mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 08:22:07 +02:00
Code Issues Projects Releases Wiki Activity

some more small fixes

Browse Source
This commit is contained in:
toyomoyo 2006-04-12 08:58:49 +00:00
parent fbec0acb3e
commit 6524adcffd
3 changed files with 51 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
blog/blogpage.php
View File

@ -9,7 +9,6 @@ define('PAGE_BLOG_VIEW', 'blog-view');
class page_blog extends page_base {
var $editing = false;
var $bloginfo = NULL;
var $courserecord = NULL;
var $courseid = NULL;
@ -49,7 +48,7 @@ class page_blog extends page_base {
}
// I need to determine how best to utilize this function. Most init
// is already done before we get here in blogFilter and blogInfo
//$this->bloginfo =& new BlogInfo($this->id);
if ($this->courseid == 0 || $this->courseid == 1 || !is_numeric($this->courseid) ) {
$this->courseid = '';
$courserecord = NULL;
@ -64,8 +63,6 @@ class page_blog extends page_base {
// For this test page, only admins are going to be allowed editing (for simplicity).
function user_allowed_editing() {
if (isloggedin() && !isguest()) {
//if (isadmin() || ((isset($this->bloginfo) && blog_user_has_rights($this->bloginfo))) || ($this->courseid != '' && isteacher($this->courseid)) ) {
return true;
}
return false;
@ -76,7 +73,6 @@ class page_blog extends page_base {
function user_is_editing() {
if (isloggedin() && !isguest()) {
//if (isadmin() || ((isset($this->bloginfo) && blog_user_has_rights($this->bloginfo))) || ($this->courseid != '' && isteacher($this->courseid)) ) {
global $SESSION;
if (empty($SESSION->blog_editing_enabled)) {
$SESSION->blog_editing_enabled = false;
@ -168,7 +164,7 @@ class page_blog extends page_base {
global $SESSION, $CFG, $USER;
$editformstring = '';
if (blog_isLoggedin()) {
if (isloggedin() && !isguest()) {
if (!empty($SESSION->blog_editing_enabled) && ($SESSION->blog_editing_enabled)) {
$editingString = get_string('turneditingoff');
} else {

45
blog/edit.php
View File

@ -23,39 +23,31 @@ if (isguest()) {
}
$userid = optional_param('userid', 0, PARAM_INT);
$editid = optional_param('editid', 0, PARAM_INT);
// make sure that the person trying to edit have access right
if ($editid = optional_param('editid', 0, PARAM_INT)) {
$blogEntry = get_record('post', 'id', $editid);
if (!blog_user_can_edit_post($blogEntry)) {
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
}
}
//check to see if there is a requested blog to edit
if (!empty($userid) && $userid != 0) {
if (blog_isLoggedIn() && $userid == $USER->id ) {
; // Daryl Hawes note: is this a placeholder for missing functionality?
}
} else if ( blog_isLoggedIn() ) {
if (isloggedin() && !isguest()) {
//the user is logged in and have not specified a blog - so they will be editing their own
//$tempBlogInfo = blog_user_bloginfo();
$userid = $USER->id;//$tempBlogInfo->userid;
$userid = $USER->id; //$tempBlogInfo->userid;
//unset($tempBlogInfo); //free memory from temp object - bloginfo will be created again in the included header
} else {
error(get_string('noblogspecified', 'blog') .'<a href="'. $CFG->blog_blogurl .'">' .get_string('viewentries', 'blog') .'</a>');
}
$pageNavigation = 'edit';
include($CFG->dirroot .'/blog/header.php');
//check if user is in blog's acl
if ( !blog_user_has_rights($editid) ) {
if ($editid != '') {
$blogEntry = get_record('post','id',$editid);
if (! (isteacher($blogEntry->$entryCourseId)) ) {
// error( get_string('notallowedtoedit'.' You do not teach in this course.', 'blog'), $CFG->wwwroot .'/login/index.php');
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
}
} else {
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
}
}
//////////// SECURITY AND SETUP COMPLETE - NOW PAGE LOGIC ///////////////////
if (isset($act) && ($act == 'del') && confirm_sesskey())
@ -64,16 +56,17 @@ if (isset($act) && ($act == 'del') && confirm_sesskey())
if (optional_param('confirm',0,PARAM_INT)) {
do_delete($postid);
} else {
/// prints blog entry and what confirmation form
echo '<div align="center"><form method="GET" action="edit.php">';
echo '<input type="hidden" name="act" value="del" />';
echo '<input type="hidden" name="confirm" value="1" />';
echo '<input type="hidden" name="editid" value="'.$postid.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
print_string('blogdeleteconfirm', 'blog');
$post = get_record('post', 'id', $postid);
blog_print_entry($post);
blog_print_entry($blogEntry);
echo '<br />';
echo '<input type="submit" value="'.get_string('delete').'" /> ';
echo ' <input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
@ -172,9 +165,9 @@ function do_delete($postid) {
// make sure this user is authorized to delete this entry.
// cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post.
// check ownership
$post = get_record('post','id',$postid);
$blogEntry = get_record('post','id',$postid);
if (($USER->id == $post->userid) || (blog_is_blog_admin($post->userid)) || (isadmin())) {
if (blog_user_can_edit($blogEntry)) {
if (delete_records('post','id',$postid)) {
//echo "bloginfo_arg:"; //debug

