mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-23 09:23:09 +02:00
Code Issues Projects Releases Wiki Activity
moodle/lib/classes/output/user_picture.php
meirzamoodle c26cc0e005 MDL-83172 dml: Remove Oracle from LMS
2025-01-13 17:11:55 +07:00

382 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\output;
use core\context\user as context_user;
use core\exception\coding_exception;
use moodle_page;
use moodle_url;
use stdClass;
/**
* Data structure representing a user picture.
*
* @copyright 2009 Nicolas Connault, 2010 Petr Skoda
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @since Modle 2.0
* @package core
* @category output
*/
class user_picture implements renderable {
/**
* @var stdClass A user object with at least fields all columns specified
* in $fields array constant set.
*/
public $user;
/**
* @var int The course id. Used when constructing the link to the user's
* profile, page course id used if not specified.
*/
public $courseid;
/**
* @var bool Add course profile link to image
*/
public $link = true;
/**
* @var int Size in pixels. Special values are (true/1 = 100px) and (false/0 = 35px) for backward compatibility.
* Recommended values (supporting user initials too): 16, 35, 64 and 100.
*/
public $size = 35;
/**
* @var bool Add non-blank alt-text to the image.
* Default true, set to false when image alt just duplicates text in screenreaders.
*/
public $alttext = true;
/**
* @var bool Whether or not to open the link in a popup window.
*/
public $popup = false;
/**
* @var string Image class attribute
*/
public $class = 'userpicture';
/**
* @var bool Whether to be visible to screen readers.
*/
public $visibletoscreenreaders = true;
/**
* @var bool Whether to include the fullname in the user picture link.
*/
public $includefullname = false;
/**
* @var mixed Include user authentication token. True indicates to generate a token for current user, and integer value
* indicates to generate a token for the user whose id is the value indicated.
*/
public $includetoken = false;
/**
* User picture constructor.
*
* @param stdClass $user user record with at least id, picture, imagealt, firstname and lastname set.
* It is recommended to add also contextid of the user for performance reasons.
*/
public function __construct(stdClass $user) {
global $DB;
if (empty($user->id)) {
throw new coding_exception('User id is required when printing user avatar image.');
}
// Only touch the DB if we are missing data and complain loudly...
$needrec = false;
foreach (\core_user\fields::get_picture_fields() as $field) {
if (!property_exists($user, $field)) {
$needrec = true;
debugging(
"Missing {$field} property in {$user} object, "
. "this is a performance problem that needs to be fixed by a developer. "
. 'Please use the \core_user\fields API to get the full list of required fields.',
DEBUG_DEVELOPER,
);
break;
}
}
if ($needrec) {
$this->user = $DB->get_record(
'user',
['id' => $user->id],
implode(',', \core_user\fields::get_picture_fields()),
MUST_EXIST
);
} else {
$this->user = clone($user);
}
}
/**
* Returns a list of required user fields, useful when fetching required user info from db.
*
* In some cases we have to fetch the user data together with some other information,
* the idalias is useful there because the id would otherwise override the main
* id of the result record. Please note it has to be converted back to id before rendering.
*
* @param string $tableprefix name of database table prefix in query
* @param null|array $extrafields extra fields to be included in result
* Do not include TEXT columns because it would break SELECT DISTINCT in MSSQL.
* @param string $idalias alias of id field
* @param string $fieldprefix prefix to add to all columns in their aliases, does not apply to 'id'
* @return string
* @deprecated since Moodle 3.11 MDL-45242
* @see \core_user\fields
*/
public static function fields(
$tableprefix = '',
?array $extrafields = null,
$idalias = 'id',
$fieldprefix = '',
) {
debugging('user_picture::fields() is deprecated. Please use the \core_user\fields API instead.', DEBUG_DEVELOPER);
$userfields = \core_user\fields::for_userpic();
if ($extrafields) {
$userfields->including(...$extrafields);
}
$selects = $userfields->get_sql($tableprefix, false, $fieldprefix, $idalias, false)->selects;
if ($tableprefix === '') {
// If no table alias is specified, don't add {user}. in front of fields.
$selects = str_replace('{user}.', '', $selects);
}
// Maintain legacy behaviour where the field list was done with 'implode' and no spaces.
$selects = str_replace(', ', ',', $selects);
return $selects;
}
/**
* Extract the aliased user fields from a given record
*
* Given a record that was previously obtained using {@see self::fields()} with aliases,
* this method extracts user related unaliased fields.
*
* @param stdClass $record containing user picture fields
* @param null|array $extrafields extra fields included in the $record
* @param string $idalias alias of the id field
* @param string $fieldprefix prefix added to all columns in their aliases, does not apply to 'id'
* @return stdClass object with unaliased user fields
*/
public static function unalias(
stdClass $record,
?array $extrafields = null,
$idalias = 'id',
$fieldprefix = '',
) {
if (empty($idalias)) {
$idalias = 'id';
}
$return = new stdClass();
foreach (\core_user\fields::get_picture_fields() as $field) {
if ($field === 'id') {
if (property_exists($record, $idalias)) {
$return->id = $record->{$idalias};
}
} else {
if (property_exists($record, $fieldprefix . $field)) {
$return->{$field} = $record->{$fieldprefix . $field};
}
}
}
// Add extra fields if not already there.
if ($extrafields) {
foreach ($extrafields as $e) {
if ($e === 'id' || property_exists($return, $e)) {
continue;
}
$return->{$e} = $record->{$fieldprefix . $e};
}
}
return $return;
}
/**
* Checks if the current user is permitted to view user profile images.
