print_error('coursemisconf'); } if (!($post = oublog_get_post($postid))) { print_error('invalidpost', 'oublog'); } if (!($oubloginstance = $DB->get_record('oublog_instances', array('id' => $post->oubloginstancesid)))) { print_error('invalidblog', 'oublog'); } $url = new moodle_url('/mod/oublog/editcomment.php', array('blog' => $blog, 'post' => $postid, 'comment' => $commentid)); $PAGE->set_url($url); // Check security. $context = context_module::instance($cm->id); oublog_check_view_permissions($oublog, $context, $cm); $post->userid = $oubloginstance->userid; // oublog_can_view_post needs this if (!oublog_can_view_post($post, $USER, $context, $oublog->global)) { print_error('accessdenied', 'oublog'); } oublog_get_activity_groupmode($cm, $course); if (!oublog_can_comment($cm, $oublog, $post)) { print_error('accessdenied', 'oublog'); } if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT || $post->allowcomments == OUBLOG_COMMENTS_PREVENT) { print_error('commentsnotallowed', 'oublog'); } $viewurl = 'viewpost.php?post=' . $post->id; if ($oublog->global) { $blogtype = 'personal'; if (!($oubloguser = $DB->get_record('user', array('id' => $oubloginstance->userid)))) { print_error('invaliduserid'); }
/** * Function filters search results to exclude ones that don't meet the * visibility criterion. * * @param object $result Search result data */ function visibility_filter(&$result) { global $USER, $modulecontext, $personalblog; return oublog_can_view_post($result->data, $USER, $modulecontext, $personalblog); }
} if (!($course = get_record("course", "id", $cm->course))) { print_error('error_unspecified', 'oublog', $backlink, 'A4'); } // Check state if ($mcomment->approval) { print_error('error_alreadyapproved', 'oublog', $backlink); } if ($email && $key !== $mcomment->secretkey) { print_error('error_wrongkey', 'oublog', $backlink); } // Require login, it to be your own post, and commenting permission require_login($course, $cm); $context = get_context_instance(CONTEXT_MODULE, $cm->id); oublog_check_view_permissions($oublog, $context, $cm); if ($USER->id !== $post->userid || !oublog_can_view_post($post, $USER, $context, $oublog->global) || !oublog_can_comment($cm, $oublog, $post)) { print_error('accessdenied', 'oublog', $backlink); } // The post must (still) allow public comments if ($post->allowcomments < OUBLOG_COMMENTS_ALLOWPUBLIC || $oublog->allowcomments < OUBLOG_COMMENTS_ALLOWPUBLIC) { print_error('error_moderatednotallowed', 'oublog', $backlink); } // OK they are actually allowed to approve / reject this if (!oublog_approve_comment($mcomment, $approve)) { print_error('error_unspecified', 'oublog', 'A5', $backlink); } // Redirect back to view post $target = 'viewpost.php?post=' . $post->id; if (!$email && $redirectlower) { $target .= '#awaiting'; }
/** * Get all data required to print a list of blog posts as efficiently as possible * * * @param object $oublog * @param int $offset * @param int $userid * @param bool $ignoreprivate set true to not return private posts (global blog only) * @return mixed all data to print a list of blog posts */ function oublog_get_posts($oublog, $context, $offset = 0, $cm, $groupid, $individualid = -1, $userid = null, $tag = '', $canaudit = false, $ignoreprivate = null) { global $CFG, $USER, $DB; $params = array(); $sqlwhere = "bi.oublogid = ?"; $params[] = $oublog->id; $sqljoin = ''; if (isset($userid)) { $sqlwhere .= " AND bi.userid = ? "; $params[] = $userid; } // Individual blog. if ($individualid > -1) { $capable = oublog_individual_has_permissions($cm, $oublog, $groupid, $individualid); oublog_individual_add_to_sqlwhere($sqlwhere, $params, 'bi.userid', $oublog->id, $groupid, $individualid, $capable); } else { // No individual blog. if (isset($groupid) && $groupid) { $sqlwhere .= " AND p.groupid = ? "; $params[] = $groupid; } } if (!$canaudit) { $sqlwhere .