require_once get_config('libroot') . 'objectionable.php'; require_once 'institution.php'; require_once 'group.php'; safe_require('artefact', 'comment'); safe_require('artefact', 'file'); // access key for roaming teachers $mnettoken = $SESSION->get('mnetuser') ? param_alphanum('mt', null) : null; // access key for logged out users $usertoken = is_null($mnettoken) && get_config('allowpublicviews') ? param_alphanum('t', null) : null; if ($mnettoken) { if (!($viewid = get_view_from_token($mnettoken, false))) { throw new AccessDeniedException(get_string('accessdenied', 'error')); } } else { if ($usertoken) { if (!($viewid = get_view_from_token($usertoken, true))) { throw new AccessDeniedException(get_string('accessdenied', 'error')); } } else { if ($pageurl = param_alphanumext('page', null)) { if ($profile = param_alphanumext('profile', null)) { $view = new View(array('urlid' => $pageurl, 'ownerurlid' => $profile)); } else { if ($homepage = param_alphanumext('homepage', null)) { $view = new View(array('urlid' => $pageurl, 'groupurlid' => $homepage)); } else { throw new ViewNotFoundException(get_string('viewnotfoundexceptiontitle', 'error')); } } $viewid = $view->get('id'); } else {
} } else { if ($group) { $smarty->assign('ownerlink', 'group/view.php?id=' . $group); } } // Provide a link for roaming teachers to return if ($mnetviewlist = $SESSION->get('mnetviewaccess')) { if (isset($mnetviewlist[$view->get('id')])) { $returnurl = $SESSION->get('mnetuserfrom'); require_once get_config('docroot') . 'api/xmlrpc/lib.php'; if ($peer = get_peer_from_instanceid($SESSION->get('authinstance'))) { $smarty->assign('mnethost', array('name' => $peer->name, 'url' => $returnurl ? $returnurl : $peer->wwwroot)); } } } $anonfeedback = !$USER->is_logged_in() && ($usertoken || $viewid == get_view_from_token(get_cookie('viewaccess:' . $viewid))); $smarty->assign('ownername', $view->formatted_owner()); $smarty->assign('streditviewbutton', $new ? get_string('backtocreatemyview', 'view') : get_string('editmyview', 'view')); $smarty->assign('viewdescription', $view->get('description')); $smarty->assign('viewcontent', $view->build_columns()); $smarty->assign('releaseform', $releaseform); $smarty->assign('anonfeedback', $anonfeedback); if ($USER->is_logged_in() || $anonfeedback) { $smarty->assign('addfeedbackform', pieform(add_feedback_form($allowattachments))); } if ($USER->is_logged_in()) { $smarty->assign('objectionform', pieform(objection_form())); } $smarty->assign('viewbeingwatched', $viewbeingwatched); $smarty->display('view/view.tpl');
/** * Given a view id, and a user id (defaults to currently logged in user if not * specified) will return wether this user is allowed to look at this view. * * @param integer $view_id View ID to check * @param integer $user_id User trying to look at the view (defaults to * currently logged in user, or null if user isn't logged in) * @param string $usertoken Key created by view owner for logged-out user access * @param string $mnettoken Key created by mahara for teachers roaming from moodle * * @returns boolean Wether the specified user can look at the specified view. */ function can_view_view($view_id, $user_id = null, $usertoken = null, $mnettoken = null) { global $USER, $SESSION; $now = time(); $dbnow = db_format_timestamp($now); if ($user_id === null) { $user_id = $USER->get('id'); } $publicviews = get_config('allowpublicviews'); if ($publicviews) { if (!$usertoken) { $usertoken = get_cookie('viewaccess:' . $view_id); } if ($usertoken && (!$user_id || $user_id == $USER->get('id')) && $view_id == get_view_from_token($usertoken)) { return true; } } if (!$USER->is_logged_in()) { // check public $publicprofiles = get_config('allowpublicprofiles'); if ($publicviews || $publicprofiles) { $public = get_record_sql("\n SELECT\n v.id, v.type, a.