print_error('coursemisconf');
}
if (!($post = oublog_get_post($postid))) {
print_error('invalidpost', 'oublog');
}
if (!($oubloginstance = $DB->get_record('oublog_instances', array('id' => $post->oubloginstancesid)))) {
print_error('invalidblog', 'oublog');
}
$url = new moodle_url('/mod/oublog/editcomment.php', array('blog' => $blog, 'post' => $postid, 'comment' => $commentid));
$PAGE->set_url($url);
// Check security.
$context = context_module::instance($cm->id);
oublog_check_view_permissions($oublog, $context, $cm);
$post->userid = $oubloginstance->userid;
// oublog_can_view_post needs this
if (!oublog_can_view_post($post, $USER, $context, $oublog->global)) {
print_error('accessdenied', 'oublog');
}
oublog_get_activity_groupmode($cm, $course);
if (!oublog_can_comment($cm, $oublog, $post)) {
print_error('accessdenied', 'oublog');
}
if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT || $post->allowcomments == OUBLOG_COMMENTS_PREVENT) {
print_error('commentsnotallowed', 'oublog');
}
$viewurl = 'viewpost.php?post=' . $post->id;
if ($oublog->global) {
$blogtype = 'personal';
if (!($oubloguser = $DB->get_record('user', array('id' => $oubloginstance->userid)))) {
print_error('invaliduserid');
}
/**
* Function filters search results to exclude ones that don't meet the
* visibility criterion.
*
* @param object $result Search result data
*/
function visibility_filter(&$result)
{
global $USER, $modulecontext, $personalblog;
return oublog_can_view_post($result->data, $USER, $modulecontext, $personalblog);
}
}
if (!($course = get_record("course", "id", $cm->course))) {
print_error('error_unspecified', 'oublog', $backlink, 'A4');
}
// Check state
if ($mcomment->approval) {
print_error('error_alreadyapproved', 'oublog', $backlink);
}
if ($email && $key !== $mcomment->secretkey) {
print_error('error_wrongkey', 'oublog', $backlink);
}
// Require login, it to be your own post, and commenting permission
require_login($course, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
oublog_check_view_permissions($oublog, $context, $cm);
if ($USER->id !== $post->userid || !oublog_can_view_post($post, $USER, $context, $oublog->global) || !oublog_can_comment($cm, $oublog, $post)) {
print_error('accessdenied', 'oublog', $backlink);
}
// The post must (still) allow public comments
if ($post->allowcomments < OUBLOG_COMMENTS_ALLOWPUBLIC || $oublog->allowcomments < OUBLOG_COMMENTS_ALLOWPUBLIC) {
print_error('error_moderatednotallowed', 'oublog', $backlink);
}
// OK they are actually allowed to approve / reject this
if (!oublog_approve_comment($mcomment, $approve)) {
print_error('error_unspecified', 'oublog', 'A5', $backlink);
}
// Redirect back to view post
$target = 'viewpost.php?post=' . $post->id;
if (!$email && $redirectlower) {
$target .= '#awaiting';
}
/**
* Get all data required to print a list of blog posts as efficiently as possible
*
*
* @param object $oublog
* @param int $offset
* @param int $userid
* @param bool $ignoreprivate set true to not return private posts (global blog only)
* @return mixed all data to print a list of blog posts
*/
function oublog_get_posts($oublog, $context, $offset = 0, $cm, $groupid, $individualid = -1, $userid = null, $tag = '', $canaudit = false, $ignoreprivate = null)
{
global $CFG, $USER, $DB;
$params = array();
$sqlwhere = "bi.oublogid = ?";
$params[] = $oublog->id;
$sqljoin = '';
if (isset($userid)) {
$sqlwhere .= " AND bi.userid = ? ";
$params[] = $userid;
}
// Individual blog.
if ($individualid > -1) {
$capable = oublog_individual_has_permissions($cm, $oublog, $groupid, $individualid);
oublog_individual_add_to_sqlwhere($sqlwhere, $params, 'bi.userid', $oublog->id, $groupid, $individualid, $capable);
} else {
// No individual blog.
if (isset($groupid) && $groupid) {
$sqlwhere .= " AND p.groupid = ? ";
$params[] = $groupid;
}
}
if (!$canaudit) {
$sqlwhere .= " AND (p.deletedby IS NULL or bi.userid = ?)";
$params[] = $USER->id;
}
if ($tag) {
$sqlwhere .= " AND t.tag = ? ";
$params[] = $tag;
$sqljoin .= " INNER JOIN {oublog_taginstances} ti ON p.id = ti.postid\n INNER JOIN {oublog_tags} t ON ti.tagid = t.id ";
}
// Visibility checks.
