require_once get_config('libroot') . 'objectionable.php';
require_once 'institution.php';
require_once 'group.php';
safe_require('artefact', 'comment');
safe_require('artefact', 'file');
// access key for roaming teachers
$mnettoken = $SESSION->get('mnetuser') ? param_alphanum('mt', null) : null;
// access key for logged out users
$usertoken = is_null($mnettoken) && get_config('allowpublicviews') ? param_alphanum('t', null) : null;
if ($mnettoken) {
if (!($viewid = get_view_from_token($mnettoken, false))) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
} else {
if ($usertoken) {
if (!($viewid = get_view_from_token($usertoken, true))) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
} else {
if ($pageurl = param_alphanumext('page', null)) {
if ($profile = param_alphanumext('profile', null)) {
$view = new View(array('urlid' => $pageurl, 'ownerurlid' => $profile));
} else {
if ($homepage = param_alphanumext('homepage', null)) {
$view = new View(array('urlid' => $pageurl, 'groupurlid' => $homepage));
} else {
throw new ViewNotFoundException(get_string('viewnotfoundexceptiontitle', 'error'));
}
}
$viewid = $view->get('id');
} else {
}
} else {
if ($group) {
$smarty->assign('ownerlink', 'group/view.php?id=' . $group);
}
}
// Provide a link for roaming teachers to return
if ($mnetviewlist = $SESSION->get('mnetviewaccess')) {
if (isset($mnetviewlist[$view->get('id')])) {
$returnurl = $SESSION->get('mnetuserfrom');
require_once get_config('docroot') . 'api/xmlrpc/lib.php';
if ($peer = get_peer_from_instanceid($SESSION->get('authinstance'))) {
$smarty->assign('mnethost', array('name' => $peer->name, 'url' => $returnurl ? $returnurl : $peer->wwwroot));
}
}
}
$anonfeedback = !$USER->is_logged_in() && ($usertoken || $viewid == get_view_from_token(get_cookie('viewaccess:' . $viewid)));
$smarty->assign('ownername', $view->formatted_owner());
$smarty->assign('streditviewbutton', $new ? get_string('backtocreatemyview', 'view') : get_string('editmyview', 'view'));
$smarty->assign('viewdescription', $view->get('description'));
$smarty->assign('viewcontent', $view->build_columns());
$smarty->assign('releaseform', $releaseform);
$smarty->assign('anonfeedback', $anonfeedback);
if ($USER->is_logged_in() || $anonfeedback) {
$smarty->assign('addfeedbackform', pieform(add_feedback_form($allowattachments)));
}
if ($USER->is_logged_in()) {
$smarty->assign('objectionform', pieform(objection_form()));
}
$smarty->assign('viewbeingwatched', $viewbeingwatched);
$smarty->display('view/view.tpl');
/**
* Given a view id, and a user id (defaults to currently logged in user if not
* specified) will return wether this user is allowed to look at this view.
*
* @param integer $view_id View ID to check
* @param integer $user_id User trying to look at the view (defaults to
* currently logged in user, or null if user isn't logged in)
* @param string $usertoken Key created by view owner for logged-out user access
* @param string $mnettoken Key created by mahara for teachers roaming from moodle
*
* @returns boolean Wether the specified user can look at the specified view.
*/
function can_view_view($view_id, $user_id = null, $usertoken = null, $mnettoken = null)
{
global $USER, $SESSION;
$now = time();
$dbnow = db_format_timestamp($now);
if ($user_id === null) {
$user_id = $USER->get('id');
}
$publicviews = get_config('allowpublicviews');
if ($publicviews) {
if (!$usertoken) {
$usertoken = get_cookie('viewaccess:' . $view_id);
}
if ($usertoken && (!$user_id || $user_id == $USER->get('id')) && $view_id == get_view_from_token($usertoken)) {
return true;
}
}
if (!$USER->is_logged_in()) {
// check public
$publicprofiles = get_config('allowpublicprofiles');
if ($publicviews || $publicprofiles) {
$public = get_record_sql("\n SELECT\n v.id, v.type, a.*\n FROM\n {view} v\n LEFT OUTER JOIN {view_access} a ON v.id = a.view\n WHERE\n v.id = ? AND a.accesstype = 'public'\n ", array($view_id));
return $public && ($publicviews && ($public->startdate == null || $public->startdate < $now) && ($public->stopdate == null || $public->stopdate > $now) || $publicprofiles && $public->type == 'profile');
}
return false;
}
// The user is logged in; they can see the view if
// - they can edit it, or
// - it has been submitted to them for assessment, or
// - they have been granted access via the edit view access page.
