/** * Checking whether I can access a document * * @param int $id user id * @return int */ public function check_access($id) { global $DB, $USER; $user = $DB->get_record('user', array('id' => $id)); if (!$user || $user->deleted) { return \core_search\manager::ACCESS_DELETED; } if (user_can_view_profile($user)) { return \core_search\manager::ACCESS_GRANTED; } return \core_search\manager::ACCESS_DENIED; }
// Need to have full access to a course to see the rest of own info. $referer = get_local_referer(false); if (!empty($referer)) { redirect($referer, get_string('notenrolled', '', $fullname)); } echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); echo $OUTPUT->footer(); die; } } else { // Somebody else. $PAGE->set_title("{$strpersonalprofile}: "); $PAGE->set_heading("{$strpersonalprofile}: "); // Check to see if the user can see this user's profile. if (!user_can_view_profile($user, $course, $usercontext) && !$isparent) { print_error('cannotviewprofile'); } if (!is_enrolled($coursecontext, $user->id)) { // TODO: the only potential problem is that managers and inspectors might post in forum, but the link // to profile would not work - maybe a new capability - moodle/user:freely_acessile_profile_for_anybody // or test for course:inspect capability. if (has_capability('moodle/role:assign', $coursecontext)) { $PAGE->navbar->add($fullname); $notice = get_string('notenrolled', '', $fullname); } else { $PAGE->navbar->add($struser); $notice = get_string('notenrolledprofile', '', $fullname); } $referer = get_local_referer(false); if (!empty($referer)) {
/** * Test user_can_view_profile */ public function test_user_can_view_profile() { global $DB, $CFG; $this->resetAfterTest(); // Create five users. $user1 = $this->getDataGenerator()->create_user(); $user2 = $this->getDataGenerator()->create_user(); $user3 = $this->getDataGenerator()->create_user(); $user4 = $this->getDataGenerator()->create_user(); $user5 = $this->getDataGenerator()->create_user(); $user6 = $this->getDataGenerator()->create_user(array('deleted' => 1)); $user7 = $this->getDataGenerator()->create_user(); $studentrole = $DB->get_record('role', array('shortname' => 'student')); // Add the course creator role to the course contact and assign a user to that role. $CFG->coursecontact = '2'; $coursecreatorrole = $DB->get_record('role', array('shortname' => 'coursecreator')); $this->getDataGenerator()->role_assign($coursecreatorrole->id, $user7->id); // Create two courses. $course1 = $this->getDataGenerator()->create_course(); $course2 = $this->getDataGenerator()->create_course(); $coursecontext = context_course::instance($course2->id); // Prepare another course with separate groups and groupmodeforce set to true. $record = new stdClass(); $record->groupmode = 1; $record->groupmodeforce = 1; $course3 = $this->getDataGenerator()->create_course($record); // Enrol users 1 and 2 in first course. $this->getDataGenerator()->enrol_user($user1->id, $course1->id); $this->getDataGenerator()->enrol_user($user2->id, $course1->id); // Enrol users 2 and 3 in second course. $this->getDataGenerator()->enrol_user($user2->id, $course2->id); $this->getDataGenerator()->enrol_user($user3->id, $course2->id); // Enrol users 1, 4, and 5 into course 3. $this->getDataGenerator()->enrol_user($user1->id, $course3->id); $this->getDataGenerator()->enrol_user($user4->id, $course3->id); $this->getDataGenerator()->enrol_user($user5->id, $course3->id); // Remove capability moodle/user:viewdetails in course 2. assign_capability('moodle/user:viewdetails', CAP_PROHIBIT, $studentrole->id, $coursecontext); $coursecontext->mark_dirty(); // Set current user to user 1. $this->setUser($user1); // User 1 can see User 1's profile. $this->assertTrue(user_can_view_profile($user1)); $tempcfg = $CFG->forceloginforprofiles; $CFG->forceloginforprofiles = 0; // Not forced to log in to view profiles, should be able to see all profiles besides user 6. $users = array($user1, $user2, $user3, $user4, $user5, $user7); foreach ($users as $user) { $this->assertTrue(user_can_view_profile($user)); } // Restore setting. $CFG->forceloginforprofiles = $tempcfg; // User 1 can not see user 6 as they have been deleted. $this->assertFalse(user_can_view_profile($user6)); // User 1 can see User 7 as they are a course contact. $this->assertTrue(user_can_view_profile($user7)); // User 1 is in a course with user 2 and has the right capability - return true. $this->assertTrue(user_can_view_profile($user2)); // User 1 is not in a course with user 3 - return false. $this->assertFalse(user_can_view_profile($user3)); // Set current user to user 2. $this->setUser($user2); // User 2 is in a course with user 3 but does not have the right capability - return false. $this->assertFalse(user_can_view_profile($user3)); // Set user 1 in one group and users 4 and 5 in another group. $group1 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id)); $group2 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id)); groups_add_member($group1->id, $user1->id); groups_add_member($group2->id, $user4->id); groups_add_member($group2->id, $user5->id); $this->setUser($user1); // Check that user 1 can not see user 4. $this->assertFalse(user_can_view_profile($user4)); // Check that user 5 can see user 4. $this->setUser($user5); $this->assertTrue(user_can_view_profile($user4)); $CFG->coursecontact = null; }
