webservice MDL-23536 fix missing test when no missing capability
[moodle.git] / blog / index.php
CommitLineData
dfede59d 1<?php
4a173181 2
3/**
4 * file index.php
5 * index page to view blogs. if no blog is specified then site wide entries are shown
6 * if a blog id is specified then the latest entries from that blog are shown
7 */
8
cae83708 9require_once(dirname(dirname(__FILE__)).'/config.php');
4a173181 10require_once($CFG->dirroot .'/blog/lib.php');
cae83708 11require_once($CFG->dirroot .'/blog/locallib.php');
12require_once($CFG->dirroot .'/course/lib.php');
13require_once($CFG->dirroot .'/tag/lib.php');
36051c9e 14require_once($CFG->dirroot .'/comment/lib.php');
4a173181 15
1c7b8b93
NC
16$id = optional_param('id', null, PARAM_INT);
17$start = optional_param('formstart', 0, PARAM_INT);
18$tag = optional_param('tag', '', PARAM_NOTAGS);
19$userid = optional_param('userid', null, PARAM_INT);
20$tagid = optional_param('tagid', null, PARAM_INT);
21$modid = optional_param('modid', null, PARAM_INT);
22$entryid = optional_param('entryid', null, PARAM_INT);
23$groupid = optional_param('groupid', null, PARAM_INT);
24$courseid = optional_param('courseid', null, PARAM_INT);
25$search = optional_param('search', null, PARAM_RAW);
cae83708 26
36051c9e 27comment::init();
b73d1ca4 28
cae83708 29$url_params = compact('id', 'start', 'tag', 'userid', 'tagid', 'modid', 'entryid', 'groupid', 'courseid', 'search');
30foreach ($url_params as $var => $val) {
31 if (empty($val)) {
32 unset($url_params[$var]);
33 }
34}
a6855934 35$PAGE->set_url('/blog/index.php', $url_params);
e96f2a77 36
856b6fe6 37//correct tagid if a text tag is provided as a param
1c7b8b93
NC
38if (!empty($tag)) {
39 $ILIKE = $DB->sql_ilike();
40 if ($tagrec = $DB->get_record_sql("SELECT * FROM {tag} WHERE name $ILIKE ?", array("%$tag%"))) {
856b6fe6 41 $tagid = $tagrec->id;
42 } else {
43 unset($tagid);
44 }
45}
46
cae83708 47// add courseid if modid or groupid is specified: This is used for navigation and title
48if (!empty($modid) && empty($courseid)) {
856b6fe6 49 $courseid = $DB->get_field('course_modules', 'course', array('id'=>$modid));
50}
51
cae83708 52if (!empty($groupid) && empty($courseid)) {
856b6fe6 53 $courseid = $DB->get_field('groups', 'courseid', array('id'=>$groupid));
54}
4a173181 55
ab2f17b0 56if (empty($CFG->bloglevel)) {
8b141784 57 print_error('blogdisable', 'blog');
ab2f17b0 58}
bbbf2d40 59
d9d16e56 60$sitecontext = get_context_instance(CONTEXT_SYSTEM);
93caac3a 61
cae83708 62if (!$userid && has_capability('moodle/blog:view', $sitecontext) && $CFG->bloglevel > BLOG_USER_LEVEL) {
63 if ($entryid) {
1c7b8b93 64 if (!$entryobject = $DB->get_record('post', array('id'=>$entryid))) {
856b6fe6 65 print_error('nosuchentry', 'blog');
dde73b9e 66 }
cae83708 67 $userid = $entryobject->userid;
4a173181 68 }
856b6fe6 69} else if (!$userid) {
856b6fe6 70 $userid = $USER->id;
4a173181 71}
4a173181 72
1c7b8b93 73if (!empty($modid)) {
856b6fe6 74 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
75 print_error(get_string('nocourseblogs', 'blog'));
76 }
77 if (!$mod = $DB->get_record('course_modules', array('id' => $modid))) {
78 print_error(get_string('invalidmodid', 'blog'));
79 }
80 $courseid = $mod->course;
81}
e96f2a77 82
1c7b8b93 83if ((empty($courseid) ? true : $courseid == SITEID) && empty($userid)) {
856b6fe6 84 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
85 print_error('siteblogdisable', 'blog');
86 }
87 if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
88 require_login();
89 }
90 if (!has_capability('moodle/blog:view', $sitecontext)) {
91 print_error('cannotviewsiteblog', 'blog');
92 }
e96f2a77 93
