/** * Sets the state of one or more entries * * @return void */ public function accessTask() { // Check for request forgeries Request::checkToken(['get', 'post']); if (!User::authorise('core.edit.state', $this->_option)) { App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR')); } // Incoming $state = Request::getInt('access', 0); $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Check for an ID if (count($ids) < 1) { Notify::warning(Lang::txt('COM_FORUM_SELECT_ENTRY_TO_CHANGE_ACCESS')); return $this->cancelTask(); } $i = 0; foreach ($ids as $id) { // Update record(s) $row = Category::oneOrFail(intval($id)); $row->set('access', $state); if (!$row->save()) { Notify::error($row->getError()); continue; } $i++; } // set message if ($i) { Notify::success(Lang::txt('COM_FORUM_ITEMS_ACCESS_CHANGED', $i)); } $this->cancelTask(); }
/** * Save an entry * * @return void */ public function saveTask() { if (User::isGuest()) { $return = Route::url('index.php?option=' . $this->_option, false, true); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); } // Check for request forgeries Request::checkToken(); // Incoming $section = Request::getVar('section', ''); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); $fields['sticky'] = isset($fields['sticky']) ? $fields['sticky'] : 0; $fields['closed'] = isset($fields['closed']) ? $fields['closed'] : 0; $fields['anonymous'] = isset($fields['anonymous']) ? $fields['anonymous'] : 0; // Instantiate a Post record $post = Post::oneOrNew($fields['id']); // Set authorization if the current user is the creator // of an existing post. $assetType = $fields['parent'] ? 'post' : 'thread'; if ($post->get('id')) { if ($post->get('created_by') == User::get('id')) { $this->config->set('access-edit-' . $assetType, true); } $fields['modified'] = \Date::toSql(); $fields['modified_by'] = User::get('id'); } // Authorization check $this->_authorize($assetType, intval($fields['id'])); if (!$this->config->get('access-edit-' . $assetType) && !$this->config->get('access-create-' . $assetType)) { App::redirect(Route::url('index.php?option=' . $this->_option)); } // Bind data $post->set($fields); // Make sure the thread exists and is accepting new posts if ($post->get('parent') && isset($fields['thread'])) { $thread = Post::oneOrFail($fields['thread']); if (!$thread->get('id') || $thread->get('closed')) { Notify::error(Lang::txt('COM_FORUM_ERROR_THREAD_CLOSED')); return $this->editTask($post); } } // Make sure the category exists and is accepting new posts $category = Category::oneOrFail($post->get('category_id')); if ($category->get('closed')) { Notify::error(Lang::txt('COM_FORUM_ERROR_CATEGORY_CLOSED')); return $this->editTask($post); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editTask($post); } // Upload files if (!$this->uploadTask($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editTask($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); // Determine message if (!$fields['id']) { $message = Lang::txt('COM_FORUM_POST_ADDED'); if (!$fields['parent']) { $message = Lang::txt('COM_FORUM_THREAD_STARTED'); } } else { $message = $post->get('modified_by') ? Lang::txt('COM_FORUM_POST_EDITED') : Lang::txt('COM_FORUM_POST_ADDED'); } $url = 'index.php?option=' . $this->_option . '§ion=' . $section . '&category=' . $category->get('alias') . '&thread=' . $post->get('thread') . '#c' . $post->get('id'); // Record the activity $recipients = array(['forum.site', 1], ['forum.section', $category->get('section_id')], ['user', $post->get('created_by')]); $type = 'thread'; $desc = Lang::txt('COM_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . $post->get('title') . '</a>'); // If this is a post in a thread and not the thread starter... if ($post->get('parent')) { $thread = isset($thread) ? $thread : Post::oneOrFail($post->get('thread')); $thread->set('last_activity', $fields['id'] ? $post->get('modified') : $post->get('created')); $thread->save(); $type = 'post'; $desc = Lang::txt('COM_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), $post->get('id'), '<a href="' . Route::url($url) . '">' . $thread->get('title') . '</a>'); // If the parent post is not the same as the // thread starter (i.e., this is a reply) if ($post->get('parent') != $post->get('thread')) { $parent = Post::oneOrFail($post->get('parent')); $recipients[] = ['user', $parent->get('created_by')]; } } Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'forum.' . $type, 'scope_id' => $post->get('id'), 'anonymous' => $post->get('anonymous', 0), 'description' => $desc, 'details' => array('thread' => $post->get('thread'), 'url' => Route::url($url))], 'recipients' => $recipients]); // Set the redirect App::redirect(Route::url($url), $message, 'message'); }
