$PAGE->set_title(format_string($data->name)); $PAGE->set_heading(format_string($course->fullname)); echo $OUTPUT->header(); notice(get_string("activityiscurrentlyhidden")); } /// Can't use this if there are no fields if (has_capability('mod/data:managetemplates', $context)) { if (!$DB->record_exists('data_fields', array('dataid' => $data->id))) { // Brand new database! redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id); // Redirect to field entry } } if ($rid) { // So do you have access? if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey()) { print_error('noaccess', 'data'); } } if ($cancel) { redirect('view.php?d=' . $data->id); } /// RSS and CSS and JS meta if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) { $rsspath = rss_get_url($context->id, $USER->id, 'mod_data', $data->id); $courseshortname = format_string($course->shortname, true, array('context' => get_context_instance(CONTEXT_COURSE, $course->id))); $PAGE->add_alternate_version($courseshortname . ': %fullname%', $rsspath, 'application/rss+xml'); } if ($data->csstemplate) { $PAGE->requires->css('/mod/data/css.php?d=' . $data->id); }
/** * Validate comment parameter before perform other comments actions * * @param stdClass $comment_param { * context => context the context object * courseid => int course id * cm => stdClass course module object * commentarea => string comment area * itemid => int itemid * } * @return boolean */ function data_comment_validate($comment_param) { global $DB; // validate comment area if ($comment_param->commentarea != 'database_entry') { throw new comment_exception('invalidcommentarea'); } // validate itemid if (!$record = $DB->get_record('data_records', array('id'=>$comment_param->itemid))) { throw new comment_exception('invalidcommentitemid'); } if (!$data = $DB->get_record('data', array('id'=>$record->dataid))) { throw new comment_exception('invalidid', 'data'); } if (!$course = $DB->get_record('course', array('id'=>$data->course))) { throw new comment_exception('coursemisconf'); } if (!$cm = get_coursemodule_from_instance('data', $data->id, $course->id)) { throw new comment_exception('invalidcoursemodule'); } if (!$data->comments) { throw new comment_exception('commentsoff', 'data'); } $context = get_context_instance(CONTEXT_MODULE, $cm->id); //check if approved if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) { throw new comment_exception('notapproved', 'data'); } // group access if ($record->groupid) { $groupmode = groups_get_activity_groupmode($cm, $course); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { if (!groups_is_member($record->groupid)) { throw new comment_exception('notmemberofgroup'); } } } // validate context id if ($context->id != $comment_param->context->id) { throw new comment_exception('invalidcontext'); } // validation for comment deletion if (!empty($comment_param->commentid)) { if ($comment = $DB->get_record('comments', array('id'=>$comment_param->commentid))) { if ($comment->commentarea != 'database_entry') { throw new comment_exception('invalidcommentarea'); } if ($comment->contextid != $comment_param->context->id) { throw new comment_exception('invalidcontext'); } if ($comment->itemid != $comment_param->itemid) { throw new comment_exception('invalidcommentitemid'); } } else { throw new comment_exception('invalidcommentid'); } } return true; }
echo $OUTPUT->heading(format_string($data->name)); // Do we need to show a link to the RSS feed for the records? //this links has been Settings (database activity administration) block /*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) { echo '<div style="float:right;">'; rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype')); echo '</div>'; echo '<div style="clear:both;"></div>'; }*/ if ($data->intro and empty($page) and empty($record) and $mode != 'single') { $options = new stdClass(); $options->noclean = true; echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro'); } /// Delete any requested records if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context) or data_isowner($delete))) { if ($confirm = optional_param('confirm', 0, PARAM_INT)) { if ($deleterecord = $DB->get_record('data_records', array('id' => $delete))) { // Need to check this is valid if ($deleterecord->dataid == $data->id) { // Must be from this database if ($contents = $DB->get_records('data_content', array('recordid' => $deleterecord->id))) { foreach ($contents as $content) { // Delete files or whatever else this field allows if ($field = data_get_field_from_id($content->fieldid, $data)) { // Might not be there $field->delete_content($content->recordid); } } } $DB->delete_records('data_content', array('recordid' => $deleterecord->id));
