Beispiel #1
0
    $PAGE->set_title(format_string($data->name));
    $PAGE->set_heading(format_string($course->fullname));
    echo $OUTPUT->header();
    notice(get_string("activityiscurrentlyhidden"));
}
/// Can't use this if there are no fields
if (has_capability('mod/data:managetemplates', $context)) {
    if (!$DB->record_exists('data_fields', array('dataid' => $data->id))) {
        // Brand new database!
        redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id);
        // Redirect to field entry
    }
}
if ($rid) {
    // So do you have access?
    if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey()) {
        print_error('noaccess', 'data');
    }
}
if ($cancel) {
    redirect('view.php?d=' . $data->id);
}
/// RSS and CSS and JS meta
if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
    $rsspath = rss_get_url($context->id, $USER->id, 'mod_data', $data->id);
    $courseshortname = format_string($course->shortname, true, array('context' => get_context_instance(CONTEXT_COURSE, $course->id)));
    $PAGE->add_alternate_version($courseshortname . ': %fullname%', $rsspath, 'application/rss+xml');
}
if ($data->csstemplate) {
    $PAGE->requires->css('/mod/data/css.php?d=' . $data->id);
}
Beispiel #2
0
/**
 * Validate comment parameter before perform other comments actions
 *
 * @param stdClass $comment_param {
 *              context  => context the context object
 *              courseid => int course id
 *              cm       => stdClass course module object
 *              commentarea => string comment area
 *              itemid      => int itemid
 * }
 * @return boolean
 */
function data_comment_validate($comment_param) {
    global $DB;
    // validate comment area
    if ($comment_param->commentarea != 'database_entry') {
        throw new comment_exception('invalidcommentarea');
    }
    // validate itemid
    if (!$record = $DB->get_record('data_records', array('id'=>$comment_param->itemid))) {
        throw new comment_exception('invalidcommentitemid');
    }
    if (!$data = $DB->get_record('data', array('id'=>$record->dataid))) {
        throw new comment_exception('invalidid', 'data');
    }
    if (!$course = $DB->get_record('course', array('id'=>$data->course))) {
        throw new comment_exception('coursemisconf');
    }
    if (!$cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
        throw new comment_exception('invalidcoursemodule');
    }
    if (!$data->comments) {
        throw new comment_exception('commentsoff', 'data');
    }
    $context = get_context_instance(CONTEXT_MODULE, $cm->id);

    //check if approved
    if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
        throw new comment_exception('notapproved', 'data');
    }

