NOBUG: Fixed file access permissions
[moodle.git] / blog / index.php
blobddbdf454245329e8dea884d38c6c9f09a70fd1d2
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * file index.php
19 * index page to view blogs. if no blog is specified then site wide entries are shown
20 * if a blog id is specified then the latest entries from that blog are shown
23 require_once(dirname(dirname(__FILE__)).'/config.php');
24 require_once($CFG->dirroot .'/blog/lib.php');
25 require_once($CFG->dirroot .'/blog/locallib.php');
26 require_once($CFG->dirroot .'/course/lib.php');
27 require_once($CFG->dirroot .'/tag/lib.php');
28 require_once($CFG->dirroot .'/comment/lib.php');
30 $id = optional_param('id', null, PARAM_INT);
31 $start = optional_param('formstart', 0, PARAM_INT);
32 $tag = optional_param('tag', '', PARAM_NOTAGS);
33 $userid = optional_param('userid', null, PARAM_INT);
34 $tagid = optional_param('tagid', null, PARAM_INT);
35 $modid = optional_param('modid', null, PARAM_INT);
36 $entryid = optional_param('entryid', null, PARAM_INT);
37 $groupid = optional_param('groupid', null, PARAM_INT);
38 $courseid = optional_param('courseid', null, PARAM_INT);
39 $search = optional_param('search', null, PARAM_RAW);
41 comment::init();
43 $url_params = compact('id', 'start', 'tag', 'userid', 'tagid', 'modid', 'entryid', 'groupid', 'courseid', 'search');
44 foreach ($url_params as $var => $val) {
45 if (empty($val)) {
46 unset($url_params[$var]);
49 $PAGE->set_url('/blog/index.php', $url_params);
51 // Correct tagid if a text tag is provided as a param.
52 if (!empty($tag)) {
53 if ($tagrec = $DB->get_record('tag', array('name' => $tag))) {
54 $tagid = $tagrec->id;
55 } else {
56 unset($tagid);
60 // Set the userid to the entry author if we have the entry ID.
61 if ($entryid and !isset($userid)) {
62 $entry = new blog_entry($entryid);
63 $userid = $entry->userid;
66 if (isset($userid) && !isset($courseid)) {
67 $context = context_user::instance($userid);
68 } else if (isset($courseid) && $courseid != SITEID) {
69 $context = context_course::instance($courseid);
70 } else {
71 $context = context_system::instance();
73 $PAGE->set_context($context);
75 $sitecontext = context_system::instance();
77 if (isset($userid) && $USER->id == $userid) {
78 $blognode = $PAGE->navigation->find('siteblog', null);
79 if ($blognode) {
80 $blognode->make_inactive();
84 // Check basic permissions.
85 if ($CFG->bloglevel == BLOG_GLOBAL_LEVEL) {
86 // Everybody can see anything - no login required unless site is locked down using forcelogin.
87 if ($CFG->forcelogin) {
88 require_login();
91 } else if ($CFG->bloglevel == BLOG_SITE_LEVEL) {
92 // Users must log in and can not be guests.
93 require_login();
94 if (isguestuser()) {
95 // They must have entered the url manually.
96 print_error('blogdisable', 'blog');
99 } else if ($CFG->bloglevel == BLOG_USER_LEVEL) {
100 // Users can see own blogs only! with the exception of people with special cap.
101 require_login();
103 } else {
104 // Weird!
105 print_error('blogdisable', 'blog');
108 if (empty($CFG->enableblogs)) {
109 print_error('blogdisable', 'blog');
112 // Add courseid if modid or groupid is specified: This is used for navigation and title.
