function pieform_element_filebrowser_createfolder(Pieform $form, $element, $data) { global $USER; $parentfolder = $data['folder'] ? (int) $data['folder'] : null; $institution = !empty($element['institution']) ? $element['institution'] : $form->get_property('institution'); $group = !empty($element['group']) ? $element['group'] : $form->get_property('group'); $result = array(); $data = (object) array('parent' => $parentfolder, 'owner' => null, 'title' => trim($data['title'])); if ($parentfolder) { $parentartefact = artefact_instance_from_id($parentfolder); if (!$USER->can_edit_artefact($parentartefact)) { return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file')); } else { if ($parentartefact->get('locked')) { return array('error' => true, 'message' => get_string('cannoteditfoldersubmitted', 'artefact.file')); } } } $data->owner = $data->group = $data->institution = null; if ($institution) { $data->institution = $institution; } else { if ($group) { if (!group_within_edit_window($group)) { return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file')); } if (!$parentfolder) { if (!pieform_element_filebrowser_edit_group_folder($group, 0)) { return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file')); } } $data->group = $group; } else { $data->owner = $USER->get('id'); } } if ($oldid = ArtefactTypeFileBase::file_exists($data->title, $data->owner, $parentfolder, $institution, $group)) { return array('error' => true, 'message' => get_string('fileexists', 'artefact.file')); } $f = new ArtefactTypeFolder(0, $data); $f->set('dirty', true); $f->commit(); return array('error' => false, 'message' => get_string('foldercreated', 'artefact.file'), 'highlight' => $f->get('id'), 'newlist' => pieform_element_filebrowser_build_filelist($form, $element, $parentfolder, $f->get('id'), $data->owner, $data->group, $data->institution), 'foldercreated' => true); }
/** * Indicates whether the user has permission to edit an artefact's contents. The name refers * to the "edit" permission for group files. * * If a user has "edit" permission, it is assumed they also have "view" permission (i.e. * can view it in the artefact chooser -- see $USER->can_view_artefact()) * * @param ArtefactType $a * @param boolean $viewparent Whether the user must also be able to "view" the artefact's parent * @return boolean */ public function can_edit_artefact($a, $viewparent = false) { $parent = $a->get_parent_instance(); if ($parent) { if ($viewparent) { if (!$this->can_view_artefact($parent)) { return false; } } else { if (!$this->can_edit_artefact($parent, true)) { return false; } } } if ($this->get('admin') || ($this->get('id') and $this->get('id') == $a->get('owner')) || ($a->get('institution') and $this->is_institutional_admin($a->get('institution')))) { return true; } if (!($group = $a->get('group'))) { return false; } require_once 'group.php'; if (!($role = group_user_access($group, $this->id))) { return false; } if ($role == 'admin') { return true; } if (!group_within_edit_window($group)) { return false; } if ($this->id == $a->get('author')) { return true; } return $a->role_has_permission($role, 'edit'); }
SELECT m.forum, m.user FROM {interaction_forum_moderator} m INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0) ) m ON (m.forum = f.id AND m.user = p.poster) INNER JOIN {interaction_forum_post} p3 ON (p.poster = p3.poster AND p3.deleted != 1) INNER JOIN {interaction_forum_topic} t2 ON (t2.deleted != 1 AND p3.topic = t2.id) INNER JOIN {interaction_instance} f2 ON (t2.forum = f2.id AND f2.deleted != 1 AND f2.group = f.group) WHERE p.id = ? AND p.deleted != 1 GROUP BY 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12', array(0, $postid)); if (!$post) { throw new NotFoundException(get_string('cantfindpost', 'interaction.forum', $postid)); } $membership = user_can_access_forum((int) $post->forum); $moderator = (bool) ($membership & INTERACTION_FORUM_MOD); if (!$moderator || $post->group && !group_within_edit_window($post->group)) { throw new AccessDeniedException(get_string('cantdeletepost', 'interaction.forum')); } if (!$post->parent) { throw new AccessDeniedException(get_string('cantdeletethispost', 'interaction.forum')); } define('GROUP', $post->group); define('TITLE', $post->topicsubject . ' - ' . get_string('deletepost', 'interaction.forum')); $post->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $post->ctime); $form = pieform(array('name' => 'deletepost', 'renderer' => 'div', 'autofocus' => false, 'elements' => array('title' => array('value' => get_string('deletepostsure', 'interaction.forum')), 'submit' => array('type' => 'submitcancel', 'class' => 'btn-success', 'value' => array(get_string('yes'), get_string('no')), 'goto' => get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topic . '&post=' . $postid), 'post' => array('type' => 'hidden', 'value' => $postid), 'topic' => array('type' => 'hidden', 'value' => $post->topic), 'parent' => array('type' => 'hidden', 'value' => $post->parent)))); function deletepost_submit(Pieform $form, $values) { global $SESSION, $USER; $objectionable = get_record_sql("SELECT fp.id\n FROM {interaction_forum_post} fp\n JOIN {objectionable} o\n ON (o.objecttype = 'forum' AND o.objectid = fp.id)\n WHERE fp.id = ?\n AND o.resolvedby IS NULL\n AND o.resolvedtime IS NULL", array($values['post'])); if ($objectionable !== false) { // Trigger activity.
