/**
* Checking whether I can access a document
*
* @param int $id user id
* @return int
*/
public function check_access($id)
{
global $DB, $USER;
$user = $DB->get_record('user', array('id' => $id));
if (!$user || $user->deleted) {
return \core_search\manager::ACCESS_DELETED;
}
if (user_can_view_profile($user)) {
return \core_search\manager::ACCESS_GRANTED;
}
return \core_search\manager::ACCESS_DENIED;
}
// Need to have full access to a course to see the rest of own info.
$referer = get_local_referer(false);
if (!empty($referer)) {
redirect($referer, get_string('notenrolled', '', $fullname));
}
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
echo $OUTPUT->footer();
die;
}
} else {
// Somebody else.
$PAGE->set_title("{$strpersonalprofile}: ");
$PAGE->set_heading("{$strpersonalprofile}: ");
// Check to see if the user can see this user's profile.
if (!user_can_view_profile($user, $course, $usercontext) && !$isparent) {
print_error('cannotviewprofile');
}
if (!is_enrolled($coursecontext, $user->id)) {
// TODO: the only potential problem is that managers and inspectors might post in forum, but the link
// to profile would not work - maybe a new capability - moodle/user:freely_acessile_profile_for_anybody
// or test for course:inspect capability.
if (has_capability('moodle/role:assign', $coursecontext)) {
$PAGE->navbar->add($fullname);
$notice = get_string('notenrolled', '', $fullname);
} else {
$PAGE->navbar->add($struser);
$notice = get_string('notenrolledprofile', '', $fullname);
}
$referer = get_local_referer(false);
if (!empty($referer)) {
/**
* Test user_can_view_profile
*/
public function test_user_can_view_profile()
{
global $DB, $CFG;
$this->resetAfterTest();
// Create five users.
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$user3 = $this->getDataGenerator()->create_user();
$user4 = $this->getDataGenerator()->create_user();
$user5 = $this->getDataGenerator()->create_user();
$user6 = $this->getDataGenerator()->create_user(array('deleted' => 1));
$user7 = $this->getDataGenerator()->create_user();
$studentrole = $DB->get_record('role', array('shortname' => 'student'));
// Add the course creator role to the course contact and assign a user to that role.
$CFG->coursecontact = '2';
$coursecreatorrole = $DB->get_record('role', array('shortname' => 'coursecreator'));
$this->getDataGenerator()->role_assign($coursecreatorrole->id, $user7->id);
// Create two courses.
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$coursecontext = context_course::instance($course2->id);
// Prepare another course with separate groups and groupmodeforce set to true.
$record = new stdClass();
$record->groupmode = 1;
$record->groupmodeforce = 1;
$course3 = $this->getDataGenerator()->create_course($record);
// Enrol users 1 and 2 in first course.
$this->getDataGenerator()->enrol_user($user1->id, $course1->id);
$this->getDataGenerator()->enrol_user($user2->id, $course1->id);
// Enrol users 2 and 3 in second course.
$this->getDataGenerator()->enrol_user($user2->id, $course2->id);
$this->getDataGenerator()->enrol_user($user3->id, $course2->id);
// Enrol users 1, 4, and 5 into course 3.
$this->getDataGenerator()->enrol_user($user1->id, $course3->id);
$this->getDataGenerator()->enrol_user($user4->id, $course3->id);
$this->getDataGenerator()->enrol_user($user5->id, $course3->id);
// Remove capability moodle/user:viewdetails in course 2.
assign_capability('moodle/user:viewdetails', CAP_PROHIBIT, $studentrole->id, $coursecontext);
$coursecontext->mark_dirty();
// Set current user to user 1.
$this->setUser($user1);
// User 1 can see User 1's profile.
$this->assertTrue(user_can_view_profile($user1));
$tempcfg = $CFG->forceloginforprofiles;
$CFG->forceloginforprofiles = 0;
// Not forced to log in to view profiles, should be able to see all profiles besides user 6.
