user/view.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * Display profile for a particular user
  20  *
  21  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  22  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  * @package user
  24  */
  25
  26 require_once("../config.php");
  27 require_once($CFG->dirroot.'/user/profile/lib.php');
  28 require_once($CFG->dirroot.'/tag/lib.php');
  29 require_once($CFG->libdir . '/filelib.php');
  30
  31 $id        = optional_param('id', 0, PARAM_INT);   // user id
  32 $courseid  = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
  33
  34 if (empty($id)) {            // See your own profile by default
  35     require_login();
  36     $id = $USER->id;
  37 }
  38
  39 if ($courseid == SITEID) {   // Since Moodle 2.0 all site-level profiles are shown by profile.php
  40     redirect($CFG->wwwroot.'/user/profile.php?id='.$id);  // Immediate redirect
  41 }
  42
  43 $PAGE->set_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
  44
  45 $user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST);
  46 $course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST);
  47 $currentuser = ($user->id == $USER->id);
  48
  49 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  50 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
  51 $usercontext   = get_context_instance(CONTEXT_USER, $user->id, IGNORE_MISSING);
  52
  53 // Require login first
  54 if (isguestuser($user)) {
  55     // can not view profile of guest - thre is nothing to see there
  56     print_error('invaliduserid');
  57 }
  58
  59 if (!empty($CFG->forceloginforprofiles)) {
  60     require_login(); // we can not log in to course due to the parent hack below
  61 }
  62
  63 $PAGE->set_context($coursecontext);
  64 $PAGE->set_course($course);
  65 $PAGE->set_pagetype('course-view-' . $course->format);  // To get the blocks exactly like the course
  66 $PAGE->add_body_class('path-user');                     // So we can style it independently
  67 $PAGE->set_other_editing_capability('moodle/course:manageactivities');
  68
  69 $isparent = false;
  70
  71 if (!$currentuser and !$user->deleted
  72   and $DB->record_exists('role_assignments', array('userid'=>$USER->id, 'contextid'=>$usercontext->id))
  73   and has_capability('moodle/user:viewdetails', $usercontext)) {
  74     // TODO: very ugly hack - do not force "parents" to enrol into course their child is enrolled in,
  75     //       this way they may access the profile where they get overview of grades and child activity in course,
  76     //       please note this is just a guess!
  77     require_login();
  78     $isparent = true;
  79     $PAGE->navigation->set_userid_for_parent_checks($id);
  80 } else {
  81     // normal course
  82     require_login($course);
  83     // what to do with users temporary accessing this course? should they see the details?
  84 }
  85
  86 $strpersonalprofile = get_string('personalprofile');
  87 $strparticipants = get_string("participants");
  88 $struser = get_string("user");
  89
  90 $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext));
  91
  92 /// Now test the actual capabilities and enrolment in course
  93 if ($currentuser) {
  94     // me
  95     if (!is_viewing($coursecontext) && !is_enrolled($coursecontext)) { // Need to have full access to a course to see the rest of own info
  96         echo $OUTPUT->header();
  97         echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
  98         if (!empty($_SERVER['HTTP_REFERER'])) {
  99             echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
 100         }
 101         echo $OUTPUT->footer();
 102         die;
 103     }
 104
 105 } else {
 106     // somebody else
 107     $PAGE->set_title("$strpersonalprofile: ");
 108     $PAGE->set_heading("$strpersonalprofile: ");
 109
 110     // check course level capabilities
 111     if (!has_capability('moodle/user:viewdetails', $coursecontext) && // normal enrolled user or mnager
 112         ($user->deleted or !has_capability('moodle/user:viewdetails', $usercontext))) {   // usually parent
 113         print_error('cannotviewprofile');
 114     }
 115
 116     if (!is_enrolled($coursecontext, $user->id)) {
 117         // TODO: the only potential problem is that managers and inspectors might post in forum, but the link
 118         //       to profile would not work - maybe a new capability - moodle/user:freely_acessile_profile_for_anybody
 119         //       or test for course:inspect capability
 120         if (has_capability('moodle/role:assign', $coursecontext)) {
 121             $PAGE->navbar->add($fullname);
 122             echo $OUTPUT->header();
 123             echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
 124         } else {
 125             echo $OUTPUT->header();
 126             $PAGE->navbar->add($struser);
 127             echo $OUTPUT->heading(get_string('notenrolledprofile'));
 128         }
 129         if (!empty($_SERVER['HTTP_REFERER'])) {
 130             echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
 131         }
 132         echo $OUTPUT->footer();
 133         exit;
 134     }
 135
 136     // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group
 137     if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce
 138       and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) {
 139         if (!isloggedin() or isguestuser()) {
 140             // do not use require_login() here because we might have already used require_login($course)
 141             redirect(get_login_url());
 142         }
 143         $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name'));
 144         $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name'));
 145         if (!array_intersect($mygroups, $usergroups)) {
 146             print_error("groupnotamember", '', "../course/view.php?id=$course->id");
 147         }
 148     }
 149 }
 150
 151
 152 /// We've established they can see the user's name at least, so what about the rest?