/** * Display a list of threads * * @apiMethod GET * @apiUri /forum/list * @apiParameter { * "name": "limit", * "description": "Number of result to return.", * "type": "integer", * "required": false, * "default": 25 * } * @apiParameter { * "name": "limitstart", * "description": "Number of where to start returning results.", * "type": "integer", * "required": false, * "default": 0 * } * @apiParameter { * "name": "search", * "description": "A word or phrase to search for.", * "type": "string", * "required": false, * "default": "" * } * @apiParameter { * "name": "section", * "description": "Section ID. Find all posts for all categories within a section.", * "type": "integer", * "required": false, * "default": 0 * } * @apiParameter { * "name": "category", * "description": "Category ID. Find all posts within a category.", * "type": "integer", * "required": false, * "default": 0 * } * @apiParameter { * "name": "threads_only", * "description": "Return only thread starter posts (true) or any post (false).", * "type": "boolean", * "required": false, * "default": false * } * @apiParameter { * "name": "parent", * "description": "Parent post ID. Find all immediate descendent (replies) posts.", * "type": "integer", * "required": false, * "default": null * } * @apiParameter { * "name": "thread", * "description": "Thread ID. Find all posts in a specified thread.", * "type": "integer", * "required": false, * "default": 0 * } * @apiParameter { * "name": "scope", * "description": "Scope (site, groups, members, etc.)", * "type": "string", * "required": false, * "default": "site" * } * @apiParameter { * "name": "scope_id", * "description": "Scope ID", * "type": "integer", * "required": false, * "default": 0 * } * @return void */ public function listTask() { $filters = array('limit' => Request::getInt('limit', 25), 'start' => Request::getInt('limitstart', 0), 'section_id' => Request::getInt('section', 0), 'category_id' => Request::getInt('category', 0), 'parent' => Request::getInt('parent', 0), 'thread' => Request::getInt('thread', 0), 'threads' => Request::getVar('threads_only', false), 'search' => Request::getVar('search', ''), 'scope' => Request::getWord('scope', 'site'), 'scope_id' => Request::getInt('scope_id', 0), 'state' => Post::STATE_PUBLISHED, 'parent' => 0, 'access' => User::getAuthorisedViewLevels()); $filters['threads'] = !$filters['threads'] || $filters['threads'] == 'false' ? false : true; if ($filters['scope'] == 'group') { $group = \Hubzero\User\Group::getInstance($filters['scope_id']); if ($group && in_array(User::get('id'), $group->get('members'))) { $filters['access'][] = 5; // Private } } $entries = Post::all()->whereEquals('state', $filters['state'])->whereIn('access', $filters['access'])->whereEquals('scope', $filters['scope'])->whereEquals('scope_id', $filters['scope_id']); if ($filters['thread']) { $entries->whereEquals('thread', $filters['thread']); } if ($filters['parent']) { $entries->whereEquals('parent', $filters['parent']); } if ($filters['threads']) { $entries->whereEquals('parent', 0); } if ($filters['section_id']) { // Make sure the section exists and is available $section = Section::oneOrFail($filters['section_id']); if (!$section->get('id')) { throw new Exception(Lang::txt('COM_FORUM_ERROR_SECTION_NOT_FOUND'), 404); } if ($section->get('state') == Section::STATE_DELETED) { throw new Exception(Lang::txt('COM_FORUM_ERROR_SECTION_NOT_FOUND'), 404); } if (!$filters['category_id']) { $categories = $section->categories()->whereEquals('state', $filters['state'])->whereIn('access', $filters['access'])->rows(); $filters['category_id'] = array(); foreach ($categories as $category) { $filters['category_id'][] = $category->get('id'); } } } if ($filters['category_id']) { // If one category, make sure it exists and is available if (is_int($filters['category_id'])) { $category = Category::oneOrFail($filters['category_id']); if (!