function can_download_artefact($artefact)
{
global $USER, $viewid;
if ($USER->can_view_artefact($artefact)) {
return true;
} else {
if (artefact_in_view($artefact, $viewid)) {
return can_view_view($viewid);
}
}
$parent = $artefact->get('parent');
while ($parent !== null) {
$parentobj = artefact_instance_from_id($parent);
$parent = $parentobj->get('parent');
if (artefact_in_view($parentobj, $viewid)) {
return can_view_view($viewid);
}
}
return false;
}
public function viewable_in($viewid)
{
global $USER;
if ($this->get('deletedby')) {
return false;
}
if ($USER->is_logged_in()) {
if ($USER->can_view_artefact($this)) {
return true;
}
if ($this->get('author') == $USER->get('id')) {
return true;
}
}
if ($this->get('private')) {
return false;
}
if ($onview = $this->get('onview')) {
return $onview == $viewid;
}
if ($onartefact = $this->get('onartefact')) {
return artefact_in_view($onartefact, $viewid);
}
return false;
}
$extradata = new stdClass();
$extradata->view = $viewid;
$extradata->artefact = $artefactid;
$extradata->annotation = $annotationid;
$extradata->blockid = $blockid;
}
if (empty($extradata->view) || empty($extradata->annotation) || empty($extradata->blockid)) {
json_reply('local', get_string('annotationinformationerror', 'artefact.annotation'));
}
if (!can_view_view($extradata->view)) {
json_reply('local', get_string('noaccesstoview', 'view'));
}
if (!artefact_in_view($extradata->annotation, $extradata->view)) {
json_reply('local', get_string('accessdenied', 'error'));
}
if (!empty($extradata->artefact) && !artefact_in_view($extradata->artefact, $extradata->view)) {
json_reply('local', get_string('accessdenied', 'error'));
}
if ($ispagination) {
// This is not really working yet. Need to do more work on artefact/artefact.php
$options = ArtefactTypeAnnotationfeedback::get_annotation_feedback_options();
$options->limit = $limit;
$options->offset = $offset;
$options->view = $extradata->view;
$options->annotation = $extradata->annotation;
$options->artefact = $extradata->artefact;
$options->block = $extradata->blockid;
$annotationfeedback = ArtefactTypeAnnotationfeedback::get_annotation_feedback($options);
json_reply(false, array('data' => $annotationfeedback));
} else {
$view = new View($extradata->view);
$options['metadata'] = 1;
}
$rendered = $artefact->render_self($options);
$content = '';
if (!empty($rendered['javascript'])) {
$content = '<script type="text/javascript">' . $rendered['javascript'] . '</script>';
}
$content .= $rendered['html'];
// Build the path to the artefact, through its parents
$artefactpath = array();
$parent = $artefact->get('parent');
while ($parent !== null) {
// This loop could get expensive when there are a lot of parents. But at least
// it works, unlike the old attempt
$parentobj = artefact_instance_from_id($parent);
if (artefact_in_view($parent, $viewid)) {
array_unshift($artefactpath, array('url' => get_config('wwwroot') . 'view/artefact.php?artefact=' . $parent . '&view=' . $viewid, 'title' => $parentobj->display_title()));
}
$parent = $parentobj->get('parent');
}
$artefactpath[] = array('url' => '', 'title' => $artefact->display_title());
// Feedback
$feedback = ArtefactTypeComment::get_comments($limit, $offset, $showcomment, $view, $artefact);
$javascript = <<<EOF
var viewid = {$viewid};
addLoadEvent(function () {
paginator = {$feedback->pagination_js}
});
EOF;
if ($artefact->get('allowcomments')) {
$anonfeedback = !$USER->is_logged_in() && view_has_token($viewid, get_cookie('viewaccess:' . $viewid));
* @package mahara
* @subpackage blocktype-pdf
* @author Son Nguyen, Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
/**
* This displays a pdf in an <iframe>
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require dirname(dirname(dirname(dirname(dirname(__FILE__))))) . '/init.php';
require_once get_config('docroot') . '/artefact/lib.php';
$fileid = param_integer('file');
$viewid = param_integer('view');
if (!artefact_in_view($fileid, $viewid)) {
throw new AccessDeniedException('');
}
if (!can_view_view($viewid)) {
throw new AccessDeniedException('');
}
$file = artefact_instance_from_id($fileid);
if (!$file instanceof ArtefactTypeFile) {
throw new NotFoundException();
}
$smarty = smarty();
$smarty->assign('url', get_config('wwwroot') . 'artefact/file/download.php?file=' . $fileid . '&view=' . $viewid);
$smarty->assign('title', $file->get('title'));
$smarty->display('blocktype:pdf:pdf.tpl');
}
function error_feed()
{
return array('title' => get_string('accessdenied', 'error'), 'link' => '', 'selflink' => '', 'id' => '', 'description' => '', 'ownername' => '', 'updated' => '', 'logo' => '');
}
function error_post($message)
{
return array(0 => array('title' => get_string('accessdenied', 'error'), 'link' => '', 'id' => '', 'description' => $message, 'mtime' => ''));
}
$artefactid = param_integer('artefact');
$viewid = param_integer('view');
require_once get_config('docroot') . 'artefact/lib.php';
$artefact = artefact_instance_from_id($artefactid);
if (!can_view_view($viewid)) {
generate_feed(error_feed(), error_post(''));
} elseif (!artefact_in_view($artefactid, $viewid)) {
generate_feed(error_feed(), error_post(get_string('artefactnotinview', 'error', $artefactid, $viewid)));
} elseif (!$artefact->in_view_list()) {
generate_feed(error_feed(), error_post(get_string('artefactonlyviewableinview', 'error')));
} elseif ($artefact->get('artefacttype') != 'blog') {
generate_feed(error_feed(), error_post(get_string('feedsnotavailable', 'artefact.blog')));
} else {
$owner = get_records_sql_array("\n SELECT a.mtime, u.id, u.firstname, u.lastname, u.profileicon\n FROM {usr} u, {artefact} a\n WHERE a.id = ?\n AND a.owner = u.id\n LIMIT 1;", array($artefactid));
if ($owner[0]->profileicon) {
$image = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&maxsize=100&id=' . $owner[0]->profileicon;
} else {
// use the Mahara logo
$image = $THEME->get_image_url('site-logo');
}
// if the owner has a personal website set, use it as the author URI
$personal_site = get_field('artefact', 'title', 'artefacttype', 'personalwebsite', 'owner', $owner[0]->id);
} else {
$options['downloadurl'] = get_config('wwwroot') . substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], 'artefact/file/download.php')) . '&download=1';
}
if ($viewid && $fileid) {
$file = artefact_instance_from_id($fileid);
$ancestors = $file->get_item_ancestors();
$artefactok = false;
if (artefact_in_view($file, $viewid)) {
$artefactok = true;
}
// Check to see if the artefact has a parent that is allowed to be in this view.
// For example, subdirectory of a folder artefact on a view.
if (!empty($ancestors) && !$artefactok) {
foreach ($ancestors as $ancestor) {
$pathitem = artefact_instance_from_id($ancestor);
if (artefact_in_view($pathitem, $viewid)) {
$artefactok = true;
break;
}
}
}
// If the view is a group view check that the $USER can view it
$author = $file->get('author');
$group = $file->get('group');
if (!empty($author) && !empty($group)) {
if ($USER->can_view_artefact($file)) {
$artefactok = true;
}
}
// The user may be trying to download a file that's not in the view, but which has
// been attached to public feedback on the view