 153
 154 if (!$currentuser) {
 155     $PAGE->navigation->extend_for_user($user);
 156     if ($node = $PAGE->settingsnav->get('userviewingsettings'.$user->id)) {
 157         $node->forceopen = true;
 158     }
 159 } else if ($node = $PAGE->settingsnav->get('usercurrentsettings', navigation_node::TYPE_CONTAINER)) {
 160     $node->forceopen = true;
 161 }
 162 if ($node = $PAGE->settingsnav->get('courseadmin')) {
 163     $node->forceopen = false;
 164 }
 165
 166 $PAGE->set_title("$course->fullname: $strpersonalprofile: $fullname");
 167 $PAGE->set_heading($course->fullname);
 168 $PAGE->set_pagelayout('standard');
 169 echo $OUTPUT->header();
 170
 171 echo '<div class="userprofile">';
 172
 173 echo $OUTPUT->heading(fullname($user).' ('.format_string($course->shortname, true, array('context' => $coursecontext)).')');
 174
 175 if ($user->deleted) {
 176     echo $OUTPUT->heading(get_string('userdeleted'));
 177     if (!has_capability('moodle/user:update', $coursecontext)) {
 178         echo $OUTPUT->footer();
 179         die;
 180     }
 181 }
 182
 183 /// OK, security out the way, now we are showing the user
 184
 185 add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
 186
 187 /// Get the hidden field list
 188 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
 189     $hiddenfields = array();
 190 } else {
 191     $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
 192 }
 193
 194 if (is_mnet_remote_user($user)) {
 195     $sql = "SELECT h.id, h.name, h.wwwroot,
 196                    a.name as application, a.display_name
 197               FROM {mnet_host} h, {mnet_application} a
 198              WHERE h.id = ? AND h.applicationid = a.id";
 199
 200     $remotehost = $DB->get_record_sql($sql, array($user->mnethostid));
 201     $a = new stdclass();
 202     $a->remotetype = $remotehost->display_name;
 203     $a->remotename = $remotehost->name;
 204     $a->remoteurl  = $remotehost->wwwroot;
 205
 206     echo $OUTPUT->box(get_string('remoteuserinfo', 'mnet', $a), 'remoteuserinfo');
 207 }
 208
 209 echo '<div class="userprofilebox clearfix"><div class="profilepicture">';
 210 echo $OUTPUT->user_picture($user, array('size'=>100));
 211 echo '</div>';
 212
 213 // Print the description
 214 echo '<div class="descriptionbox"><div class="description">';
 215 if ($user->description && !isset($hiddenfields['description'])) {
 216     if (!empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$id))) {
 217         echo get_string('profilenotshown', 'moodle');
 218     } else {
 219         if ($courseid == SITEID) {
 220             $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $usercontext->id, 'user', 'profile', null);
 221         } else {
 222             // we have to make a little detour thought the course context to verify the access control for course profile
 223             $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $coursecontext->id, 'user', 'profile', $user->id);
 224         }
 225         $options = array('overflowdiv'=>true);
 226         echo format_text($user->description, $user->descriptionformat, $options);
 227     }
 228 }
 229 echo '</div>';
 230
 231
 232 // Print all the little details in a list
 233
 234 echo '<table class="list" summary="">';
 235
 236 //checks were performed above that ensure that if we've got to here either the user
 237 //is viewing their own profile ($USER->id == $user->id) or $user is enrolled in the course
 238 if ($currentuser
 239    or $user->maildisplay == 1 //allow everyone to see email address
 240    or ($user->maildisplay == 2 && is_enrolled($coursecontext, $USER)) //fellow course members can see email. Already know $user is enrolled
 241    or has_capability('moodle/course:useremail', $coursecontext)) {
 242     print_row(get_string("email").":", obfuscate_mailto($user->email, ''));
 243 }
 244
 245 // Show last time this user accessed this course
 246 if (!isset($hiddenfields['lastaccess'])) {
 247     if ($lastaccess = $DB->get_record('user_lastaccess', array('userid'=>$user->id, 'courseid'=>$course->id))) {
 248         $datestring = userdate($lastaccess->timeaccess)."&nbsp; (".format_time(time() - $lastaccess->timeaccess).")";
 249     } else {
 250         $datestring = get_string("never");
 251     }
 252     print_row(get_string("lastaccess").":", $datestring);
 253 }
 254
 255 // Show roles in this course
