MDL-46218 reshuffled access checks in blog and notes
[moodle.git] / blog / index.php
CommitLineData
dfede59d 1<?php
4a173181 2
3/**
4 * file index.php
5 * index page to view blogs. if no blog is specified then site wide entries are shown
6 * if a blog id is specified then the latest entries from that blog are shown
7 */
8
cae83708 9require_once(dirname(dirname(__FILE__)).'/config.php');
4a173181 10require_once($CFG->dirroot .'/blog/lib.php');
cae83708 11require_once($CFG->dirroot .'/blog/locallib.php');
12require_once($CFG->dirroot .'/course/lib.php');
13require_once($CFG->dirroot .'/tag/lib.php');
36051c9e 14require_once($CFG->dirroot .'/comment/lib.php');
4a173181 15
1c7b8b93
NC
16$id = optional_param('id', null, PARAM_INT);
17$start = optional_param('formstart', 0, PARAM_INT);
18$tag = optional_param('tag', '', PARAM_NOTAGS);
19$userid = optional_param('userid', null, PARAM_INT);
20$tagid = optional_param('tagid', null, PARAM_INT);
21$modid = optional_param('modid', null, PARAM_INT);
22$entryid = optional_param('entryid', null, PARAM_INT);
23$groupid = optional_param('groupid', null, PARAM_INT);
24$courseid = optional_param('courseid', null, PARAM_INT);
25$search = optional_param('search', null, PARAM_RAW);
cae83708 26
36051c9e 27comment::init();
b73d1ca4 28
cae83708 29$url_params = compact('id', 'start', 'tag', 'userid', 'tagid', 'modid', 'entryid', 'groupid', 'courseid', 'search');
30foreach ($url_params as $var => $val) {
31 if (empty($val)) {
32 unset($url_params[$var]);
33 }
34}
a6855934 35$PAGE->set_url('/blog/index.php', $url_params);
e96f2a77 36
856b6fe6 37//correct tagid if a text tag is provided as a param
1c7b8b93 38if (!empty($tag)) {
1af9063e 39 if ($tagrec = $DB->get_record('tag', array('name' => $tag))) {
856b6fe6 40 $tagid = $tagrec->id;
41 } else {
42 unset($tagid);
43 }
44}
45
41b38360 46$sitecontext = context_system::instance();
68fc1cc2
AA
47// Blogs are always in system context.
48$PAGE->set_context($sitecontext);
8f6c1f34
PS
49
50// check basic permissions
51if ($CFG->bloglevel == BLOG_GLOBAL_LEVEL) {
52 // everybody can see anything - no login required unless site is locked down using forcelogin
53 if ($CFG->forcelogin) {
54 require_login();
55 }
56
57} else if ($CFG->bloglevel == BLOG_SITE_LEVEL) {
58 // users must log in and can not be guests
59 require_login();
60 if (isguestuser()) {
61 // they must have entered the url manually...
62 print_error('blogdisable', 'blog');
63 }
64
65} else if ($CFG->bloglevel == BLOG_USER_LEVEL) {
66 // users can see own blogs only! with the exception of ppl with special cap
67 require_login();
68
69} else {
70 // weird!
8b141784 71 print_error('blogdisable', 'blog');
ab2f17b0 72}
bbbf2d40 73
e9fb99b1
AD
74if (empty($CFG->enableblogs)) {
75 print_error('blogdisable', 'blog');
76}
77
78// Add courseid if modid or groupid is specified: This is used for navigation and title.
79if (!empty($modid) && empty($courseid)) {
80 $courseid = $DB->get_field('course_modules', 'course', array('id' => $modid));
81}
82
83if (!empty($groupid) && empty($courseid)) {
84 $courseid = $DB->get_field('groups', 'courseid', array('id' => $groupid));
85}
86
93caac3a 87
cae83708 88if (!$userid && has_capability('moodle/blog:view', $sitecontext) && $CFG->bloglevel > BLOG_USER_LEVEL) {
89 if ($entryid) {
1c7b8b93 90 if (!$entryobject = $DB->get_record('post', array('id'=>$entryid))) {
856b6fe6 91 print_error('nosuchentry', 'blog');
dde73b9e 92 }
cae83708 93 $userid = $entryobject->userid;
4a173181 94 }
856b6fe6 95} else if (!$userid) {
856b6fe6 96 $userid = $USER->id;
4a173181 97}
4a173181 98
1c7b8b93 99if (!empty($modid)) {
856b6fe6 100 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
101 print_error(get_string('nocourseblogs', 'blog'));
102 }
103 if (!$mod = $DB->get_record('course_modules', array('id' => $modid))) {
104 print_error(get_string('invalidmodid', 'blog'));
105 }
106 $courseid = $mod->course;
107}
e96f2a77 108
1c7b8b93 109if ((empty($courseid) ? true : $courseid == SITEID) && empty($userid)) {
856b6fe6 110 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
111 print_error('siteblogdisable', 'blog');
112 }
856b6fe6 113 if (!has_capability('moodle/blog:view', $sitecontext)) {
