search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-62384 privacy: Modify user contexts query for auth_oauth2
[moodle.git] / blog / index.php
blob664d70aa6fb0f3ca61ffde189e372f5168b3c095
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * file index.php
19 * index page to view blogs. if no blog is specified then site wide entries are shown
20 * if a blog id is specified then the latest entries from that blog are shown
21 */
22
23 require_once(__DIR__ . '/../config.php');
24 require_once($CFG->dirroot .'/blog/lib.php');
25 require_once($CFG->dirroot .'/blog/locallib.php');
26 require_once($CFG->dirroot .'/course/lib.php');
27 require_once($CFG->dirroot .'/comment/lib.php');
28
29 $id = optional_param('id', null, PARAM_INT);
30 $start = optional_param('formstart', 0, PARAM_INT);
31 $tag = optional_param('tag', '', PARAM_NOTAGS);
32 $userid = optional_param('userid', null, PARAM_INT);
33 $tagid = optional_param('tagid', null, PARAM_INT);
34 $modid = optional_param('modid', null, PARAM_INT);
35 $entryid = optional_param('entryid', null, PARAM_INT);
36 $groupid = optional_param('groupid', null, PARAM_INT);
37 $courseid = optional_param('courseid', null, PARAM_INT);
38 $search = optional_param('search', null, PARAM_RAW);
39
40 comment::init();
41
42 $urlparams = compact('id', 'start', 'tag', 'userid', 'tagid', 'modid', 'entryid', 'groupid', 'courseid', 'search');
43 foreach ($urlparams as $var => $val) {
44 if (empty($val)) {
45 unset($urlparams[$var]);
46 }
47 }
48 $PAGE->set_url('/blog/index.php', $urlparams);
49
50 // Correct tagid if a text tag is provided as a param.
51 if (!empty($tag)) {
52 if ($tagrec = $DB->get_record('tag', array('name' => $tag))) {
53 $tagid = $tagrec->id;
54 } else {
55 unset($tagid);
56 }
57 }
58
59 // Set the userid to the entry author if we have the entry ID.
60 if ($entryid and !isset($userid)) {
61 $entry = new blog_entry($entryid);
62 $userid = $entry->userid;
63 }
64
65 if (isset($userid) && empty($courseid) && empty($modid)) {
66 $context = context_user::instance($userid);
67 } else if (!empty($courseid) && $courseid != SITEID) {
68 $context = context_course::instance($courseid);
69 } else {
70 $context = context_system::instance();
71 }
72 $PAGE->set_context($context);
73
74 $sitecontext = context_system::instance();
75
76 if (isset($userid) && $USER->id == $userid) {
77 $blognode = $PAGE->navigation->find('siteblog', null);
78 if ($blognode) {
79 $blognode->make_inactive();
80 }
81 }
82
83 // Check basic permissions.
84 if ($CFG->bloglevel == BLOG_GLOBAL_LEVEL) {
85 // Everybody can see anything - no login required unless site is locked down using forcelogin.
86 if ($CFG->forcelogin) {
87 require_login();
88 }
89
90 } else if ($CFG->bloglevel == BLOG_SITE_LEVEL) {
91 // Users must log in and can not be guests.
92 require_login();
93 if (isguestuser()) {
94 // They must have entered the url manually.
95 print_error('noguest');
96 }
97
98 } else if ($CFG->bloglevel == BLOG_USER_LEVEL) {
99 // Users can see own blogs only! with the exception of people with special cap.
100 require_login();
101
102 } else {
103 // Weird!
104 print_error('blogdisable', 'blog');
105 }
106
107 if (empty($CFG->enableblogs)) {
108 print_error('blogdisable', 'blog');
109 }
110
111 // Add courseid if modid or groupid is specified: This is used for navigation and title.
