 @@ */ function blog_print_entry($blogEntry, $viewtype='full', $filtertype='', $filterselect='', $mode='loud') { - global $USER, $CFG, $course, $ME; + global $USER, $CFG, $COURSE, $ME; - $template['body'] = get_formatted_entry_body(stripslashes_safe($blogEntry->summary), $blogEntry->format); + $template['body'] = format_text(stripslashes_safe($blogEntry->summary), $blogEntry->format); $template['title'] = ''; //enclose the title in nolink tags so that moodle formatting doesn't autolink the text $template['title'] .= ''. stripslashes_safe($blogEntry->subject); @@ -193,8 +181,9 @@ echo ''; @@ -219,9 +208,9 @@ $blogtype = ''; break; - } + } - echo '
    '.$blogtype.'
    '; + echo '
    '.$blogtype.'
    '; // Print whole message echo format_text($template['body']); @@ -247,17 +236,9 @@ echo '
    '; - if (!empty($USER->id)) { - $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - $canmanage = has_capability('moodle/blog:manageentries', $context); - - if (($template['userid'] == $USER->id) or $canmanage) { - echo ''.$stredit.''; - } - - if (($template['userid'] == $USER->id) or $canmanage) { - echo '| '.$strdelete.''; - } + if (blog_user_can_edit_post($blogEntry)) { + echo ''.$stredit.''; + echo '| '.$strdelete.''; } echo '
    '; @@ -291,94 +272,114 @@ * User can edit a blog entry if this is their own blog post and they have * the capability moodle/blog:create, or if they have the capability * moodle/blog:manageentries. + * + * This also applies to deleting of posts. */ - function blog_user_can_edit_post($blogEntry, $context) { - + function blog_user_can_edit_post($blogEntry) { + global $CFG, $USER; - - return ((has_capability('moodle/blog:create', $context) && - $blogEntry->userid == $USER->id) || - has_capability('moodle/blog:manageentries', $context)); + + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + + if (has_capability('moodle/blog:manageentries', $sitecontext)) { + return true; // can edit any blog post + } + + if ($blogEntry->userid == $USER->id + and has_capability('moodle/blog:create', $sitecontext)) { + return true; // can edit own when having blog:create capability + } + + return false; } /** * Checks to see if a user can view the blogs of another user. - * He can do so, if he has the moodle/blog:view capability. In the - * case of spg group course, the user also needs to be in the same group. + * Only blog level is checked here, the capabilities are enforced + * in blog/index.php */ function blog_user_can_view_user_post($targetuserid, $blogEntry=null) { - global $CFG, $USER; - $canview = 0; //bad start - - $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - - if (!has_capability('moodle/blog:view', $context)) { - return false; - } - - if ($USER->id && ($USER->id == $targetuserid)) { - return true; + + if (empty($CFG->bloglevel)) { + return false; // blog system disabled } - if ($blogEntry and $blogEntry->publishstate == 'draft') { // can not view draft - return false; + if (!empty($USER->id) and $USER->id == $targetuserid) { + return true; // can view own posts in any case } - - $usercourses = get_my_courses($targetuserid); - foreach ($usercourses as $usercourse) { - // If the viewer and user are sharing same non-spg course, then - // grant permission. - if (groupmode($usercourse) != SEPARATEGROUPS) { - $canview = 1; - return $canview; - } else { - // Now we need every group the user is in, and check to see - // if view is a member. - if ($usergroups = user_group($usercourse->id, $targetuserid)) { - foreach ($usergroups as $usergroup) { - if (ismember($usergroup->id)) { - $canview = 1; - return $canview; - } - } - } - } + + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + if (has_capability('moodle/blog:manageentries', $sitecontext)) { + return true; // can manage all posts } - if (!$canview && $CFG->bloglevel < BLOG_SITE_LEVEL) { - error ('You can not view this user\'s blogs'); + if ($blogEntry and $blogEntry->publishstate == 'draft') { + return false; // can not view draft of others } - return $canview; - } + switch ($CFG->bloglevel) { + case BLOG_GLOBAL_LEVEL: + return true; + break; + case BLOG_SITE_LEVEL: + if (!empty($USER->id)) { // not logged in viewers forbidden + return true; + } + return false; + break; + + case BLOG_COURSE_LEVEL: + $mycourses = array_keys(get_my_courses($targetuserid)); + $usercourses = array_keys(get_my_courses($targetuserid)); + $shared = array_intersect($mycourses, $usercourses); + if (!empty($shared)) { + return true; + } + return false; + break; + + case BLOG_GROUP_LEVEL: + $mycourses = array_keys(get_my_courses($targetuserid)); + $usercourses = array_keys(get_my_courses($targetuserid)); + $shared = array_intersect($mycourses, $usercourses); + foreach ($shared as $courseid) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); + if (has_capability('moodle/site:accessallgroups', $coursecontext) + or groupmode($courseid) != SEPARATEGROUPS) { + return true; + } else { + if ($usergroups = user_group($courseid, $targetuserid)) { + foreach ($usergroups as $usergroup) { + if (ismember($usergroup->id)) { + return true; + } + } + } + } + } + return false; + break; + + case BLOG_USER_LEVEL: + default: + $personalcontext = get_context_instance(CONTEXT_USER, $targetuserid); + return has_capability('moodle/user:readuserblogs', $personalcontext); + break; - /** - * Moved from BlogEntry class. - */ - function get_formatted_entry_body($body, $format) { - global $CFG; - include_once($CFG->libdir .'/weblib.php'); - if ($format) { - return format_text($body, $format); } - return stripslashes_safe($body); } /** * Main filter function. */ - function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) { + function fetch_entries($postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) { global $CFG, $USER; - if (!isset($USER->id)) { - $USER->id = 0; //hack, for guests - } - /// set the tag id for searching if ($tagid) { $tag = $tagid; @@ -409,7 +410,7 @@ } else { return null; } - + } else { // bad postid return null; } @@ -436,7 +437,7 @@ case 'site': if (isloggedin()) { - + $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql .$CFG->prefix.'user u WHERE p.userid = u.id '.$tagquerysql.' @@ -456,10 +457,10 @@ case 'course': if ($filterselect != SITEID) { - + // all users with a role assigned $context = get_context_instance(CONTEXT_COURSE, $filterselect); - + $SQL = '(SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql .$CFG->prefix.'role_assignments ra, '.$CFG->prefix.'user u WHERE p.userid = ra.userid '.$tagquerysql.' @@ -501,22 +502,22 @@ break; case 'user': - + if (isloggedin()) { - + $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql .$CFG->prefix.'user u WHERE p.userid = u.id '.$tagquerysql.' AND u.id = '.$filterselect.' AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')'; } else { - + $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql .$CFG->prefix.'user u WHERE p.userid = u.id '.$tagquerysql.' AND u.id = '.$filterselect.' - AND p.publishstate = \'public\''; - + AND p.publishstate = \'public\''; + } break; @@ -551,14 +552,14 @@ * this is not ideal, but because of the UNION in the sql in fetch_entries, * it is hard to use count_records_sql */ - function get_viewable_entry_count($userid, $postid='', $fetchlimit=10, + function get_viewable_entry_count($postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC') { - $blogEntries = fetch_entries($userid, $postid, $fetchlimit, + $blogEntries = fetch_entries($postid, $fetchlimit, $fetchstart, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', false); - + return count($blogEntries); } diff --git a/blog/preferences.html b/blog/preferences.html index 1195b6eacc..95fc363d97 100755 --- a/blog/preferences.html +++ b/blog/preferences.html @@ -1,5 +1,4 @@ -
    '.$template['title'].'
    '; $fullname = fullname($user, $template['userid']); + $by = new object(); $by->name = ''.$fullname.''; + $user->id.'&course='.$COURSE->id.'">'.$fullname.''; $by->date = $template['lastmod']; print_string('bynameondate', 'forum', $by); echo '
    @@ -8,6 +7,7 @@ diff --git a/blog/preferences.php b/blog/preferences.php index 1ba76f2d3c..c53acf4a26 100755 --- a/blog/preferences.php +++ b/blog/preferences.php @@ -4,46 +4,52 @@ require_once('../config.php'); require_once($CFG->dirroot.'/blog/lib.php'); - require_login(); + $courseid = optional_param('courseid', SITEID, PARAM_INT); + + if ($courseid == SITEID) { + require_login(); + $context = get_context_instance(CONTEXT_SYSTEM, SITEID); + } else { + require_login($courseid); + $context = get_context_instance(CONTEXT_COURSE, $courseid); + } if (empty($CFG->bloglevel)) { error('Blogging is disabled!'); } - $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); - - // Ensure that the logged in user has the capability to view blog entries for now, - // because there is only $pagesize which affects the viewing ;-) - require_capability('moodle/blog:view', $sitecontext); + require_capability('moodle/blog:view', $context); /// If data submitted, then process and store. if (data_submitted()) { + $pagesize = required_param('pagesize', PARAM_INT); - $pagesize = optional_param('pagesize', 10, PARAM_INT); - if ($pagesize < 1 ) { - error ('invalid page size'); + if ($pagesize < 1) { + error('invalid page size'); } set_user_preference('blogpagesize', $pagesize); - // the best guess is IMHO to redirect to blog page, so that user reviews the changed preferences - skodak - redirect($CFG->wwwroot.'