Esempio n. 1
0
File: lib.php Progetto: kienv/mahara
 /**
  * Get descendants of an artefact.
  * Result will include an item itself.
  *
  * @return array
  */
 function get_item_descendants()
 {
     $path = get_field('artefact', 'path', 'id', $this->id);
     if ($path) {
         // The WHERE clause must be like this to avoid /1% matching /10.
         $sql = "SELECT id, parent, path\n                    FROM {artefact}\n                    WHERE path = ? OR path LIKE ?\n                    ORDER BY path";
         return get_records_sql_array($sql, array($path, db_like_escape("{$path}/") . '%'));
     } else {
         throw new NotFoundException(get_string('nopathfound', 'mahara'));
     }
 }
Esempio n. 2
0
 /**
  * Return artefacts available for inclusion in a particular block
  *
  */
 public static function get_artefactchooser_artefacts($data, $owner = null, $group = null, $institution = null, $short = false)
 {
     if ($owner === null) {
         global $USER;
         $user = $USER;
     } else {
         if ($owner instanceof User) {
             $user = $owner;
         } else {
             if (intval($owner) != 0 || $owner == "0") {
                 $user = new User();
                 $user->find_by_id(intval($owner));
             } else {
                 throw new SystemException("Invalid argument type " . gettype($owner) . " passed to View::get_artefactchooser_artefacts");
             }
         }
     }
     $offset = !empty($data['offset']) ? $data['offset'] : null;
     $limit = !empty($data['limit']) ? $data['limit'] : null;
     $sortorder = '';
     if (!empty($data['sortorder'])) {
         foreach ($data['sortorder'] as $field) {
             if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
                 continue;
                 // skip this item (it fails validation)
             }
             $order = 'ASC';
             if (!empty($field['order']) && 'DESC' == strtoupper($field['order'])) {
                 $order = 'DESC';
             }
             if (empty($sortorder)) {
                 $sortorder .= ' ORDER BY ';
             } else {
                 $sortorder .= ', ';
             }
             $sortorder .= $field['fieldname'] . ' ' . $order;
         }
     }
     $extraselect = '';
     if (isset($data['extraselect'])) {
         foreach ($data['extraselect'] as $field) {
             if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
                 continue;
                 // skip this item (it fails validation)
             }
             // Sanitise all values
             $values = $field['values'];
             foreach ($values as &$val) {
                 if ($field['type'] == 'int') {
                     $val = (int) $val;
                 } elseif ($field['type'] == 'string') {
                     $val = db_quote($val);
                 } else {
                     throw new SystemException("Unsupported field type '" . $field['type'] . "' passed to View::get_artefactchooser_artefacts");
                 }
             }
             $extraselect .= ' AND ';
             if (count($values) > 1) {
                 $extraselect .= $field['fieldname'] . ' IN (' . implode(', ', $values) . ')';
             } else {
                 $extraselect .= $field['fieldname'] . ' = ' . reset($values);
             }
         }
     }
     $from = ' FROM {artefact} a ';
     if ($group) {
         // Get group-owned artefacts that the user has view
         // permission on, and site-owned artefacts
         $from .= '
         LEFT OUTER JOIN (
             SELECT
                 r.artefact, r.can_view, r.can_edit, m.group
             FROM
                 {group_member} m
                 JOIN {artefact} aa ON aa.group = m.group
                 JOIN {artefact_access_role} r ON aa.id = r.artefact AND r.role = m.role
             WHERE
                 m.group = ?
                 AND m.member = ?
                 AND r.can_view = 1
         ) ga ON (ga.group = a.group AND a.id = ga.artefact)';
         $select = "(a.institution = 'mahara' OR ga.can_view = 1";
         $ph = array((int) $group, $user->get('id'));
         if (!empty($data['userartefactsallowed'])) {
             $select .= ' OR a.owner = ?';
             $ph[] = $user->get('id');
         }
         $select .= ')';
     } else {
         if ($institution) {
             // Site artefacts & artefacts owned by this institution
             $select = "(a.institution = 'mahara' OR a.institution = ?)";
             $ph = array($institution);
         } else {
             // The view is owned by a normal user
             // Get artefacts owned by the user, group-owned artefacts
             // the user has republish permission on, artefacts owned
             // by the user's institutions.
             safe_require('artefact', 'file');
             $public = (int) ArtefactTypeFolder::admin_public_folder_id();
             $select = '(
             a.owner = ?
