Exemplo n.º 1
0
 /**
  * Get all views & collections for a (user,group), grouped
  * by their accesslists as defined by the accessconf column
  *
  * @param integer $owner
  * @param integer $group
  *
  * @return array
  */
 public static function get_accesslists($owner = null, $group = null, $institution = null)
 {
     require_once 'institution.php';
     if (!is_null($owner) && !is_array($owner) && $owner > 0) {
         $ownerobj = new User();
         $ownerobj->find_by_id($owner);
     }
     $data = array();
     list($data['collections'], $data['views']) = self::get_views_and_collections($owner, $group, $institution);
     // Remember one representative viewid in each collection
     $viewindex = array();
     // Add strings to describe startdate/stopdate access overrides
     foreach ($data['collections'] as &$c) {
         $view = current($c['views']);
         $viewindex[$view['id']] = array('type' => 'collections', 'id' => $c['id']);
         $c['access'] = self::access_override_description($view);
         $c['viewid'] = $view['id'];
     }
     foreach ($data['views'] as &$v) {
         $viewindex[$v['id']] = array('type' => 'views', 'id' => $v['id']);
         $v['access'] = self::access_override_description($v);
         $v['viewid'] = $v['id'];
     }
     if (empty($viewindex)) {
         return $data;
     }
     // Get view_access records, apart from those with visible = 0 (system access records)
     $accessgroups = get_records_sql_array('
         SELECT va.*, g.grouptype, g.name, g.urlid
         FROM {view_access} va LEFT OUTER JOIN {group} g ON (g.id = va.group AND g.deleted = 0)
         WHERE va.view IN (' . join(',', array_keys($viewindex)) . ') AND va.visible = 1
         ORDER BY va.view, va.accesstype, g.grouptype, va.role, g.name, va.group, va.usr', array());
     if (!$accessgroups) {
         return $data;
     }
     if (!function_exists('is_probationary_user')) {
         require_once get_config('libroot') . 'antispam.php';
     }
     foreach ($accessgroups as $access) {
         // remove 'Public' from the list if the owner isn't allowed to have them
         if ($access->accesstype == 'public' && (get_config('allowpublicviews') != 1 || isset($ownerobj) && !$ownerobj->institution_allows_public_views() || isset($ownerobj) && is_probationary_user($ownerobj->id))) {
             continue;
         }
         $vi = $viewindex[$access->view];
         // Just count secret urls.
         if ($access->token) {
             if (!isset($data[$vi['type']][$vi['id']]['secreturls'])) {
                 $data[$vi['type']][$vi['id']]['secreturls'] = 0;
             }
             $data[$vi['type']][$vi['id']]['secreturls']++;
             continue;
         }
         $key = null;
         if ($access->usr) {
             $access->accesstype = 'user';
             $access->id = $access->usr;
         } else {
             if ($access->group) {
                 $access->accesstype = 'group';
                 $access->id = $access->group;
                 if ($access->role) {
                     $access->roledisplay = get_string($access->role, 'grouptype.' . $access->grouptype);
                 }
                 $access->groupurl = group_homepage_url((object) array('id' => $access->group, 'urlid' => $access->urlid));
             } else {
                 if ($access->institution) {
                     $access->accesstype = 'institution';
                     $access->id = $access->institution;
                     $access->name = institution_display_name($access->institution);
                 } else {
                     $key = $access->accesstype;
                 }
             }
         }
         if ($key) {
             if (!isset($data[$vi['type']][$vi['id']]['accessgroups'][$key])) {
                 $data[$vi['type']][$vi['id']]['accessgroups'][$key] = (array) $access;
             }
         } else {
             $data[$vi['type']][$vi['id']]['accessgroups'][] = (array) $access;
         }
     }
     return $data;
 }
Exemplo n.º 2
0
/**
 * Get raw results for webservices log search
 *
 * @param object $search - see build_webservice_log_search_results() for
 *                         list of variables
 */
function get_log_search_results($search)
{
    $sort = 'TRUE';
    if (preg_match('/^[a-zA-Z_0-9"]+$/', $search->sortby)) {
        $sort = $search->sortby;
        if (strtoupper($search->sortdir) != 'DESC') {