if (!isloggedin() || isguestuser()) {
$sqlwhere .= " AND p.visibility =" . OUBLOG_VISIBILITY_PUBLIC;
} else {
if ($oublog->global) {
// Unless the current user has manageposts capability,
// they cannot view 'private' posts except their own.
if ($ignoreprivate) {
$sqlwhere .= ' AND (p.visibility > ' . OUBLOG_VISIBILITY_COURSEUSER . ')';
} else {
if (!has_capability('mod/oublog:manageposts', context_system::instance())) {
$sqlwhere .= " AND (p.visibility >" . OUBLOG_VISIBILITY_COURSEUSER . " OR (p.visibility = " . OUBLOG_VISIBILITY_COURSEUSER . " AND u.id = ?))";
$params[] = $USER->id;
}
}
} else {
$context = context_module::instance($cm->id);
if (has_capability('mod/oublog:view', $context)) {
$sqlwhere .= " AND (p.visibility >= " . OUBLOG_VISIBILITY_COURSEUSER . " )";
} else {
$sqlwhere .= " AND p.visibility > " . OUBLOG_VISIBILITY_COURSEUSER;
}
}
}
$usernamefields = get_all_user_name_fields(true, 'u');
$delusernamefields = get_all_user_name_fields(true, 'ud', null, 'del');
$editusernamefields = get_all_user_name_fields(true, 'ue', null, 'ed');
// Get posts. The post has the field timeposted not timecreated,
// which is tested in rating::user_can_rate().
$fieldlist = "p.*, p.timeposted AS timecreated, bi.oublogid, {$usernamefields},\n bi.userid, u.idnumber, u.picture, u.imagealt, u.email, u.username,\n {$delusernamefields},\n {$editusernamefields}";
$from = "FROM {oublog_posts} p\n INNER JOIN {oublog_instances} bi ON p.oubloginstancesid = bi.id\n INNER JOIN {user} u ON bi.userid = u.id\n LEFT JOIN {user} ud ON p.deletedby = ud.id\n LEFT JOIN {user} ue ON p.lasteditedby = ue.id\n {$sqljoin}";
$sql = "SELECT {$fieldlist}\n {$from}\n WHERE {$sqlwhere}\n ORDER BY p.timeposted DESC\n ";
$countsql = "SELECT count(p.id) {$from} WHERE {$sqlwhere}";
$rs = $DB->get_recordset_sql($sql, $params, $offset, OUBLOG_POSTS_PER_PAGE);
// Get paging info
$recordcnt = $DB->count_records_sql($countsql, $params);
if (!$rs->valid()) {
return array(false, $recordcnt);
}
$cnt = 0;
$posts = array();
$postids = array();
foreach ($rs as $post) {
if ($cnt > OUBLOG_POSTS_PER_PAGE) {
break;
}
if (oublog_can_view_post($post, $USER, $context, $oublog->global)) {
if ($oublog->maxvisibility < $post->visibility) {
$post->visibility = $oublog->maxvisibility;
}
if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT) {
$post->allowcomments = OUBLOG_COMMENTS_PREVENT;
}
$posts[$post->id] = $post;
$postids[] = (int) $post->id;
$cnt++;
}
}
$rs->close();
if (empty($posts)) {
return array(true, $recordcnt);
}
// Get tags for all posts on page
$sql = "SELECT t.*, ti.postid\n FROM {oublog_taginstances} ti\n INNER JOIN {oublog_tags} t ON ti.tagid = t.id\n WHERE ti.postid IN (" . implode(",", $postids) . ") ";
$rs = $DB->get_recordset_sql($sql);
foreach ($rs as $tag) {
$posts[$tag->postid]->tags[$tag->id] = $tag->tag;
}
// Load ratings.
require_once $CFG->dirroot . '/rating/lib.php';
if ($oublog->assessed != RATING_AGGREGATE_NONE) {
$ratingoptions = new stdClass();
$ratingoptions->context = $context;
$ratingoptions->component = 'mod_oublog';
$ratingoptions->ratingarea = 'post';
$ratingoptions->items = $posts;
$ratingoptions->aggregate = $oublog->assessed;
// The aggregation method.