function group_role_can_edit_views($group, $role) { if (empty($role)) { return false; } if ($role == 'admin') { return true; } if (is_numeric($group)) { $editroles = get_field('group', 'editroles', 'id', $group); } else { if (!isset($group->editroles)) { $editroles = get_field('group', 'editroles', 'id', $group->id); } else { $editroles = $group->editroles; } } if ($role == 'member') { return $editroles == 'all' && group_within_edit_window($group); } return $editroles != 'admin'; }
$viewid = $views['views'][0]->view; } else { $viewid = param_integer('id'); } $view = new View($viewid); if (empty($collection)) { $collection = $view->get_collection(); } define('TITLE', get_string('editaccess', 'view')); $group = $view->get('group'); $institution = $view->get('institution'); View::set_nav($group, $institution, true); if (!$USER->can_edit_view($view) || $view->get('owner') == "0") { throw new AccessDeniedException(); } if ($group && !group_within_edit_window($group)) { throw new AccessDeniedException(); } $form = array('name' => 'editaccess', 'renderer' => 'div', 'plugintype' => 'core', 'pluginname' => 'view', 'viewid' => $view->get('id'), 'userview' => (int) $view->get('owner'), 'elements' => array('id' => array('type' => 'hidden', 'value' => $view->get('id')))); // Create checkboxes to allow the user to apply these access rules to // any of their views/collections. // For institution views, force edit access of one view at a time for now. Editing multiple // institution views requires doing some tricky stuff with the 'copy for new users/groups' // options, and there's not much room for the 'Share' tab in the admin area anyway if ($view->get('type') != 'profile') { list($collections, $views) = View::get_views_and_collections($view->get('owner'), $group, $institution, $view->get('accessconf'), false); } if (!empty($collections)) { foreach ($collections as &$c) { $c = array('title' => $c['name'], 'value' => $c['id'], 'defaultvalue' => $collectionid == $c['id'] || !empty($c['match']), 'views' => $c['views']); }
$topic = get_record_sql('SELECT p.subject, p.poster, p.id AS firstpost, ' . db_format_tsfield('p.ctime', 'ctime') . ', t.id, f.group AS groupid, g.name AS groupname, f.id AS forumid, f.title AS forumtitle, t.closed, sf.forum AS forumsubscribed, st.topic AS topicsubscribed FROM {interaction_forum_topic} t INNER JOIN {interaction_instance} f ON (t.forum = f.id AND f.deleted != 1) INNER JOIN {group} g ON (g.id = f.group AND g.deleted = 0) INNER JOIN {interaction_forum_post} p ON (p.topic = t.id AND p.parent IS NULL) LEFT JOIN {interaction_forum_subscription_forum} sf ON (sf.forum = f.id AND sf.user = ?) LEFT JOIN {interaction_forum_subscription_topic} st ON (st.topic = t.id AND st.user = ?) WHERE t.id = ? AND t.deleted != 1', array($USER->get('id'), $USER->get('id'), $topicid)); if (!$topic) { throw new NotFoundException(get_string('cantfindtopic', 'interaction.forum', $topicid)); } define('GROUP', $topic->groupid); $group = get_record('group', 'id', $topic->groupid); $publicgroup = $group->public; $ineditwindow = group_within_edit_window($group); $feedlink = get_config('wwwroot') . 'interaction/forum/atom.php?type=t&id=' . $topic->id; $membership = user_can_access_forum((int) $topic->forumid); $moderator = $ineditwindow && (bool) ($membership & INTERACTION_FORUM_MOD); $forumconfig = get_records_assoc('interaction_forum_instance_config', 'forum', $topic->forumid, '', 'field,value'); $indentmode = isset($forumconfig['indentmode']) ? $forumconfig['indentmode']->value : 'full_indent'; $maxindentdepth = isset($forumconfig['maxindent']) ? $forumconfig['maxindent']->value : 10; if (!$membership && !get_field('group', 'public', 'id', $topic->groupid)) { $objection = param_integer('objection', 0); $errorstr = $objection ? get_string('accessdeniedobjection', 'error') : get_string('cantviewtopic', 'interaction.forum'); throw new GroupAccessDeniedException($errorstr, $objection); } $topic->canedit = ($moderator || user_can_edit_post($topic->poster, $topic->ctime)) && $ineditwindow; define('TITLE', $topic->forumtitle . ' - ' . $topic->subject); $groupadmins = group_get_admin_ids($topic->groupid); if ($membership && !$topic->forumsubscribed) {
