Merged filter_string fix from MDL-8713
[moodle.git] / blog / index.php
CommitLineData
4a173181 1<?php // $Id$
2
3/**
4 * file index.php
5 * index page to view blogs. if no blog is specified then site wide entries are shown
6 * if a blog id is specified then the latest entries from that blog are shown
7 */
8
eccfc1ca 9require_once('../config.php');
4a173181 10require_once($CFG->dirroot .'/blog/lib.php');
11require_once($CFG->libdir .'/blocklib.php');
12
93caac3a 13$id = optional_param('id', 0, PARAM_INT);
93caac3a 14$start = optional_param('formstart', 0, PARAM_INT);
15$userid = optional_param('userid',0,PARAM_INT);
93caac3a 16$tag = optional_param('tag', '', PARAM_NOTAGS);
17$tagid = optional_param('tagid', 0, PARAM_INT);
18$postid = optional_param('postid',0,PARAM_INT);
19$filtertype = optional_param('filtertype', '', PARAM_ALPHA);
9154b440 20$filterselect = optional_param('filterselect', 0, PARAM_INT);
e96f2a77 21
93caac3a 22$edit = optional_param('edit', -1, PARAM_BOOL);
e96f2a77 23$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs and course tracking
24
4a173181 25
ab2f17b0 26if (empty($CFG->bloglevel)) {
27 error('Blogging is disabled!');
28}
bbbf2d40 29
93caac3a 30$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
31
32
33// change block edit staus if not guest and logged in
34if (isloggedin() and !isguest() and $edit != -1) {
35 $SESSION->blog_editing_enabled = $edit;
36}
37
e96f2a77 38if (empty($filtertype)) {
39 if ($userid) { // default to user if specified
40 $filtertype = 'user';
41 $filterselect = $userid;
42 } else if (has_capability('moodle/blog:view', $sitecontext) and $CFG->bloglevel > BLOG_USER_LEVEL) {
43 $filtertype = 'site';
44 $filterselect = '';
45 } else {
46 // user might have capability to write blogs, but not read blogs at site level
47 // users might enter this url manually without parameters
48 $filtertype = 'user';
49 $filterselect = $USER->id;
4a173181 50 }
4a173181 51}
e96f2a77 52/// check access and prepare filters
4a173181 53
54switch ($filtertype) {
e96f2a77 55
4a173181 56 case 'site':
d7bf6d17 57 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
bbbf2d40 58 error('Site blogs is not enabled');
e96f2a77 59 }
60 if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
4a173181 61 require_login();
62 }
e96f2a77 63 if (!has_capability('moodle/blog:view', $sitecontext)) {
64 error('You do not have the required permissions to view all site blogs');
65 }
4a173181 66 break;
e96f2a77 67
4a173181 68 case 'course':
d7bf6d17 69 if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
bbbf2d40 70 error('Course blogs is not enabled');
4a173181 71 }
e96f2a77 72 if (!$course = get_record('course', 'id', $filterselect)) {
73 error('Incorrect course id specified');
74 }
75 $courseid = $course->id;
76 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
77 require_login($course->id);
78 if (!has_capability('moodle/blog:view', $sitecontext)) {
79 error('You do not have the required permissions to view blogs in this course');
80 }
4a173181 81 break;
e96f2a77 82
4a173181 83 case 'group':
d7bf6d17 84 if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
e96f2a77 85 error('Group blogs is not enabled');
86 }
f3f7610c 87 if (! $group = groups_get_group($groupid)) { //TODO:check.
e96f2a77 88 error('Incorrect group id specified');
89 }
90 if (!$course = get_record('course', 'id', $group->courseid)) {
91 error('Incorrect course id specified');
4a173181 92 }
e96f2a77 93 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
94 $courseid = $course->id;
95 require_login($course->id);
96 if (!has_capability('moodle/blog:view', $coursecontext)) {
97 error('You do not have the required permissions to view blogs in this course/group');
98 }
99 if (groupmode($course) == SEPARATEGROUPS
100 and !has_capability('moodle/site:accessallgroups', $coursecontext)) {
4a173181 101 if (!ismember($filterselect)) {
e96f2a77 102 error ('You are not a member of this course group');
4a173181 103 }
104 }
e96f2a77 105
4a173181 106 break;
e96f2a77 107
4a173181 108 case 'user':
d7bf6d17 109 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
e96f2a77 110 error('Blogs is not enabled');
4a173181 111 }
e96f2a77 112 if (!$user = get_record('user', 'id', $filterselect)) {
113 error('Incorrect user id');
f4c85f46 114 }
e96f2a77 115 if ($USER->id == $filterselect) {
116 if (!has_capability('moodle/blog:create', $sitecontext)
117 and !has_capability('moodle/blog:view', $sitecontext)) {
118 error('You do not have your own a blog, sorry.');
119 }
120 } else {
121 $personalcontext = get_context_instance(CONTEXT_USER, $filterselect);
122 if (!has_capability('moodle/blog:view', $sitecontext)
123 and !has_capability('moodle/user:readuserblogs', $personalcontext)) {
124 error('You do not have the required permissions to read user blogs');
125 }
126 if (!blog_user_can_view_user_post($filterselect)) {
127 error('You can not view blog of this user, sorry.');
128 }
129 }
130 $userid = $filterselect;
f4c85f46 131
4a173181 132 break;
e96f2a77 133
4a173181 134 default:
e96f2a77 135 error('Incorrect blog filter type specified');
4a173181 136 break;
137}
138
e96f2a77 139if (empty($courseid)) {
140 $courseid = SITEID;
4a173181 141}
f99fee6c 142
4a173181 143include($CFG->dirroot .'/blog/header.php');
144
e96f2a77 145blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag);
4a173181 146
06622f92 147add_to_log($courseid, 'blog', 'view', 'index.php?filtertype='.$filtertype.'&amp;filterselect='.$filterselect.'&amp;postid='.$postid.'&amp;tagid='.$tagid.'&amp;tag='.$tag, 'view blog entry');
92a019ac 148
4a173181 149include($CFG->dirroot .'/blog/footer.php');
150
d7bf6d17 151
4b10f08b 152?>