            $sort .= ' ASC';
        } else {
            $sort .= ' DESC';
        }
    }
    $where = '';
    $ilike = db_ilike();
    $wheres = array();
    $params = array();
    if ($search->protocol != 'all') {
        $wheres[] = ' el.protocol = ? ';
        $params[] = $search->protocol;
    }
    if ($search->authtype != 'all') {
        $wheres[] = ' el.auth = ? ';
        $params[] = $search->authtype;
    }
    if ($search->institution != 'all') {
        $wheres[] = ' el.institution = ? ';
        $params[] = $search->institution;
    }
    if ($search->onlyerrors == 1) {
        $wheres[] = ' TRIM(el.info) > \' \' ';
    }
    if ($search->userquery) {
        $userwheres = array();
        $terms = split_query_string(strtolower(trim($search->userquery)));
        foreach ($terms as $term) {
            foreach (array('u.username', 'u.firstname', 'u.lastname') as $tests) {
                $userwheres[] = ' ' . $tests . ' ' . $ilike . ' \'%' . addslashes($term) . '%\'';
            }
        }
        if (!empty($userwheres)) {
            $wheres[] = ' ( ' . implode(' OR ', $userwheres) . ' ) ';
        }
    }
    if ($search->functionquery) {
        $functionwheres = array();
        $terms = split_query_string(strtolower(trim($search->functionquery)));
        foreach ($terms as $term) {
            $functionwheres[] = ' el.functionname ' . $ilike . ' \'%' . addslashes($term) . '%\'';
        }
        if (!empty($functionwheres)) {
            $wheres[] = ' ( ' . implode(' OR ', $functionwheres) . ' ) ';
        }
    }
    if (empty($wheres)) {
        $wheres[] = ' TRUE ';
    }
    $where = ' WHERE ' . implode(' AND ', $wheres);
    $count = count_records_sql('
            SELECT  COUNT(*)
            FROM {external_services_logs} el
            JOIN {usr} u
                ON el.userid = u.id
            ' . $where, $params);
    $data = get_records_sql_array('
            SELECT  u.username,
                    u.firstname,
                    u.lastname,
                    u.email,
                    el.*
            FROM {external_services_logs} el
            JOIN {usr} u
                ON el.userid = u.id
            ' . $where . ' ORDER BY ' . $search->sortby, $params, $search->offset);
    $results = array('count' => $count, 'limit' => $search->limit, 'offset' => $search->offset, 'data' => array());
    if (!empty($data)) {
        foreach ($data as $row) {
            $row->timelogged = format_date($row->timelogged, 'strftimedatetime');
            $row->institution = institution_display_name($row->institution);
            $results['data'][] = (array) $row;
        }
    }
    return $results;
}
Exemplo n.º 3
0
 /**
  * Grab a delegate object for auth stuff
  */
 public function request_user_authorise($token, $remotewwwroot)
 {
     global $USER, $SESSION;
     $this->must_be_ready();
     $peer = get_peer($remotewwwroot);
     if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) {
         throw new XmlrpcClientException('We don\'t accept SSO connections from ' . institution_display_name($peer->institution));
     }
     $client = new Client();
     $client->set_method('auth/mnet/auth.php/user_authorise')->add_param($token)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($remotewwwroot);
     $remoteuser = (object) $client->response;
     if (empty($remoteuser) or !property_exists($remoteuser, 'username')) {
         // Caught by land.php
         throw new AccessDeniedException();
     }
     $create = false;
     $update = false;
     if ('1' == $this->config['updateuserinfoonlogin']) {
         $update = true;
     }
     // Retrieve a $user object. If that fails, create a blank one.
     try {
         $user = new User();
         if (get_config('usersuniquebyusername')) {
             // When turned on, this setting means that it doesn't matter
             // which other application the user SSOs from, they will be
             // given the same account in Mahara.
             //
             // This setting is one that has security implications unless
             // only turned on by people who know what they're doing. In
             // particular, every system linked to Mahara should be making
             // sure that same username == same person.  This happens for
             // example if two Moodles are using the same LDAP server for
             // authentication.