* @author Catalyst IT Ltd * @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later * @copyright For copyright information on Mahara, please see the README file distributed with this software. * */ define('INTERNAL', 1); require dirname(dirname(__FILE__)) . '/init.php'; require_once 'pieforms/pieform.php'; require_once 'view.php'; $viewid = param_integer('id'); $view = new View($viewid, null); if (!$view || $view->get('owner') == "0" || !$USER->can_edit_view($view)) { throw new AccessDeniedException(get_string('cantdeleteview', 'view')); } $groupid = $view->get('group'); if ($groupid && !group_within_edit_window($groupid)) { throw new AccessDeniedException(get_string('cantdeleteview', 'view')); } $collectionnote = ''; $collection = $view->get_collection(); if ($collection) { $collectionnote = get_string('deleteviewconfirmnote2', 'view', $collection->get_url(), $collection->get('name')); } $institution = $view->get('institution'); View::set_nav($groupid, $institution); if ($groupid) { $goto = 'groupviews.php?group=' . $groupid; } else { if ($institution) { $goto = 'institutionviews.php?institution=' . $institution; } else {
FROM {interaction_instance} f INNER JOIN {group} g ON (g.id = f.group AND g.deleted = 0) WHERE f.id = ? AND f.deleted != 1', array($forumid)); if (!$forum) { throw new NotFoundException(get_string('cantfindforum', 'interaction.forum', $forumid)); } $forumconfig = get_records_assoc('interaction_forum_instance_config', 'forum', $forumid, '', 'field,value'); define('GROUP', $forum->groupid); $membership = user_can_access_forum((int) $forumid); $moderator = (bool) ($membership & INTERACTION_FORUM_MOD); $admintutor = (bool) group_get_user_admintutor_groups(); if (!$membership || $forumconfig['createtopicusers']->value == 'moderators' && !$moderator) { throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum')); } if (!group_within_edit_window($forum->groupid)) { throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum')); } if (!isset($topicid)) { // new topic define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum')); } else { // edit topic define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum')); // no record for edits to own posts with 30 minutes if (user_can_edit_post($topic->poster, $topic->ctime)) { $topic->editrecord = false; $timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $topic->ctime) / 60); } else { if ($moderator) { $topic->editrecord = true;
*/ define('INTERNAL', 1); require dirname(dirname(__FILE__)) . '/init.php'; require_once get_config('libroot') . 'view.php'; require_once get_config('libroot') . 'group.php'; $owner = param_integer('owner', 0); $groupid = param_integer('group', null); $institution = param_alphanum('institution', null); $searchcollection = param_integer('searchcollection', false); View::set_nav($groupid, $institution, false, $searchcollection); if ($usetemplate = param_integer('usetemplate', null)) { // If a form has been submitted, build it now and pieforms will // call the submit function straight away pieform(create_view_form($groupid, $institution, $usetemplate, param_integer('copycollection', null))); } if ($groupid && (!group_user_can_edit_views($groupid) || !group_within_edit_window($groupid)) || $institution && !$USER->can_edit_institution($institution)) { throw new AccessDeniedException(); } if (!empty($groupid)) { $group = group_current_group(); define('TITLE', $group->name); } else { $owner = $USER->get('id'); define('TITLE', get_string('copyvieworcollection', 'view')); } define('SUBTITLE', get_string('copyvieworcollection', 'view')); $views = new StdClass(); $views->query = trim(param_variable('viewquery', '')); $views->ownerquery = trim(param_variable('ownerquery', '')); $views->offset = param_integer('viewoffset', 0); $views->limit = param_integer('viewlimit', 10);