= " AND (p.deletedby IS NULL or bi.userid = ?)"; $params[] = $USER->id; } if ($tag) { $sqlwhere .= " AND t.tag = ? "; $params[] = $tag; $sqljoin .= " INNER JOIN {oublog_taginstances} ti ON p.id = ti.postid\n INNER JOIN {oublog_tags} t ON ti.tagid = t.id "; } // Visibility checks. if (!isloggedin() || isguestuser()) { $sqlwhere .= " AND p.visibility =" . OUBLOG_VISIBILITY_PUBLIC; } else { if ($oublog->global) { // Unless the current user has manageposts capability, // they cannot view 'private' posts except their own. if ($ignoreprivate) { $sqlwhere .= ' AND (p.visibility > ' . OUBLOG_VISIBILITY_COURSEUSER . ')'; } else { if (!has_capability('mod/oublog:manageposts', context_system::instance())) { $sqlwhere .= " AND (p.visibility >" . OUBLOG_VISIBILITY_COURSEUSER . " OR (p.visibility = " . OUBLOG_VISIBILITY_COURSEUSER . " AND u.id = ?))"; $params[] = $USER->id; } } } else { $context = context_module::instance($cm->id); if (has_capability('mod/oublog:view', $context)) { $sqlwhere .= " AND (p.visibility >= " . OUBLOG_VISIBILITY_COURSEUSER . " )"; } else { $sqlwhere .= " AND p.visibility > " . OUBLOG_VISIBILITY_COURSEUSER; } } } $usernamefields = get_all_user_name_fields(true, 'u'); $delusernamefields = get_all_user_name_fields(true, 'ud', null, 'del'); $editusernamefields = get_all_user_name_fields(true, 'ue', null, 'ed'); // Get posts. The post has the field timeposted not timecreated, // which is tested in rating::user_can_rate(). $fieldlist = "p.*, p.timeposted AS timecreated, bi.oublogid, {$usernamefields},\n bi.userid, u.idnumber, u.picture, u.imagealt, u.email, u.username,\n {$delusernamefields},\n {$editusernamefields}"; $from = "FROM {oublog_posts} p\n INNER JOIN {oublog_instances} bi ON p.oubloginstancesid = bi.id\n INNER JOIN {user} u ON bi.userid = u.id\n LEFT JOIN {user} ud ON p.deletedby = ud.id\n LEFT JOIN {user} ue ON p.lasteditedby = ue.id\n {$sqljoin}"; $sql = "SELECT {$fieldlist}\n {$from}\n WHERE {$sqlwhere}\n ORDER BY p.timeposted DESC\n "; $countsql = "SELECT count(p.id) {$from} WHERE {$sqlwhere}"; $rs = $DB->get_recordset_sql($sql, $params, $offset, OUBLOG_POSTS_PER_PAGE); // Get paging info $recordcnt = $DB->count_records_sql($countsql, $params); if (!$rs->valid()) { return array(false, $recordcnt); } $cnt = 0; $posts = array(); $postids = array(); foreach ($rs as $post) { if ($cnt > OUBLOG_POSTS_PER_PAGE) { break; } if (oublog_can_view_post($post, $USER, $context, $oublog->global)) { if ($oublog->maxvisibility < $post->visibility) { $post->visibility = $oublog->maxvisibility; } if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT) { $post->allowcomments = OUBLOG_COMMENTS_PREVENT; } $posts[$post->id] = $post; $postids[] = (int) $post->id; $cnt++; } } $rs->close(); if (empty($posts)) { return array(true, $recordcnt); } // Get tags for all posts on page $sql = "SELECT t.*, ti.postid\n FROM {oublog_taginstances} ti\n INNER JOIN {oublog_tags} t ON ti.tagid = t.id\n WHERE ti.postid IN (" . implode(",", $postids) . ") "; $rs = $DB->get_recordset_sql($sql); foreach ($rs as $tag) { $posts[$tag->postid]->tags[$tag->id] = $tag->tag; } // Load ratings. require_once $CFG->dirroot . '/rating/lib.php'; if ($oublog->assessed != RATING_AGGREGATE_NONE) { $ratingoptions = new stdClass(); $ratingoptions->context = $context; $ratingoptions->component = 'mod_oublog'; $ratingoptions->ratingarea = 'post'; $ratingoptions->items = $posts; $ratingoptions->aggregate = $oublog->assessed; // The aggregation method. $ratingoptions->scaleid = $oublog->scale; $ratingoptions->userid = $USER->id; $ratingoptions->assesstimestart = $oublog->assesstimestart; $ratingoptions->assesstimefinish = $oublog->assesstimefinish; $rm = new rating_manager(); $posts = $rm->get_ratings($ratingoptions); } $rs->close(); // Get comments for post on the page $sql = "SELECT c.id, c.postid, c.timeposted, c.authorname, c.authorip, c.timeapproved, c.userid, {$usernamefields}, u.picture, u.imagealt, u.email, u.idnumber\n