139
blog/lib.php
View File

@ -32,59 +32,6 @@
$SESSION->blog_editing_enabled = false;
}
/**
* blog_user_has_rights - returns true if user is the blog's owner or a moodle admin.
*
* @param BlogInfo blogInfo - a BlogInfo object passed by reference. This object represents the blog being accessed.
* @param int uid - numeric user id of the user whose rights are being tested against this blogInfo. If no uid is specified then the uid of the currently logged in user will be used.
*/
function blog_user_has_rights($entryID, $uid='') {
global $USER;
if ($uid == '') {
if ( isset($USER) && isset($USER->id) ) {
$uid = $USER->id;
}
}
if ($uid == '') {
//if uid is still empty then the user is not logged in
return false;
}
if (blog_is_blog_admin($uid) || isadmin()) {
return true;
}
$blogEntry = get_record('post','id',$entryID);
return ($blogEntry->userid == $uid);
}
/**
* Determines whether a user is an admin for a blog
* @param int $blog_userid The id of the blog being checked
*/
function blog_is_blog_admin($blog_userid) {
global $USER;
//moodle admins are admins
if (isadmin()) {
return true;
}
if ( empty($USER) || !isset($USER->id) ) {
return false;
}
if ( empty($blog_userid)) {
return true;
}
// Return true if the user is an admin for this blog
if ($blog_userid == $USER->id) {
return true;
} else {
return false;
}
}
/**
* Adaptation of isediting in moodlelib.php for blog module
* @return bool
@ -101,9 +48,10 @@
* This function is in lib and not in BlogInfo because entries being searched
* might be found in any number of blogs rather than just one.
*
* $@param BlogFilter blogFilter - a BlogFilter object containing the settings for finding appropriate entries for display
* $@param ...
*/
function blog_print_html_formatted_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $filtertype, $filterselect) {
global $CFG, $USER;
$blogpage = optional_param('blogpage', 0, PARAM_INT);
@ -115,14 +63,11 @@
$morelink = '<br />&nbsp;&nbsp;';
// show personal or general heading block as applicable
echo '<div class="headingblock header blog">';
//show blog title - blog tagline
print "<br />"; //don't print title. blog_get_title_text();
$blogEntries = fetch_entries($userid, $postid, $limit, $start, $filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC', $limit=true);
//$blogFilter->get_filtered_entries();
// show page next/previous links if applicable
print_paging_bar(get_viewable_entry_count($userid, $postid, $limit, $start,$filtertype, $filterselect, $tagid, $tag, $sort='lastmodified DESC'), $blogpage, $bloglimit, get_baseurl($filtertype, $filterselect), 'blogpage');
if ($CFG->enablerssfeeds) {
@ -151,7 +96,6 @@
}
print $morelink.'<br />'."\n";
return;
}
@ -190,9 +134,12 @@
$template['publishstate'] = $blogEntry->publishstate;
/// preventing user to browse blogs that they aren't supposed to see
/// This might not be too good since there are multiple calls per page
/*
if (!blog_user_can_view_user_post($template['userid'])) {
error ('you can not view this post');
}
}*/
$stredit = get_string('edit');
$strdelete = get_string('delete');
@ -266,6 +213,7 @@
* choose_from_menu function.
*/
function blog_applicable_publish_states($courseid='') {
global $CFG;
// everyone gets draft access
@ -276,18 +224,34 @@
return $options;