             //
             // If this setting is on, it must NOT be possible to self
             // register on the site for ANY institution - otherwise users
             // could simply pick usernames of people's accounts they wished
             // to steal.
             if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) {
                 log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n  " . join("\n  ", $institutions));
                 throw new AccessDeniedException();
             }
             if (!get_config('usersallowedmultipleinstitutions')) {
                 log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options");
                 throw new AccessDeniedException();
             }
             $user->find_by_username($remoteuser->username);
         } else {
             $user->find_by_instanceid_username($this->instanceid, $remoteuser->username, true);
         }
         if ($user->get('suspendedcusr')) {
             die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
         }
     } catch (AuthUnknownUserException $e) {
         if (!empty($this->config['weautocreateusers'])) {
             $institution = new Institution($this->institution);
             if ($institution->isFull()) {
                 $institution->send_admin_institution_is_full_message();
                 throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full');
             }
             $user = new User();
             $create = true;
         } else {
             log_debug("User authorisation request from {$remotewwwroot} failed - " . "remote user '{$remoteuser->username}' is unknown to us and auto creation of users is turned off");
             return false;
         }
     }
     /*******************************************/
     if ($create) {
         $user->passwordchange = 1;
         $user->active = 1;
         $user->deleted = 0;
         //TODO: import institution's expiry?:
         //$institution = new Institution($peer->institution);
         $user->expiry = null;
         $user->expirymailsent = 0;
         $user->lastlogin = time();
         $user->firstname = $remoteuser->firstname;
         $user->lastname = $remoteuser->lastname;
         $user->email = $remoteuser->email;
         $imported = array('firstname', 'lastname', 'email');
         //TODO: import institution's per-user-quota?:
         //$user->quota              = $userrecord->quota;
         $user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent;
         db_begin();
         $user->username = get_new_username($remoteuser->username);
         $user->id = create_user($user, array(), $this->institution, $this, $remoteuser->username);
         $locked = $this->import_user_settings($user, $remoteuser);
         $locked = array_merge($imported, $locked);
         /*
          * We need to convert the object to a stdclass with its own
          * custom method because it uses overloaders in its implementation
          * and its properties wouldn't be visible to a simple cast operation
          * like (array)$user
          */
         $userobj = $user->to_stdclass();
         $userarray = (array) $userobj;
         db_commit();
         // Now we have fired the create event, we need to re-get the data
         // for this user
         $user = new User();
         $user->find_by_id($userobj->id);
     } elseif ($update) {
         $imported = array('firstname', 'lastname', 'email');
         foreach ($imported as $field) {
             if ($user->{$field} != $remoteuser->{$field}) {
                 $user->{$field} = $remoteuser->{$field};
                 set_profile_field($user->id, $field, $user->{$field});
             }
         }
         if (isset($remoteuser->idnumber)) {
             if ($user->studentid != $remoteuser->idnumber) {
                 $user->studentid = $remoteuser->idnumber;
                 set_profile_field($user->id, 'studentid', $user->studentid);
             }
             $imported[] = 'studentid';
         }
         $locked = $this->import_user_settings($user, $remoteuser);
         $locked = array_merge($imported, $locked);
         $user->lastlastlogin = $user->lastlogin;
         $user->lastlogin = time();
         //TODO: import institution's per-user-quota?:
         //$user->quota              = $userrecord->quota;
         $user->commit();
     }
     if (get_config('usersuniquebyusername')) {
         // Add them to the institution they have SSOed in by
         $user->join_institution($peer->institution);
     }
     // See if we need to create/update a profile Icon image
     if ($create || $update) {
         $client->set_method('auth/mnet/auth.php/fetch_user_image')->add_param($remoteuser->username)->send($remotewwwroot);
         $imageobject = (object) $client->response;
         $u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username);
         $filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u;
         if (array_key_exists('f1', $client->response)) {
             $imagecontents = base64_decode($client->response['f1']);
