$PAGE->set_title(format_string($data->name));
$PAGE->set_heading(format_string($course->fullname));
echo $OUTPUT->header();
notice(get_string("activityiscurrentlyhidden"));
}
/// Can't use this if there are no fields
if (has_capability('mod/data:managetemplates', $context)) {
if (!$DB->record_exists('data_fields', array('dataid' => $data->id))) {
// Brand new database!
redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id);
// Redirect to field entry
}
}
if ($rid) {
// So do you have access?
if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey()) {
print_error('noaccess', 'data');
}
}
if ($cancel) {
redirect('view.php?d=' . $data->id);
}
/// RSS and CSS and JS meta
if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
$rsspath = rss_get_url($context->id, $USER->id, 'mod_data', $data->id);
$courseshortname = format_string($course->shortname, true, array('context' => get_context_instance(CONTEXT_COURSE, $course->id)));
$PAGE->add_alternate_version($courseshortname . ': %fullname%', $rsspath, 'application/rss+xml');
}
if ($data->csstemplate) {
$PAGE->requires->css('/mod/data/css.php?d=' . $data->id);
}
/**
* Validate comment parameter before perform other comments actions
*
* @param stdClass $comment_param {
* context => context the context object
* courseid => int course id
* cm => stdClass course module object
* commentarea => string comment area
* itemid => int itemid
* }
* @return boolean
*/
function data_comment_validate($comment_param) {
global $DB;
// validate comment area
if ($comment_param->commentarea != 'database_entry') {
throw new comment_exception('invalidcommentarea');
}
// validate itemid
if (!$record = $DB->get_record('data_records', array('id'=>$comment_param->itemid))) {
throw new comment_exception('invalidcommentitemid');
}
if (!$data = $DB->get_record('data', array('id'=>$record->dataid))) {
throw new comment_exception('invalidid', 'data');
}
if (!$course = $DB->get_record('course', array('id'=>$data->course))) {
throw new comment_exception('coursemisconf');
}
if (!$cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
throw new comment_exception('invalidcoursemodule');
}
if (!$data->comments) {
throw new comment_exception('commentsoff', 'data');
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
//check if approved
if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
throw new comment_exception('notapproved', 'data');
}
// group access
if ($record->groupid) {
$groupmode = groups_get_activity_groupmode($cm, $course);
if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
if (!groups_is_member($record->groupid)) {
throw new comment_exception('notmemberofgroup');
}
}
}
// validate context id
if ($context->id != $comment_param->context->id) {
throw new comment_exception('invalidcontext');
}
// validation for comment deletion
if (!empty($comment_param->commentid)) {
if ($comment = $DB->get_record('comments', array('id'=>$comment_param->commentid))) {
if ($comment->commentarea != 'database_entry') {
throw new comment_exception('invalidcommentarea');
}
if ($comment->contextid != $comment_param->context->id) {
throw new comment_exception('invalidcontext');
}
if ($comment->itemid != $comment_param->itemid) {
throw new comment_exception('invalidcommentitemid');
}
} else {
throw new comment_exception('invalidcommentid');
}
}
return true;
}
echo $OUTPUT->heading(format_string($data->name));
// Do we need to show a link to the RSS feed for the records?
//this links has been Settings (database activity administration) block
/*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
echo '<div style="float:right;">';
rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype'));
echo '</div>';
echo '<div style="clear:both;"></div>';
}*/
if ($data->intro and empty($page) and empty($record) and $mode != 'single') {
$options = new stdClass();
$options->noclean = true;
echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro');
}
/// Delete any requested records
if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context) or data_isowner($delete))) {
if ($confirm = optional_param('confirm', 0, PARAM_INT)) {
if ($deleterecord = $DB->get_record('data_records', array('id' => $delete))) {
// Need to check this is valid
if ($deleterecord->dataid == $data->id) {
// Must be from this database
if ($contents = $DB->get_records('data_content', array('recordid' => $deleterecord->id))) {
foreach ($contents as $content) {
// Delete files or whatever else this field allows
if ($field = data_get_field_from_id($content->fieldid, $data)) {
// Might not be there
$field->delete_content($content->recordid);
}
}
}
$DB->delete_records('data_content', array('recordid' => $deleterecord->id));
// Brand new database!
redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id);
// Redirect to field entry
}
}
if ($rid) {
// When editing an existing record, we require the session key
require_sesskey();
}
// Get Group information for permission testing and record creation
$currentgroup = groups_get_activity_group($cm);
$groupmode = groups_get_activity_groupmode($cm);
if (!has_capability('mod/data:manageentries', $context)) {
if ($rid) {
// User is editing an existing record
if (!data_isowner($rid) || data_in_readonly_period($data)) {
print_error('noaccess', 'data');
}
} else {
if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) {
// User is trying to create a new record
print_error('noaccess', 'data');
}
}
}
if ($cancel) {
redirect('view.php?d=' . $data->id);
}
/// RSS and CSS and JS meta
if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
$courseshortname = format_string($course->shortname, true, array('context' => context_course::instance($course->id)));
/**
* Verify the user can still export this entry
*
* @return bool
*/
public function check_permissions()
{
if ($this->recordid) {
if (data_isowner($this->recordid)) {
return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id));
}
return has_capability('mod/data:exportentry', context_module::instance($this->cm->id));
}
if ($this->has_export_config() && !$this->get_export_config('mineonly')) {
return has_capability('mod/data:exportallentries', context_module::instance($this->cm->id));
}
return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id));
}
function data_print_comment($data, $comment, $page = 0)
{
global $USER, $CFG;
$cm = get_coursemodule_from_instance('data', $data->id);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$stredit = get_string('edit');
$strdelete = get_string('delete');
$user = get_record('user', 'id', $comment->userid);
echo '<table cellspacing="0" align="center" width="50%" class="datacomment forumpost">';
echo '<tr class="header"><td class="picture left">';
print_user_picture($user, $data->course, $user->picture);
echo '</td>';
echo '<td class="topic starter" align="left"><div class="author">';
$fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
$by = new object();
$by->name = '<a href="' . $CFG->wwwroot . '/user/view.php?id=' . $user->id . '&course=' . $data->course . '">' . $fullname . '</a>';
$by->date = userdate($comment->modified);
print_string('bynameondate', 'data', $by);
echo '</div></td></tr>';
echo '<tr><td class="left side">';
if ($groups = groups_get_all_groups($data->course, $comment->userid, $cm->groupingid)) {
print_group_picture($groups, $data->course, false, false, true);
} else {
echo ' ';
}
// Actual content
echo '</td><td class="content" align="left">' . "\n";
// Print whole message
echo format_text($comment->content, $comment->format);
// Commands
echo '<div class="commands">';
if (data_isowner($comment->recordid) or has_capability('mod/data:managecomments', $context)) {
echo '<a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&mode=edit&commentid=' . $comment->id . '&page=' . $page . '">' . $stredit . '</a>';
echo '| <a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&mode=delete&commentid=' . $comment->id . '&page=' . $page . '">' . $strdelete . '</a>';
}
echo '</div>';
echo '</td></tr></table>' . "\n\n";
}
//this links has been Settings (database activity administration) block
/*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
echo '<div style="float:right;">';
rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype'));
echo '</div>';
echo '<div style="clear:both;"></div>';
}*/
if ($data->intro and empty($page) and empty($record) and $mode != 'single') {
$options = new stdClass();
$options->noclean = true;
}
echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro');
$returnurl = $CFG->wwwroot . '/mod/data/view.php?d=' . $data->id . '&search=' . s($search) . '&sort=' . s($sort) . '&order=' . s($order) . '&';
groups_print_activity_menu($cm, $returnurl);
/// Delete any requested records
if ($delete && confirm_sesskey() && ($canmanageentries or data_isowner($delete))) {
if ($confirm = optional_param('confirm', 0, PARAM_INT)) {
if (data_delete_record($delete, $data, $course->id, $cm->id)) {
echo $OUTPUT->notification(get_string('recorddeleted', 'data'), 'notifysuccess');
}
} else {
// Print a confirmation page
$allnamefields = get_all_user_name_fields(true, 'u');
$dbparams = array($delete);
if ($deleterecord = $DB->get_record_sql("SELECT dr.*, {$allnamefields}\n FROM {data_records} dr\n JOIN {user} u ON dr.userid = u.id\n WHERE dr.id = ?", $dbparams, MUST_EXIST)) {
// Need to check this is valid.
