define PARAM_SAFEDIR (constant) and clean_param (function) if required for compatibil...
[moodle.git] / mod / data / view.php
CommitLineData
3d4b223a 1<?php // $Id$
2///////////////////////////////////////////////////////////////////////////
3// //
4// NOTICE OF COPYRIGHT //
5// //
6// Moodle - Modular Object-Oriented Dynamic Learning Environment //
7// http://moodle.org //
8// //
9// Copyright (C) 2005 Martin Dougiamas http://dougiamas.com //
10// //
11// This program is free software; you can redistribute it and/or modify //
12// it under the terms of the GNU General Public License as published by //
13// the Free Software Foundation; either version 2 of the License, or //
14// (at your option) any later version. //
15// //
16// This program is distributed in the hope that it will be useful, //
17// but WITHOUT ANY WARRANTY; without even the implied warranty of //
18// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
19// GNU General Public License for more details: //
20// //
21// http://www.gnu.org/copyleft/gpl.html //
22// //
23///////////////////////////////////////////////////////////////////////////
24
25 require_once('../../config.php');
26 require_once('lib.php');
27 require_once($CFG->libdir.'/blocklib.php');
a593aeee 28 require_once("$CFG->libdir/rsslib.php");
3d4b223a 29
3d4b223a 30 require_once('pagelib.php');
7ddda9db 31
3d4b223a 32
3d45b8e5 33/// One of these is necessary!
3d4b223a 34 $id = optional_param('id', 0, PARAM_INT); // course module id
35 $d = optional_param('d', 0, PARAM_INT); // database id
3d45b8e5 36 $rid = optional_param('rid', 0, PARAM_INT); //record id
37
38 $mode = optional_param('mode', '', PARAM_ALPHA); // Force the browse mode ('single')
39
40
41/// These can be added to perform an action on a record
473dd288 42 $approve = optional_param('approve', 0, PARAM_INT); //approval recordid
43 $delete = optional_param('delete', 0, PARAM_INT); //delete recordid
3d45b8e5 44
5f5bcda8 45
3d4b223a 46 if ($id) {
47 if (! $cm = get_record('course_modules', 'id', $id)) {
48 error('Course Module ID was incorrect');
49 }
50 if (! $course = get_record('course', 'id', $cm->course)) {
51 error('Course is misconfigured');
52 }
53 if (! $data = get_record('data', 'id', $cm->instance)) {
54 error('Course module is incorrect');
55 }
3d45b8e5 56 $record = NULL;
3d4b223a 57
3d45b8e5 58 } else if ($rid) {
59 if (! $record = get_record('data_records', 'id', $rid)) {
60 error('Record ID is incorrect');
61 }
62 if (! $data = get_record('data', 'id', $record->dataid)) {
63 error('Data ID is incorrect');
64 }
65 if (! $course = get_record('course', 'id', $data->course)) {
66 error('Course is misconfigured');
67 }
68 if (! $cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
69 error('Course Module ID was incorrect');
70 }
71 } else { // We must have $d
3d4b223a 72 if (! $data = get_record('data', 'id', $d)) {
73 error('Data ID is incorrect');
74 }
75 if (! $course = get_record('course', 'id', $data->course)) {
76 error('Course is misconfigured');
77 }
78 if (! $cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
79 error('Course Module ID was incorrect');
80 }
3d45b8e5 81 $record = NULL;
3d4b223a 82 }
83
3d1c33ef 84
7ddda9db 85 require_course_login($course, true, $cm);
86
3d1c33ef 87
88/// If it's hidden then it's don't show anything. :)
89 if (empty($cm->visible) and !isteacher($course->id)) {
1d8a829a 90 $strdatabases = get_string("modulenameplural", "data");
91 $navigation = "<a href=\"index.php?id=$course->id\">$strdatabases</a> ->";
92 print_header_simple(format_string($data->name), "",
93 "$navigation ".format_string($data->name), "", "", true, '', navmenu($course, $cm));
3d1c33ef 94 notice(get_string("activityiscurrentlyhidden"));
95 }
96
3d45b8e5 97/// If we have an empty Database then redirect because this page is useless without data
3d4b223a 98 if (isteacher($course->id)) {
ed69c723 99 if (!record_exists('data_fields','dataid',$data->id)) { // Brand new database!
