user/view.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * Display profile for a particular user
  20  *
  21  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  22  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  * @package user
  24  */
  25
  26 require_once("../config.php");
  27 require_once($CFG->dirroot.'/user/profile/lib.php');
  28 require_once($CFG->dirroot.'/tag/lib.php');
  29 require_once($CFG->libdir . '/filelib.php');
  30
  31 $id        = optional_param('id', 0, PARAM_INT);   // user id
  32 $courseid  = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
  33
  34 if (empty($id)) {            // See your own profile by default
  35     require_login();
  36     $id = $USER->id;
  37 }
  38
  39 if ($courseid == SITEID) {   // Since Moodle 2.0 all site-level profiles are shown by profile.php
  40     redirect($CFG->wwwroot.'/user/profile.php?id='.$id);  // Immediate redirect
  41 }
  42
  43 $PAGE->set_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
  44
  45 $user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST);
  46 $course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST);
  47 $currentuser = ($user->id == $USER->id);
  48
  49 $systemcontext = context_system::instance();
  50 $coursecontext = context_course::instance($course->id);
  51 $usercontext   = context_user::instance($user->id, IGNORE_MISSING);
  52
  53 // Require login first
  54 if (isguestuser($user)) {
  55     // can not view profile of guest - thre is nothing to see there
  56     print_error('invaliduserid');
  57 }
  58
  59 if (!empty($CFG->forceloginforprofiles)) {
  60     require_login(); // we can not log in to course due to the parent hack below
  61 }
  62
  63 $PAGE->set_context($coursecontext);
  64 $PAGE->set_course($course);
  65 $PAGE->set_pagetype('course-view-' . $course->format);  // To get the blocks exactly like the course
  66 $PAGE->add_body_class('path-user');                     // So we can style it independently
  67 $PAGE->set_other_editing_capability('moodle/course:manageactivities');
  68
  69 $isparent = false;
  70
  71 if (!$currentuser and !$user->deleted
  72   and $DB->record_exists('role_assignments', array('userid'=>$USER->id, 'contextid'=>$usercontext->id))
  73   and has_capability('moodle/user:viewdetails', $usercontext)) {
  74     // TODO: very ugly hack - do not force "parents" to enrol into course their child is enrolled in,
  75     //       this way they may access the profile where they get overview of grades and child activity in course,
  76     //       please note this is just a guess!
  77     require_login();
  78     $isparent = true;
  79     $PAGE->navigation->set_userid_for_parent_checks($id);
  80 } else {
  81     // normal course
  82     require_login($course);
  83     // what to do with users temporary accessing this course? should they see the details?
  84 }
  85
  86 $strpersonalprofile = get_string('personalprofile');
  87 $strparticipants = get_string("participants");
  88 $struser = get_string("user");
  89
  90 $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext));
  91
  92 /// Now test the actual capabilities and enrolment in course
  93 if ($currentuser) {
  94     // me
  95     if (!is_viewing($coursecontext) && !is_enrolled($coursecontext)) { // Need to have full access to a course to see the rest of own info
  96         echo $OUTPUT->header();
  97         echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
  98         if (!empty($_SERVER['HTTP_REFERER'])) {
  99             echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
 100         }
 101         echo $OUTPUT->footer();
 102         die;
 103     }
 104
 105 } else {
 106     // somebody else
 107     $PAGE->set_title("$strpersonalprofile: ");
 108     $PAGE->set_heading("$strpersonalprofile: ");
 109
 110     // check course level capabilities
 111     if (!has_capability('moodle/user:viewdetails', $coursecontext) && // normal enrolled user or mnager
 112         ($user->deleted or !has_capability('moodle/user:viewdetails', $usercontext))) {   // usually parent
 113         print_error('cannotviewprofile');
 114     }
 115
 116     if (!is_enrolled($coursecontext, $user->id)) {
 117         // TODO: the only potential problem is that managers and inspectors might post in forum, but the link
 118         //       to profile would not work - maybe a new capability - moodle/user:freely_acessile_profile_for_anybody
 119         //       or test for course:inspect capability
 120         if (has_capability('moodle/role:assign', $coursecontext)) {
 121             $PAGE->navbar->add($fullname);
 122             echo $OUTPUT->header();
 123             echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
 124         } else {
 125             echo $OUTPUT->header();
 126             $PAGE->navbar->add($struser);
 127             echo $OUTPUT->heading(get_string('notenrolledprofile'));
 128         }
 129         if (!empty($_SERVER['HTTP_REFERER'])) {
 130             echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
 131         }
 132         echo $OUTPUT->footer();
 133         exit;
 134     }
 135
 136     // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group
 137     if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce
 138       and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) {
 139         if (!isloggedin() or isguestuser()) {
 140             // do not use require_login() here because we might have already used require_login($course)
 141             redirect(get_login_url());
 142         }
 143         $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name'));
 144         $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name'));
 145         if (!array_intersect($mygroups, $usergroups)) {
 146             print_error("groupnotamember", '', "../course/view.php?id=$course->id");
 147         }
 148     }
 149 }
 150
 151 $PAGE->set_title("$course->fullname: $strpersonalprofile: $fullname");
 152 $PAGE->set_heading($course->fullname);
 153 $PAGE->set_pagelayout('standard');
 154
 155 // Locate the users settings in the settings navigation and force it open.