*
* This is based on the forcelogin and forceloginforprofileimage config settings, and the
* moodle/user:viewprofilepictures capability.
*
* Logged-in users are allowed to view their own profile image regardless of capability.
*
* @param int $imageuserid User id of profile image being viewed
* @return bool True if current user can view profile images
*/
public static function allow_view(int $imageuserid): bool {
global $CFG, $USER;
// Not allowed to view profile images if forcelogin is enabled and not logged in (guest
// allowed), or forceloginforprofileimage is enabled and not logged in or guest.
if (
(!empty($CFG->forcelogin) && !isloggedin()) ||
(!empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser()))
) {
return false;
}
// Unless one of the forcelogin options is enabled, users can download profile pics
// without login, so the capability should not be checked as it might lead to a
// false sense of security (i.e. you log in as a test user, the HTML page doesn't
// show the picture, but they can still access it if they just log out).
// When the capability is checked, use system context for performance (if we check at
// user level, pages that show a lot of user pictures will individually load a lot of
// user contexts).
if (
(!empty($CFG->forcelogin) || !empty($CFG->forceloginforprofileimage)) &&
$USER->id != $imageuserid &&
!has_capability('moodle/user:viewprofilepictures', \context_system::instance())
) {
return false;
}
return true;
}
/**
* Works out the URL for the users picture.
*
* This method is recommended as it avoids costly redirects of user pictures
* if requests are made for non-existent files etc.
*
* @param moodle_page $page
* @param null|renderer_base $renderer
* @return moodle_url
*/
public function get_url(
moodle_page $page,
?renderer_base $renderer = null,
) {
global $CFG;
if (is_null($renderer)) {
$renderer = $page->get_renderer('core');
}
// Sort out the filename and size. Size is only required for the gravatar
// implementation presently.
if (empty($this->size)) {
$filename = 'f2';
$size = 35;
} else if ($this->size === true || $this->size == 1) {
$filename = 'f1';
$size = 100;
} else if ($this->size > 100) {
$filename = 'f3';
$size = (int)$this->size;
} else if ($this->size >= 50) {
$filename = 'f1';
$size = (int)$this->size;
} else {
$filename = 'f2';
$size = (int)$this->size;
}
$defaulturl = $renderer->image_url('u/' . $filename); // Default image.
if (!self::allow_view($this->user->id)) {
return $defaulturl;
}
// First try to detect deleted users - but do not read from database for performance reasons!
if (!empty($this->user->deleted) || !str_contains($this->user->email, '@')) {
// All deleted users should have email replaced by md5 hash,
// all active users are expected to have valid email.
return $defaulturl;
}
// Did the user upload a picture?
if ($this->user->picture > 0) {
if (!empty($this->user->contextid)) {
$contextid = $this->user->contextid;
} else {
$context = context_user::instance($this->user->id, IGNORE_MISSING);
if (!$context) {
// This must be an incorrectly deleted user, all other users have context.
return $defaulturl;
}
$contextid = $context->id;
}
$path = '/';
if (clean_param($page->theme->name, PARAM_THEME) == $page->theme->name) {
// We append the theme name to the file path if we have it so that
// in the circumstance that the profile picture is not available
// when the user actually requests it they still get the profile
// picture for the correct theme.
$path .= $page->theme->name . '/';
}
// Set the image URL to the URL for the uploaded file and return.
$url = moodle_url::make_pluginfile_url(
$contextid,
'user',
'icon',
null,
$path,
$filename,
false,
$this->includetoken
);
$url->param('rev', $this->user->picture);
return $url;
}
if ($this->user->picture == 0 && !empty($CFG->enablegravatar)) {
// Normalise the size variable to acceptable bounds.
if ($size < 1 || $size > 512) {
$size = 35;
}
// Hash the users email address.
$md5 = md5(strtolower(trim($this->user->email)));
// Build a gravatar URL with what we know.
// Find the best default image URL we can (MDL-35669).
if (empty($CFG->gravatardefaulturl)) {
$absoluteimagepath = $page->theme->resolve_image_location('u/' . $filename, 'core');
if (strpos($absoluteimagepath, $CFG->dirroot) === 0) {
$gravatardefault = $CFG->wwwroot . substr($absoluteimagepath, strlen($CFG->dirroot));
} else {
$gravatardefault = $CFG->wwwroot . '/pix/u/' . $filename . '.png';
}
} else {
$gravatardefault = $CFG->gravatardefaulturl;
}
// If the currently requested page is https then we'll return an
// https gravatar page.
if (is_https()) {
return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", ['s' => $size, 'd' => $gravatardefault]);
} else {
return new moodle_url("http://www.gravatar.com/avatar/{$md5}", ['s' => $size, 'd' => $gravatardefault]);
}
}
return $defaulturl;
}
}
// Alias this class to the old name.
// This file will be autoloaded by the legacyclasses autoload system.
// In future all uses of this class will be corrected and the legacy references will be removed.
class_alias(user_picture::class, \user_picture::class);
Reference in New Issue View Git Blame Copy Permalink