FROM {oublog_comments} c\n LEFT JOIN {user} u ON c.userid = u.id\n WHERE c.postid IN (" . implode(",", $postids) . ") AND c.deletedby IS NULL\n ORDER BY c.timeposted ASC "; $rs = $DB->get_recordset_sql($sql); foreach ($rs as $comment) { $posts[$comment->postid]->comments[$comment->id] = $comment; } $rs->close(); // Get count of comments waiting approval for posts on the page... if ($oublog->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) { // Make list of all posts that allow public comments $publicallowed = array(); foreach ($posts as $post) { if ($post->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) { $publicallowed[] = (int) $post->id; } } // Only run a db query if there are some posts that allow public // comments (so, no performance degradation if feature is not used) if (count($publicallowed) > 0) { $sql = "SELECT cm.postid, COUNT(1) AS numpending\n FROM {oublog_comments_moderated} cm\n WHERE cm.postid IN (" . implode(",", $publicallowed) . ")\n AND cm.approval = 0\n GROUP BY cm.postid"; $rs = $DB->get_recordset_sql($sql); foreach ($rs as $postinfo) { $posts[$postinfo->postid]->pendingcomments = $postinfo->numpending; } $rs->close(); } } return array($posts, $recordcnt); }
/** * Get all data required to print a list of blog posts as efficiently as possible * * * @param object $oublog * @param int $offset * @param int $userid * @return mixed all data to print a list of blog posts */ function oublog_get_posts($oublog, $context, $offset = 0, $cm, $groupid, $individualid = -1, $userid = null, $tag = '', $canaudit = false) { global $CFG, $USER; $sqlwhere = " bi.oublogid = {$oublog->id} "; $sqljoin = ''; if (isset($userid)) { $sqlwhere .= " AND bi.userid = {$userid} "; } //individual blog if ($individualid > -1) { $capable = oublog_individual_has_permissions($cm, $oublog, $groupid, $individualid); oublog_individual_add_to_sqlwhere(&$sqlwhere, 'bi.userid', $oublog->id, $groupid, $individualid, $capable); } else { if (isset($groupid) && $groupid) { $sqlwhere .= " AND p.groupid = {$groupid} "; } } if (!$canaudit) { $sqlwhere .= " AND p.deletedby IS NULL "; } if ($tag) { $sqlwhere .= " AND t.tag = '" . addslashes($tag) . "' "; $sqljoin .= " INNER JOIN {$CFG->prefix}oublog_taginstances ti ON p.id = ti.postid\n INNER JOIN {$CFG->prefix}oublog_tags t ON ti.tagid = t.id "; } // visibility check if (!isloggedin() || isguestuser()) { $sqlwhere .= " AND p.visibility=" . OUBLOG_VISIBILITY_PUBLIC; } else { if ($oublog->global) { $sqlwhere .= " AND (p.visibility >" . OUBLOG_VISIBILITY_COURSEUSER . " OR (p.visibility=" . OUBLOG_VISIBILITY_COURSEUSER . " AND u.id=" . $USER->id . "))"; } } // Get posts $fieldlist = "p.*, bi.oublogid, u.firstname, u.lastname, bi.userid, u.idnumber, u.picture, u.imagealt, u.email, u.username,\n ud.firstname AS delfirstname, ud.lastname AS dellastname,\n ue.firstname AS edfirstname, ue.lastname AS edlastname"; $from = "FROM {$CFG->prefix}oublog_posts p\n INNER JOIN {$CFG->prefix}oublog_instances bi ON p.oubloginstancesid = bi.id\n INNER JOIN {$CFG->prefix}user u ON bi.userid = u.id\n LEFT JOIN {$CFG->prefix}user ud ON p.deletedby = ud.id\n LEFT JOIN {$CFG->prefix}user ue ON p.lasteditedby = ue.id\n {$sqljoin}"; $sql = "SELECT {$fieldlist}\n {$from}\n WHERE {$sqlwhere}\n ORDER BY p.timeposted DESC\n "; $countsql = "SELECT count(p.id) {$from} WHERE {$sqlwhere}"; if (!($rs = get_recordset_sql($sql, $offset, OUBLOG_POSTS_PER_PAGE))) { return false; } // Get paging info $recordcnt = count_records_sql($countsql); //$rs->RecordCount(); $cnt = 0; $posts = array(); $postids = array(); while (($post = rs_fetch_next_record($rs)) && $cnt < OUBLOG_POSTS_PER_PAGE) { if (oublog_can_view_post($post, $USER, $context, $oublog->global)) { if ($oublog->maxvisibility < $post->visibility) { $post->visibility = $oublog->maxvisibility; } if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT) { $post->allowcomments = OUBLOG_COMMENTS_PREVENT; } $posts[$post->id] = $post; $postids[] = $post->id; $cnt++; } } rs_close($rs); if (empty($posts)) { return true; } // Get tags for all posts on page $sql = "SELECT t.