5bac6d10 100 redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
3d4b223a 101 }
102 }
e0279f63 103
3d45b8e5 104
105/// Check further parameters that set browsing preferences
106 if (!isset($SESSION->dataprefs)) {
107 $SESSION->dataprefs = array();
e0279f63 108 }
3d45b8e5 109 if (!isset($SESSION->dataprefs[$data->id])) {
110 $SESSION->dataprefs[$data->id] = array();
111 $SESSION->dataprefs[$data->id]['search'] = '';
112 $SESSION->dataprefs[$data->id]['sort'] = $data->defaultsort;
113 $SESSION->dataprefs[$data->id]['order'] = ($data->defaultsortdir == 0) ? 'ASC' : 'DESC';
3d4b223a 114 }
3d45b8e5 115 $search = optional_param('search', $SESSION->dataprefs[$data->id]['search'], PARAM_NOTAGS);
116 $SESSION->dataprefs[$data->id]['search'] = $search; // Make it sticky
117
118 $sort = optional_param('sort', $SESSION->dataprefs[$data->id]['sort'], PARAM_INT);
119 $SESSION->dataprefs[$data->id]['sort'] = $sort; // Make it sticky
120
121 $order = (optional_param('order', $SESSION->dataprefs[$data->id]['order'], PARAM_ALPHA) == 'ASC') ? 'ASC': 'DESC';
122 $SESSION->dataprefs[$data->id]['order'] = $order; // Make it sticky
123
124
125 $oldperpage = get_user_preferences('data_perpage_'.$data->id, 10);
126 $perpage = optional_param('perpage', $oldperpage, PARAM_INT);
127
128 if ($perpage < 2) {
129 $perpage = 2;
130 }
131 if ($perpage != $oldperpage) {
132 set_user_preference('data_perpage_'.$data->id, $perpage);
133 }
134
135 $page = optional_param('page', 0, PARAM_INT);
ed69c723 136
3d4b223a 137 add_to_log($course->id, 'data', 'view', "view.php?id=$cm->id", $data->id, $cm->id);
138
139
140// Initialize $PAGE, compute blocks
141 $PAGE = page_create_instance($data->id);
142 $pageblocks = blocks_setup($PAGE);
143 $blocks_preferred_width = bounded_number(180, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]), 210);
144
145 if (!empty($edit) && $PAGE->user_allowed_editing()) {
146 if ($edit == 'on') {
147 $USER->editing = true;
148 } else if ($edit == 'off') {
149 $USER->editing = false;
150 }
151 }
3d4b223a 152
68635e6f 153/// RSS and CSS meta
154 $meta = '';
c853304e 155 if (isset($CFG->enablerssfeeds) && isset($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
156 $rsspath = rss_get_url($course->id, $USER->id, 'data', $data->id);
68635e6f 157 $meta .= '<link rel="alternate" type="application/rss+xml" ';
158 $meta .= 'title ="'.$course->shortname.': %fullname%" href="'.$rsspath.'" />';
159 }
160 if ($data->csstemplate) {
161 $meta .= '<link rel="stylesheet" type="text/css" href="'.$CFG->wwwroot.'/mod/data/css.php?d='.$data->id.'" /> ';
c853304e 162 }
163
164/// Print the page header
68635e6f 165 $PAGE->print_header($course->shortname.': %fullname%', '', $meta);
c853304e 166
3d4b223a 167 echo '<table id="layout-table"><tr>';
168
3d45b8e5 169 if (!empty($CFG->showblocksonmodpages) &&
170 (blocks_have_content($pageblocks, BLOCK_POS_LEFT) || $PAGE->user_is_editing())) {
3d4b223a 171 echo '<td style="width: '.$blocks_preferred_width.'px;" id="left-column">';
172 blocks_print_group($PAGE, $pageblocks, BLOCK_POS_LEFT);
173 echo '</td>';
174 }
175
176 echo '<td id="middle-column">';
177
178 print_heading(format_string($data->name));
a593aeee 179
a593aeee 180 // Do we need to show a link to the RSS feed for the records?
181 if (isset($CFG->enablerssfeeds) && isset($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
182 echo '<div style="float:right;">';
ed69c723 183 rss_print_link($course->id, $USER->id, 'data', $data->id, get_string('rsstype'));
a593aeee 184 echo '</div>';
185 echo '<div style="clear:both;"></div>';
186 }
187
3d45b8e5 188 if ($data->intro and empty($sort) and empty($search) and empty($page) and empty($record)) {
56135f6b 189 print_simple_box(format_text($data->intro), 'center', '70%', '', 5, 'generalbox', 'intro');
56135f6b 190 }
191
3d4b223a 192/// Check to see if groups are being used here
193 if ($groupmode = groupmode($course, $cm)) { // Groups are being used
ed69c723 194 $currentgroup = setup_and_print_groups($course, $groupmode,
195 'view.php?d='.$data->id.'&amp;search='.s($search).'&amp;sort='.s($sort).