856b6fe6 94 $COURSE = $DB->get_record('course', array('format'=>'site'));
95 $courseid = $COURSE->id;
96}
97
98if (!empty($courseid)) {
99 if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
100 print_error('invalidcourseid');
101 }
102
103 $courseid = $course->id;
104 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
105
106 require_login($course);
107
108 if (!has_capability('moodle/blog:view', $coursecontext)) {
109 print_error('cannotviewcourseblog', 'blog');
110 }
111} else {
112 $coursecontext = get_context_instance(CONTEXT_COURSE, SITEID);
113}
114
115if (!empty($groupid)) {
116 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
117 print_error('groupblogdisable', 'blog');
118 }
e96f2a77 119
1c7b8b93 120 if (! $group = groups_get_group($groupid)) {
856b6fe6 121 print_error(get_string('invalidgroupid', 'blog'));
122 }
e96f2a77 123
856b6fe6 124 if (!$course = $DB->get_record('course', array('id'=>$group->courseid))) {
125 print_error(get_string('invalidcourseid', 'blog'));
126 }
e96f2a77 127
856b6fe6 128 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
129 $courseid = $course->id;
130 require_login($course);
131
132 if (!has_capability('moodle/blog:view', $coursecontext)) {
133 print_error(get_string('cannotviewcourseorgroupblog', 'blog'));
134 }
f5fc83e8 135
cae83708 136 if (groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) {
856b6fe6 137 if (!groups_is_member($groupid)) {
138 print_error('notmemberofgroup');
e96f2a77 139 }
856b6fe6 140 }
141}
142
143if (!empty($user)) {
144 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
145 print_error('blogdisable', 'blog');
146 }
147
148 if (!$user = $DB->get_record('user', array('id'=>$userid))) {
149 print_error('invaliduserid');
150 }
151
152 if ($user->deleted) {
cae83708 153 echo $OUTPUT->header();
16ba76bd 154 echo $OUTPUT->heading(get_string('userdeleted'));
033e4aff 155 echo $OUTPUT->footer();
856b6fe6 156 die;
157 }
f4c85f46 158
856b6fe6 159 if ($USER->id == $userid) {
160 if (!has_capability('moodle/blog:create', $sitecontext)
cae83708 161 && !has_capability('moodle/blog:view', $sitecontext)) {
856b6fe6 162 print_error('donothaveblog', 'blog');
673bc55d 163 }
856b6fe6 164 } else {
165 $personalcontext = get_context_instance(CONTEXT_USER, $userid);
673bc55d 166
cae83708 167 if (!has_capability('moodle/blog:view', $sitecontext) && !has_capability('moodle/user:readuserblogs', $personalcontext)) {
856b6fe6 168 print_error('cannotviewuserblog', 'blog');
169 }
e96f2a77 170
cae83708 171 if (!blog_user_can_view_user_entry($userid)) {
856b6fe6 172 print_error('cannotviewcourseblog', 'blog');
173 }
174 }
4a173181 175}
176
cae83708 177$courseid = (empty($courseid)) ? SITEID : $courseid;
f99fee6c 178
cae83708 179if (!empty($courseid)) {
cae83708 180 $PAGE->set_context(get_context_instance(CONTEXT_COURSE, $courseid));
856b6fe6 181}
182
cae83708 183if (!empty($modid)) {
cae83708 184 $PAGE->set_context(get_context_instance(CONTEXT_MODULE, $modid));
856b6fe6 185}
186
c5dc10ee 187$blogheaders = blog_get_headers();
cae83708 188
cae83708 189if (empty($entryid) && empty($modid) && empty($groupid)) {
1c7b8b93 190 $PAGE->set_context(get_context_instance(CONTEXT_USER, $USER->id));
cae83708 191}
192
c5dc10ee 193echo $OUTPUT->header();
cae83708 194
c5dc10ee 195echo $OUTPUT->heading($blogheaders['heading'], 2);
92a019ac 196
1c7b8b93
NC
197$bloglisting = new blog_listing($blogheaders['filters']);
198$bloglisting->print_entries();
4a173181 199
033e4aff 200echo $OUTPUT->footer();
d7bf6d17 201
cae83708 202add_to_log($courseid, 'blog', 'view', 'index.php?entryid='.$entryid.'&amp;tagid='.@$tagid.'&amp;tag='.$tag, 'view blog entry');