}
// user can edit if he's an admin, or blog owner
function blog_user_can_edit_post($blogEntry) {
global $CFG, $USER;
return (isadmin() || ($blogEntry->userid == $USER->id));
}
/// Checks to see if a user can view the blogs of another user.
/// He can do so, if he is admin, in any same non-spg course,
/// or spg group, but same group member
function blog_user_can_view_user_post($targetuserid) {
function blog_user_can_view_user_post($targetuserid, $blogEntry=null) {
global $CFG;
global $CFG, $USER;
$canview = 0; //bad start
if (isadmin()) {
return true;
}
if ($USER->id == $targetuserid) {
return true;
}
if ($blogEntry and $blogEntry->publishstate == 'draft') { // can not view draft
return false;
}
$usercourses = get_my_courses($targetuserid);
foreach ($usercourses as $usercourse) {
@ -328,51 +292,7 @@
return stripslashes_safe($body);
}
/// moved from BlogEntry class
function get_publish_to_menu($blogEntry, $return=true, $includehelp=true) {
$menu = '';
if (user_can_change_publish_state($blogEntry) && blog_isediting() ) {
$menu .= '<div class="publishto">'. get_string('publishto', 'blog').': ';
$options = blog_applicable_publish_states();
$menu .= choose_from_menu($options, $blogEntry->userid .'-'. $blogEntry->id, $blogEntry->publishstate, '', '', '0', true);
$menu .= "\n".'</div>'."\n";
/// batch publish might not be needed
if ($includehelp) {
$menu .= helpbutton('batch_publish', get_string('batchpublish', 'blog'), 'blog', true, false, '', true);
}
}
if ($return) {
return $menu;
}
print $menu;
}
/**
* This function will determine if the user is logged in and
* able to make changes to the publish state of this entry
*
* @return bool True if user is allowed to change publish state
*/
function user_can_change_publish_state($blogEntry) {
// figure out who the currently logged in user is.
// to change any publish state one must be logged in
global $USER;
if ( !isset($USER) || empty($USER) || !isset($USER->id) ) {
// only site members are allowed to edit entries
return 'Only site members are allowed to edit entries';
} else {
$uid = $USER->id;
}
if ( ($uid == $blogEntry->userid) || (blog_is_blog_admin($blogEntry->userid)) || (isadmin())) {
return true;
}
return false;
}
/// Filter Class functions
/// Main filter function
function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC', $limit=true) {
@ -522,7 +442,6 @@
$orderby = ' ORDER BY '. $sort .' ';
//echo 'Debug: BlogFilter fetch_entries() sql="'. $SQL . $orderby . $limit .'"<br />'. $this->categoryid; //debug
$records = get_records_sql($SQL . $orderby . $limit);
// print_object($records); //debug
@ -537,6 +456,8 @@
/**
* get the count of viewable entries, easiest way is to count fetch_entries
* this is used for print_paging_bar
* this is not ideal, but because of the UNION in the sql in fetch_entries,
* it is hard to use count_records_sql
*/
function get_viewable_entry_count($userid, $postid='', $fetchlimit=10, $fetchstart='', $filtertype='', $filterselect='', $tagid='', $tag ='', $sort='lastmodified DESC') {
@ -544,7 +465,7 @@
return count($blogEntries);
}
/// Find the base url from $_GET variables
/// Find the base url from $_GET variables, for print_paging_bar
function get_baseurl($filtertype, $filterselect) {
$getcopy = $_GET;