if ($deleterecord->dataid == $data->id) {
// Must be from this database
$deletebutton = new single_button(new moodle_url('/mod/data/view.php?d=' . $data->id . '&delete=' . $delete . '&confirm=1'), get_string('delete'), 'post');
echo $OUTPUT->confirm(get_string('confirmdeleterecord', 'data'), $deletebutton, 'view.php?d=' . $data->id);
$records[] = $deleterecord;
/**
* Serves the data attachments. Implements needed access control ;-)
*/
function data_pluginfile($course, $cminfo, $context, $filearea, $args)
{
global $CFG, $DB;
if (!$cminfo->uservisible) {
return false;
}
if ($filearea === 'data_content') {
$contentid = (int) array_shift($args);
if (!($content = $DB->get_record('data_content', array('id' => $contentid)))) {
return false;
}
if (!($field = $DB->get_record('data_fields', array('id' => $content->fieldid)))) {
return false;
}
if (!($record = $DB->get_record('data_records', array('id' => $content->recordid)))) {
return false;
}
if (!($data = $DB->get_record('data', array('id' => $field->dataid)))) {
return false;
}
//check if approved
if (!$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
return false;
}
// group access
if ($record->groupid) {
$groupmode = groups_get_activity_groupmode($cminfo, $course);
if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
if (!groups_is_member($record->groupid)) {
return false;
}
}
}
$fieldobj = data_get_field($field, $data, $cminfo);
$relativepath = '/' . implode('/', $args);
$fullpath = $context->id . 'data_content' . $content->id . $relativepath;
if (!$fieldobj->file_ok($relativepath)) {
return false;
}
$fs = get_file_storage();
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true);
// download MUST be forced - security!
}
return false;
}
}
if (!($data = $DB->get_record('data', array('id' => $record->dataid)))) {
print_error('invalidid', 'data');
}
if (!($course = $DB->get_record('course', array('id' => $data->course)))) {
print_error('coursemisconf');
}
if (!($cm = get_coursemodule_from_instance('data', $data->id, $course->id))) {
print_error('invalidcoursemodule');
}
require_login($course->id, false, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if (!$data->assessed) {
print_error('norating', 'data');
}
if (!data_isowner($record->id) and !has_capability('mod/data:viewrating', $context) and !has_capability('mod/data:rate', $context)) {
print_error('cannotviewrate', 'data');
}
switch ($sort) {
case 'firstname':
$sqlsort = "u.firstname ASC";
break;
case 'rating':
$sqlsort = "r.rating ASC";
break;
default:
$sqlsort = "r.id ASC";
}
$scalemenu = make_grades_menu($data->scale);
$strratings = get_string('ratings', 'data');
$strrating = get_string('rating', 'data');
/**
* Serves the data attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function data_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea === 'content') {
$contentid = (int)array_shift($args);
if (!$content = $DB->get_record('data_content', array('id'=>$contentid))) {
return false;
}
if (!$field = $DB->get_record('data_fields', array('id'=>$content->fieldid))) {
return false;
}
if (!$record = $DB->get_record('data_records', array('id'=>$content->recordid))) {
return false;
}
if (!$data = $DB->get_record('data', array('id'=>$field->dataid))) {
return false;
}
if ($data->id != $cm->instance) {
// hacker attempt - context does not match the contentid
return false;
}
//check if approved
if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
return false;
}
// group access
if ($record->groupid) {
$groupmode = groups_get_activity_groupmode($cm, $course);
if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
if (!groups_is_member($record->groupid)) {
return false;
}
}
}
$fieldobj = data_get_field($field, $data, $cm);
$relativepath = implode('/', $args);
$fullpath = "/$context->id/mod_data/content/$content->id/$relativepath";
if (!$fieldobj->file_ok($relativepath)) {
return false;
}
$fs = get_file_storage();
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true); // download MUST be forced - security!
}
return false;
}
