function pieform_element_filebrowser_createfolder(Pieform $form, $element, $data)
{
global $USER;
$parentfolder = $data['folder'] ? (int) $data['folder'] : null;
$institution = !empty($element['institution']) ? $element['institution'] : $form->get_property('institution');
$group = !empty($element['group']) ? $element['group'] : $form->get_property('group');
$result = array();
$data = (object) array('parent' => $parentfolder, 'owner' => null, 'title' => trim($data['title']));
if ($parentfolder) {
$parentartefact = artefact_instance_from_id($parentfolder);
if (!$USER->can_edit_artefact($parentartefact)) {
return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
} else {
if ($parentartefact->get('locked')) {
return array('error' => true, 'message' => get_string('cannoteditfoldersubmitted', 'artefact.file'));
}
}
}
$data->owner = $data->group = $data->institution = null;
if ($institution) {
$data->institution = $institution;
} else {
if ($group) {
if (!group_within_edit_window($group)) {
return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
}
if (!$parentfolder) {
if (!pieform_element_filebrowser_edit_group_folder($group, 0)) {
return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
}
}
$data->group = $group;
} else {
$data->owner = $USER->get('id');
}
}
if ($oldid = ArtefactTypeFileBase::file_exists($data->title, $data->owner, $parentfolder, $institution, $group)) {
return array('error' => true, 'message' => get_string('fileexists', 'artefact.file'));
}
$f = new ArtefactTypeFolder(0, $data);
$f->set('dirty', true);
$f->commit();
return array('error' => false, 'message' => get_string('foldercreated', 'artefact.file'), 'highlight' => $f->get('id'), 'newlist' => pieform_element_filebrowser_build_filelist($form, $element, $parentfolder, $f->get('id'), $data->owner, $data->group, $data->institution), 'foldercreated' => true);
}
/**
* Indicates whether the user has permission to edit an artefact's contents. The name refers
* to the "edit" permission for group files.
*
* If a user has "edit" permission, it is assumed they also have "view" permission (i.e.
* can view it in the artefact chooser -- see $USER->can_view_artefact())
*
* @param ArtefactType $a
* @param boolean $viewparent Whether the user must also be able to "view" the artefact's parent
* @return boolean
*/
public function can_edit_artefact($a, $viewparent = false)
{
$parent = $a->get_parent_instance();
if ($parent) {
if ($viewparent) {
if (!$this->can_view_artefact($parent)) {
return false;
}
} else {
if (!$this->can_edit_artefact($parent, true)) {
return false;
}
}
}
if ($this->get('admin') || ($this->get('id') and $this->get('id') == $a->get('owner')) || ($a->get('institution') and $this->is_institutional_admin($a->get('institution')))) {
return true;
}
if (!($group = $a->get('group'))) {
return false;
}
require_once 'group.php';
if (!($role = group_user_access($group, $this->id))) {
return false;
}
if ($role == 'admin') {
return true;
}
if (!group_within_edit_window($group)) {
return false;
}
if ($this->id == $a->get('author')) {
return true;
}
return $a->role_has_permission($role, 'edit');
}
SELECT m.forum, m.user
FROM {interaction_forum_moderator} m
INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0)
) m ON (m.forum = f.id AND m.user = p.poster)
INNER JOIN {interaction_forum_post} p3 ON (p.poster = p3.poster AND p3.deleted != 1)
INNER JOIN {interaction_forum_topic} t2 ON (t2.deleted != 1 AND p3.topic = t2.id)
INNER JOIN {interaction_instance} f2 ON (t2.forum = f2.id AND f2.deleted != 1 AND f2.group = f.group)
WHERE p.id = ?