$users = array($user1, $user2, $user3, $user4, $user5, $user7);
foreach ($users as $user) {
$this->assertTrue(user_can_view_profile($user));
}
// Restore setting.
$CFG->forceloginforprofiles = $tempcfg;
// User 1 can not see user 6 as they have been deleted.
$this->assertFalse(user_can_view_profile($user6));
// User 1 can see User 7 as they are a course contact.
$this->assertTrue(user_can_view_profile($user7));
// User 1 is in a course with user 2 and has the right capability - return true.
$this->assertTrue(user_can_view_profile($user2));
// User 1 is not in a course with user 3 - return false.
$this->assertFalse(user_can_view_profile($user3));
// Set current user to user 2.
$this->setUser($user2);
// User 2 is in a course with user 3 but does not have the right capability - return false.
$this->assertFalse(user_can_view_profile($user3));
// Set user 1 in one group and users 4 and 5 in another group.
$group1 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id));
$group2 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id));
groups_add_member($group1->id, $user1->id);
groups_add_member($group2->id, $user4->id);
groups_add_member($group2->id, $user5->id);
$this->setUser($user1);
// Check that user 1 can not see user 4.
$this->assertFalse(user_can_view_profile($user4));
// Check that user 5 can see user 4.
$this->setUser($user5);
$this->assertTrue(user_can_view_profile($user4));
$CFG->coursecontact = null;
}
/**
* Displays the list of tagged users
*
* @param array $userlist
* @param bool $exclusivemode if set to true it means that no other entities tagged with this tag
* are displayed on the page and the per-page limit may be bigger
* @return string
*/
public function user_list($userlist, $exclusivemode)
{
$tagfeed = new core_tag\output\tagfeed();
foreach ($userlist as $user) {
$userpicture = $this->output->user_picture($user, array('size' => $exclusivemode ? 100 : 35));
$fullname = fullname($user);
if (user_can_view_profile($user)) {
$profilelink = new moodle_url('/user/view.php', array('id' => $user->id));
$fullname = html_writer::link($profilelink, $fullname);
}
$tagfeed->add($userpicture, $fullname);
}
$items = $tagfeed->export_for_template($this->output);
if ($exclusivemode) {
$output = '<div><ul class="inline-list">';
foreach ($items['items'] as $item) {
$output .= '<li><div class="user-box">' . $item['img'] . $item['heading'] . "</div></li>\n";
}
$output .= "</ul></div>\n";
return $output;
}
return $this->output->render_from_template('core_tag/tagfeed', $items);
}
$userid = $userid ? $userid : $USER->id;
// Owner of the page.
if (!($user = $DB->get_record('user', array('id' => $userid))) || $user->deleted) {
$PAGE->set_context(context_system::instance());
echo $OUTPUT->header();
if (!$user) {
echo $OUTPUT->notification(get_string('invaliduser', 'error'));
} else {
echo $OUTPUT->notification(get_string('userdeleted'));
}
echo $OUTPUT->footer();
die;
}
$currentuser = $user->id == $USER->id;
$context = $usercontext = context_user::instance($userid, MUST_EXIST);
if (!user_can_view_profile($user, null, $context)) {
// Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366).
$struser = get_string('user');
$PAGE->set_context(context_system::instance());
$PAGE->set_title("{$SITE->shortname}: {$struser}");
// Do not leak the name.
$PAGE->set_heading($struser);
$PAGE->set_url('/user/profile.php', array('id' => $userid));
$PAGE->navbar->add($struser);
echo $OUTPUT->header();
echo $OUTPUT->notification(get_string('usernotavailable', 'error'));
echo $OUTPUT->footer();
exit;
}
// Get the profile page. Should always return something unless the database is broken.
if (!($currentpage = my_get_page($userid, MY_PAGE_PUBLIC))) {
/**
* Returns posts tagged with a specified tag.