             if (file_put_contents($filename, $imagecontents)) {
                 $imageexists = false;
                 $icons = false;
                 if ($update) {
                     $newchecksum = sha1_file($filename);
                     $icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
                     if (false != $icons) {
                         foreach ($icons as $icon) {
                             $iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $icon->id % 256 . '/' . $icon->id;
                             $checksum = sha1_file($iconfile);
                             if ($newchecksum == $checksum) {
                                 $imageexists = true;
                                 unlink($filename);
                                 break;
                             }
                         }
                     }
                 }
                 if (false == $imageexists) {
                     $filesize = filesize($filename);
                     if (!$user->quota_allowed($filesize)) {
                         $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
                     }
                     require_once 'file.php';
                     $imagesize = getimagesize($filename);
                     if (!$imagesize || !is_image_type($imagesize[2])) {
                         $error = get_string('filenotimage');
                     }
                     $mime = $imagesize['mime'];
                     $width = $imagesize[0];
                     $height = $imagesize[1];
                     $imagemaxwidth = get_config('imagemaxwidth');
                     $imagemaxheight = get_config('imagemaxheight');
                     if ($width > $imagemaxwidth || $height > $imagemaxheight) {
                         $error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight);
                     }
                     try {
                         $user->quota_add($filesize);
                     } catch (QuotaException $qe) {
                         $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
                     }
                     require_once get_config('docroot') . '/artefact/lib.php';
                     require_once get_config('docroot') . '/artefact/file/lib.php';
                     // Entry in artefact table
                     $artefact = new ArtefactTypeProfileIcon();
                     $artefact->set('owner', $user->id);
                     $artefact->set('parent', ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $user->id));
                     $artefact->set('title', ArtefactTypeFileBase::get_new_file_title(get_string('profileicon', 'artefact.file'), (int) $artefact->get('parent'), $user->id));
                     // unique title
                     $artefact->set('description', get_string('uploadedprofileicon', 'artefact.file'));
                     $artefact->set('note', get_string('profileicon', 'artefact.file'));
                     $artefact->set('size', $filesize);
                     $artefact->set('filetype', $mime);
                     $artefact->set('width', $width);
                     $artefact->set('height', $height);
                     $artefact->commit();
                     $id = $artefact->get('id');
                     // Move the file into the correct place.
                     $directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/';
                     check_dir_exists($directory);
                     rename($filename, $directory . $id);
                     if ($create || empty($icons)) {
                         $user->profileicon = $id;
                     }
                 }
                 $user->commit();
             } else {
                 log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename));
             }
         }
         if ($update) {
             $locked[] = 'profileicon';
         }
     }
     /*******************************************/
     // We know who our user is now. Bring her back to life.
     $USER->reanimate($user->id, $this->instanceid);
     // Set session variables to let the application know this session was
     // initiated by MNET. Don't forget that users could initiate their
     // sessions without MNET sometimes, which is why this data is stored in
     // the session object.
     $SESSION->set('mnetuser', $user->id);
     $SESSION->set('authinstance', $this->instanceid);
     if (isset($_SERVER['HTTP_REFERER'])) {
         $SESSION->set('mnetuserfrom', $_SERVER['HTTP_REFERER']);
     }
     if ($update && isset($locked)) {
         $SESSION->set('lockedfields', $locked);
     }
     return true;
 }
Exemplo n.º 4
0
$subsectionheading = false;
$institutionname = $groupid = null;
if ($institutionname = param_alphanum('institution', null)) {
    require_once get_config('libroot') . 'institution.php';
    $section = 'institution';
    if ($institutionname == 'mahara') {
        if (!$USER->get('admin')) {
            throw new AccessDeniedException(get_string('youarenotasiteadmin', 'artefact.blog'));
        }