 256 if ($rolestring = get_user_roles_in_course($id, $course->id)) {
 257     print_row(get_string('roles').':', $rolestring);
 258 }
 259
 260 // Show groups this user is in
 261 if (!isset($hiddenfields['groups'])) {
 262     $accessallgroups = has_capability('moodle/site:accessallgroups', $coursecontext);
 263     if ($usergroups = groups_get_all_groups($course->id, $user->id)) {
 264         $groupstr = '';
 265         foreach ($usergroups as $group){
 266             if ($course->groupmode == SEPARATEGROUPS and !$accessallgroups and $user->id != $USER->id) {
 267                 if (!groups_is_member($group->id, $user->id)) {
 268                     continue;
 269                 }
 270             }
 271
 272             if ($course->groupmode != NOGROUPS) {
 273                 $groupstr .= ' <a href="'.$CFG->wwwroot.'/user/index.php?id='.$course->id.'&amp;group='.$group->id.'">'.format_string($group->name).'</a>,';
 274             } else {
 275                 $groupstr .= ' '.format_string($group->name); // the user/index.php shows groups only when course in group mode
 276             }
 277         }
 278         if ($groupstr !== '') {
 279             print_row(get_string("group").":", rtrim($groupstr, ', '));
 280         }
 281     }
 282 }
 283
 284 // Show other courses they may be in
 285 if (!isset($hiddenfields['mycourses'])) {
 286     if ($mycourses = enrol_get_all_users_courses($user->id, true, NULL, 'visible DESC,sortorder ASC')) {
 287         $shown = 0;
 288         $courselisting = '';
 289         foreach ($mycourses as $mycourse) {
 290             if ($mycourse->category) {
 291                 $ccontext = get_context_instance(CONTEXT_COURSE, $mycourse->id);;
 292                 $cfullname = format_string($mycourse->fullname, true, array('context' => $ccontext));
 293                 if ($mycourse->id != $course->id){
 294                     $class = '';
 295                     if ($mycourse->visible == 0) {
 296                         if (!has_capability('moodle/course:viewhiddencourses', $ccontext)) {
 297                             continue;
 298                         }
 299                         $class = 'class="dimmed"';
 300                     }
 301                     $courselisting .= "<a href=\"{$CFG->wwwroot}/user/view.php?id={$user->id}&amp;course={$mycourse->id}\" $class >"
 302                         . $cfullname . "</a>, ";
 303                 } else {
 304                     $courselisting .= $cfullname . ", ";
 305                     $PAGE->navbar->add($cfullname);
 306                 }
 307             }
 308             $shown++;
 309             if ($shown >= 20) {
 310                 $courselisting .= "...";
 311                 break;
 312             }
 313         }
 314         print_row(get_string('courseprofiles').':', rtrim($courselisting,', '));
 315     }
 316 }
 317
 318 if (!isset($hiddenfields['suspended'])) {
 319     if ($user->suspended) {
 320         print_row('', get_string('suspended', 'auth'));
 321     }
 322 }
 323
 324 echo "</table></div></div>";
 325
 326 // Print messaging link if allowed
 327 if (isloggedin() && has_capability('moodle/site:sendmessage', $usercontext)
 328     && !empty($CFG->messaging) && !isguestuser() && !isguestuser($user) && ($USER->id != $user->id)) {
 329     echo '<div class="messagebox">';
 330     echo '<a href="'.$CFG->wwwroot.'/message/index.php?id='.$user->id.'">'.get_string('messageselectadd').'</a>';
 331     echo '</div>';
 332 }
 333
 334 if ($currentuser || has_capability('moodle/user:viewdetails', $usercontext) || has_coursecontact_role($id)) {
 335     echo '<div class="fullprofilelink">';
 336     echo html_writer::link($CFG->wwwroot.'/user/profile.php?id='.$id, get_string('fullprofile'));
 337     echo '</div>';
 338 }
 339
 340 /// TODO Add more useful overview info for teachers here, see below
 341
 342 /// Show links to notes made about this student (must click to display, for privacy)
 343
 344 /// Recent comments made in this course
 345
 346 /// Recent blogs associated with this course and items in it
 347
 348
 349
 350 echo '</div>';  // userprofile class
 351
 352 echo $OUTPUT->footer();
 353
 354 /// Functions ///////
 355
 356 function print_row($left, $right) {
 357     echo "\n<tr><td class=\"label c0\">$left</td><td class=\"info c1\">$right</td></tr>\n";
 358 }
 359
 360