*
* @param core_tag_tag $tag
* @param bool $exclusivemode if set to true it means that no other entities tagged with this tag
* are displayed on the page and the per-page limit may be bigger
* @param int $fromctx context id where the link was displayed, may be used by callbacks
* to display items in the same context first
* @param int $ctx context id where to search for records
* @param bool $rec search in subcontexts as well
* @param int $page 0-based number of page being displayed
* @return \core_tag\output\tagindex
*/
function blog_get_tagged_posts($tag, $exclusivemode = false, $fromctx = 0, $ctx = 0, $rec = true, $page = 0)
{
global $CFG, $OUTPUT;
require_once $CFG->dirroot . '/user/lib.php';
$systemcontext = context_system::instance();
$perpage = $exclusivemode ? 20 : 5;
$context = $ctx ? context::instance_by_id($ctx) : context_system::instance();
$content = '';
if (empty($CFG->enableblogs) || !has_capability('moodle/blog:view', $systemcontext)) {
// Blogs are not enabled or are not visible to the current user.
$totalpages = 0;
} else {
if ($context->contextlevel != CONTEXT_SYSTEM && empty($CFG->useblogassociations)) {
// No blog entries can be associated to the non-system context.
$totalpages = 0;
} else {
if (!$rec && $context->contextlevel != CONTEXT_COURSE && $context->contextlevel != CONTEXT_MODULE) {
// No blog entries can be associated with category or block context.
$totalpages = 0;
} else {
require_once $CFG->dirroot . '/blog/locallib.php';
$filters = array('tag' => $tag->id);
if ($rec) {
if ($context->contextlevel != CONTEXT_SYSTEM) {
$filters['context'] = $context->id;
}
} else {
if ($context->contextlevel == CONTEXT_COURSE) {
$filters['course'] = $context->instanceid;
} else {
if ($context->contextlevel == CONTEXT_MODULE) {
$filters['module'] = $context->instanceid;
}
}
}
$bloglisting = new blog_listing($filters);
$blogs = $bloglisting->get_entries($page * $perpage, $perpage);
$totalcount = $bloglisting->count_entries();
$totalpages = ceil($totalcount / $perpage);
if (!empty($blogs)) {
$tagfeed = new core_tag\output\tagfeed();
foreach ($blogs as $blog) {
$user = fullclone($blog);
$user->id = $blog->userid;
$user->deleted = 0;
$img = $OUTPUT->user_picture($user, array('size' => 35));
$subject = format_string($blog->subject);
if ($blog->publishstate == 'draft') {
$class = 'dimmed';
} else {
$class = '';
}
$url = new moodle_url('/blog/index.php', array('entryid' => $blog->id));
$subject = html_writer::link($url, $subject, array('class' => $class));
$fullname = fullname($user);
if (user_can_view_profile($user)) {
$profilelink = new moodle_url('/user/view.php', array('id' => $blog->userid));
$fullname = html_writer::link($profilelink, $fullname);
}
$details = $fullname . ', ' . userdate($blog->created);
$tagfeed->add($img, $subject, $details);
}
$items = $tagfeed->export_for_template($OUTPUT);
$content = $OUTPUT->render_from_template('core_tag/tagfeed', $items);
$urlparams = array('tagid' => $tag->id);
if ($context->contextlevel == CONTEXT_COURSE) {
$urlparams['courseid'] = $context->instanceid;
} else {
if ($context->contextlevel == CONTEXT_MODULE) {
$urlparams['modid'] = $context->instanceid;
}
}
$allblogsurl = new moodle_url('/blog/index.php', $urlparams);
$rv = new core_tag\output\tagindex($tag, 'core', 'post', $content, $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages);
$rv->exclusiveurl = $allblogsurl;
return $rv;
}
}
}
}
$rv = new core_tag\output\tagindex($tag, 'core', 'post', $content, $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages);
$rv->exclusiveurl = null;
return $rv;
}