AND p.deleted != 1
GROUP BY 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12', array(0, $postid));
if (!$post) {
throw new NotFoundException(get_string('cantfindpost', 'interaction.forum', $postid));
}
$membership = user_can_access_forum((int) $post->forum);
$moderator = (bool) ($membership & INTERACTION_FORUM_MOD);
if (!$moderator || $post->group && !group_within_edit_window($post->group)) {
throw new AccessDeniedException(get_string('cantdeletepost', 'interaction.forum'));
}
if (!$post->parent) {
throw new AccessDeniedException(get_string('cantdeletethispost', 'interaction.forum'));
}
define('GROUP', $post->group);
define('TITLE', $post->topicsubject . ' - ' . get_string('deletepost', 'interaction.forum'));
$post->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $post->ctime);
$form = pieform(array('name' => 'deletepost', 'renderer' => 'div', 'autofocus' => false, 'elements' => array('title' => array('value' => get_string('deletepostsure', 'interaction.forum')), 'submit' => array('type' => 'submitcancel', 'class' => 'btn-success', 'value' => array(get_string('yes'), get_string('no')), 'goto' => get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topic . '&post=' . $postid), 'post' => array('type' => 'hidden', 'value' => $postid), 'topic' => array('type' => 'hidden', 'value' => $post->topic), 'parent' => array('type' => 'hidden', 'value' => $post->parent))));
function deletepost_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$objectionable = get_record_sql("SELECT fp.id\n FROM {interaction_forum_post} fp\n JOIN {objectionable} o\n ON (o.objecttype = 'forum' AND o.objectid = fp.id)\n WHERE fp.id = ?\n AND o.resolvedby IS NULL\n AND o.resolvedtime IS NULL", array($values['post']));
if ($objectionable !== false) {
// Trigger activity.
function group_role_can_edit_views($group, $role)
{
if (empty($role)) {
return false;
}
if ($role == 'admin') {
return true;
}
if (is_numeric($group)) {
$editroles = get_field('group', 'editroles', 'id', $group);
} else {
if (!isset($group->editroles)) {
$editroles = get_field('group', 'editroles', 'id', $group->id);
} else {
$editroles = $group->editroles;
}
}
if ($role == 'member') {
return $editroles == 'all' && group_within_edit_window($group);
}
return $editroles != 'admin';
}
$viewid = $views['views'][0]->view;
} else {
$viewid = param_integer('id');
}
$view = new View($viewid);
if (empty($collection)) {
$collection = $view->get_collection();
}
define('TITLE', get_string('editaccess', 'view'));
$group = $view->get('group');
$institution = $view->get('institution');
View::set_nav($group, $institution, true);
if (!$USER->can_edit_view($view) || $view->get('owner') == "0") {
throw new AccessDeniedException();
}
if ($group && !group_within_edit_window($group)) {
throw new AccessDeniedException();
}
$form = array('name' => 'editaccess', 'renderer' => 'div', 'plugintype' => 'core', 'pluginname' => 'view', 'viewid' => $view->get('id'), 'userview' => (int) $view->get('owner'), 'elements' => array('id' => array('type' => 'hidden', 'value' => $view->get('id'))));
// Create checkboxes to allow the user to apply these access rules to
// any of their views/collections.
// For institution views, force edit access of one view at a time for now. Editing multiple
// institution views requires doing some tricky stuff with the 'copy for new users/groups'
// options, and there's not much room for the 'Share' tab in the admin area anyway
if ($view->get('type') != 'profile') {
list($collections, $views) = View::get_views_and_collections($view->get('owner'), $group, $institution, $view->get('accessconf'), false);
}
if (!empty($collections)) {
foreach ($collections as &$c) {
$c = array('title' => $c['name'], 'value' => $c['id'], 'defaultvalue' => $collectionid == $c['id'] || !empty($c['match']), 'views' => $c['views']);
}
$topic = get_record_sql('SELECT p.subject, p.poster, p.id AS firstpost, ' . db_format_tsfield('p.ctime', 'ctime') . ', t.id, f.group AS groupid, g.name AS groupname, f.id AS forumid, f.title AS forumtitle, t.closed, sf.forum AS forumsubscribed, st.topic AS topicsubscribed
FROM {interaction_forum_topic} t
INNER JOIN {interaction_instance} f ON (t.forum = f.id AND f.deleted != 1)
INNER JOIN {group} g ON (g.id = f.group AND g.deleted = 0)
INNER JOIN {interaction_forum_post} p ON (p.topic = t.id AND p.parent IS NULL)
LEFT JOIN {interaction_forum_subscription_forum} sf ON (sf.forum = f.id AND sf.user = ?)
LEFT JOIN {interaction_forum_subscription_topic} st ON (st.topic = t.id AND st.user = ?)
WHERE t.id = ?