$category->get('id')) { throw new Exception(Lang::txt('COM_FORUM_ERROR_CATEGORY_NOT_FOUND'), 404); } if ($category->get('state') == Category::STATE_DELETED) { throw new Exception(Lang::txt('COM_FORUM_ERROR_CATEGORY_NOT_FOUND'), 404); } if ($filters['section_id'] && $category->get('section_id') != $filters['section_id']) { throw new Exception(Lang::txt('COM_FORUM_ERROR_CATEGORY_NOT_FOUND'), 404); } } $entries->whereIn('category_id', (array) $filters['category_id']); } if ($filters['search']) { $entries->whereLike('comment', $filters['search'], 1)->orWhereLike('title', $filters['search'], 1)->resetDepth(); } $threads = $entries->ordered()->paginated()->rows(); $response = new stdClass(); $response->threads = array(); $response->total = $threads->count(); if ($response->total) { $base = str_replace('/api', '', rtrim(Request::base(), '/')); foreach ($threads as $thread) { $obj = new stdClass(); $obj->id = $thread->get('id'); $obj->title = $thread->get('title'); $obj->created = with(new Date($thread->get('created')))->format('Y-m-d\\TH:i:s\\Z'); $obj->modified = $thread->get('modified'); $obj->anonymous = $thread->get('anonymous'); //$obj->closed = ($thread->get('closed') ? true : false); $obj->scope = $thread->get('scope'); $obj->scope_id = $thread->get('scope_id'); $obj->thread = $thread->get('thread'); $obj->parent = $thread->get('parent'); $obj->category_id = $thread->get('category_id'); $obj->state = $thread->get('state'); $obj->access = $thread->get('access'); $obj->creator = new stdClass(); $obj->creator->id = 0; $obj->creator->name = Lang::txt('COM_FORUM_ANONYMOUS'); if (!$thread->get('anonymous')) { $obj->creator->id = $thread->get('created_by'); $obj->creator->name = $thread->creator->get('name'); } $obj->posts = $thread->thread()->whereEquals('state', $filters['state'])->whereIn('access', $filters['access'])->total(); $obj->url = $base . '/' . ltrim(Route::url($thread->link()), '/'); $response->threads[] = $obj; } } $response->success = true; $this->send($response); }
/** * Saves posted data for a new/edited forum thread post * * @return void */ public function savethread() { // Check for request forgeries Request::checkToken(); // Must be logged in if (User::isGuest()) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url($this->base, false, true)))); return; } // Incoming $section = Request::getVar('section', ''); $no_html = Request::getInt('no_html', 0); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); // Check permissions $this->_authorize('thread', intval($fields['id'])); $asset = 'thread'; if ($fields['id'] && !$this->params->get('access-edit-thread') || !$fields['id'] && !$this->params->get('access-create-thread')) { App::redirect(Route::url($this->base), Lang::txt('You are not authorized to perform this action.'), 'warning'); return; } // Bind data $post = Post::oneOrNew($fields['id']); // Double comment? $double = Post::all()->whereEquals('object_id', $post->get('object_id'))->whereEquals('scope', $post->get('scope'))->whereEquals('scope_id', $post->get('scope_id'))->whereEquals('created_by', $post->get('created_by'))->whereEquals('comment', $post->get('comment'))->row(); if ($double->get('id')) { $post->set($double->toArray()); } $post->set($fields); // Load the category $category = Category::oneOrFail($post->get('category_id')); if (!$post->get('object_id') && $category->get('object_id')) { $post->set('object_id', $category->get('object_id')); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editthread($post); } // Upload file if (!$this->upload($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editthread($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); $thread = $post->get('thread'); // Being called through AJAX? if ($no_html) { // Set the thread Request::setVar('thread', $thread); // Is this a new post in a thread or new thread entirely? if (!$post->get('parent')) { // New thread // Update the thread list and get the contents of the thread Request::setVar('action', 'both'); } else { // Get a list of new posts in the thread Request::setVar('action', 'posts'); } // If we have a lecture set, push through to the lecture view if (Request::getVar('group', '')) { $unit = $this->course->offering()->unit($category->get('alias')); $lecture = new \Components\Courses\Models\Assetgroup($post->get('object_id')); return $this->onCourseAfterLecture($this->course, $unit, $lecture); } else { // Display main panel return $this->panel(); } } $rtrn = base64_decode(Request::getVar('return', '', 'post')); if (!$rtrn) { $rtrn = Route::url($this->base . '&thread=' . $thread); } // Set the redirect App::redirect($rtrn, Lang::txt('Post successfully saved'), 'passed'); }