if ($SESSION->get('mnetuser')) {
if (!$mnettoken) {
$mnettoken = get_cookie('mviewaccess:' . $view_id);
}
if ($mnettoken && $view_id == get_view_from_token($mnettoken, false)) {
$mnetviewlist = $SESSION->get('mnetviewaccess');
if (empty($mnetviewlist)) {
$mnetviewlist = array();
}
$mnetviewlist[$view_id] = true;
$SESSION->set('mnetviewaccess', $mnetviewlist);
return true;
}
}
require_once get_config('docroot') . 'lib/view.php';
$view = new View($view_id);
if ($USER->can_edit_view($view)) {
return true;
}
if ($submitgroup = $view->get('submittedgroup')) {
require_once get_config('docroot') . 'lib/group.php';
if (group_user_can_assess_submitted_views($submitgroup, $user_id)) {
return true;
}
}
// Check access for loggedin, friends, user, group
$access = get_records_sql_array('
SELECT accesstype AS type,
CASE WHEN accesstype = \'friends\' THEN 4 ELSE 1 END AS typeorder,
' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . '
FROM {view_access}
WHERE view = ?
UNION
SELECT \'user\' AS type, 2 AS typeorder, ' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . '
FROM {view_access_usr}
WHERE view = ? AND usr = ?
UNION
SELECT \'group\' AS type, 3 AS typeorder, ' . db_format_tsfield('startdate') . ', ' . db_format_tsfield('stopdate') . '
FROM
{view_access_group} vg
INNER JOIN {group} g ON (vg.group = g.id AND g.deleted = 0)
INNER JOIN {group_member} m ON (g.id = m.group AND (vg.role IS NULL OR vg.role = m.role))
WHERE vg.view = ? AND m.member = ?
ORDER BY typeorder ', array($view_id, $view_id, $user_id, $view_id, $user_id));
if (empty($access)) {
return false;
}
foreach ($access as $a) {
if ($a->type == 'friends') {
$owner = $view->get('owner');
if (!get_field_sql('SELECT COUNT(*) FROM {usr_friend} f WHERE (usr1=? AND usr2=?) OR (usr1=? AND usr2=?)', array($owner, $user_id, $user_id, $owner))) {
continue;
}
}
if (($a->startdate == null || $a->startdate < $now) && ($a->stopdate == null || $a->stopdate > $now)) {
return true;
}
}
return false;
}
function add_feedback_form_validate(Pieform $form, $values)
{
global $USER, $view;
if (!$USER->is_logged_in()) {
$token = get_cookie('viewaccess:' . $view->get('id'));
if (!$token || get_view_from_token($token) != $view->get('id')) {
$form->set_error('message', get_string('placefeedbacknotallowed', 'view'));
}
}
}
array_unshift($artefactpath, array('url' => get_config('wwwroot') . 'view/artefact.php?artefact=' . $parent . '&view=' . $viewid, 'title' => $parentobj->display_title()));
}
$parent = $parentobj->get('parent');
}
$artefactpath[] = array('url' => '', 'title' => $artefact->display_title());
// Feedback
$javascript = <<<EOF
feedbacklist.view = {$viewid};
feedbacklist.artefact = {$artefactid};
feedbacklist.statevars.push('view', 'artefact');
feedbacklist.updateOnLoad();
EOF;
$smarty = smarty(array('mahara', 'tablerenderer', 'feedbacklist'), array('<link rel="stylesheet" type="text/css" href="' . get_config('wwwroot') . 'theme/views.css">'), array(), array('stylesheets' => array('style/views.css')));
$smarty->assign('artefact', $content);
$smarty->assign('artefactpath', $artefactpath);
$smarty->assign('INLINEJAVASCRIPT', $javascript);
$smarty->assign('viewid', $viewid);
$smarty->assign('viewtitle', $view->get('title'));
$viewowner = $view->get('owner');
if ($viewowner) {
$smarty->assign('ownerlink', 'user/view.php?id=' . $viewowner);
} else {
if ($view->get('group')) {
$smarty->assign('ownerlink', 'group/view.php?id=' . $view->get('group'));
}
}
$smarty->assign('ownername', $view->formatted_owner());
$smarty->assign('addfeedbackform', pieform(add_feedback_form(false)));
$smarty->assign('objectionform', pieform(objection_form()));
$smarty->assign('anonfeedback', !$USER->is_logged_in() && $viewid == get_view_from_token(get_cookie('viewaccess:' . $viewid)));
$smarty->display('view/artefact.tpl');