/** * Displays the list of tagged users * * @param array $userlist * @param bool $exclusivemode if set to true it means that no other entities tagged with this tag * are displayed on the page and the per-page limit may be bigger * @return string */ public function user_list($userlist, $exclusivemode) { $tagfeed = new core_tag\output\tagfeed(); foreach ($userlist as $user) { $userpicture = $this->output->user_picture($user, array('size' => $exclusivemode ? 100 : 35)); $fullname = fullname($user); if (user_can_view_profile($user)) { $profilelink = new moodle_url('/user/view.php', array('id' => $user->id)); $fullname = html_writer::link($profilelink, $fullname); } $tagfeed->add($userpicture, $fullname); } $items = $tagfeed->export_for_template($this->output); if ($exclusivemode) { $output = '<div><ul class="inline-list">'; foreach ($items['items'] as $item) { $output .= '<li><div class="user-box">' . $item['img'] . $item['heading'] . "</div></li>\n"; } $output .= "</ul></div>\n"; return $output; } return $this->output->render_from_template('core_tag/tagfeed', $items); }
$userid = $userid ? $userid : $USER->id; // Owner of the page. if (!($user = $DB->get_record('user', array('id' => $userid))) || $user->deleted) { $PAGE->set_context(context_system::instance()); echo $OUTPUT->header(); if (!$user) { echo $OUTPUT->notification(get_string('invaliduser', 'error')); } else { echo $OUTPUT->notification(get_string('userdeleted')); } echo $OUTPUT->footer(); die; } $currentuser = $user->id == $USER->id; $context = $usercontext = context_user::instance($userid, MUST_EXIST); if (!user_can_view_profile($user, null, $context)) { // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366). $struser = get_string('user'); $PAGE->set_context(context_system::instance()); $PAGE->set_title("{$SITE->shortname}: {$struser}"); // Do not leak the name. $PAGE->set_heading($struser); $PAGE->set_url('/user/profile.php', array('id' => $userid)); $PAGE->navbar->add($struser); echo $OUTPUT->header(); echo $OUTPUT->notification(get_string('usernotavailable', 'error')); echo $OUTPUT->footer(); exit; } // Get the profile page. Should always return something unless the database is broken. if (!($currentpage = my_get_page($userid, MY_PAGE_PUBLIC))) {
/** * Returns posts tagged with a specified tag. * * @param core_tag_tag $tag * @param bool $exclusivemode if set to true it means that no other entities tagged with this tag * are displayed on the page and the per-page limit may be bigger * @param int $fromctx context id where the link was displayed, may be used by callbacks * to display items in the same context first * @param int $ctx context id where to search for records * @param bool $rec search in subcontexts as well * @param int $page 0-based number of page being displayed * @return \core_tag\output\tagindex */ function blog_get_tagged_posts($tag, $exclusivemode = false, $fromctx = 0, $ctx = 0, $rec = true, $page = 0) { global $CFG, $OUTPUT; require_once $CFG->dirroot . '/user/lib.php'; $systemcontext = context_system::instance(); $perpage = $exclusivemode ? 20 : 5; $context = $ctx ? context::instance_by_id($ctx) : context_system::instance(); $content = ''; if (empty($CFG->enableblogs) || !has_capability('moodle/blog:view', $systemcontext)) { // Blogs are not enabled or are not visible to the current user. $totalpages = 0; } else { if ($context->contextlevel != CONTEXT_SYSTEM && empty($CFG->useblogassociations)) { // No blog entries can be associated to the non-system context. $totalpages = 0; } else { if (!$rec && $context->contextlevel != CONTEXT_COURSE && $context->contextlevel != CONTEXT_MODULE) { // No blog entries can be associated with category or block context. $totalpages = 0; } else { require_once $CFG->dirroot . '/blog/locallib.php'; $filters = array('tag' => $tag->id); if ($rec) { if ($context->contextlevel != CONTEXT_SYSTEM) { $filters['context'] = $context->id; } } else { if ($context->contextlevel == CONTEXT_COURSE) { $filters['course'] = $context->instanceid; } else { if ($context->contextlevel == CONTEXT_MODULE) { $filters['module'] = $context->instanceid; } } } $bloglisting = new blog_listing($filters); $blogs = $bloglisting->get_entries($page * $perpage, $perpage); $totalcount = $bloglisting->count_entries(); $totalpages = ceil($totalcount / $perpage); if (!empty($blogs)) { $tagfeed = new core_tag\output\tagfeed(); foreach ($blogs as $blog) { $user = fullclone($blog); $user->id = $blog->userid; $user->deleted = 0; $img = $OUTPUT->user_picture($user, array('size' => 35)); $subject = format_string($blog->subject); if ($blog->publishstate == 'draft') { $class = 'dimmed'; } else { $class = ''; } $url = new moodle_url('/blog/index.php', array('entryid' => $blog->id)); $subject = html_writer::link($url, $subject, array('class' => $class)); $fullname = fullname($user); if (user_can_view_profile($user)) { $profilelink = new moodle_url('/user/view.php', array('id' => $blog->userid)); $fullname = html_writer::link($profilelink, $fullname); } $details = $fullname . ', ' . userdate($blog->created); $tagfeed->add($img, $subject, $details); } $items = $tagfeed->export_for_template($OUTPUT); $content = $OUTPUT->render_from_template('core_tag/tagfeed', $items); $urlparams = array('tagid' => $tag->id); if ($context->contextlevel == CONTEXT_COURSE) { $urlparams['courseid'] = $context->instanceid; } else { if ($context->contextlevel == CONTEXT_MODULE) { $urlparams['modid'] = $context->instanceid; } } $allblogsurl = new moodle_url('/blog/index.php', $urlparams); $rv = new core_tag\output\tagindex($tag, 'core', 'post', $content, $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages); $rv->exclusiveurl = $allblogsurl; return $rv; } } } } $rv = new core_tag\output\tagindex($tag, 'core', 'post', $content, $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages); $rv->exclusiveurl = null; return $rv; }