 156 // This MUST be done after we've set up the page as it is going to cause theme and output to initialise.
 157 if (!$currentuser) {
 158     $PAGE->navigation->extend_for_user($user);
 159     if ($node = $PAGE->settingsnav->get('userviewingsettings'.$user->id)) {
 160         $node->forceopen = true;
 161     }
 162 } else if ($node = $PAGE->settingsnav->get('usercurrentsettings', navigation_node::TYPE_CONTAINER)) {
 163     $node->forceopen = true;
 164 }
 165 if ($node = $PAGE->settingsnav->get('courseadmin')) {
 166     $node->forceopen = false;
 167 }
 168
 169 echo $OUTPUT->header();
 170
 171 echo '<div class="userprofile">';
 172
 173 echo $OUTPUT->heading(fullname($user).' ('.format_string($course->shortname, true, array('context' => $coursecontext)).')');
 174
 175 if ($user->deleted) {
 176     echo $OUTPUT->heading(get_string('userdeleted'));
 177     if (!has_capability('moodle/user:update', $coursecontext)) {
 178         echo $OUTPUT->footer();
 179         die;
 180     }
 181 }
 182
 183 /// OK, security out the way, now we are showing the user
 184
 185 add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
 186
 187 /// Get the hidden field list
 188 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
 189     $hiddenfields = array();
 190 } else {
 191     $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
 192 }
 193
 194 if (is_mnet_remote_user($user)) {
 195     $sql = "SELECT h.id, h.name, h.wwwroot,
 196                    a.name as application, a.display_name
 197               FROM {mnet_host} h, {mnet_application} a
 198              WHERE h.id = ? AND h.applicationid = a.id";
 199
 200     $remotehost = $DB->get_record_sql($sql, array($user->mnethostid));
 201     $a = new stdclass();
 202     $a->remotetype = $remotehost->display_name;
 203     $a->remotename = $remotehost->name;
 204     $a->remoteurl  = $remotehost->wwwroot;
 205
 206     echo $OUTPUT->box(get_string('remoteuserinfo', 'mnet', $a), 'remoteuserinfo');
 207 }
 208
 209 echo '<div class="userprofilebox clearfix"><div class="profilepicture">';
 210 echo $OUTPUT->user_picture($user, array('size'=>100));
 211 echo '</div>';
 212
 213 // Print the description
 214 echo '<div class="descriptionbox"><div class="description">';
 215 if ($user->description && !isset($hiddenfields['description'])) {
 216     if (!empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$id))) {
 217         echo get_string('profilenotshown', 'moodle');
 218     } else {
 219         if ($courseid == SITEID) {
 220             $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $usercontext->id, 'user', 'profile', null);
 221         } else {
 222             // we have to make a little detour thought the course context to verify the access control for course profile
 223             $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $coursecontext->id, 'user', 'profile', $user->id);
 224         }
 225         $options = array('overflowdiv'=>true);
 226         echo format_text($user->description, $user->descriptionformat, $options);
 227     }
 228 }
 229 echo '</div>';
 230
 231
 232 // Print all the little details in a list
 233
 234 echo '<table class="list" summary="">';
 235
 236 // Show email if any of the following conditions match.
 237 // 1. User is viewing his own profile.
 238 // 2. Has allowed everyone to see email
 239 // 3. User has allowed course members to can see email and current user is in same course
 240 // 4. Has either course:viewhiddenuserfields or site:viewuseridentity capability.