*\n FROM\n {view} v\n LEFT OUTER JOIN {view_access} a ON v.id = a.view\n WHERE\n v.id = ? AND a.accesstype = 'public'\n ", array($view_id)); return $public && ($publicviews && ($public->startdate == null || $public->startdate < $now) && ($public->stopdate == null || $public->stopdate > $now) || $publicprofiles && $public->type == 'profile'); } return false; } // The user is logged in; they can see the view if // - they can edit it, or // - it has been submitted to them for assessment, or // - they have been granted access via the edit view access page. if ($SESSION->get('mnetuser')) { if (!$mnettoken) { $mnettoken = get_cookie('mviewaccess:' . $view_id); } if ($mnettoken && $view_id == get_view_from_token($mnettoken, false)) { $mnetviewlist = $SESSION->get('mnetviewaccess'); if (empty($mnetviewlist)) { $mnetviewlist = array(); } $mnetviewlist[$view_id] = true; $SESSION->set('mnetviewaccess', $mnetviewlist); return true; } } require_once get_config('docroot') . 'lib/view.php'; $view = new View($view_id); if ($USER->can_edit_view($view)) { return true; } if ($submitgroup = $view->get('submittedgroup')) { require_once get_config('docroot') . 'lib/group.php'; if (group_user_can_assess_submitted_views($submitgroup, $user_id)) { return true; } } // Check access for loggedin, friends, user, group $access = get_records_sql_array(' SELECT accesstype AS type, CASE WHEN accesstype = \'friends\' THEN 4 ELSE 1 END AS typeorder, ' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . ' FROM {view_access} WHERE view = ? UNION SELECT \'user\' AS type, 2 AS typeorder, ' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . ' FROM {view_access_usr} WHERE view = ? AND usr = ? UNION SELECT \'group\' AS type, 3 AS typeorder, ' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . ' FROM {view_access_group} vg INNER JOIN {group} g ON (vg.group = g.id AND g.deleted = 0) INNER JOIN {group_member} m ON (g.id = m.group AND (vg.role IS NULL OR vg.role = m.role)) WHERE vg.view = ? AND m.member = ? ORDER BY typeorder ', array($view_id, $view_id, $user_id, $view_id, $user_id)); if (empty($access)) { return false; } foreach ($access as $a) { if ($a->type == 'friends') { $owner = $view->get('owner'); if (!get_field_sql('SELECT COUNT(*) FROM {usr_friend} f WHERE (usr1=? AND usr2=?) OR (usr1=? AND usr2=?)', array($owner, $user_id, $user_id, $owner))) { continue; } } if (($a->startdate == null || $a->startdate < $now) && ($a->stopdate == null || $a->stopdate > $now)) { return true; } } return false; }
function add_feedback_form_validate(Pieform $form, $values) { global $USER, $view; if (!$USER->is_logged_in()) { $token = get_cookie('viewaccess:' . $view->get('id')); if (!$token || get_view_from_token($token) != $view->get('id')) { $form->set_error('message', get_string('placefeedbacknotallowed', 'view')); } } }
array_unshift($artefactpath, array('url' => get_config('wwwroot') . 'view/artefact.php?artefact=' . $parent . '&view=' . $viewid, 'title' => $parentobj->display_title())); } $parent = $parentobj->get('parent'); } $artefactpath[] = array('url' => '', 'title' => $artefact->display_title()); // Feedback $javascript = <<<EOF feedbacklist.view = {$viewid}; feedbacklist.artefact = {$artefactid}; feedbacklist.statevars.push('view', 'artefact'); feedbacklist.updateOnLoad(); EOF; $smarty = smarty(array('mahara', 'tablerenderer', 'feedbacklist'), array('<link rel="stylesheet" type="text/css" href="' . get_config('wwwroot') . 'theme/views.css">'), array(), array('stylesheets' => array('style/views.css'))); $smarty->assign('artefact', $content); $smarty->assign('artefactpath', $artefactpath); $smarty->assign('INLINEJAVASCRIPT', $javascript); $smarty->assign('viewid', $viewid); $smarty->assign('viewtitle', $view->get('title')); $viewowner = $view->get('owner'); if ($viewowner) { $smarty->assign('ownerlink', 'user/view.php?id=' . $viewowner); } else { if ($view->get('group')) { $smarty->assign('ownerlink', 'group/view.php?id=' . $view->get('group')); } } $smarty->assign('ownername', $view->formatted_owner()); $smarty->assign('addfeedbackform', pieform(add_feedback_form(false))); $smarty->assign('objectionform', pieform(objection_form())); $smarty->assign('anonfeedback', !$USER->is_logged_in() && $viewid == get_view_from_token(get_cookie('viewaccess:' . $viewid))); $smarty->display('view/artefact.tpl');