From 52373fe74dfbb4ea81434caec2a77cfe62155ccb Mon Sep 17 00:00:00 2001 From: moodler Date: Wed, 29 Mar 2006 17:36:20 +0000 Subject: [PATCH] Fixes for comments --- mod/data/comment.php | 104 +++++++++++++++++++------------------------ mod/data/lib.php | 23 +++++----- mod/data/view.php | 4 +- 3 files changed, 60 insertions(+), 71 deletions(-) diff --git a/mod/data/comment.php b/mod/data/comment.php index 9aa019ca1d..a04d97720f 100755 --- a/mod/data/comment.php +++ b/mod/data/comment.php @@ -4,61 +4,60 @@ require_once('lib.php'); //param needed to go back to view.php - $d = optional_param('d', 0, PARAM_INT); // database id - $search = optional_param('search','',PARAM_NOTAGS); //search string - $page = optional_param('page', 0, PARAM_INT); //offset of the current record - $rid = optional_param('rid', 0, PARAM_INT); //record id - $sort = optional_param('sort',0,PARAM_INT); //sort by field - $order = optional_param('order','ASC',PARAM_ALPHA); //sort order - $group = optional_param('group','0',PARAM_INT); //groupid + $rid = required_param('rid', PARAM_INT); // Record ID + $page = optional_param('page', 0, PARAM_INT); // Page ID //param needed for comment operations $mode = optional_param('mode','',PARAM_ALPHA); - $rid = optional_param('rid','',PARAM_INT); $commentid = optional_param('commentid','',PARAM_INT); $confirm = optional_param('confirm','',PARAM_INT); $commentcontent = optional_param('commentcontent','',PARAM_NOTAGS); $template = optional_param('template','',PARAM_ALPHA); - if ((!$record = get_record('data_records','id',$rid))) { - if (!$comment = get_record('data_comments','id',$commentid)) { - error ('this record does not exist'); - } else { - $record = get_record('data_records','id',$comment->recordid); - } + if (! $record = get_record('data_records', 'id', $rid)) { + error('Record ID is incorrect'); + } + if (! $data = get_record('data', 'id', $record->dataid)) { + error('Data ID is incorrect'); } - - if (!$data = get_record('data','id',$record->dataid)) { - error ('this database does not exist'); + if (! $course = get_record('course', 'id', $data->course)) { + error('Course is misconfigured'); + } + + require_login($course->id); + + if ($commentid) { + if (! $comment = get_record('data_comments', 'id', $commentid)) { + error('Comment ID is misconfigured'); + } + if ($comment->recordid != $record->id) { + error('Comment ID is misconfigured'); + } + if (!isteacher($course->id) && $comment->userid != $USER->id) { + error('Comment is not yours to edit!'); + } } - + switch ($mode) { case 'add': $newcomment = new object; $newcomment->userid = $USER->id; $newcomment->created = time(); $newcomment->modified = time(); - if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $rid)) { + if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $record->id)) { insert_record('data_comments',$newcomment); } - redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data")); + redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data')); break; case 'edit': //print edit form print_header(); - $comment = get_record('data_comments','id',$commentid); - print_heading('Edit'); + print_heading(get_string('edit')); echo '
'; echo '
'; - echo ''; - - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + echo ''; echo ''; echo ''; @@ -71,38 +70,29 @@ break; case 'editcommit': //update db - $newcomment = new object; - $newcomment->id = $commentid; - $newcomment->content = $commentcontent; - $newcomment->modified = time(); - update_record('data_comments',$newcomment); - redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data")); + if ($comment) { + $newcomment = new object; + $newcomment->id = $comment->id; + $newcomment->content = $commentcontent; + $newcomment->modified = time(); + update_record('data_comments',$newcomment); + } + redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data')); break; case 'delete': //deletes single comment from db - if ($confirm and confirm_sesskey()) { - delete_records('data_comments','id',$commentid); - redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data")); + if ($confirm and confirm_sesskey() and $comment) { + delete_records('data_comments','id',$comment->id); + redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentdeleted', 'data')); + } else { //print confirm delete form print_header(); - print_heading('Delete Confirm'); - data_print_comment($d, $commentid); - echo '
'; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo '
'; - echo ''; - echo '
'; + data_print_comment($data, $comment, $page); + + notice_yesno(get_string('deletecomment','data'), + 'comment.php?rid='.$record->id.'&commentid='.$comment->id.'&page='.$page. + '&sesskey='.sesskey().'&mode=delete&confirm=1', + 'view.php?rid='.$record->id.'&page='.$page); print_footer(); } diff --git a/mod/data/lib.php b/mod/data/lib.php index 57b8acdbb8..62f5462578 100755 --- a/mod/data/lib.php +++ b/mod/data/lib.php @@ -810,7 +810,7 @@ function data_get_coursemodule_info($coursemodule) { * @param string $template * * output null * ************************************************************************/ -function data_print_template($template, $records, $data, $search='', $return=false){ +function data_print_template($template, $records, $data, $search='',$page=0, $return=false){ global $CFG; static $fields = NULL; @@ -865,7 +865,7 @@ function data_print_template($template, $records, $data, $search='', $return=fal $patterns[]='/\#\#Comment\#\#/i'; if (($template == 'listtemplate') && ($data->comments)) { $comments = count_records('data_comments','recordid',$record->id); - $replacement[] = ''.$comments.' '.get_string('comment','data').''; + $replacement[] = ''.$comments.' '.get_string('comment','data').''; } else { $replacement[] = ''; } @@ -889,7 +889,7 @@ function data_print_template($template, $records, $data, $search='', $return=fal * Printing Ratings Form * *********************************/ if (($template == 'singletemplate') && ($data->comments)) { //prints ratings options - data_print_comments($data, $record); + data_print_comments($data, $record, $page); } } @@ -1087,17 +1087,17 @@ function data_get_ratings($recordid, $sort="u.firstname ASC") { //prints all comments + a text box for adding additional comment -function data_print_comments($data, $record) { - //foreach comment, print it! - //(with links to edit, remove etc, but no reply!!!!!) +function data_print_comments($data, $record, $page=0) { + if ($comments = get_records('data_comments','recordid',$record->id)) { foreach ($comments as $comment) { - data_print_comment($data, $comment->id); + data_print_comment($data, $comment, $page); } } - echo '

'; + echo '
'; echo ''; + echo ''; echo ''; echo ''; @@ -1107,14 +1107,13 @@ function data_print_comments($data, $record) { } //prints a single comment entry -function data_print_comment($data, $commentid) { +function data_print_comment($data, $comment, $page=0) { global $USER, $CFG; $stredit = get_string('edit'); $strdelete = get_string('delete'); - $comment = get_record('data_comments','id',$commentid); $user = get_record('user','id',$comment->userid); echo '
'; @@ -1150,8 +1149,8 @@ function data_print_comment($data, $commentid) { echo '
'; if (data_isowner($comment->recordid) or isteacher($data->course)) { - echo ''.$stredit.''; - echo '| '.$strdelete.''; + echo ''.$stredit.''; + echo '| '.$strdelete.''; } echo '
'; diff --git a/mod/data/view.php b/mod/data/view.php index 6f7e4492b7..d5405f6c98 100755 --- a/mod/data/view.php +++ b/mod/data/view.php @@ -369,7 +369,7 @@ notify(get_string('nosingletemplate','data')); } - data_print_template('singletemplate', $records, $data, $search); + data_print_template('singletemplate', $records, $data, $search, $page); print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page'); @@ -382,7 +382,7 @@ notify(get_string('nolisttemplate','data')); } echo $data->listtemplateheader; - data_print_template('listtemplate', $records, $data, $search); + data_print_template('listtemplate', $records, $data, $search, $page); echo $data->listtemplatefooter; print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page'); -- 2.39.5