        $section = 'site';
    } else {
        if (!$USER->get('admin') && !$USER->is_institutional_admin($institutionname)) {
            throw new AccessDeniedException(get_string('youarenotanadminof', 'artefact.blog', $institutionname));
        }
    }
    define('TITLE', get_string('newblog' . $section, 'artefact.blog', institution_display_name($institutionname)) . ': ' . get_string('blogsettings', 'artefact.blog'));
    PluginArtefactBlog::set_blog_nav(true, $institutionname);
} else {
    if ($groupid = param_alphanum('group', null)) {
        require_once 'group.php';
        $group = get_record('group', 'id', $groupid, 'deleted', 0);
        $USER->reset_grouproles();
        if (!isset($USER->grouproles[$group->id])) {
            throw new AccessDeniedException(get_string('youarenotamemberof', 'artefact.blog', $group->name));
        }
        if (!group_role_can_edit_views($groupid, $USER->grouproles[$group->id])) {
            throw new AccessDeniedException(get_string('youarenotaneditingmemberof', 'artefact.blog', $group->name));
        }
        $subsectionheading = get_string('newblog', 'artefact.blog');
        define('TITLE', $group->name);
        PluginArtefactBlog::set_blog_nav(false, null, $groupid);
Exemplo n.º 5
0
/**
 * creates the profile sideblock
 */
function profile_sideblock()
{
    global $USER, $SESSION;
    safe_require('notification', 'internal');
    require_once 'group.php';
    require_once 'institution.php';
    $data = array('id' => $USER->get('id'), 'myname' => display_name($USER, null, true), 'username' => $USER->get('username'), 'url' => profile_url($USER), 'profileiconurl' => get_config('wwwroot') . 'artefact/file/profileicons.php');
    $authinstance = $SESSION->get('mnetuser') ? $SESSION->get('authinstance') : $USER->get('authinstance');
    if ($authinstance) {
        $authobj = AuthFactory::create($authinstance);
        if ($authobj->authname == 'xmlrpc') {
            $peer = get_peer($authobj->wwwroot);
            if ($SESSION->get('mnetuser')) {
                $data['mnetloggedinfrom'] = get_string('youhaveloggedinfrom', 'auth.xmlrpc', $authobj->wwwroot, institution_display_name($peer->institution));
            } else {
                $data['peer'] = array('name' => $peer->name, 'wwwroot' => $peer->wwwroot);
            }
        }
    }
    $invitedgroups = get_records_sql_array('SELECT g.*, gmi.ctime, gmi.reason
             FROM {group} g
             JOIN {group_member_invite} gmi ON gmi.group = g.id
             WHERE gmi.member = ? AND g.deleted = ?', array($USER->get('id'), 0));
    $data['invitedgroups'] = $invitedgroups ? count($invitedgroups) : 0;
    $data['invitedgroupsmessage'] = $data['invitedgroups'] == 1 ? get_string('invitedgroup') : get_string('invitedgroups');
    $data['pendingfriends'] = count_records('usr_friend_request', 'owner', $USER->get('id'));
    $data['pendingfriendsmessage'] = $data['pendingfriends'] == 1 ? get_string('pendingfriend') : get_string('pendingfriends');
    // Check if we want to limit the displayed groups by the account setting
    $limitto = null;
    $limit = $USER->get_account_preference('groupsideblockmaxgroups');
    if (isset($limit) && is_numeric($limit)) {
        $limitto = intval($limit);
    }
    $sort = null;
    if ($sortorder = $USER->get_account_preference('groupsideblocksortby')) {
        $sort = $sortorder;
    }
    if ($limitto === null) {
        $data['groups'] = group_get_user_groups($USER->get('id'), null, $sort);
        $total = count($data['groups']);
    } else {
        if ($limitto === 0) {
            $data['groups'] = null;
        } else {
            list($data['groups'], $total) = group_get_user_groups($USER->get('id'), null, $sort, $limitto);
        }
    }
    $limitstr = '';
    if (!empty($limitto) && $limitto < $total) {
        switch ($sort) {
            case 'earliest':
                $limitstr = get_string('numberofmygroupsshowingearliest', 'blocktype.mygroups', $limitto, $total);
                break;
            case 'latest':
                $limitstr = get_string('numberofmygroupsshowinglatest', 'blocktype.mygroups', $limitto, $total);
                break;
            default:
                $limitstr = get_string('numberofmygroupsshowing', 'blocktype.mygroups', $limitto, $total);
                break;
        }
    }
    $data['grouplimitstr'] = $limitstr;
    $data['views'] = get_records_sql_array('SELECT v.id, v.title, v.urlid, v.owner
        FROM {view} v
        INNER JOIN {view_tag} vt ON (vt.tag = ? AND vt.view = v.id)
        WHERE v.owner = ?
        ORDER BY v.title', array(get_string('profile'), $USER->get('id')));
    if ($data['views']) {
        require_once 'view.php';
        foreach ($data['views'] as $v) {
            $view = new View(0, (array) $v);
            $view->set('dirty', false);
            $v->fullurl = $view->get_url();
        }
    }
    $data['artefacts'] = get_records_sql_array('SELECT a.id, a.artefacttype, a.title
         FROM {artefact} a
         INNER JOIN {artefact_tag} at ON (a.id = at.artefact AND tag = ?)