/** * Creates pieforms definition for forms on the my files, group files, etc. pages. */ public static function files_form($page = '', $group = null, $institution = null, $folder = null, $highlight = null, $edit = null) { global $USER; $resizeonuploaduserdefault = $USER->get_account_preference('resizeonuploaduserdefault'); $folder = param_integer('folder', 0); $edit = param_variable('edit', 0); if (is_array($edit)) { $edit = array_keys($edit); $edit = $edit[0]; } $edit = (int) $edit; $highlight = null; if ($file = param_integer('file', 0)) { $highlight = array($file); // todo convert to file1=1&file2=2 etc } // Check whether the user may upload files; either the group needs to // be within its edit window (if one is set) or the user needs to be // the group admin. if (!empty($group)) { $editfilesfolders = group_within_edit_window($group); } else { $editfilesfolders = true; } $form = array('name' => 'files', 'jsform' => true, 'newiframeonsubmit' => true, 'jssuccesscallback' => 'files_callback', 'jserrorcallback' => 'files_callback', 'renderer' => 'oneline', 'plugintype' => 'artefact', 'pluginname' => 'file', 'configdirs' => array(get_config('libroot') . 'form/', get_config('docroot') . 'artefact/file/form/'), 'group' => $group, 'institution' => $institution, 'elements' => array('filebrowser' => array('type' => 'filebrowser', 'folder' => $folder, 'highlight' => $highlight, 'edit' => $edit, 'page' => $page, 'config' => array('upload' => $editfilesfolders, 'uploadagreement' => get_config_plugin('artefact', 'file', 'uploadagreement'), 'resizeonuploaduseroption' => get_config_plugin('artefact', 'file', 'resizeonuploaduseroption'), 'resizeonuploaduserdefault' => $resizeonuploaduserdefault, 'createfolder' => $editfilesfolders, 'edit' => $editfilesfolders, 'select' => false)))); return $form; }
define('MENUITEM', 'myportfolio/views'); require dirname(dirname(__FILE__)) . '/init.php'; require_once 'pieforms/pieform.php'; require_once 'view.php'; require_once 'collection.php'; require_once 'activity.php'; require_once get_config('docroot') . 'artefact/lib.php'; $groupid = param_integer('group'); $returnto = param_variable('returnto', 'view'); $group = get_record_sql('SELECT g.id, g.name, g.grouptype, g.urlid FROM {group_member} u INNER JOIN {group} g ON (u.group = g.id AND g.deleted = 0) WHERE u.member = ? AND g.id = ? AND g.submittableto = 1', array($USER->get('id'), $groupid)); if (!$group || !group_within_edit_window($group)) { throw new AccessDeniedException(get_string('cantsubmittogroup', 'view')); } if ($collectionid = param_integer('collection', null)) { $collection = new Collection($collectionid); if (!$collection || $collection->is_submitted() || $collection->get('owner') !== $USER->get('id')) { throw new AccessDeniedException(get_string('cantsubmitcollectiontogroup', 'view')); } $submissionname = $collection->get('name'); } else { $view = new View(param_integer('id')); if (!$view || $view->is_submitted() || $view->get('owner') !== $USER->get('id')) { throw new AccessDeniedException(get_string('cantsubmitviewtogroup', 'view')); } $submissionname = $view->get('title'); }
throw new NotFoundException(get_string('cantfindpost', 'interaction.forum', $parentid)); } if (!group_within_edit_window($parent->group)) { throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum')); } if (!$membership) { throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum')); } if (!$moderator && $parent->topicclosed) { throw new AccessDeniedException(get_string('cantaddposttotopic', 'interaction.forum')); } $action = get_string('postreply', 'interaction.forum'); define('TITLE', $parent->topicsubject . ' - ' . $action); } else { // edit post if (!group_within_edit_window($parent->group)) { throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum')); } // no record for edits to own posts with 30 minutes if (user_can_edit_post($post->poster, $post->ctime)) { $post->editrecord = false; $timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $post->ctime) / 60); } else { if ($moderator) { $post->editrecord = true; } else { if (user_can_edit_post($post->poster, $post->ctime, $USER->get('id'), false)) { $SESSION->add_error_msg(get_string('postaftertimeout', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay'))); redirect('/interaction/forum/topic.php?id=' . $parent->topic); } else { throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum'));
INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0) ) m ON (m.forum = t.forum AND m.user = p.poster) INNER JOIN {interaction_forum_post} p2 ON (p.poster = p2.poster AND p2.deleted != 1) INNER JOIN {interaction_forum_topic} t2 ON (t2.deleted != 1 AND p2.topic = t2.id) INNER JOIN {interaction_instance} f2 ON (t2.forum = f2.id AND f2.deleted != 1 AND f2.group = f.group) WHERE t.id = ? AND t.deleted != 1 GROUP BY 1, 2, 3, 4, 5, 6, 7, 9, 10, 11', array(0, $topicid)); if (!$topic) { throw new NotFoundException(get_string('cantfindtopic', 'interaction.forum', $topicid)); } define('GROUP', $topic->group); $membership = user_can_access_forum((int) $topic->forumid); $moderator = (bool) ($membership & INTERACTION_FORUM_MOD); $topic->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $topic->ctime); if (!$moderator || $topic->group && !group_within_edit_window($topic->group)) { throw new AccessDeniedException(get_string('cantdeletetopic', 'interaction.forum')); } define('TITLE', $topic->title . ' - ' . get_string('deletetopicspecific', 'interaction.forum', $topic->subject)); $form = pieform(array('name' => 'deletetopic', 'renderer' => 'div', 'autofocus' => false, 'elements' => array('title' => array('value' => get_string('deletetopicsure', 'interaction.forum')), 'submit' => array('type' => 'submitcancel', 'value' => array(get_string('yes'), get_string('no')), 'goto' => get_config('wwwroot') . ($returnto == 'view' ? 'interaction/forum/view.php?id=' . $topic->forumid : 'interaction/forum/topic.php?id=' . $topicid)), 'forum' => array('type' => 'hidden', 'value' => $topic->forumid)))); function deletetopic_submit(Pieform $form, $values) { global $SESSION, $USER, $topicid; $objectionable = get_record_sql("SELECT fp.id\n FROM {interaction_forum_post} fp\n JOIN {objectionable} o\n ON (o.objecttype = 'forum' AND o.objectid = fp.id)\n WHERE fp.topic = ?\n AND fp.parent IS NULL\n AND o.resolvedby IS NULL\n AND o.resolvedtime IS NULL", array($topicid)); if ($objectionable !== false) { // Trigger activity. $data = new StdClass(); $data->postid = $objectionable->id; $data->message = ''; $data->reporter = $USER->get('id'); $data->ctime = time();
* @package mahara * @subpackage artefact-file * @author Catalyst IT Ltd * @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later * @copyright For copyright information on Mahara, please see the README file distributed with this software. * */ define('INTERNAL', 1); define('MENUITEM', 'groups/files'); define('SECTION_PLUGINTYPE', 'artefact'); define('SECTION_PLUGINNAME', 'file'); define('SECTION_PAGE', 'groupfiles'); require dirname(dirname(dirname(__FILE__))) . '/init.php'; require_once get_config('libroot') . 'group.php'; safe_require('artefact', 'file'); define('GROUP', param_integer('group')); $group = group_current_group(); if (!($role = group_user_access($group->id) || !group_within_edit_window($group))) { throw new AccessDeniedException(); } define('TITLE', $group->name . ' - ' . get_string('groupfiles', 'artefact.file')); require_once get_config('docroot') . 'interaction/lib.php'; $pagebase = get_config('wwwroot') . 'artefact/file/groupfiles.php?group=' . $group->id; $form = pieform(ArtefactTypeFileBase::files_form($pagebase, $group->id)); $js = ArtefactTypeFileBase::files_js(); $smarty = smarty(array(), array(), array(), array('sideblocks' => array(array('name' => 'groupquota', 'weight' => -10, 'data' => array())))); $smarty->assign('heading', $group->name); $smarty->assign('form', $form); $smarty->assign('INLINEJAVASCRIPT', $js); $smarty->assign('group', $group->name); $smarty->display('artefact:file:files.tpl');