/** * Saves posted data for a new/edited forum thread post * * @return void */ public function savethread() { // Login check is handled in the onGroup() method /*if (User::isGuest()) { App::redirect( Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url($this->base, false, true))) ); return; }*/ // Check for request forgeries Request::checkToken(); // Incoming $section = Request::getVar('section', ''); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); $fields['sticky'] = isset($fields['sticky']) ? $fields['sticky'] : 0; $fields['closed'] = isset($fields['closed']) ? $fields['closed'] : 0; $fields['anonymous'] = isset($fields['anonymous']) ? $fields['anonymous'] : 0; // Instantiate a Post record $post = Post::oneOrNew($fields['id']); $this->_authorize('thread', intval($fields['id'])); $asset = 'thread'; if ($fields['parent']) { //$asset = 'post'; } $moving = false; // Already present if ($fields['id']) { if ($post->get('created_by') == User::get('id')) { $this->params->set('access-edit-' . $asset, true); } // Determine if we are moving the category for email suppression if ($post->get('category_id') != $fields['category_id']) { $moving = true; } $fields['modified'] = \Date::toSql(); $fields['modified_by'] = User::get('id'); } if (!$this->params->get('access-edit-thread') && !$this->params->get('access-create-thread')) { App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=forum'), Lang::txt('PLG_GROUPS_FORUM_NOT_AUTHORIZED'), 'warning'); } // Bind data $post->set($fields); // Make sure the thread exists and is accepting new posts if ($post->get('parent') && isset($fields['thread'])) { $thread = Post::oneOrFail($fields['thread']); if (!$thread->get('id') || $thread->get('closed')) { Notify::error(Lang::txt('PLG_GROUPS_FORUM_ERROR_THREAD_CLOSED')); return $this->editthread($post); } } if (!$post->get('category_id')) { Notify::error(Lang::txt('PLG_GROUPS_FORUM_ERROR_MISSING_CATEGORY')); return $this->editthread($post); } // Make sure the category exists and is accepting new posts $category = Category::oneOrFail($post->get('category_id')); if ($category->get('closed')) { Notify::error(Lang::txt('PLG_GROUPS_ERROR_CATEGORY_CLOSED')); return $this->editthread($post); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editthread($post); } // Upload if (!$this->upload($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editthread($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); // Set message if (!$fields['id']) { $message = Lang::txt('PLG_GROUPS_FORUM_POST_ADDED'); if (!$fields['parent']) { $message = Lang::txt('PLG_GROUPS_FORUM_THREAD_STARTED'); } } else { $message = $post->get('modified_by') ? Lang::txt('PLG_GROUPS_FORUM_POST_EDITED') : Lang::txt('PLG_GROUPS_FORUM_POST_ADDED'); } $section = $category->section(); $thread = Post::oneOrNew($post->get('thread')); // Disable notifications if ($fields['id'] && !Request::getInt('notify', 0)) { $moving = true; } // Email the group and insert email tokens to allow them to respond to group posts via email $params = Component::params('com_groups'); if ($params->get('email_comment_processing') && (isset($moving) && $moving == false)) { $thread->set('section', $section->get('alias')); $thread->set('category', $category->get('alias')); $post->set('section', $section->get('alias')); $post->set('category', $category->get('alias')); // Figure out who should be notified about this comment (all group members for now) $userIDsToEmail = array(); $memberoptions = false; if (file_exists(PATH_CORE . DS . 'plugins' . DS . 'groups' . DS . 'memberoptions' . DS . 'models' . DS . 'memberoption.php')) { include_once PATH_CORE . DS . 'plugins' . DS . 'groups' . DS . 'memberoptions' . DS . 'models' . DS . 