/blog/index.php'); + + // now try to guess where to go from here ;-) + if ($courseid == SITEID) { + redirect($CFG->wwwroot.'/blog/index.php'); + } else { + redirect($CFG->wwwroot.'/blog/index.php?filtertype=course&filterselect='.$courseid); + } } $site = get_site(); - $pageMeta = '' . "\n"; $strpreferences = get_string('preferences'); - $strblogs = get_string('blogs', 'blog'); + $strblogs = get_string('blogs', 'blog'); $navigation = "$strblogs -> $strpreferences"; - print_header("$site->shortname: $strblogs : $strpreferences", $strblogs, $navigation, '', $pageMeta, true, '', ''); - + print_header("$site->shortname: $strblogs : $strpreferences", $strblogs, $navigation); print_heading($strpreferences); print_simple_box_start('center', '', ''); - - include('./preferences.html'); + require('./preferences.html'); print_simple_box_end(); print_footer(); diff --git a/blog/tags.html b/blog/tags.html index 44e7a59ebb..478ade1c3e 100755 --- a/blog/tags.html +++ b/blog/tags.html @@ -1,4 +1,8 @@ prefix.'tags WHERE type=\'official\' ORDER by text ASC'); +$ptags1 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid = '.$USER->id.' ORDER by text ASC'); +$ptags2 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid <> '.$USER->id.' ORDER by text ASC'); + print_heading(get_string('tagmanagement')); ?> @@ -7,29 +11,27 @@ print_heading(get_string('tagmanagement')); - + - + - + - + - +
    :
    + " />
    - +
    prefix.'tags WHERE type=\'official\' ORDER by text ASC')) { + if ($otags) { foreach ($otags as $otag) { echo '
    '.$otag->text; } @@ -38,17 +40,15 @@ print_heading(get_string('tagmanagement')); ?>
    - +
    - +
    :
    - +

    - +

    diff --git a/blog/tags.php b/blog/tags.php index 47bd10c0d4..0032fda31e 100755 --- a/blog/tags.php +++ b/blog/tags.php @@ -1,31 +1,43 @@ bloglevel)) { error('Blogging is disabled!'); } -$context = get_context_instance(CONTEXT_SYSTEM, SITEID); +if (isguest()) { + error(get_string('noguestpost', 'blog')); +} + +$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); +$error = ''; -switch ($mode) { +switch ($action) { case 'addofficial': - /// Adding official tags. - if (!has_capability('moodle/blog:manageofficialtags', $context) || !confirm_sesskey()) { - die('you can not add official tags'); + // only approved uses can add official tags + if (!has_capability('moodle/blog:manageofficialtags', $sitecontext)) { + error('Can not add official tags tags'); } - - if (($otag = optional_param('otag', '', PARAM_NOTAGS)) && (!get_record('tags','text',$otag))) { + if (data_submitted() and confirm_sesskey()) { + $otag = trim(required_param('otag', PARAM_NOTAGS)); + + if (get_record('tags', 'text', $otag)) { + $error = get_string('tagalready'); + break; + } + $tag = new object(); $tag->userid = $USER->id; - $tag->text = $otag; - $tag->type = 'official'; - $tagid = insert_record('tags', $tag); - + $tag->text = $otag; + $tag->type = 'official'; + if (!$tagid = insert_record('tags', $tag)) { + error('Can not create tag!'); + } + /// Write newly added tags back into window opener. echo ''; - } else { - /// Tag already exists. - notify(get_string('tagalready')); } break; - + case 'addpersonal': /// Everyone can add personal tags as long as they can write blog entries. - if (!confirm_sesskey() || - !has_capability('moodle/blog:create', $context) || - empty($USER->id)) { - error ('you can not add tags'); + if (!has_capability('moodle/blog:manageofficialtags', $sitecontext) + and !has_capability('moodle/blog:create', $sitecontext)) { + error('Can not add personal tags'); } - - if (($ptag = optional_param('ptag', '', PARAM_NOTAGS)) && (!get_record('tags','text',$ptag))) { + if (data_submitted() and confirm_sesskey()) { + $ptag = trim(required_param('ptag', PARAM_NOTAGS)); + + if (get_record('tags', 'text', $ptag)) { + $error = get_string('tagalready'); + break; + } + $tag = new object(); $tag->userid = $USER->id; - $tag->text = $ptag; - $tag->type = 'personal'; - $tagid = insert_record('tags', $tag); + $tag->text = $ptag; + $tag->type = 'personal'; + if (!