function can_download_artefact($artefact) { global $USER, $viewid; if ($USER->can_view_artefact($artefact)) { return true; } else { if (artefact_in_view($artefact, $viewid)) { return can_view_view($viewid); } } $parent = $artefact->get('parent'); while ($parent !== null) { $parentobj = artefact_instance_from_id($parent); $parent = $parentobj->get('parent'); if (artefact_in_view($parentobj, $viewid)) { return can_view_view($viewid); } } return false; }
public function viewable_in($viewid) { global $USER; if ($this->get('deletedby')) { return false; } if ($USER->is_logged_in()) { if ($USER->can_view_artefact($this)) { return true; } if ($this->get('author') == $USER->get('id')) { return true; } } if ($this->get('private')) { return false; } if ($onview = $this->get('onview')) { return $onview == $viewid; } if ($onartefact = $this->get('onartefact')) { return artefact_in_view($onartefact, $viewid); } return false; }
$extradata = new stdClass(); $extradata->view = $viewid; $extradata->artefact = $artefactid; $extradata->annotation = $annotationid; $extradata->blockid = $blockid; } if (empty($extradata->view) || empty($extradata->annotation) || empty($extradata->blockid)) { json_reply('local', get_string('annotationinformationerror', 'artefact.annotation')); } if (!can_view_view($extradata->view)) { json_reply('local', get_string('noaccesstoview', 'view')); } if (!artefact_in_view($extradata->annotation, $extradata->view)) { json_reply('local', get_string('accessdenied', 'error')); } if (!empty($extradata->artefact) && !artefact_in_view($extradata->artefact, $extradata->view)) { json_reply('local', get_string('accessdenied', 'error')); } if ($ispagination) { // This is not really working yet. Need to do more work on artefact/artefact.php $options = ArtefactTypeAnnotationfeedback::get_annotation_feedback_options(); $options->limit = $limit; $options->offset = $offset; $options->view = $extradata->view; $options->annotation = $extradata->annotation; $options->artefact = $extradata->artefact; $options->block = $extradata->blockid; $annotationfeedback = ArtefactTypeAnnotationfeedback::get_annotation_feedback($options); json_reply(false, array('data' => $annotationfeedback)); } else { $view = new View($extradata->view);
$options['metadata'] = 1; } $rendered = $artefact->render_self($options); $content = ''; if (!empty($rendered['javascript'])) { $content = '<script type="text/javascript">' . $rendered['javascript'] . '</script>'; } $content .= $rendered['html']; // Build the path to the artefact, through its parents $artefactpath = array(); $parent = $artefact->get('parent'); while ($parent !== null) { // This loop could get expensive when there are a lot of parents. But at least // it works, unlike the old attempt $parentobj = artefact_instance_from_id($parent); if (artefact_in_view($parent, $viewid)) { array_unshift($artefactpath, array('url' => get_config('wwwroot') . 'view/artefact.php?artefact=' . $parent . '&view=' . $viewid, 'title' => $parentobj->display_title())); } $parent = $parentobj->get('parent'); } $artefactpath[] = array('url' => '', 'title' => $artefact->display_title()); // Feedback $feedback = ArtefactTypeComment::get_comments($limit, $offset, $showcomment, $view, $artefact); $javascript = <<<EOF var viewid = {$viewid}; addLoadEvent(function () { paginator = {$feedback->pagination_js} }); EOF; if ($artefact->get('allowcomments')) { $anonfeedback = !$USER->is_logged_in() && view_has_token($viewid, get_cookie('viewaccess:' . $viewid));
* @package mahara * @subpackage blocktype-pdf * @author Son Nguyen, Catalyst IT Ltd * @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later * @copyright For copyright information on Mahara, please see the README file distributed with this software. * */ /** * This displays a pdf in an <iframe> * */ define('INTERNAL', 1); define('PUBLIC', 1); require dirname(dirname(dirname(dirname(dirname(__FILE__))))) . '/init.php'; require_once get_config('docroot') . '/artefact/lib.php'; $fileid = param_integer('file'); $viewid = param_integer('view'); if (!artefact_in_view($fileid, $viewid)) { throw new AccessDeniedException(''); } if (!can_view_view($viewid)) { throw new AccessDeniedException(''); } $file = artefact_instance_from_id($fileid); if (!$file instanceof ArtefactTypeFile) { throw new NotFoundException(); } $smarty = smarty(); $smarty->assign('url', get_config('wwwroot') . 'artefact/file/download.php?file=' . $fileid . '&view=' . $viewid); $smarty->assign('title', $file->get('title')); $smarty->display('blocktype:pdf:pdf.tpl');
} function error_feed() { return array('title' => get_string('accessdenied', 'error'), 'link' => '', 'selflink' => '', 'id' => '', 'description' => '', 'ownername' => '', 'updated' => '', 'logo' => ''); } function error_post($message) { return array(0 => array('title' => get_string('accessdenied', 'error'), 'link' => '', 'id' => '', 'description' => $message, 'mtime' => '')); } $artefactid = param_integer('artefact'); $viewid = param_integer('view'); require_once get_config('docroot') . 'artefact/lib.php'; $artefact = artefact_instance_from_id($artefactid); if (!can_view_view($viewid)) { generate_feed(error_feed(), error_post('')); } elseif (!artefact_in_view($artefactid, $viewid)) { generate_feed(error_feed(), error_post(get_string('artefactnotinview', 'error', $artefactid, $viewid))); } elseif (!$artefact->in_view_list()) { generate_feed(error_feed(), error_post(get_string('artefactonlyviewableinview', 'error'))); } elseif ($artefact->get('artefacttype') != 'blog') { generate_feed(error_feed(), error_post(get_string('feedsnotavailable', 'artefact.blog'))); } else { $owner = get_records_sql_array("\n SELECT a.mtime, u.id, u.firstname, u.lastname, u.profileicon\n FROM {usr} u, {artefact} a\n WHERE a.id = ?\n AND a.owner = u.id\n LIMIT 1;", array($artefactid)); if ($owner[0]->profileicon) { $image = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&maxsize=100&id=' . $owner[0]->profileicon; } else { // use the Mahara logo $image = $THEME->get_image_url('site-logo'); } // if the owner has a personal website set, use it as the author URI $personal_site = get_field('artefact', 'title', 'artefacttype', 'personalwebsite', 'owner', $owner[0]->id);
} else { $options['downloadurl'] = get_config('wwwroot') . substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], 'artefact/file/download.php')) . '&download=1'; } if ($viewid && $fileid) { $file = artefact_instance_from_id($fileid); $ancestors = $file->get_item_ancestors(); $artefactok = false; if (artefact_in_view($file, $viewid)) { $artefactok = true; } // Check to see if the artefact has a parent that is allowed to be in this view. // For example, subdirectory of a folder artefact on a view. if (!empty($ancestors) && !$artefactok) { foreach ($ancestors as $ancestor) { $pathitem = artefact_instance_from_id($ancestor); if (artefact_in_view($pathitem, $viewid)) { $artefactok = true; break; } } } // If the view is a group view check that the $USER can view it $author = $file->get('author'); $group = $file->get('group'); if (!empty($author) && !empty($group)) { if ($USER->can_view_artefact($file)) { $artefactok = true; } } // The user may be trying to download a file that's not in the view, but which has // been attached to public feedback on the view