114 print_error('cannotviewsiteblog', 'blog');
115 }
e96f2a77 116
856b6fe6 117 $COURSE = $DB->get_record('course', array('format'=>'site'));
118 $courseid = $COURSE->id;
119}
120
121if (!empty($courseid)) {
122 if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
123 print_error('invalidcourseid');
124 }
125
126 $courseid = $course->id;
856b6fe6 127 require_login($course);
128
f42d2a22 129 if (!has_capability('moodle/blog:view', $sitecontext)) {
856b6fe6 130 print_error('cannotviewcourseblog', 'blog');
131 }
132} else {
41b38360 133 $coursecontext = context_course::instance(SITEID);
856b6fe6 134}
135
136if (!empty($groupid)) {
137 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
138 print_error('groupblogdisable', 'blog');
139 }
e96f2a77 140
1c7b8b93 141 if (! $group = groups_get_group($groupid)) {
856b6fe6 142 print_error(get_string('invalidgroupid', 'blog'));
143 }
e96f2a77 144
856b6fe6 145 if (!$course = $DB->get_record('course', array('id'=>$group->courseid))) {
19a86468 146 print_error('invalidcourseid');
856b6fe6 147 }
e96f2a77 148
41b38360 149 $coursecontext = context_course::instance($course->id);
856b6fe6 150 $courseid = $course->id;
151 require_login($course);
152
f42d2a22 153 if (!has_capability('moodle/blog:view', $sitecontext)) {
856b6fe6 154 print_error(get_string('cannotviewcourseorgroupblog', 'blog'));
155 }
f5fc83e8 156
cae83708 157 if (groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) {
856b6fe6 158 if (!groups_is_member($groupid)) {
159 print_error('notmemberofgroup');
e96f2a77 160 }
856b6fe6 161 }
162}
163
b29ce44d 164if (!empty($userid)) {
856b6fe6 165 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
166 print_error('blogdisable', 'blog');
167 }
168
169 if (!$user = $DB->get_record('user', array('id'=>$userid))) {
170 print_error('invaliduserid');
171 }
172
173 if ($user->deleted) {
cae83708 174 echo $OUTPUT->header();
16ba76bd 175 echo $OUTPUT->heading(get_string('userdeleted'));
033e4aff 176 echo $OUTPUT->footer();
856b6fe6 177 die;
178 }
f4c85f46 179
856b6fe6 180 if ($USER->id == $userid) {
181 if (!has_capability('moodle/blog:create', $sitecontext)
cae83708 182 && !has_capability('moodle/blog:view', $sitecontext)) {
856b6fe6 183 print_error('donothaveblog', 'blog');
673bc55d 184 }
856b6fe6 185 } else {
9a909b1a 186 if (!has_capability('moodle/blog:view', $sitecontext) || !blog_user_can_view_user_entry($userid)) {
856b6fe6 187 print_error('cannotviewcourseblog', 'blog');
188 }
c53a6444
AD
189
190 $PAGE->navigation->extend_for_user($user);
856b6fe6 191 }
4a173181 192}
193
cae83708 194$courseid = (empty($courseid)) ? SITEID : $courseid;
f99fee6c 195
856b6fe6 196
c5dc10ee 197$blogheaders = blog_get_headers();
cae83708 198
e858c368 199if ($CFG->enablerssfeeds) {
43c4f4d1
JF
200 $rsscontext = null;
201 $filtertype = null;
202 $thingid = null;
e858c368 203 list($thingid, $rsscontext, $filtertype) = blog_rss_get_params($blogheaders['filters']);
43c4f4d1 204 if (empty($rsscontext)) {
f42d2a22 205 $rsscontext = context_system::instance();
43c4f4d1 206 }
e858c368
AD
207 $rsstitle = $blogheaders['heading'];
208
209 //check we haven't started output by outputting an error message
210 if ($PAGE->state == moodle_page::STATE_BEFORE_HEADER) {
211 blog_rss_add_http_header($rsscontext, $rsstitle, $filtertype, $thingid, $tagid);
212 }
213
214 //this works but there isn't a great place to put the link
215 //blog_rss_print_link($rsscontext, $filtertype, $thingid, $tagid);
216}
217
c5dc10ee 218echo $OUTPUT->header();
cae83708 219
c5dc10ee 220echo $OUTPUT->heading($blogheaders['heading'], 2);
92a019ac 221
1c7b8b93
NC
222$bloglisting = new blog_listing($blogheaders['filters']);
223$bloglisting->print_entries();
4a173181 224
033e4aff 225echo $OUTPUT->footer();
6b364115
AA
226$eventparams = array(
227 'other' => array('entryid' => $entryid, 'tagid' => $tagid, 'userid' => $userid, 'modid' => $modid, 'groupid' => $groupid,
228 'search' => $search, 'fromstart' => $start)
229);
230if (!empty($userid)) {
231 $eventparams['relateduserid'] = $userid;
232}
233$eventparams['other']['courseid'] = ($courseid === SITEID) ? 0 : $courseid;
234$event = \core\event\blog_entries_viewed::create($eventparams);
235$event->trigger();