Incorrectly defined capability defaults and access control
[moodle.git] / comment / comment_ajax.php
CommitLineData
1bcb7eb5 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/*
19 * Handling all ajax request for comments API
20 */
21require_once('../config.php');
36051c9e 22require_once($CFG->dirroot . '/comment/lib.php');
1bcb7eb5 23
1bcb7eb5 24$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
57588523 25list($context, $course, $cm) = get_context_info_array($contextid);
1bcb7eb5 26
08a22be6
DC
27if (!empty($course)) {
28 $PAGE->set_course($course);
29} else {
30 $PAGE->set_course($SITE);
31}
32
80555111 33require_login($course, true, $cm);
1bcb7eb5 34
35$err = new stdclass;
36
37if (!confirm_sesskey()) {
38 $err->error = get_string('invalidsesskey');
39 die(json_encode($err));
40}
41
42if (!isloggedin()){
43 $err->error = get_string('loggedinnot');
44 die(json_encode($err));
45}
46
47if (isguestuser()) {
48 $err->error = get_string('loggedinnot');
49 die(json_encode($err));
50}
51
52$action = optional_param('action', '', PARAM_ALPHA);
53$area = optional_param('area', '', PARAM_ALPHAEXT);
54$client_id = optional_param('client_id', '', PARAM_RAW);
55$commentid = optional_param('commentid', -1, PARAM_INT);
56$content = optional_param('content', '', PARAM_RAW);
57$itemid = optional_param('itemid', '', PARAM_INT);
58$page = optional_param('page', 0, PARAM_INT);
59
60if (!empty($client_id)) {
61 $cmt = new stdclass;
62 $cmt->contextid = $contextid;
08a22be6
DC
63 if (!empty($course)) {
64 $cmt->courseid = $course->id;
65 }
1bcb7eb5 66 $cmt->area = $area;
67 $cmt->itemid = $itemid;
68 $cmt->client_id = $client_id;
69 $comment = new comment($cmt);
70}
71switch ($action) {
72case 'add':
15894c65 73 try {
74 $cmt = $comment->add($content);
75 $cmt->count = $comment->count();
76 if (!empty($cmt) && is_object($cmt)) {
77 $cmt->client_id = $client_id;
78 echo json_encode($cmt);
79 }
80 } catch (comment_exception $e) {
81 echo json_encode(array('error'=>$e->message));
1bcb7eb5 82 }
83 break;
84case 'delete':
15894c65 85 try {
86 $result = $comment->delete($commentid);
87 if ($result === true) {
88 echo json_encode(array('client_id'=>$client_id, 'commentid'=>$commentid));
89 }
90 } catch (comment_exception $e) {
91 echo json_encode(array('error'=>$e->message));
1bcb7eb5 92 }
93 break;
94case 'get':
95default:
96 $ret = array();
15894c65 97 try {
98 $comments = $comment->get_comments($page);
99 $ret['list'] = $comments;
100 $ret['count'] = $comment->count();
101 $ret['pagination'] = $comment->get_pagination($page);
102 $ret['client_id'] = $client_id;
103 echo json_encode($ret);
104 } catch (comment_exception $e) {
105 echo json_encode(array('error'=>$e->message));
106 }
1bcb7eb5 107}