 241 if ($currentuser
 242    or $user->maildisplay == 1
 243    or ($user->maildisplay == 2 && is_enrolled($coursecontext, $USER))
 244    or has_capability('moodle/course:viewhiddenuserfields', $coursecontext)
 245    or has_capability('moodle/site:viewuseridentity', $coursecontext)) {
 246     print_row(get_string("email").":", obfuscate_mailto($user->email, ''));
 247 }
 248
 249 // Show last time this user accessed this course
 250 if (!isset($hiddenfields['lastaccess'])) {
 251     if ($lastaccess = $DB->get_record('user_lastaccess', array('userid'=>$user->id, 'courseid'=>$course->id))) {
 252         $datestring = userdate($lastaccess->timeaccess)."&nbsp; (".format_time(time() - $lastaccess->timeaccess).")";
 253     } else {
 254         $datestring = get_string("never");
 255     }
 256     print_row(get_string("lastaccess").":", $datestring);
 257 }
 258
 259 // Show roles in this course
 260 if ($rolestring = get_user_roles_in_course($id, $course->id)) {
 261     print_row(get_string('roles').':', $rolestring);
 262 }
 263
 264 // Show groups this user is in
 265 if (!isset($hiddenfields['groups'])) {
 266     $accessallgroups = has_capability('moodle/site:accessallgroups', $coursecontext);
 267     if ($usergroups = groups_get_all_groups($course->id, $user->id)) {
 268         $groupstr = '';
 269         foreach ($usergroups as $group){
 270             if ($course->groupmode == SEPARATEGROUPS and !$accessallgroups and $user->id != $USER->id) {
 271                 if (!groups_is_member($group->id, $user->id)) {
 272                     continue;
 273                 }
 274             }
 275
 276             if ($course->groupmode != NOGROUPS) {
 277                 $groupstr .= ' <a href="'.$CFG->wwwroot.'/user/index.php?id='.$course->id.'&amp;group='.$group->id.'">'.format_string($group->name).'</a>,';
 278             } else {
 279                 $groupstr .= ' '.format_string($group->name); // the user/index.php shows groups only when course in group mode
 280             }
 281         }
 282         if ($groupstr !== '') {
 283             print_row(get_string("group").":", rtrim($groupstr, ', '));
 284         }
 285     }
 286 }
 287
 288 // Show other courses they may be in
 289 if (!isset($hiddenfields['mycourses'])) {
 290     if ($mycourses = enrol_get_all_users_courses($user->id, true, NULL, 'visible DESC,sortorder ASC')) {
 291         $shown = 0;
 292         $courselisting = '';
 293         foreach ($mycourses as $mycourse) {
 294             if ($mycourse->category) {
 295                 context_helper::preload_from_record($mycourse);
 296                 $ccontext = context_course::instance($mycourse->id);
 297                 $cfullname = $ccontext->get_context_name(false);
 298                 if ($mycourse->id != $course->id){
 299                     $class = '';
 300                     if ($mycourse->visible == 0) {
 301                         if (!has_capability('moodle/course:viewhiddencourses', $ccontext)) {
 302                             continue;
 303                         }
 304                         $class = 'class="dimmed"';
 305                     }
 306                     $courselisting .= "<a href=\"{$CFG->wwwroot}/user/view.php?id={$user->id}&amp;course={$mycourse->id}\" $class >"
 307                         . $cfullname . "</a>, ";
 308                 } else {
 309                     $courselisting .= $cfullname . ", ";
 310                     $PAGE->navbar->add($cfullname);
 311                 }
 312             }
 313             $shown++;
 314             if ($shown >= 20) {
 315                 $courselisting .= "...";
 316                 break;
 317             }
 318         }
 319         print_row(get_string('courseprofiles').':', rtrim($courselisting,', '));
 320     }
 321 }
 322
 323 if (!isset($hiddenfields['suspended'])) {
 324     if ($user->suspended) {
 325         print_row('', get_string('suspended', 'auth'));
 326     }
 327 }
 328
 329 echo "</table></div></div>";
 330
 331 // Print messaging link if allowed
 332 if (isloggedin() && has_capability('moodle/site:sendmessage', $usercontext)
 333     && !empty($CFG->messaging) && !isguestuser() && !isguestuser($user) && ($USER->id != $user->id)) {
 334     echo '<div class="messagebox">';
 335     echo '<a href="'.$CFG->wwwroot.'/message/index.php?id='.$user->id.'">'.get_string('messageselectadd').'</a>';
 336     echo '</div>';
 337 }
 338
 339 if ($currentuser || has_capability('moodle/user:viewdetails', $usercontext) || has_coursecontact_role($id)) {
 340     echo '<div class="fullprofilelink">';
 341     echo html_writer::link($CFG->wwwroot.'/user/profile.php?id='.$id, get_string('fullprofile'));
 342     echo '</div>';
 343 }
 344
 345 /// TODO Add more useful overview info for teachers here, see below
 346
 347 /// Show links to notes made about this student (must click to display, for privacy)
 348
 349 /// Recent comments made in this course
 350
 351 /// Recent blogs associated with this course and items in it
 352
 353
 354
 355 echo '</div>';  // userprofile class
 356
 357 echo $OUTPUT->footer();
 358
 359 /// Functions ///////
 360
 361 function print_row($left, $right) {
 362     echo "\n<tr><th class=\"label c0\">$left</th><td class=\"info c1\">$right</td></tr>\n";
 363 }
 364
 365