    // group access
    if ($record->groupid) {
        $groupmode = groups_get_activity_groupmode($cm, $course);
        if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
            if (!groups_is_member($record->groupid)) {
                throw new comment_exception('notmemberofgroup');
            }
        }
    }
    // validate context id
    if ($context->id != $comment_param->context->id) {
        throw new comment_exception('invalidcontext');
    }
    // validation for comment deletion
    if (!empty($comment_param->commentid)) {
        if ($comment = $DB->get_record('comments', array('id'=>$comment_param->commentid))) {
            if ($comment->commentarea != 'database_entry') {
                throw new comment_exception('invalidcommentarea');
            }
            if ($comment->contextid != $comment_param->context->id) {
                throw new comment_exception('invalidcontext');
            }
            if ($comment->itemid != $comment_param->itemid) {
                throw new comment_exception('invalidcommentitemid');
            }
        } else {
            throw new comment_exception('invalidcommentid');
        }
    }
    return true;
}
Beispiel #3
0
echo $OUTPUT->heading(format_string($data->name));
// Do we need to show a link to the RSS feed for the records?
//this links has been Settings (database activity administration) block
/*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
      echo '<div style="float:right;">';
      rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype'));
      echo '</div>';
      echo '<div style="clear:both;"></div>';
  }*/
if ($data->intro and empty($page) and empty($record) and $mode != 'single') {
    $options = new stdClass();
    $options->noclean = true;
    echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro');
}
/// Delete any requested records
if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context) or data_isowner($delete))) {
    if ($confirm = optional_param('confirm', 0, PARAM_INT)) {
        if ($deleterecord = $DB->get_record('data_records', array('id' => $delete))) {
            // Need to check this is valid
            if ($deleterecord->dataid == $data->id) {
                // Must be from this database
                if ($contents = $DB->get_records('data_content', array('recordid' => $deleterecord->id))) {
                    foreach ($contents as $content) {
                        // Delete files or whatever else this field allows
                        if ($field = data_get_field_from_id($content->fieldid, $data)) {
                            // Might not be there
                            $field->delete_content($content->recordid);
                        }
                    }
                }
                $DB->delete_records('data_content', array('recordid' => $deleterecord->id));
        // Brand new database!
        redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id);
        // Redirect to field entry
    }
}
if ($rid) {
    // When editing an existing record, we require the session key
    require_sesskey();
}
// Get Group information for permission testing and record creation
$currentgroup = groups_get_activity_group($cm);
$groupmode = groups_get_activity_groupmode($cm);
if (!has_capability('mod/data:manageentries', $context)) {
    if ($rid) {
        // User is editing an existing record
        if (!data_isowner($rid) || data_in_readonly_period($data)) {
            print_error('noaccess', 'data');
        }
    } else {
        if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
            // User is trying to create a new record
            print_error('noaccess', 'data');
        }
    }
}
if ($cancel) {
    redirect('view.php?d=' . $data->id);
}
/// RSS and CSS and JS meta
if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
    $courseshortname = format_string($course->shortname, true, array('context' => context_course::instance($course->id)));
 /**
  * Verify the user can still export this entry
  *
  * @return bool
  */
 public function check_permissions()
 {
     if ($this->recordid) {
         if (data_isowner($this->recordid)) {
             return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id));
         }
         return has_capability('mod/data:exportentry', context_module::instance($this->cm->id));
     }
     if ($this->has_export_config() && !$this->get_export_config('mineonly')) {
         return has_capability('mod/data:exportallentries', context_module::instance($this->cm->id));
     }
     return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id));
 }
Beispiel #6
0
function data_print_comment($data, $comment, $page = 0)
{
    global $USER, $CFG;
    $cm = get_coursemodule_from_instance('data', $data->id);
    $context = get_context_instance(CONTEXT_MODULE, $cm->id);
    $stredit = get_string('edit');
    $strdelete = get_string('delete');
    $user = get_record('user', 'id', $comment->userid);
    echo '<table cellspacing="0" align="center" width="50%" class="datacomment forumpost">';
    echo '<tr class="header"><td class="picture left">';
    print_user_picture($user, $data->course, $user->picture);
    echo '</td>';
    echo '<td class="topic starter" align="left"><div class="author">';
    $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
    $by = new object();
    $by->name = '<a href="' . $CFG->wwwroot . '/user/view.php?id=' . $user->id . '&amp;course=' . $data->course . '">' . $fullname . '</a>';
    $by->date = userdate($comment->modified);
    print_string('bynameondate', 'data', $by);
    echo '</div></td></tr>';
    echo '<tr><td class="left side">';
    if ($groups = groups_get_all_groups($data->course, $comment->userid, $cm->groupingid)) {
        print_group_picture($groups, $data->course, false, false, true);
    } else {
        echo '&nbsp;';
    }
    // Actual content
    echo '</td><td class="content" align="left">' . "\n";
    // Print whole message
    echo format_text($comment->content, $comment->format);
    // Commands
    echo '<div class="commands">';
    if (data_isowner($comment->recordid) or has_capability('mod/data:managecomments', $context)) {
        echo '<a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&amp;mode=edit&amp;commentid=' . $comment->id . '&amp;page=' . $page . '">' . $stredit . '</a>';
        echo '| <a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&amp;mode=delete&amp;commentid=' . $comment->id . '&amp;page=' . $page . '">' . $strdelete . '</a>';
    }
    echo '</div>';
    echo '</td></tr></table>' . "\n\n";
}
Beispiel #7
0
//this links has been Settings (database activity administration) block
/*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
      echo '<div style="float:right;">';
      rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype'));
      echo '</div>';
      echo '<div style="clear:both;"></div>';
  }*/
if ($data->intro and empty($page) and empty($record) and $mode != 'single') {
    $options = new stdClass();
    $options->noclean = true;
}
echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro');
$returnurl = $CFG->wwwroot . '/mod/data/view.php?d=' . $data->id . '&amp;search=' . s($search) . '&amp;sort=' . s($sort) . '&amp;order=' . s($order) . '&amp;';
groups_print_activity_menu($cm, $returnurl);
/// Delete any requested records
if ($delete && confirm_sesskey() && ($canmanageentries or data_isowner($delete))) {
    if ($confirm = optional_param('confirm', 0, PARAM_INT)) {
        if (data_delete_record($delete, $data, $course->id, $cm->id)) {
            echo $OUTPUT->notification(get_string('recorddeleted', 'data'), 'notifysuccess');
        }
    } else {
        // Print a confirmation page
        $allnamefields = get_all_user_name_fields(true, 'u');
        $dbparams = array($delete);
        if ($deleterecord = $DB->get_record_sql("SELECT dr.*, {$allnamefields}\n                                                       FROM {data_records} dr\n                                                            JOIN {user} u ON dr.userid = u.id\n                                                      WHERE dr.id = ?", $dbparams, MUST_EXIST)) {
            // Need to check this is valid.
            if ($deleterecord->dataid == $data->id) {
                // Must be from this database
                $deletebutton = new single_button(new moodle_url('/mod/data/view.php?d=' . $data->id . '&delete=' . $delete . '&confirm=1'), get_string('delete'), 'post');
                echo $OUTPUT->confirm(get_string('confirmdeleterecord', 'data'), $deletebutton, 'view.php?d=' . $data->id);
                $records[] = $deleterecord;
Beispiel #8
0
/**
 * Serves the data attachments. Implements needed access control ;-)
 */
function data_pluginfile($course, $cminfo, $context, $filearea, $args)
{
    global $CFG, $DB;
    if (!$cminfo->uservisible) {
        return false;
    }
    if ($filearea === 'data_content') {
        $contentid = (int) array_shift($args);
        if (!($content = $DB->get_record('data_content', array('id' => $contentid)))) {
            return false;
        }
        if (!($field = $DB->get_record('data_fields', array('id' => $content->fieldid)))) {
            return false;
        }
        if (!($record = $DB->get_record('data_records', array('id' => $content->recordid)))) {
            return false;
        }
        if (!($data = $DB->get_record('data', array('id' => $field->dataid)))) {
            return false;
        }
        //check if approved
        if (!$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
            return false;
        }
        // group access
        if ($record->groupid) {
            $groupmode = groups_get_activity_groupmode($cminfo, $course);
            if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
                if (!groups_is_member($record->groupid)) {
                    return false;
                }
            }
        }
        $fieldobj = data_get_field($field, $data, $cminfo);
        $relativepath = '/' . implode('/', $args);
        $fullpath = $context->id . 'data_content' . $content->id . $relativepath;
        if (!$fieldobj->file_ok($relativepath)) {
            return false;
        }
        $fs = get_file_storage();
        if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
            return false;
        }
        // finally send the file
        send_stored_file($file, 0, 0, true);
        // download MUST be forced - security!
    }
    return false;
}
Beispiel #9
0
}
if (!($data = $DB->get_record('data', array('id' => $record->dataid)))) {
    print_error('invalidid', 'data');
}
if (!($course = $DB->get_record('course', array('id' => $data->course)))) {
    print_error('coursemisconf');
}
if (!($cm = get_coursemodule_from_instance('data', $data->id, $course->id))) {
    print_error('invalidcoursemodule');
}
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!$data->assessed) {
    print_error('norating', 'data');
}
if (!data_isowner($record->id) and !has_capability('mod/data:viewrating', $context) and !has_capability('mod/data:rate', $context)) {
    print_error('cannotviewrate', 'data');
}
switch ($sort) {
    case 'firstname':
        $sqlsort = "u.firstname ASC";
        break;
    case 'rating':
        $sqlsort = "r.rating ASC";
        break;
    default:
        $sqlsort = "r.id ASC";
}
$scalemenu = make_grades_menu($data->scale);
$strratings = get_string('ratings', 'data');
$strrating = get_string('rating', 'data');
Beispiel #10
0
/**
 * Serves the data attachments. Implements needed access control ;-)
 *
 * @param object $course
 * @param object $cm
 * @param object $context
 * @param string $filearea
 * @param array $args
 * @param bool $forcedownload
 * @return bool false if file not found, does not return if found - justsend the file
 */
function data_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
    global $CFG, $DB;