AND t.deleted != 1', array($USER->get('id'), $USER->get('id'), $topicid));
if (!$topic) {
throw new NotFoundException(get_string('cantfindtopic', 'interaction.forum', $topicid));
}
define('GROUP', $topic->groupid);
$group = get_record('group', 'id', $topic->groupid);
$publicgroup = $group->public;
$ineditwindow = group_within_edit_window($group);
$feedlink = get_config('wwwroot') . 'interaction/forum/atom.php?type=t&id=' . $topic->id;
$membership = user_can_access_forum((int) $topic->forumid);
$moderator = $ineditwindow && (bool) ($membership & INTERACTION_FORUM_MOD);
$forumconfig = get_records_assoc('interaction_forum_instance_config', 'forum', $topic->forumid, '', 'field,value');
$indentmode = isset($forumconfig['indentmode']) ? $forumconfig['indentmode']->value : 'full_indent';
$maxindentdepth = isset($forumconfig['maxindent']) ? $forumconfig['maxindent']->value : 10;
if (!$membership && !get_field('group', 'public', 'id', $topic->groupid)) {
$objection = param_integer('objection', 0);
$errorstr = $objection ? get_string('accessdeniedobjection', 'error') : get_string('cantviewtopic', 'interaction.forum');
throw new GroupAccessDeniedException($errorstr, $objection);
}
$topic->canedit = ($moderator || user_can_edit_post($topic->poster, $topic->ctime)) && $ineditwindow;
define('TITLE', $topic->forumtitle . ' - ' . $topic->subject);
$groupadmins = group_get_admin_ids($topic->groupid);
if ($membership && !$topic->forumsubscribed) {
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'pieforms/pieform.php';
require_once 'view.php';
$viewid = param_integer('id');
$view = new View($viewid, null);
if (!$view || $view->get('owner') == "0" || !$USER->can_edit_view($view)) {
throw new AccessDeniedException(get_string('cantdeleteview', 'view'));
}
$groupid = $view->get('group');
if ($groupid && !group_within_edit_window($groupid)) {
throw new AccessDeniedException(get_string('cantdeleteview', 'view'));
}
$collectionnote = '';
$collection = $view->get_collection();
if ($collection) {
$collectionnote = get_string('deleteviewconfirmnote2', 'view', $collection->get_url(), $collection->get('name'));
}
$institution = $view->get('institution');
View::set_nav($groupid, $institution);
if ($groupid) {
$goto = 'groupviews.php?group=' . $groupid;
} else {
if ($institution) {
$goto = 'institutionviews.php?institution=' . $institution;
} else {
FROM {interaction_instance} f
INNER JOIN {group} g ON (g.id = f.group AND g.deleted = 0)
WHERE f.id = ?
AND f.deleted != 1', array($forumid));
if (!$forum) {
throw new NotFoundException(get_string('cantfindforum', 'interaction.forum', $forumid));
}
$forumconfig = get_records_assoc('interaction_forum_instance_config', 'forum', $forumid, '', 'field,value');
define('GROUP', $forum->groupid);
$membership = user_can_access_forum((int) $forumid);
$moderator = (bool) ($membership & INTERACTION_FORUM_MOD);
$admintutor = (bool) group_get_user_admintutor_groups();
if (!$membership || $forumconfig['createtopicusers']->value == 'moderators' && !$moderator) {
throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum'));
}
if (!group_within_edit_window($forum->groupid)) {
throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum'));
}
if (!isset($topicid)) {
// new topic
define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum'));
} else {
// edit topic
define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum'));
// no record for edits to own posts with 30 minutes
if (user_can_edit_post($topic->poster, $topic->ctime)) {
$topic->editrecord = false;
$timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $topic->ctime) / 60);
} else {
if ($moderator) {
$topic->editrecord = true;
*/
define('INTERNAL', 1);
require dirname(dirname(__FILE__)) . '/init.php';
require_once get_config('libroot') . 'view.php';
require_once get_config('libroot') . 'group.php';
$owner = param_integer('owner', 0);
$groupid = param_integer('group', null);
$institution = param_alphanum('institution', null);
$searchcollection = param_integer('searchcollection', false);
View::set_nav($groupid, $institution, false, $searchcollection);
if ($usetemplate = param_integer('usetemplate', null)) {
// If a form has been submitted, build it now and pieforms will
// call the submit function straight away
pieform(create_view_form($groupid, $institution, $usetemplate, param_integer('copycollection', null)));
}
if ($groupid && (!group_user_can_edit_views($groupid) || !group_within_edit_window($groupid)) || $institution && !$USER->can_edit_institution($institution)) {
throw new AccessDeniedException();
}
if (!empty($groupid)) {
$group = group_current_group();
define('TITLE', $group->name);
} else {
$owner = $USER->get('id');
define('TITLE', get_string('copyvieworcollection', 'view'));
}
define('SUBTITLE', get_string('copyvieworcollection', 'view'));
$views = new StdClass();
$views->query = trim(param_variable('viewquery', ''));
$views->ownerquery = trim(param_variable('ownerquery', ''));
$views->offset = param_integer('viewoffset', 0);
$views->limit = param_integer('viewlimit', 10);
/**
* Creates pieforms definition for forms on the my files, group files, etc. pages.