$tagid = insert_record('tags', $tag)) { + error('Can not create tag!'); + } /// Write newly added tags back into window opener. echo ''; - } else { - /// Tag already exists. - notify(get_string('tagalready')); } - + break; - + case 'delete': /// Delete a tag. - if (!confirm_sesskey()) { - error('you can not delete tags'); - } - - if ($tags = optional_param('tags', 0, PARAM_INT)) { - - foreach ($tags as $tag) { - - $blogtag = get_record('tags','id',$tag); - - // You can only delete your own tags, or you have to have the - // moodle/blog:manageofficialtags capability. - if (!has_capability('moodle/blog:manageofficialtags', $context) - && $USER->id != $blogtag->userid) { - notify(get_string('norighttodeletetag','blog', $blogtag->text)); - continue; + if (data_submitted() and confirm_sesskey()) { + $tagids = optional_param('tags', array(), PARAM_INT); + + if (empty($tagids) or !is_array($tagids)) { + // TODO add error message here + // $error = 'no data selected'; + break; + } + + foreach ($tagids as $tagid) { + + if (!$tag = get_record('tags', 'id', $tagid)) { + continue; // page refreshed? } - // You can only delete tags that are referenced if you have - // the moodle/blog:manageofficialtags capability. - if (!has_capability('moodle/blog:manageofficialtags', $context) - && get_records('blog_tag_instance','tagid', $tag)) { - notify('tag is used by other users, can not delete!'); + if ($tag->type == 'official' and !has_capability('moodle/blog:manageofficialtags', $sitecontext)) { + //can not delete continue; } - delete_records('tags','id',$tag); - delete_records('blog_tag_instance', 'tagid', $tag); + if ($tag->type == 'personal') { + if (has_capability('moodle/blog:managepersonaltags', $sitecontext)) { + //ok - can delete any personal tag + } else if (!has_capability('moodle/blog:create', $sitecontext) or $USER->id != $tag->userid) { + // no delete - you must own the tag and be able to create blog entries + continue; + } + } + + + if (!delete_records('tags', 'id', $tagid)) { + error('Can not delete tag'); + } + if (!delete_records('blog_tag_instance', 'tagid', $tagid)) { + error('Can not delete blog tag instances'); + } /// Remove parent window option via javascript. echo ''; } + } break; - + default: /// Just display the tags form. break; diff --git a/lang/en_utf8/blog.php b/lang/en_utf8/blog.php index 8317edc59b..0d4202cf45 100755 --- a/lang/en_utf8/blog.php +++ b/lang/en_utf8/blog.php @@ -24,6 +24,8 @@ $string['noentriesyet'] = 'No visible entries here'; $string['noguestpost'] = 'Guest can not post blogs!'; $string['norighttodeletetag'] = 'You have no rights to delete this tag - $a'; $string['notallowedtoedit'] = 'You are not allowed to edit this entry'; +$string['emptybody'] = 'Blog entry body can not be empty'; +$string['emptytitle'] = 'Blog entry title can not be empty'; $string['numberofentries'] = 'Entries: $a'; $string['numberoftags'] = 'Number of tags to display'; $string['otags'] = 'Official tags'; diff --git a/user/tabs.php b/user/tabs.php index df2908c6ee..ca57b309d2 100644 --- a/user/tabs.php +++ b/user/tabs.php @@ -87,6 +87,8 @@ $toprow[] = new tabobject('profile', $CFG->wwwroot.'/user/view.php?id='.$user->id.'&course='.$course->id, get_string('profile')); + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); $personalcontext = get_context_instance(CONTEXT_USER, $user->id); /// Can only edit profile if it belongs to user or current user is admin and not editing primary admin @@ -95,7 +97,7 @@ $mainadmin->id = 0; /// Weird - no primary admin! } if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or - (has_capability('moodle/user:editprofile', get_context_instance(CONTEXT_USER, $user->id)) and ($user->id != $mainadmin->id)) ) { + (has_capability('moodle/user:editprofile', $personalcontext) and ($user->id != $mainadmin->id)) ) { if(empty($CFG->loginhttps)) { $wwwroot = $CFG->wwwroot; @@ -125,11 +127,17 @@ } } - /// Blog entry, everyone can view - if ($CFG->bloglevel > 0 && has_capability('moodle/user:readuserblogs')) { // only if blog is enabled. Permission check kicks in when display list - $toprow[] = new tabobject('blogs', $CFG->wwwroot.'/blog/index.php?userid='.$user->id.'&courseid='.$course->id, get_string('blogs', 'blog')); + + /// Personal blog entries tab + if ($CFG->bloglevel > 0 + and (has_capability('moodle/user:readuserblogs', $personalcontext) // can review students posts + or has_capability('moodle/blog:manageentries', $sitecontext) // entry manager can see all posts + or ($user->id == $USER->id and has_capability('moodle/blog:create', $sitecontext)) // viewing self + or ($CFG->bloglevel > 1 and has_capability('moodle/blog:create', $sitecontext, $user->id) and (has_capability('moodle/blog:view', $sitecontext) or has_capability('moodle/blog:view', $coursecontext))) + )) { + + $toprow[] = new tabobject('blogs', $CFG->wwwroot.'/blog/index.php?userid='.$user->id.'&courseid='.$course->id, get_string('blog', 'blog')); } - /// Current user must be teacher of the course or the course allows user to view their reports