    if ($context->contextlevel != CONTEXT_MODULE) {
        return false;
    }

    require_course_login($course, true, $cm);

    if ($filearea === 'content') {
        $contentid = (int)array_shift($args);

        if (!$content = $DB->get_record('data_content', array('id'=>$contentid))) {
            return false;
        }

        if (!$field = $DB->get_record('data_fields', array('id'=>$content->fieldid))) {
            return false;
        }

        if (!$record = $DB->get_record('data_records', array('id'=>$content->recordid))) {
            return false;
        }

        if (!$data = $DB->get_record('data', array('id'=>$field->dataid))) {
            return false;
        }

        if ($data->id != $cm->instance) {
            // hacker attempt - context does not match the contentid
            return false;
        }

        //check if approved
        if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
            return false;
        }

        // group access
        if ($record->groupid) {
            $groupmode = groups_get_activity_groupmode($cm, $course);
            if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
                if (!groups_is_member($record->groupid)) {
                    return false;
                }
            }
        }

        $fieldobj = data_get_field($field, $data, $cm);

        $relativepath = implode('/', $args);
        $fullpath = "/$context->id/mod_data/content/$content->id/$relativepath";

        if (!$fieldobj->file_ok($relativepath)) {
            return false;
        }

        $fs = get_file_storage();
        if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
            return false;
        }

        // finally send the file
        send_stored_file($file, 0, 0, true); // download MUST be forced - security!
    }

    return false;
}