*/
public static function files_form($page = '', $group = null, $institution = null, $folder = null, $highlight = null, $edit = null)
{
global $USER;
$resizeonuploaduserdefault = $USER->get_account_preference('resizeonuploaduserdefault');
$folder = param_integer('folder', 0);
$edit = param_variable('edit', 0);
if (is_array($edit)) {
$edit = array_keys($edit);
$edit = $edit[0];
}
$edit = (int) $edit;
$highlight = null;
if ($file = param_integer('file', 0)) {
$highlight = array($file);
// todo convert to file1=1&file2=2 etc
}
// Check whether the user may upload files; either the group needs to
// be within its edit window (if one is set) or the user needs to be
// the group admin.
if (!empty($group)) {
$editfilesfolders = group_within_edit_window($group);
} else {
$editfilesfolders = true;
}
$form = array('name' => 'files', 'jsform' => true, 'newiframeonsubmit' => true, 'jssuccesscallback' => 'files_callback', 'jserrorcallback' => 'files_callback', 'renderer' => 'oneline', 'plugintype' => 'artefact', 'pluginname' => 'file', 'configdirs' => array(get_config('libroot') . 'form/', get_config('docroot') . 'artefact/file/form/'), 'group' => $group, 'institution' => $institution, 'elements' => array('filebrowser' => array('type' => 'filebrowser', 'folder' => $folder, 'highlight' => $highlight, 'edit' => $edit, 'page' => $page, 'config' => array('upload' => $editfilesfolders, 'uploadagreement' => get_config_plugin('artefact', 'file', 'uploadagreement'), 'resizeonuploaduseroption' => get_config_plugin('artefact', 'file', 'resizeonuploaduseroption'), 'resizeonuploaduserdefault' => $resizeonuploaduserdefault, 'createfolder' => $editfilesfolders, 'edit' => $editfilesfolders, 'select' => false))));
return $form;
}
define('MENUITEM', 'myportfolio/views');
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'pieforms/pieform.php';
require_once 'view.php';
require_once 'collection.php';
require_once 'activity.php';
require_once get_config('docroot') . 'artefact/lib.php';
$groupid = param_integer('group');
$returnto = param_variable('returnto', 'view');
$group = get_record_sql('SELECT g.id, g.name, g.grouptype, g.urlid
FROM {group_member} u
INNER JOIN {group} g ON (u.group = g.id AND g.deleted = 0)
WHERE u.member = ?
AND g.id = ?
AND g.submittableto = 1', array($USER->get('id'), $groupid));
if (!$group || !group_within_edit_window($group)) {
throw new AccessDeniedException(get_string('cantsubmittogroup', 'view'));
}
if ($collectionid = param_integer('collection', null)) {
$collection = new Collection($collectionid);
if (!$collection || $collection->is_submitted() || $collection->get('owner') !== $USER->get('id')) {
throw new AccessDeniedException(get_string('cantsubmitcollectiontogroup', 'view'));
}
$submissionname = $collection->get('name');
} else {
$view = new View(param_integer('id'));
if (!$view || $view->is_submitted() || $view->get('owner') !== $USER->get('id')) {
throw new AccessDeniedException(get_string('cantsubmitviewtogroup', 'view'));
}
$submissionname = $view->get('title');
}
throw new NotFoundException(get_string('cantfindpost', 'interaction.forum', $parentid));
}
if (!group_within_edit_window($parent->group)) {
throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum'));
}
if (!$membership) {
throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum'));
}
if (!$moderator && $parent->topicclosed) {
throw new AccessDeniedException(get_string('cantaddposttotopic', 'interaction.forum'));
}
$action = get_string('postreply', 'interaction.forum');
define('TITLE', $parent->topicsubject . ' - ' . $action);
} else {
// edit post
if (!group_within_edit_window($parent->group)) {
throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum'));
}
// no record for edits to own posts with 30 minutes
if (user_can_edit_post($post->poster, $post->ctime)) {
$post->editrecord = false;
$timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $post->ctime) / 60);
} else {
if ($moderator) {
$post->editrecord = true;
} else {
if (user_can_edit_post($post->poster, $post->ctime, $USER->get('id'), false)) {
$SESSION->add_error_msg(get_string('postaftertimeout', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay')));
redirect('/interaction/forum/topic.php?id=' . $parent->topic);
} else {
throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum'));
INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0)
) m ON (m.forum = t.forum AND m.user = p.poster)
INNER JOIN {interaction_forum_post} p2 ON (p.poster = p2.poster AND p2.deleted != 1)
INNER JOIN {interaction_forum_topic} t2 ON (t2.deleted != 1 AND p2.topic = t2.id)
INNER JOIN {interaction_instance} f2 ON (t2.forum = f2.id AND f2.deleted != 1 AND f2.group = f.group)
WHERE t.id = ?