             OR a.id IN (
                 SELECT id
                 FROM {artefact}
                     WHERE (path = ? OR path LIKE ?) AND institution = \'mahara\'
             )
             OR a.id IN (
                 SELECT aar.artefact
                 FROM {group_member} m
                     JOIN {artefact} aa ON m.group = aa.group
                     JOIN {artefact_access_role} aar ON aar.role = m.role AND aar.artefact = aa.id
                 WHERE m.member = ? AND aar.can_republish = 1
             )
             OR a.id IN (SELECT artefact FROM {artefact_access_usr} WHERE usr = ? AND can_republish = 1)';
             $ph = array($user->get('id'), "/{$public}", db_like_escape("/{$public}/") . '%', $user->get('id'), $user->get('id'));
             $institutions = array_keys($user->get('institutions'));
             if ($user->get('admin')) {
                 $institutions[] = 'mahara';
             }
             if ($institutions) {
                 $select .= '
             OR a.institution IN (' . join(',', array_fill(0, count($institutions), '?')) . ')';
                 $ph = array_merge($ph, $institutions);
             }
             $select .= "\n            )";
         }
     }
     if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) {
         $select .= ' AND artefacttype IN(' . join(',', array_fill(0, count($data['artefacttypes']), '?')) . ')';
         $ph = array_merge($ph, $data['artefacttypes']);
     }
     if (!empty($data['search'])) {
         $search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%');
         $select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )';
     }
     $select .= $extraselect;
     $selectph = $countph = $ph;
     if ($short) {
         // We just want to know which artefact ids are allowed for inclusion in a view,
         // but get_records_sql_assoc wants > 1 column
         $cols = 'a.id, a.id AS b';
     } else {
         $cols = 'a.*';
         // We also want to know which artefacts can be edited by the logged-in user within
         // the context of the view.  For an institution view, all artefacts from the same
         // institution are editable.  For an individual view, artefacts with the same 'owner'
         // are editable.  For group views, only those artefacts with the can_edit permission
         // out of artefact_access_role are editable.
         if ($group) {
             $expr = 'ga.can_edit IS NOT NULL AND ga.can_edit = 1';
         } else {
             if ($institution) {
                 $expr = 'a.institution = ?';
                 array_unshift($selectph, $institution);
             } else {
                 $expr = 'a.owner IS NOT NULL AND a.owner = ?';
                 array_unshift($selectph, $user->get('id'));
             }
         }
         if (is_mysql()) {
             $cols .= ", ({$expr}) AS editable";
         } else {
             $cols .= ", CAST({$expr} AS INTEGER) AS editable";
         }
     }
     $artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . $sortorder, $selectph, $offset, $limit);
     $totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select, $countph);
     return array($artefacts, $totalartefacts);
 }
Esempio n. 3
0
 global $USER;
 $userid = $USER->get('id');
 $select = '
 SELECT a.id, a.artefacttype, a.title';
 $from = '
 FROM {artefact} a';
 $in = "('" . join("','", PluginArtefactFile::get_artefact_types()) . "')";
 $where = "\n        WHERE artefacttype IN {$in}";
 $phvals = array();
 if ($institution) {
     if ($institution == 'mahara' && !$USER->get('admin')) {
         // If non-admins are browsing site files, only let them see the public folder & its contents
         $publicfolder = ArtefactTypeFolder::admin_public_folder_id();
         $where .= '
             AND (a.path = ? OR a.path LIKE ?)';
         $phvals = array("/{$publicfolder}", db_like_escape("/{$publicfolder}/") . '%');
     }
     $where .= '
     AND a.institution = ? AND a.owner IS NULL';
     $phvals[] = $institution;
 } else {
     if ($groupid) {
         $select .= ',
         r.can_edit, r.can_view, r.can_republish, a.author';
         $from .= '
         LEFT OUTER JOIN (
             SELECT ar.artefact, ar.can_edit, ar.can_view, ar.can_republish
             FROM {artefact_access_role} ar
             INNER JOIN {group_member} gm ON ar.role = gm.role
             WHERE gm.group = ? AND gm.member = ?
         ) r ON r.artefact = a.id';