// Brand new database! redirect($CFG->wwwroot . '/mod/data/field.php?d=' . $data->id); // Redirect to field entry } } if ($rid) { // When editing an existing record, we require the session key require_sesskey(); } // Get Group information for permission testing and record creation $currentgroup = groups_get_activity_group($cm); $groupmode = groups_get_activity_groupmode($cm); if (!has_capability('mod/data:manageentries', $context)) { if ($rid) { // User is editing an existing record if (!data_isowner($rid) || data_in_readonly_period($data)) { print_error('noaccess', 'data'); } } else { if (!data_user_can_add_entry($data, $currentgroup, $groupmode, $context)) { // User is trying to create a new record print_error('noaccess', 'data'); } } } if ($cancel) { redirect('view.php?d=' . $data->id); } /// RSS and CSS and JS meta if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) { $courseshortname = format_string($course->shortname, true, array('context' => context_course::instance($course->id)));
/** * Verify the user can still export this entry * * @return bool */ public function check_permissions() { if ($this->recordid) { if (data_isowner($this->recordid)) { return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id)); } return has_capability('mod/data:exportentry', context_module::instance($this->cm->id)); } if ($this->has_export_config() && !$this->get_export_config('mineonly')) { return has_capability('mod/data:exportallentries', context_module::instance($this->cm->id)); } return has_capability('mod/data:exportownentry', context_module::instance($this->cm->id)); }
function data_print_comment($data, $comment, $page = 0) { global $USER, $CFG; $cm = get_coursemodule_from_instance('data', $data->id); $context = get_context_instance(CONTEXT_MODULE, $cm->id); $stredit = get_string('edit'); $strdelete = get_string('delete'); $user = get_record('user', 'id', $comment->userid); echo '<table cellspacing="0" align="center" width="50%" class="datacomment forumpost">'; echo '<tr class="header"><td class="picture left">'; print_user_picture($user, $data->course, $user->picture); echo '</td>'; echo '<td class="topic starter" align="left"><div class="author">'; $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context)); $by = new object(); $by->name = '<a href="' . $CFG->wwwroot . '/user/view.php?id=' . $user->id . '&course=' . $data->course . '">' . $fullname . '</a>'; $by->date = userdate($comment->modified); print_string('bynameondate', 'data', $by); echo '</div></td></tr>'; echo '<tr><td class="left side">'; if ($groups = groups_get_all_groups($data->course, $comment->userid, $cm->groupingid)) { print_group_picture($groups, $data->course, false, false, true); } else { echo ' '; } // Actual content echo '</td><td class="content" align="left">' . "\n"; // Print whole message echo format_text($comment->content, $comment->format); // Commands echo '<div class="commands">'; if (data_isowner($comment->recordid) or has_capability('mod/data:managecomments', $context)) { echo '<a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&mode=edit&commentid=' . $comment->id . '&page=' . $page . '">' . $stredit . '</a>'; echo '| <a href="' . $CFG->wwwroot . '/mod/data/comment.php?rid=' . $comment->recordid . '&mode=delete&commentid=' . $comment->id . '&page=' . $page . '">' . $strdelete . '</a>'; } echo '</div>'; echo '</td></tr></table>' . "\n\n"; }
//this links has been Settings (database activity administration) block /*if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) { echo '<div style="float:right;">'; rss_print_link($context->id, $USER->id, 'mod_data', $data->id, get_string('rsstype')); echo '</div>'; echo '<div style="clear:both;"></div>'; }*/ if ($data->intro and empty($page) and empty($record) and $mode != 'single') { $options = new stdClass(); $options->noclean = true; } echo $OUTPUT->box(format_module_intro('data', $data, $cm->id), 'generalbox', 'intro'); $returnurl = $CFG->wwwroot . '/mod/data/view.php?d=' . $data->id . '&search=' . s($search) . '&sort=' . s($sort) . '&order=' . s($order) . '&'; groups_print_activity_menu($cm, $returnurl); /// Delete any requested records if ($delete && confirm_sesskey() && ($canmanageentries or data_isowner($delete))) { if ($confirm = optional_param('confirm', 0, PARAM_INT)) { if (data_delete_record($delete, $data, $course->id, $cm->id)) { echo $OUTPUT->notification(get_string('recorddeleted', 'data'), 'notifysuccess'); } } else { // Print a confirmation page $allnamefields = get_all_user_name_fields(true, 'u'); $dbparams = array($delete); if ($deleterecord = $DB->get_record_sql("SELECT dr.*, {$allnamefields}\n FROM {data_records} dr\n JOIN {user} u ON dr.userid = u.id\n WHERE dr.id = ?", $dbparams, MUST_EXIST)) { // Need to check this is valid. if ($deleterecord->dataid == $data->id) { // Must be from this database $deletebutton = new single_button(new moodle_url('/mod/data/view.php?d=' . $data->id . '&delete=' . $delete . '&confirm=1'), get_string('delete'), 'post'); echo $OUTPUT->confirm(get_string('confirmdeleterecord', 'data'), $deletebutton, 'view.php?d=' . $data->id); $records[] = $deleterecord;