         WHERE a.owner = ?
         ORDER BY a.title', array(get_string('profile'), $USER->get('id')));
    if (!empty($data['artefacts'])) {
        // check if we have any blogposts and fetch their blog id if we do
        foreach ($data['artefacts'] as $key => $value) {
            if ($value->artefacttype == 'blogpost') {
                $value->blogid = get_field('artefact', 'parent', 'id', $value->id);
            }
        }
    }
    return $data;
}
Exemplo n.º 6
0
/**
 * creates the profile sideblock
 */
function profile_sideblock()
{
    global $USER, $SESSION;
    safe_require('notification', 'internal');
    require_once 'group.php';
    require_once 'institution.php';
    $data = array('id' => $USER->get('id'), 'myname' => display_name($USER, null, true), 'username' => $USER->get('username'), 'url' => profile_url($USER), 'profileiconurl' => get_config('wwwroot') . 'artefact/file/profileicons.php');
    $authinstance = $SESSION->get('mnetuser') ? $SESSION->get('authinstance') : $USER->get('authinstance');
    if ($authinstance) {
        $authobj = AuthFactory::create($authinstance);
        if ($authobj->authname == 'xmlrpc') {
            $peer = get_peer($authobj->wwwroot);
            if ($SESSION->get('mnetuser')) {
                $data['mnetloggedinfrom'] = get_string('youhaveloggedinfrom', 'auth.xmlrpc', $authobj->wwwroot, institution_display_name($peer->institution));
            } else {
                $data['peer'] = array('name' => $peer->name, 'wwwroot' => $peer->wwwroot);
            }
        }
    }
    $invitedgroups = get_records_sql_array('SELECT g.*, gmi.ctime, gmi.reason
             FROM {group} g
             JOIN {group_member_invite} gmi ON gmi.group = g.id
             WHERE gmi.member = ? AND g.deleted = ?', array($USER->get('id'), 0));
    $data['invitedgroups'] = $invitedgroups ? count($invitedgroups) : 0;
    $data['invitedgroupsmessage'] = $data['invitedgroups'] == 1 ? get_string('invitedgroup') : get_string('invitedgroups');
    $data['pendingfriends'] = count_records('usr_friend_request', 'owner', $USER->get('id'));
    $data['pendingfriendsmessage'] = $data['pendingfriends'] == 1 ? get_string('pendingfriend') : get_string('pendingfriends');
    $data['groups'] = group_get_user_groups($USER->get('id'));
    $data['views'] = get_records_sql_array('SELECT v.id, v.title, v.urlid, v.owner
        FROM {view} v
        INNER JOIN {view_tag} vt ON (vt.tag = ? AND vt.view = v.id)
        WHERE v.owner = ?
        ORDER BY v.title', array(get_string('profile'), $USER->get('id')));
    if ($data['views']) {
        require_once 'view.php';
        foreach ($data['views'] as $v) {
            $view = new View(0, (array) $v);
            $view->set('dirty', false);
            $v->fullurl = $view->get_url();
        }
    }
    $data['artefacts'] = get_records_sql_array('SELECT a.id, a.artefacttype, a.title
         FROM {artefact} a
         INNER JOIN {artefact_tag} at ON (a.id = at.artefact AND tag = ?)
         WHERE a.owner = ?