$ratingoptions->scaleid = $oublog->scale;
$ratingoptions->userid = $USER->id;
$ratingoptions->assesstimestart = $oublog->assesstimestart;
$ratingoptions->assesstimefinish = $oublog->assesstimefinish;
$rm = new rating_manager();
$posts = $rm->get_ratings($ratingoptions);
}
$rs->close();
// Get comments for post on the page
$sql = "SELECT c.id, c.postid, c.timeposted, c.authorname, c.authorip, c.timeapproved, c.userid, {$usernamefields}, u.picture, u.imagealt, u.email, u.idnumber\n FROM {oublog_comments} c\n LEFT JOIN {user} u ON c.userid = u.id\n WHERE c.postid IN (" . implode(",", $postids) . ") AND c.deletedby IS NULL\n ORDER BY c.timeposted ASC ";
$rs = $DB->get_recordset_sql($sql);
foreach ($rs as $comment) {
$posts[$comment->postid]->comments[$comment->id] = $comment;
}
$rs->close();
// Get count of comments waiting approval for posts on the page...
if ($oublog->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) {
// Make list of all posts that allow public comments
$publicallowed = array();
foreach ($posts as $post) {
if ($post->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) {
$publicallowed[] = (int) $post->id;
}
}
// Only run a db query if there are some posts that allow public
// comments (so, no performance degradation if feature is not used)
if (count($publicallowed) > 0) {
$sql = "SELECT cm.postid, COUNT(1) AS numpending\n FROM {oublog_comments_moderated} cm\n WHERE cm.postid IN (" . implode(",", $publicallowed) . ")\n AND cm.approval = 0\n GROUP BY cm.postid";
$rs = $DB->get_recordset_sql($sql);
foreach ($rs as $postinfo) {
$posts[$postinfo->postid]->pendingcomments = $postinfo->numpending;
}
$rs->close();
}
}
return array($posts, $recordcnt);
}
/**
* Get all data required to print a list of blog posts as efficiently as possible
*
*
* @param object $oublog
* @param int $offset
* @param int $userid
* @return mixed all data to print a list of blog posts
*/
function oublog_get_posts($oublog, $context, $offset = 0, $cm, $groupid, $individualid = -1, $userid = null, $tag = '', $canaudit = false)
{
global $CFG, $USER;
$sqlwhere = " bi.oublogid = {$oublog->id} ";
$sqljoin = '';
if (isset($userid)) {
$sqlwhere .= " AND bi.userid = {$userid} ";
}
//individual blog
if ($individualid > -1) {
$capable = oublog_individual_has_permissions($cm, $oublog, $groupid, $individualid);
oublog_individual_add_to_sqlwhere(&$sqlwhere, 'bi.userid', $oublog->id, $groupid, $individualid, $capable);
} else {
if (isset($groupid) && $groupid) {
$sqlwhere .= " AND p.groupid = {$groupid} ";
}
}
if (!$canaudit) {
$sqlwhere .= " AND p.deletedby IS NULL ";
}
if ($tag) {
$sqlwhere .= " AND t.tag = '" . addslashes($tag) . "' ";
$sqljoin .= " INNER JOIN {$CFG->prefix}oublog_taginstances ti ON p.id = ti.postid\n INNER JOIN {$CFG->prefix}oublog_tags t ON ti.tagid = t.id ";
}
// visibility check
if (!isloggedin() || isguestuser()) {
$sqlwhere .= " AND p.visibility=" . OUBLOG_VISIBILITY_PUBLIC;
} else {
if ($oublog->global) {
$sqlwhere .= " AND (p.visibility >" . OUBLOG_VISIBILITY_COURSEUSER . " OR (p.visibility=" . OUBLOG_VISIBILITY_COURSEUSER . " AND u.id=" . $USER->id . "))";
}
}
// Get posts
$fieldlist = "p.*, bi.oublogid, u.firstname, u.lastname, bi.userid, u.idnumber, u.picture, u.imagealt, u.email, u.username,\n ud.firstname AS delfirstname, ud.lastname AS dellastname,\n ue.firstname AS edfirstname, ue.lastname AS edlastname";
$from = "FROM {$CFG->prefix}oublog_posts p\n INNER JOIN {$CFG->prefix}oublog_instances bi ON p.oubloginstancesid = bi.id\n INNER JOIN {$CFG->prefix}user u ON bi.userid = u.id\n LEFT JOIN {$CFG->prefix}user ud ON p.deletedby = ud.id\n LEFT JOIN {$CFG->prefix}user ue ON p.lasteditedby = ue.id\n {$sqljoin}";
$sql = "SELECT {$fieldlist}\n {$from}\n WHERE {$sqlwhere}\n ORDER BY p.timeposted DESC\n ";
$countsql = "SELECT count(p.id) {$from} WHERE {$sqlwhere}";
if (!($rs = get_recordset_sql($sql, $offset, OUBLOG_POSTS_PER_PAGE))) {
return false;
}
// Get paging info
$recordcnt = count_records_sql($countsql);
//$rs->RecordCount();
$cnt = 0;
$posts = array();
$postids = array();