/** * Serves the data attachments. Implements needed access control ;-) */ function data_pluginfile($course, $cminfo, $context, $filearea, $args) { global $CFG, $DB; if (!$cminfo->uservisible) { return false; } if ($filearea === 'data_content') { $contentid = (int) array_shift($args); if (!($content = $DB->get_record('data_content', array('id' => $contentid)))) { return false; } if (!($field = $DB->get_record('data_fields', array('id' => $content->fieldid)))) { return false; } if (!($record = $DB->get_record('data_records', array('id' => $content->recordid)))) { return false; } if (!($data = $DB->get_record('data', array('id' => $field->dataid)))) { return false; } //check if approved if (!$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) { return false; } // group access if ($record->groupid) { $groupmode = groups_get_activity_groupmode($cminfo, $course); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { if (!groups_is_member($record->groupid)) { return false; } } } $fieldobj = data_get_field($field, $data, $cminfo); $relativepath = '/' . implode('/', $args); $fullpath = $context->id . 'data_content' . $content->id . $relativepath; if (!$fieldobj->file_ok($relativepath)) { return false; } $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { return false; } // finally send the file send_stored_file($file, 0, 0, true); // download MUST be forced - security! } return false; }
} if (!($data = $DB->get_record('data', array('id' => $record->dataid)))) { print_error('invalidid', 'data'); } if (!($course = $DB->get_record('course', array('id' => $data->course)))) { print_error('coursemisconf'); } if (!($cm = get_coursemodule_from_instance('data', $data->id, $course->id))) { print_error('invalidcoursemodule'); } require_login($course->id, false, $cm); $context = get_context_instance(CONTEXT_MODULE, $cm->id); if (!$data->assessed) { print_error('norating', 'data'); } if (!data_isowner($record->id) and !has_capability('mod/data:viewrating', $context) and !has_capability('mod/data:rate', $context)) { print_error('cannotviewrate', 'data'); } switch ($sort) { case 'firstname': $sqlsort = "u.firstname ASC"; break; case 'rating': $sqlsort = "r.rating ASC"; break; default: $sqlsort = "r.id ASC"; } $scalemenu = make_grades_menu($data->scale); $strratings = get_string('ratings', 'data'); $strrating = get_string('rating', 'data');
/** * Serves the data attachments. Implements needed access control ;-) * * @param object $course * @param object $cm * @param object $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - justsend the file */ function data_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) { global $CFG, $DB; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_course_login($course, true, $cm); if ($filearea === 'content') { $contentid = (int)array_shift($args); if (!$content = $DB->get_record('data_content', array('id'=>$contentid))) { return false; } if (!$field = $DB->get_record('data_fields', array('id'=>$content->fieldid))) { return false; } if (!$record = $DB->get_record('data_records', array('id'=>$content->recordid))) { return false; } if (!$data = $DB->get_record('data', array('id'=>$field->dataid))) { return false; } if ($data->id != $cm->instance) { // hacker attempt - context does not match the contentid return false; } //check if approved if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) { return false; } // group access if ($record->groupid) { $groupmode = groups_get_activity_groupmode($cm, $course); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { if (!groups_is_member($record->groupid)) { return false; } } } $fieldobj = data_get_field($field, $data, $cm); $relativepath = implode('/', $args); $fullpath = "/$context->id/mod_data/content/$content->id/$relativepath"; if (!$fieldobj->file_ok($relativepath)) { return false; } $fs = get_file_storage(); if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { return false; } // finally send the file send_stored_file($file, 0, 0, true); // download MUST be forced - security! } return false; }