113 if (!empty($modid) && empty($courseid)) {
114 $courseid = $DB->get_field('course_modules', 'course', array('id' => $modid));
117 if (!empty($groupid) && empty($courseid)) {
118 $courseid = $DB->get_field('groups', 'courseid', array('id' => $groupid));
122 if (!$userid && has_capability('moodle/blog:view', $sitecontext) && $CFG->bloglevel > BLOG_USER_LEVEL) {
123 if ($entryid) {
124 if (!$entryobject = $DB->get_record('post', array('id'=>$entryid))) {
125 print_error('nosuchentry', 'blog');
127 $userid = $entryobject->userid;
129 } else if (!$userid) {
130 $userid = $USER->id;
133 if (!empty($modid)) {
134 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
135 print_error(get_string('nocourseblogs', 'blog'));
137 if (!$mod = $DB->get_record('course_modules', array('id' => $modid))) {
138 print_error(get_string('invalidmodid', 'blog'));
140 $courseid = $mod->course;
143 if ((empty($courseid) ? true : $courseid == SITEID) && empty($userid)) {
144 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
145 print_error('siteblogdisable', 'blog');
147 if (!has_capability('moodle/blog:view', $sitecontext)) {
148 print_error('cannotviewsiteblog', 'blog');
151 $COURSE = $DB->get_record('course', array('format'=>'site'));
152 $courseid = $COURSE->id;
155 if (!empty($courseid)) {
156 if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
157 print_error('invalidcourseid');
160 $courseid = $course->id;
161 require_login($course);
163 if (!has_capability('moodle/blog:view', $sitecontext)) {
164 print_error('cannotviewcourseblog', 'blog');
166 } else {
167 $coursecontext = context_course::instance(SITEID);
170 if (!empty($groupid)) {
171 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
172 print_error('groupblogdisable', 'blog');
175 if (! $group = groups_get_group($groupid)) {
176 print_error(get_string('invalidgroupid', 'blog'));
179 if (!$course = $DB->get_record('course', array('id'=>$group->courseid))) {
180 print_error('invalidcourseid');
183 $coursecontext = context_course::instance($course->id);
184 $courseid = $course->id;
185 require_login($course);
187 if (!has_capability('moodle/blog:view', $sitecontext)) {
188 print_error(get_string('cannotviewcourseorgroupblog', 'blog'));
191 if (groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) {
192 if (!groups_is_member($groupid)) {
193 print_error('notmemberofgroup');
198 if (!empty($userid)) {
199 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
200 print_error('blogdisable', 'blog');
203 if (!$user = $DB->get_record('user', array('id'=>$userid))) {
204 print_error('invaliduserid');
207 if ($user->deleted) {
208 echo $OUTPUT->header();
209 echo $OUTPUT->heading(get_string('userdeleted'));
210 echo $OUTPUT->footer();
211 die;
214 if ($USER->id == $userid) {
215 if (!has_capability('moodle/blog:create', $sitecontext)
216 && !has_capability('moodle/blog:view', $sitecontext)) {
217 print_error('donothaveblog', 'blog');
219 } else {
220 if (!has_capability('moodle/blog:view', $sitecontext) || !blog_user_can_view_user_entry($userid)) {
221 print_error('cannotviewcourseblog', 'blog');
224 $PAGE->navigation->extend_for_user($user);
228 $courseid = (empty($courseid)) ? SITEID : $courseid;
231 $blogheaders = blog_get_headers();
233 if ($CFG->enablerssfeeds) {
234 $rsscontext = null;
235 $filtertype = null;
236 $thingid = null;
237 list($thingid, $rsscontext, $filtertype) = blog_rss_get_params($blogheaders['filters']);
238 if (empty($rsscontext)) {
239 $rsscontext = context_system::instance();
241 $rsstitle = $blogheaders['heading'];
243 // Check we haven't started output by outputting an error message.
244 if ($PAGE->state == moodle_page::STATE_BEFORE_HEADER) {
245 blog_rss_add_http_header($rsscontext, $rsstitle, $filtertype, $thingid, $tagid);
249 $usernode = $PAGE->navigation->find('user'.$userid, null);
250 if ($usernode && $courseid != SITEID) {
251 $courseblogsnode = $PAGE->navigation->find('courseblogs', null);
252 if ($courseblogsnode) {
253 $courseblogsnode->remove();
255 $blogurl = new moodle_url($PAGE->url);
256 $blognode = $usernode->add(get_string('blogscourse', 'blog'), $blogurl);
257 $blognode->make_active();
260 if ($courseid != SITEID) {
261 $PAGE->set_heading($course->fullname);
262 echo $OUTPUT->header();
263 if (!empty($user)) {
264 $headerinfo = array('heading' => fullname($user), 'user' => $user);
265 echo $OUTPUT->context_header($headerinfo, 2);
267 } else if (isset($userid)) {
268 $PAGE->set_heading(fullname($user));
269 echo $OUTPUT->header();
270 } else if ($courseid == SITEID) {
271 echo $OUTPUT->header();
274 echo $OUTPUT->heading($blogheaders['heading'], 2);
276 $bloglisting = new blog_listing($blogheaders['filters']);
277 $bloglisting->print_entries();
279 echo $OUTPUT->footer();
280 $eventparams = array(
281 'other' => array('entryid' => $entryid, 'tagid' => $tagid, 'userid' => $userid, 'modid' => $modid, 'groupid' => $groupid,
282 'search' => $search, 'fromstart' => $start)
284 if (!empty($userid)) {
285 $eventparams['relateduserid'] = $userid;
287 $eventparams['other']['courseid'] = ($courseid === SITEID) ? 0 : $courseid;
288 $event = \core\event\blog_entries_viewed::create($eventparams);
289 $event->trigger();