         ORDER BY a.title', array(get_string('profile'), $USER->get('id')));
    return $data;
}
Exemplo n.º 7
0
define('SECTION_PLUGINNAME', 'blog');
define('SECTION_PAGE', 'new');
require dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php';
require_once 'license.php';
require_once 'pieforms/pieform.php';
safe_require('artefact', 'blog');
$section = false;
if ($institutionname = param_alphanum('institution', null)) {
    require_once get_config('libroot') . 'institution.php';
    $section = 'institution';
    if ($institutionname == 'mahara') {
        $section = 'site';
    }
    PluginArtefactBlog::set_blog_nav(true, $institutionname);
}
$title = $section == 'institution' ? get_string('newblog' . $section, 'artefact.blog', institution_display_name($institutionname)) : get_string('newblog' . $section, 'artefact.blog');
define('TITLE', $title . ': ' . get_string('blogsettings', 'artefact.blog'));
$form = array('name' => 'newblog', 'method' => 'post', 'action' => '', 'plugintype' => 'artefact', 'pluginname' => 'blog', 'elements' => array('title' => array('type' => 'text', 'title' => get_string('blogtitle', 'artefact.blog'), 'description' => get_string('blogtitledesc', 'artefact.blog'), 'rules' => array('required' => true)), 'description' => array('type' => 'wysiwyg', 'rows' => 10, 'cols' => 70, 'title' => get_string('blogdesc', 'artefact.blog'), 'description' => get_string('blogdescdesc', 'artefact.blog'), 'rules' => array('maxlength' => 65536, 'required' => false)), 'tags' => array('type' => 'tags', 'title' => get_string('tags'), 'description' => get_string('tagsdescprofile'), 'help' => true), 'license' => license_form_el_basic(null), 'licensing_advanced' => license_form_el_advanced(null), 'submit' => array('type' => 'submitcancel', 'class' => 'btn-success', 'value' => array(get_string('createblog', 'artefact.blog'), get_string('cancel', 'artefact.blog')))));
$form['elements']['institution'] = array('type' => 'hidden', 'value' => $institutionname ? $institutionname : 0);
$form = pieform($form);
$smarty =& smarty();
$smarty->assign_by_ref('form', $form);
$smarty->assign('PAGEHEADING', TITLE);
$smarty->display('form.tpl');
exit;
/**
 * This function gets called to submit the new blog.
 *
 * @param array
 */
function newblog_submit(Pieform $form, $values)
Exemplo n.º 8
0
/**
 * Provides an element to manage a view ACL
 *
 * @param array    $element The element to render
 * @param Pieform  $form    The form to render the element for
 * @return string           The HTML for the element
 */
function pieform_element_viewacl(Pieform $form, $element)
{
    global $USER, $SESSION, $LANGDIRECTION;
    $strlen = function_exists('mb_strlen') ? 'mb_strlen' : 'strlen';
    $smarty = smarty_core();
    $smarty->left_delimiter = '{{';
    $smarty->right_delimiter = '}}';
    $value = $form->get_value($element);
    // Look for the presets and split them into two groups
    require_once get_config('libroot') . 'antispam.php';
    $public = false;
    if (is_probationary_user()) {
        $public = false;
    } else {
        if (get_config('allowpublicviews') && $USER->institution_allows_public_views()) {
            $public = true;
        } else {
            if (get_config('allowpublicprofiles') && $element['viewtype'] == 'profile') {
                $public = true;
            }
        }
    }
    $allpresets = array('public', 'loggedin', 'friends');
    $allowedpresets = array();
    $loggedinindex = 0;
    if ($public) {
        $allowedpresets[] = 'public';
        $loggedinindex = 1;
    }
    $allowedpresets[] = 'loggedin';
    if ($form->get_property('userview')) {
        $allowedpresets[] = 'friends';
    }
    $accesslist = array();
    if ($value) {
        foreach ($value as $item) {
            if (is_array($item)) {
                if ($item['type'] == 'public') {
                    $item['publicallowed'] = (int) $public;
                }
                if (in_array($item['type'], $allpresets)) {
                    $item['name'] = get_string($item['type'] == 'loggedin' ? 'registeredusers' : $item['type'], 'view');
                    $item['preset'] = true;
                } else {
                    $item['name'] = pieform_render_viewacl_getvaluebytype($item['type'], $item['id']);
                }
                if ($strlen($item['name']) > 30) {
                    $item['shortname'] = str_shorten_text($item['name'], 30, true);
                }
                $datetimeformat = get_string('pieform_calendar_dateformat', 'langconfig') . ' ' . get_string('pieform_calendar_timeformat', 'langconfig');
                $rawstopdate = array_key_exists('stopdate', $item) ? $item['stopdate'] : null;