*, ti.postid\n FROM {$CFG->prefix}oublog_taginstances ti\n INNER JOIN {$CFG->prefix}oublog_tags t ON ti.tagid = t.id\n WHERE ti.postid IN ('" . implode("','", $postids) . "') "; $rs = get_recordset_sql($sql); while ($tag = rs_fetch_next_record($rs)) { $posts[$tag->postid]->tags[$tag->id] = $tag->tag; } rs_close($rs); // Get comments for post on the page $sql = "SELECT c.id, c.postid, c.timeposted, c.authorname, c.authorip, c.timeapproved, c.userid, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.idnumber\n FROM {$CFG->prefix}oublog_comments c\n LEFT JOIN {$CFG->prefix}user u ON c.userid = u.id\n WHERE c.postid IN ('" . implode("','", $postids) . "') AND c.deletedby IS NULL\n ORDER BY c.timeposted ASC "; $rs = get_recordset_sql($sql); while ($comment = rs_fetch_next_record($rs)) { $posts[$comment->postid]->comments[$comment->id] = $comment; } rs_close($rs); // Get count of comments waiting approval for posts on the page... if ($oublog->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) { // Make list of all posts that allow public comments $publicallowed = array(); foreach ($posts as $post) { if ($post->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) { $publicallowed[] = $post->id; } } // Only run a db query if there are some posts that allow public // comments (so, no performance degradation if feature is not used) if (count($publicallowed) > 0) { $sql = "SELECT cm.postid, COUNT(1) AS numpending\n FROM {$CFG->prefix}oublog_comments_moderated cm\n WHERE cm.postid IN ('" . implode("','", $publicallowed) . "')\n AND cm.approval = 0\n GROUP BY cm.postid"; $rs = get_recordset_sql($sql); while ($postinfo = rs_fetch_next_record($rs)) { $posts[$postinfo->postid]->pendingcomments = $postinfo->numpending; } rs_close($rs); } } return array($posts, $recordcnt); }
/** * File browsing support for oublog module. * @param object $browser * @param object $areas * @param object $course * @param object $cm * @param object $context * @param string $filearea * @param int $itemid * @param string $filepath * @param string $filename * @return file_info instance Representing an actual file or folder (null if not found * or cannot access) */ function oublog_get_file_info($browser, $areas, $course, $cm, $context, $filearea, $itemid, $filepath, $filename) { global $CFG, $USER, $DB; require_once $CFG->dirroot . '/mod/oublog/locallib.php'; if ($context->contextlevel != CONTEXT_MODULE) { return null; } $fileareas = array('attachment', 'message', 'edit', 'messagecomment'); if (!in_array($filearea, $fileareas)) { return null; } $postid = $itemid; if ($filearea == 'messagecomment') { if (!($comment = $DB->get_record('oublog_comments', array('id' => $postid), 'postid'))) { return null; } $postid = $comment->postid; } if (!($oublog = oublog_get_blog_from_postid($postid))) { return null; } // Check if the user is allowed to view the blog. if (!has_capability('mod/oublog:view', $context)) { return null; } if (!($post = oublog_get_post($postid))) { return null; } // Check if the user is allowed to view the post try { if (!oublog_can_view_post($post, $USER, $context, $oublog->global)) { return null; } } catch (mod_forumng_exception $e) { return null; } $fs = get_file_storage(); $filepath = is_null($filepath) ? '/' : $filepath; $filename = is_null($filename) ? '.' : $filename; if (!($storedfile = $fs->get_file($context->id, 'mod_oublog', $filearea, $itemid, $filepath, $filename))) { return null; } $urlbase = $CFG->wwwroot . '/pluginfile.php'; return new file_info_stored($browser, $context, $storedfile, $urlbase, $filearea, $itemid, true, true, false); }