AND t.deleted != 1
GROUP BY 1, 2, 3, 4, 5, 6, 7, 9, 10, 11', array(0, $topicid));
if (!$topic) {
throw new NotFoundException(get_string('cantfindtopic', 'interaction.forum', $topicid));
}
define('GROUP', $topic->group);
$membership = user_can_access_forum((int) $topic->forumid);
$moderator = (bool) ($membership & INTERACTION_FORUM_MOD);
$topic->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $topic->ctime);
if (!$moderator || $topic->group && !group_within_edit_window($topic->group)) {
throw new AccessDeniedException(get_string('cantdeletetopic', 'interaction.forum'));
}
define('TITLE', $topic->title . ' - ' . get_string('deletetopicspecific', 'interaction.forum', $topic->subject));
$form = pieform(array('name' => 'deletetopic', 'renderer' => 'div', 'autofocus' => false, 'elements' => array('title' => array('value' => get_string('deletetopicsure', 'interaction.forum')), 'submit' => array('type' => 'submitcancel', 'value' => array(get_string('yes'), get_string('no')), 'goto' => get_config('wwwroot') . ($returnto == 'view' ? 'interaction/forum/view.php?id=' . $topic->forumid : 'interaction/forum/topic.php?id=' . $topicid)), 'forum' => array('type' => 'hidden', 'value' => $topic->forumid))));
function deletetopic_submit(Pieform $form, $values)
{
global $SESSION, $USER, $topicid;
$objectionable = get_record_sql("SELECT fp.id\n FROM {interaction_forum_post} fp\n JOIN {objectionable} o\n ON (o.objecttype = 'forum' AND o.objectid = fp.id)\n WHERE fp.topic = ?\n AND fp.parent IS NULL\n AND o.resolvedby IS NULL\n AND o.resolvedtime IS NULL", array($topicid));
if ($objectionable !== false) {
// Trigger activity.
$data = new StdClass();
$data->postid = $objectionable->id;
$data->message = '';
$data->reporter = $USER->get('id');
$data->ctime = time();
* @package mahara
* @subpackage artefact-file
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('MENUITEM', 'groups/files');
define('SECTION_PLUGINTYPE', 'artefact');
define('SECTION_PLUGINNAME', 'file');
define('SECTION_PAGE', 'groupfiles');
require dirname(dirname(dirname(__FILE__))) . '/init.php';
require_once get_config('libroot') . 'group.php';
safe_require('artefact', 'file');
define('GROUP', param_integer('group'));
$group = group_current_group();
if (!($role = group_user_access($group->id) || !group_within_edit_window($group))) {
throw new AccessDeniedException();
}
define('TITLE', $group->name . ' - ' . get_string('groupfiles', 'artefact.file'));
require_once get_config('docroot') . 'interaction/lib.php';
$pagebase = get_config('wwwroot') . 'artefact/file/groupfiles.php?group=' . $group->id;
$form = pieform(ArtefactTypeFileBase::files_form($pagebase, $group->id));
$js = ArtefactTypeFileBase::files_js();
$smarty = smarty(array(), array(), array(), array('sideblocks' => array(array('name' => 'groupquota', 'weight' => -10, 'data' => array()))));
$smarty->assign('heading', $group->name);
$smarty->assign('form', $form);
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign('group', $group->name);
$smarty->display('artefact:file:files.tpl');