'memberoption.php'; $memberoptions = true; } foreach ($this->members as $mbr) { //Look up user info $user = User::getInstance($mbr); if ($user->get('id') && $memberoptions) { // Find the user's group settings, do they want to get email (0 or 1)? $groupMemberOption = Plugins\Groups\Memberoptions\Models\Memberoption::oneByUserAndOption($this->group->get('gidNumber'), $user->get('id'), 'receive-forum-email'); $sendEmail = $groupMemberOption->get('optionvalue', 0); if ($sendEmail == 1) { $userIDsToEmail[] = $user->get('id'); } } } $allowEmailResponses = true; try { $encryptor = new \Hubzero\Mail\Token(); } catch (Exception $e) { $allowEmailResponses = false; } $from = array('name' => (!$post->get('anonymous') ? $post->creator->get('name', Lang::txt('PLG_GROUPS_FORUM_UNKNOWN')) : Lang::txt('PLG_GROUPS_FORUM_ANONYMOUS')) . ' @ ' . Config::get('sitename'), 'email' => Config::get('mailfrom'), 'replytoname' => Config::get('sitename'), 'replytoemail' => Config::get('mailfrom')); // Email each group member separately, each needs a user specific token foreach ($userIDsToEmail as $userID) { $unsubscribeLink = ''; $delimiter = ''; if ($allowEmailResponses) { $delimiter = '~!~!~!~!~!~!~!~!~!~!'; // Construct User specific Email ThreadToken // Version, type, userid, xforumid $token = $encryptor->buildEmailToken(1, 2, $userID, $post->get('thread', $post->get('id'))); // add unsubscribe link $unsubscribeToken = $encryptor->buildEmailToken(1, 3, $userID, $this->group->get('gidNumber')); $unsubscribeLink = rtrim(Request::base(), '/') . '/' . ltrim(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=forum&action=unsubscribe&t=' . $unsubscribeToken), DS); $from['replytoname'] = Lang::txt('PLG_GROUPS_FORUM_REPLYTO') . ' @ ' . Config::get('sitename'); $from['replytoemail'] = 'hgm-' . $token . '@' . $_SERVER['HTTP_HOST']; } $msg = array(); // create view object $eview = new \Hubzero\Mail\View(array('base_path' => __DIR__, 'name' => 'email', 'layout' => 'comment_plain')); // plain text $eview->set('delimiter', $delimiter)->set('unsubscribe', $unsubscribeLink)->set('group', $this->group)->set('section', $section)->set('category', $category)->set('thread', $thread)->set('post', $post); $plain = $eview->loadTemplate(false); $msg['plaintext'] = str_replace("\n", "\r\n", $plain); // HTML $eview->setLayout('comment_html'); $html = $eview->loadTemplate(); $msg['multipart'] = str_replace("\n", "\r\n", $html); $subject = Lang::txt('PLG_GROUPS_FORUM') . ': ' . $this->group->get('cn') . ' - ' . $thread->get('title'); if (!Event::trigger('xmessage.onSendMessage', array('group_message', $subject, $msg, $from, array($userID), $this->option, null, '', $this->group->get('gidNumber')))) { $this->setError(Lang::txt('GROUPS_ERROR_EMAIL_MEMBERS_FAILED')); } } } $url = $this->base . '&scope=' . $section->get('alias') . '/' . $category->get('alias') . '/' . $thread->get('id'); // Record the activity $recipients = array(['group', $this->group->get('gidNumber')], ['forum.' . $this->forum->get('scope'), $this->forum->get('scope_id')], ['user', $post->get('created_by')]); foreach ($this->group->get('managers') as $recipient) { $recipients[] = ['user', $recipient]; } $type = 'thread'; $desc = Lang::txt('PLG_GROUPS_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . $post->get('title') . '</a>'); // If this is a post in a thread and not the thread starter... if ($post->get('parent')) { $thread = isset($thread) ? $thread : Post::oneOrFail($post->get('thread')); $thread->set('last_activity', $fields['id'] ? $post->get('modified') : $post->get('created')); $thread->save(); $type = 'post'; $desc = Lang::txt('PLG_GROUPS_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), $post->get('id'), '<a href="' . Route::url($url) . '">' . $thread->get('title') . '</a>'); // If the parent post is not the same as the // thread starter (i.e., this is a reply) if ($post->get('parent') != $post->get('thread')) { $parent = Post::oneOrFail($post->get('parent')); $recipients[] = ['user', $parent->get('created_by')]; } } Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'forum.' . $type, 'scope_id' => $post->get('id'), 'anonymous' => $post->get('anonymous', 0), 'description' => $desc, 'details' => array('thread' => $post->get('thread'), 'url' => Route::url($url))], 'recipients' => $recipients]); // Set the redirect App::redirect(Route::url($url), $message, 'passed'); }