} $viewurl = 'view.php?user='******'course'; $viewurl = 'view.php?id=' . $cm->id; } // If editing a post, must be your post or you have manageposts $canmanage = has_capability('mod/oublog:manageposts', $context); if (isset($post) && $USER->id != $oubloginstance->userid && !$canmanage) { print_error('accessdenied', 'oublog'); } // Must be able to post in order to post OR edit a post. This is so that if // somebody is blocked from posting, they can't just edit an existing post. // Exception is that admin is allowed to edit posts even though they aren't // allowed to post to the blog. if (!(oublog_can_post($oublog, isset($oubloginstance) ? $oubloginstance->userid : 0, $cm) || isset($post) && $canmanage)) { print_error('accessdenied', 'oublog'); } /// Get strings $stroublogs = get_string('modulenameplural', 'oublog'); $stroublog = get_string('modulename', 'oublog'); $straddpost = get_string('newpost', 'oublog'); $streditpost = get_string('editpost', 'oublog'); /// Set-up groups $currentgroup = oublog_get_activity_group($cm, true); $groupmode = oublog_get_activity_groupmode($cm, $course); if ($groupmode == VISIBLEGROUPS && !groups_is_member($currentgroup) && !$oublog->individual) { require_capability('moodle/site:accessallgroups', $context); } $mform = new mod_oublog_post_form('editpost.php', array('individual' => $oublog->individual, 'maxvisibility' => $oublog->maxvisibility, 'allowcomments' => $oublog->allowcomments, 'edit' => !empty($postid), 'personal' => $oublog->global)); if ($mform->is_cancelled()) {
/** * Get a url to a feed * * @param string $format atom or rss * @param object $oublog * @param object $bloginstance * @param int $groupid * @param bool $comments * @param int $postid * @param unknown_type $context * @return string * @uses $CFG * @uses $USER */ function oublog_get_feedurl($format, $oublog, $bloginstance, $groupid, $comments, $postid, $cm, $individualid = 0) { global $CFG, $USER; $url = $CFG->wwwroot . '/mod/oublog/feed.php'; $url .= '?format=' . $format; $url .= '&blog=' . $oublog->id; if ($oublog->global) { if (is_null($bloginstance) || is_string($bloginstance) && $bloginstance == 'all') { $url .= '&bloginstance=all'; $accesstoken = $oublog->accesstoken; } else { $url .= '&bloginstance=' . $bloginstance->id; $accesstoken = $bloginstance->accesstoken; } } else { $accesstoken = $oublog->accesstoken; } if ($groupid) { $url .= '&group=' . $groupid; } // If individual blog. if ($individualid > 0) { $url .= '&individual=' . $individualid; } $url .= '&comments=' . $comments; // Visibility level if (isloggedin() && !isguestuser()) { $url .= '&viewer=' . $USER->id; // Don't use the 'full' token in personal blogs. We don't need personal // blog feeds to include draft posts, even for the user (who's the only // one allowed to see them) and it generates potential confusion. if (!$oublog->global && oublog_can_post($oublog, 0, $cm)) { // Full token changed to v2 after a security issue $url .= '&full=' . md5($accesstoken . $USER->id . OUBLOG_VISIBILITY_COURSEUSER . 'v2'); } else { $url .= '&loggedin=' . md5($accesstoken . $USER->id . OUBLOG_VISIBILITY_LOGGEDINUSER); } } return $url; }
print_error('invalidrequest'); } } // Get other details and check access if (!($cm = get_coursemodule_from_instance('oublog', $oublog->id))) { print_error('error_unspecified', 'oublog', 'RC1'); } if (!($course = get_record("course", "id", $cm->course))) { print_error('error_unspecified', 'oublog', 'RC2'); } // Require login and access to blog require_login($course, $cm); $context = get_context_instance(CONTEXT_MODULE, $cm->id); oublog_check_view_permissions($oublog, $context, $cm); // You must be able to post to blog (if blog = site blog, then your one) if (!oublog_can_post($oublog, $USER->id, $cm)) { print_error('accessdenied', 'oublog'); } // If there was a specified post, it must be yours if (!$isblog) { $userid = get_field_sql("\r\nSELECT\r\n bi.userid \r\nFROM \r\n {$CFG->prefix}oublog_posts bp\r\n INNER JOIN {$CFG->prefix}oublog_instances bi ON bi.id=bp.oubloginstancesid\r\nWHERE\r\n bp.id = {$postid}"); if ($userid !== $USER->id) { print_error('accessdenied', 'oublog'); } } // Is this the actual change or just the confirm? if ($_SERVER['REQUEST_METHOD'] == 'POST') { require_sesskey(); // Apply actual change if ($isblog) { $restriction = 'b.id = ' . $blogid;
// Since there's no way to know what personal blog was being updated // this redirects to the users own blog. if ($oublog->global && empty($user)) { redirect('view.php?user='******'re not logged in, // this causes odd behaviour in OU systems, so redirect to bloglogin.php. if ($oublog->maxvisibility != OUBLOG_VISIBILITY_PUBLIC && !isloggedin()) { redirect('bloglogin.php?returnurl=' . substr($FULLME, strpos($FULLME, 'view.php'))); } $context = context_module::instance($cm->id); oublog_check_view_permissions($oublog, $context, $cm); $oublogoutput = $PAGE->get_renderer('mod_oublog'); // Check security. $canpost = oublog_can_post($oublog, $user, $cm); $canmanageposts = has_capability('mod/oublog:manageposts', $context); $canaudit = has_capability('mod/oublog:audit', $context); // Get strings. $stroublogs = get_string('modulenameplural', 'oublog'); $stroublog = get_string('modulename', 'oublog'); $straddpost = get_string('newpost', 'oublog', oublog_get_displayname($oublog)); $strexportposts = get_string('oublog:exportposts', 'oublog'); $strtags = get_string('tags', 'oublog'); $stredit = get_string('edit', 'oublog'); $strdelete = get_string('delete', 'oublog'); $strnewposts = get_string('newerposts', 'oublog'); $strolderposts = get_string('olderposts', 'oublog'); $strcomment = get_string('comment', 'oublog'); $strviews = get_string('views', 'oublog', oublog_get_displayname($oublog)); $strlinks = get_string('links', 'oublog');
if (!($post = oublog_get_post($edit->postid))) { error("Post ID was incorrect"); } if (!($cm = get_coursemodule_from_instance('oublog', $post->oublogid))) { error("Course module ID was incorrect"); } if (!($course = get_record("course", "id", $cm->course))) { error("Course is misconfigured"); } if (!($oublog = get_record("oublog", "id", $cm->instance))) { error("Course module is incorrect"); } $context = get_context_instance(CONTEXT_MODULE, $cm->id); oublog_check_view_permissions($oublog, $context, $cm); /// Check security $canpost = oublog_can_post($oublog, $post->userid, $cm); $canmanageposts = has_capability('mod/oublog:manageposts', $context); $canmanagecomments = has_capability('mod/oublog:managecomments', $context); $canaudit = has_capability('mod/oublog:audit', $context); /// Get strings $stroublogs = get_string('modulenameplural', 'oublog'); $stroublog = get_string('modulename', 'oublog'); $strtags = get_string('tags', 'oublog'); $strviewedit = get_string('viewedit', 'oublog'); /// Set-up groups $currentgroup = oublog_get_activity_group($cm, true); $groupmode = oublog_get_activity_groupmode($cm, $course); /// Generate extra navigation $extranav = array(); if (!empty($post->title)) { $extranav[] = array('name' => format_string($post->title), 'link' => 'viewpost.php?post=' . $post->id, 'type' => 'misc');