112 if (!empty($modid) && empty($courseid)) {
113 $courseid = $DB->get_field('course_modules', 'course', array('id' => $modid));
114 }
115
116 if (!empty($groupid) && empty($courseid)) {
117 $courseid = $DB->get_field('groups', 'courseid', array('id' => $groupid));
118 }
119
120
121 if (!$userid && has_capability('moodle/blog:view', $sitecontext) && $CFG->bloglevel > BLOG_USER_LEVEL) {
122 if ($entryid) {
123 if (!$entryobject = $DB->get_record('post', array('id' => $entryid))) {
124 print_error('nosuchentry', 'blog');
125 }
126 $userid = $entryobject->userid;
127 }
128 } else if (!$userid) {
129 $userid = $USER->id;
130 }
131
132 if (!empty($modid)) {
133 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
134 print_error(get_string('nocourseblogs', 'blog'));
135 }
136 if (!$mod = $DB->get_record('course_modules', array('id' => $modid))) {
137 print_error(get_string('invalidmodid', 'blog'));
138 }
139 $courseid = $mod->course;
140 }
141
142 if ((empty($courseid) ? true : $courseid == SITEID) && empty($userid)) {
143 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
144 print_error('siteblogdisable', 'blog');
145 }
146 if (!has_capability('moodle/blog:view', $sitecontext)) {
147 print_error('cannotviewsiteblog', 'blog');
148 }
149
150 $COURSE = $DB->get_record('course', array('format' => 'site'));
151 $courseid = $COURSE->id;
152 }
153
154 if (!empty($courseid)) {
155 if (!$course = $DB->get_record('course', array('id' => $courseid))) {
156 print_error('invalidcourseid');
157 }
158
159 $courseid = $course->id;
160 require_login($course);
161
162 if (!has_capability('moodle/blog:view', $sitecontext)) {
163 print_error('cannotviewcourseblog', 'blog');
164 }
165 } else {
166 $coursecontext = context_course::instance(SITEID);
167 }
168
169 if (!empty($groupid)) {
170 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
171 print_error('groupblogdisable', 'blog');
172 }
173
174 if (! $group = groups_get_group($groupid)) {
175 print_error(get_string('invalidgroupid', 'blog'));
176 }
177
178 if (!$course = $DB->get_record('course', array('id' => $group->courseid))) {
179 print_error('invalidcourseid');
180 }
181
182 $coursecontext = context_course::instance($course->id);
183 $courseid = $course->id;
184 require_login($course);
185
186 if (!has_capability('moodle/blog:view', $sitecontext)) {
187 print_error(get_string('cannotviewcourseorgroupblog', 'blog'));
188 }
189
190 if (groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) {
191 if (!groups_is_member($groupid)) {
192 print_error('notmemberofgroup');
193 }
194 }
195 }
196
197 if (!empty($userid)) {
198 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
199 print_error('blogdisable', 'blog');
200 }
201
202 if (!$user = $DB->get_record('user', array('id' => $userid))) {
203 print_error('invaliduserid');
204 }
205
206 if ($user->deleted) {
207 echo $OUTPUT->header();
208 echo $OUTPUT->heading(get_string('userdeleted'));
209 echo $OUTPUT->footer();
210 die;
211 }
212
213 if ($USER->id == $userid) {
214 if (!has_capability('moodle/blog:create', $sitecontext)
215 && !has_capability('moodle/blog:view', $sitecontext)) {
216 print_error('donothaveblog', 'blog');
217 }
218 } else {
219 if (!has_capability('moodle/blog:view', $sitecontext) || !blog_user_can_view_user_entry($userid)) {
220 print_error('cannotviewcourseblog', 'blog');
221 }
222
223 $PAGE->navigation->extend_for_user($user);
224 }
225 }
226
227 $courseid = (empty($courseid)) ? SITEID : $courseid;
228
229
230 $blogheaders = blog_get_headers();
231
232 $rsscontext = null;
233 $filtertype = null;
234 $thingid = null;
235 $rsstitle = '';
236 if ($CFG->enablerssfeeds) {
237 list($thingid, $rsscontext, $filtertype) = blog_rss_get_params($blogheaders['filters']);
238 if (empty($rsscontext)) {
239 $rsscontext = context_system::instance();
240 }
241 $rsstitle = $blogheaders['heading'];
242
243 // Check we haven't started output by outputting an error message.
244 if ($PAGE->state == moodle_page::STATE_BEFORE_HEADER) {
245 blog_rss_add_http_header($rsscontext, $rsstitle, $filtertype, $thingid, $tagid);
246 }
247 }
248
249 $usernode = $PAGE->navigation->find('user'.$userid, null);
250 if ($usernode && $courseid != SITEID) {
251 $courseblogsnode = $PAGE->navigation->find('courseblogs', null);
252 if ($courseblogsnode) {
253 $courseblogsnode->remove();
254 }
255 $blogurl = new moodle_url($PAGE->url);
256 $blognode = $usernode->add(get_string('blogscourse', 'blog'), $blogurl);
257 $blognode->make_active();
258 }
259
260 if ($courseid != SITEID) {
261 $PAGE->set_heading($course->fullname);
262 echo $OUTPUT->header();
263 if (!empty($user)) {
264 $headerinfo = array('heading' => fullname($user), 'user' => $user);
265 echo $OUTPUT->context_header($headerinfo, 2);
266 }
267 } else if (isset($userid)) {
268 $PAGE->set_heading(fullname($user));
269 echo $OUTPUT->header();
270 } else if ($courseid == SITEID) {
271 echo $OUTPUT->header();
272 }
273
274 echo $OUTPUT->heading($blogheaders['heading'], 2);
275
276 $bloglisting = new blog_listing($blogheaders['filters']);
277 $bloglisting->print_entries();
278
279 if ($CFG->enablerssfeeds) {
280 blog_rss_print_link($rsscontext, $filtertype, $thingid, $tagid, get_string('rssfeed', 'blog'));
281 }
282
283 echo $OUTPUT->footer();
284 $eventparams = array(
285 'other' => array('entryid' => $entryid, 'tagid' => $tagid, 'userid' => $userid, 'modid' => $modid, 'groupid' => $groupid,
286 'search' => $search, 'fromstart' => $start)
287 );
288 if (!empty($userid)) {
289 $eventparams['relateduserid'] = $userid;
290 }
291 $eventparams['other']['courseid'] = ($courseid === SITEID) ? 0 : $courseid;
292 $event = \core\event\blog_entries_viewed::create($eventparams);
293 $event->trigger();
Read-only mirror of the Moodle CVS