function add_feedback_form_validate(Pieform $form, $values) { global $USER, $view, $artefact; require_once get_config('libroot') . 'antispam.php'; if ($form->get_property('spam')) { $spamtrap = new_spam_trap(array(array('type' => 'body', 'value' => $values['message']))); if ($form->spam_error() || $spamtrap->is_spam()) { $msg = get_string('formerror'); $emailcontact = get_config('emailcontact'); if (!empty($emailcontact)) { $msg .= ' ' . get_string('formerroremail', 'mahara', $emailcontact, $emailcontact); } $form->set_error('message', $msg); } } if (empty($values['attachments']) && empty($values['message'])) { $form->set_error('message', get_string('messageempty', 'artefact.comment')); } $result = probation_validate_content($values['message']); if ($result !== true) { $form->set_error('message', get_string('newuserscantpostlinksorimages')); } if ($values['replyto']) { $parent = get_record_sql('SELECT a.id, acc.private, a.author, p.author as grandparentauthor, acc.deletedby FROM {artefact} a INNER JOIN {artefact_comment_comment} acc ON a.id = acc.artefact LEFT OUTER JOIN {artefact} p ON a.parent = p.id WHERE a.id = ? ', array($values['replyto'])); // Parent ID doesn't match an actual comment if (!$parent) { $form->set_error('message', get_string('replytonoaccess', 'artefact.comment')); } // Can't reply to a deleted comment if ($parent->deletedby) { $form->set_error('message', get_string('replytodeletednotallowed', 'artefact.comment')); } // Validate that you're allowed to reply to this comment if (!empty($artefact)) { $canedit = $USER->can_edit_artefact($artefact); } else { $canedit = $USER->can_moderate_view($view); } // You can reply to a comment if you can see the comment. Which means if: // 1. You are the page owner // 2. OR the comment is public // 3. OR the comment is a direct reply to one of your comments if (!($canedit || !$parent->private || $parent->grandparentauthor == $USER->get('id'))) { $form->set_error('message', get_string('replytonoaccess', 'artefact.comment')); } // Validate the public/private setting of this comment if ($values['ispublic']) { if (!ArtefactTypeComment::can_public_reply_to_comment($parent->private, $parent->deletedby)) { $form->set_error('message', get_string('replytonopublicreplyallowed', 'artefact.comment')); } } else { // You are only allowed to post a private reply if you are the page owner, or the parent comment // is a direct reply to one of your comments // You also cannot post a private reply to one of your own comments. if (!ArtefactTypeComment::can_private_reply_to_comment($parent->private, $parent->deletedby, $USER->get('id'), $parent->author, $parent->grandparentauthor, $artefact, $view)) { $form->set_error('message', get_string('replytonoprivatereplyallowed', 'artefact.comment')); } } } }