                foreach (array('startdate', 'stopdate') as $datetype) {
                    if (empty($item[$datetype])) {
                        unset($item[$datetype]);
                    } else {
                        $item[$datetype] = Pieform::hsc(strftime($datetimeformat, $item[$datetype]));
                    }
                }
                // only show access that is still current. Expired access will be deleted if the form is saved
                if ($form->is_submitted() || !$rawstopdate || time() <= $rawstopdate) {
                    $accesslist[] = $item;
                }
                if (!empty($item['locked'])) {
                    $allowedpresets = array_values(array_diff($allowedpresets, array($item['type'])));
                }
            }
        }
    }
    $defaultaccesslist = $accesslist ? 0 : 1;
    $myinstitutions = array();
    if ($USER->get('admin')) {
        $institutions = array();
        // Allow site admins to choose to share with the institution
        // that the first selected view/collection belongs to
        $viewid = $form->get_property('viewid');
        $view = new View($viewid);
        $institution = $view->get('institution');
        if ($institution) {
            $institutions = array($institution => (object) array('institution' => $institution, 'displayname' => institution_display_name($institution)));
        }
    } else {
        $institutions = $USER->get('institutions');
    }
    foreach ($institutions as $i) {
        $myinstitutions[] = array('type' => 'institution', 'id' => $i->institution, 'start' => null, 'end' => null, 'name' => hsc($i->displayname), 'preset' => false);
    }
    foreach ($allowedpresets as &$preset) {
        $preset = array('type' => $preset, 'id' => $preset, 'start' => null, 'end' => null, 'name' => get_string($preset == 'loggedin' ? 'registeredusers' : $preset, 'view'), 'preset' => true);
    }
    $allgroups = array('type' => 'allgroups', 'id' => 'allgroups', 'start' => null, 'end' => null, 'name' => get_string('allmygroups', 'group'), 'preset' => true);
    $mygroups = array();
    foreach (group_get_user_groups($USER->get('id')) as $g) {
        $group = array('type' => 'group', 'id' => $g->id, 'start' => null, 'end' => null, 'name' => $g->name, 'preset' => false);
        if ($strlen($g->name) > 30) {
            $group['shortname'] = str_shorten_text($g->name, 30, true);
        }
        $mygroups[] = $group;
    }
    $faves = array();
    foreach (get_user_favorites($USER->get('id')) as $u) {
        $fave = array('type' => 'user', 'id' => $u->id, 'start' => null, 'end' => null, 'name' => $u->name, 'preset' => false);
        if ($strlen($u->name) > 30) {
            $fave['shortname'] = str_shorten_text($u->name, 30, true);
        }
        $faves[] = $fave;
    }
    require_once get_config('libroot') . 'pieforms/pieform/elements/calendar.php';
    $options = array('stepHour' => 1, 'stepMinute' => 5);
    $options = pieform_element_calendar_get_lang_strings($options, $LANGDIRECTION);
    $datepickeroptionstr = '';
    foreach ($options as $key => $option) {
        if (is_numeric($option)) {
            $datepickeroptionstr .= $key . ': ' . $option . ',';
        } else {
            if (is_array($option)) {
                foreach ($option as $k => $v) {
                    if (!is_numeric($v)) {
                        if (preg_match('/^\'(.*)\'$/', $v, $match)) {
                            $v = $match[1];
                        }
                        $option[$k] = json_encode($v);
                    }
                }
                $option = '[' . implode(',', $option) . ']';
                $datepickeroptionstr .= $key . ': ' . $option . ',';
            } else {
                $datepickeroptionstr .= $key . ': ' . json_encode($option) . ',';
            }
        }
    }
    $smarty->assign('datepickeroptions', $datepickeroptionstr);
    $smarty->assign('viewtype', $element['viewtype']);
    $smarty->assign('potentialpresets', json_encode($allowedpresets));
    $smarty->assign('loggedinindex', $loggedinindex);
    $smarty->assign('accesslist', json_encode($accesslist));
    $smarty->assign('defaultaccesslist', $defaultaccesslist);
    $smarty->assign('viewid', $form->get_property('viewid'));
    $smarty->assign('formname', $form->get_property('name'));
    $smarty->assign('myinstitutions', json_encode($myinstitutions));
    $smarty->assign('allowcomments', $element['allowcomments']);
    $smarty->assign('allgroups', json_encode($allgroups));
    $smarty->assign('mygroups', json_encode($mygroups));
    $smarty->assign('faves', json_encode($faves));
    return $smarty->fetch('form/viewacl.tpl');
}