while (($post = rs_fetch_next_record($rs)) && $cnt < OUBLOG_POSTS_PER_PAGE) {
if (oublog_can_view_post($post, $USER, $context, $oublog->global)) {
if ($oublog->maxvisibility < $post->visibility) {
$post->visibility = $oublog->maxvisibility;
}
if ($oublog->allowcomments == OUBLOG_COMMENTS_PREVENT) {
$post->allowcomments = OUBLOG_COMMENTS_PREVENT;
}
$posts[$post->id] = $post;
$postids[] = $post->id;
$cnt++;
}
}
rs_close($rs);
if (empty($posts)) {
return true;
}
// Get tags for all posts on page
$sql = "SELECT t.*, ti.postid\n FROM {$CFG->prefix}oublog_taginstances ti\n INNER JOIN {$CFG->prefix}oublog_tags t ON ti.tagid = t.id\n WHERE ti.postid IN ('" . implode("','", $postids) . "') ";
$rs = get_recordset_sql($sql);
while ($tag = rs_fetch_next_record($rs)) {
$posts[$tag->postid]->tags[$tag->id] = $tag->tag;
}
rs_close($rs);
// Get comments for post on the page
$sql = "SELECT c.id, c.postid, c.timeposted, c.authorname, c.authorip, c.timeapproved, c.userid, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.idnumber\n FROM {$CFG->prefix}oublog_comments c\n LEFT JOIN {$CFG->prefix}user u ON c.userid = u.id\n WHERE c.postid IN ('" . implode("','", $postids) . "') AND c.deletedby IS NULL\n ORDER BY c.timeposted ASC ";
$rs = get_recordset_sql($sql);
while ($comment = rs_fetch_next_record($rs)) {
$posts[$comment->postid]->comments[$comment->id] = $comment;
}
rs_close($rs);
// Get count of comments waiting approval for posts on the page...
if ($oublog->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) {
// Make list of all posts that allow public comments
$publicallowed = array();
foreach ($posts as $post) {
if ($post->allowcomments >= OUBLOG_COMMENTS_ALLOWPUBLIC) {
$publicallowed[] = $post->id;
}
}
// Only run a db query if there are some posts that allow public
// comments (so, no performance degradation if feature is not used)
if (count($publicallowed) > 0) {
$sql = "SELECT cm.postid, COUNT(1) AS numpending\n FROM {$CFG->prefix}oublog_comments_moderated cm\n WHERE cm.postid IN ('" . implode("','", $publicallowed) . "')\n AND cm.approval = 0\n GROUP BY cm.postid";
$rs = get_recordset_sql($sql);
while ($postinfo = rs_fetch_next_record($rs)) {
$posts[$postinfo->postid]->pendingcomments = $postinfo->numpending;
}
rs_close($rs);
}
}
return array($posts, $recordcnt);
}
/**
* File browsing support for oublog module.
* @param object $browser
* @param object $areas
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param int $itemid
* @param string $filepath
* @param string $filename
* @return file_info instance Representing an actual file or folder (null if not found
* or cannot access)
*/
function oublog_get_file_info($browser, $areas, $course, $cm, $context, $filearea, $itemid, $filepath, $filename)
{
global $CFG, $USER, $DB;
require_once $CFG->dirroot . '/mod/oublog/locallib.php';
if ($context->contextlevel != CONTEXT_MODULE) {
return null;
}
$fileareas = array('attachment', 'message', 'edit', 'messagecomment');
if (!in_array($filearea, $fileareas)) {
return null;
}
$postid = $itemid;
if ($filearea == 'messagecomment') {
if (!($comment = $DB->get_record('oublog_comments', array('id' => $postid), 'postid'))) {
return null;
}
$postid = $comment->postid;
}
if (!($oublog = oublog_get_blog_from_postid($postid))) {
return null;
}
// Check if the user is allowed to view the blog.
if (!has_capability('mod/oublog:view', $context)) {
return null;
}
if (!($post = oublog_get_post($postid))) {
return null;
}
// Check if the user is allowed to view the post
try {
if (!oublog_can_view_post($post, $USER, $context, $oublog->global)) {
return null;
}
} catch (mod_forumng_exception $e) {
return null;
}
$fs = get_file_storage();
$filepath = is_null($filepath) ? '/' : $filepath;
$filename = is_null($filename) ? '.' : $filename;
if (!($storedfile = $fs->get_file($context->id, 'mod_oublog', $filearea, $itemid, $filepath, $filename))) {
return null;
}
$urlbase = $CFG->wwwroot . '/pluginfile.php';
return new file_info_stored($browser, $context, $storedfile, $urlbase, $filearea, $itemid, true, true, false);
}