196 '&amp;order='.s($order).'&amp;');
3d4b223a 197 } else {
198 $currentgroup = 0;
199 }
200
3d4b223a 201
202/// Print the tabs
203
3d45b8e5 204 if ($record or $mode == 'single') {
205 $currenttab = 'single';
206 } else {
207 $currenttab = 'list';
208 }
3d4b223a 209 include('tabs.php');
210
75c42c87 211
473dd288 212/// Approve any requested records
3d4b223a 213
473dd288 214 if ($approve && confirm_sesskey() && isteacher($course->id)) {
3d45b8e5 215 if ($approverecord = get_record('data_records', 'id', $approve)) { // Need to check this is valid
216 if ($approverecord->dataid == $data->id) { // Must be from this database
217 $newrecord->id = $approverecord->id;
473dd288 218 $newrecord->approved = 1;
219 if (update_record('data_records', $newrecord)) {
220 notify(get_string('recordapproved','data'), 'notifysuccess');
221 }
222 }
223 }
cf3e199b 224 }
ed69c723 225
473dd288 226/// Delete any requested records
227
3d45b8e5 228 if ($delete && confirm_sesskey() && (isteacher($course->id) or data_isowner($delete))) {
229 if ($confirm = optional_param('confirm',0,PARAM_INT)) {
230 if ($deleterecord = get_record('data_records', 'id', $delete)) { // Need to check this is valid
231 if ($deleterecord->dataid == $data->id) { // Must be from this database
232 if ($contents = get_records('data_content','recordid', $deleterecord->id)) {
233 foreach ($contents as $content) { // Delete files or whatever else this field allows
234 if ($field = data_get_field_from_id($content->fieldid, $data)) { // Might not be there
235 $field->delete_content($content->recordid);
236 }
3d4b223a 237 }
238 }
3d45b8e5 239 delete_records('data_content','recordid', $deleterecord->id);
240 delete_records('data_records','id', $deleterecord->id);
f0497d6f 241
3d45b8e5 242 add_to_log($course->id, 'data', 'record delete', "view.php?id=$cm->id", $data->id, $cm->id);
f0497d6f 243
3d45b8e5 244 notify(get_string('recorddeleted','data'), 'notifysuccess');
245 }
3d4b223a 246 }
3d45b8e5 247
248 } else { // Print a confirmation page
249 notice_yesno(get_string('confirmdeleterecord','data'),
250 'view.php?d='.$data->id.'&amp;delete='.$delete.'&amp;confirm=1&amp;sesskey='.sesskey(),
251 'view.php?d='.$data->id);
252
253 print_footer($course);
254 exit;
3d4b223a 255 }
256 }
257
75c42c87 258// If not teacher, check whether user has sufficient records to view
259 if (!isteacher($course->id) and data_numentries($data) < $data->requiredentriestoview){
2b1d7c8e 260 notify (($data->requiredentriestoview - data_numentries($data)).'&nbsp;'.get_string('insufficiententries','data'));
af25f45e 261 echo '</td></tr></table>';
3d4b223a 262 print_footer($course);
263 exit;
264 }
265
3d4b223a 266
3d45b8e5 267/// We need to examine the whole dataset to produce the correct paging
33819735 268
4431d2e0 269 if ((!isteacher($course->id)) && ($data->approval)) {
270 if (isloggedin()) {
3d45b8e5 271 $approveselect = ' AND (r.approved=1 OR r.userid='.$USER->id.') ';
4431d2e0 272 } else {
3d45b8e5 273 $approveselect = ' AND r.approved=1 ';
4431d2e0 274 }
cf3e199b 275 } else {
3d45b8e5 276 $approveselect = ' ';
cf3e199b 277 }
278
3d45b8e5 279 if ($currentgroup) {
280 $groupselect = " AND (r.groupid = '$currentgroup' OR r.groupid = 0)";
cf3e199b 281 } else {
3d45b8e5 282 $groupselect = ' ';
3d4b223a 283 }
3d4b223a 284
3d45b8e5 285
286/// Find the field we are sorting on
287 if ($sort) {
0997e51a 288 $sortfield = data_get_field_from_id($sort, $data);
cf3e199b 289 $sortcontent = $sortfield->get_sort_field();
3d45b8e5 290
291 $what = ' DISTINCT r.id, r.approved ';
292 $count = ' COUNT(DISTINCT c.recordid) ';
293 $tables = $CFG->prefix.'data_content c,'.$CFG->prefix.'data_records r,'.$CFG->prefix.'data_content c1 ';
294 $where = 'WHERE c.recordid = r.id
295 AND c.fieldid = '.$sort.'
296 AND r.dataid = '.$data->id.'
297 AND c1.recordid = r.id ';
298 $sortorder = ' ORDER BY c.'.$sortcontent.' '.$order.' ';
299
300 } else if ($search) {
301 $what = ' DISTINCT r.id, r.approved ';
302 $count = ' COUNT(DISTINCT c.recordid) ';
303 $tables = $CFG->prefix.'data_content c,'.$CFG->prefix.'data_records r ';
304 $where = 'WHERE c.recordid = r.id
305 AND r.dataid = '.$data->id;
306 $sortorder = ' ORDER BY r.id ';
307
308 } else {
309 $what = ' DISTINCT r.id, r.approved ';
310 $count = ' COUNT(r.id) ';
311 $tables = $CFG->prefix.'data_records r ';
312 $where = 'WHERE r.dataid = '.$data->id;
313 $sortorder = ' ORDER BY r.id ';
cf3e199b 314 }
3d45b8e5 315
316/// Restrict by a search if we have one
317
318 if ($search) {
319 $searchselect = ' AND (c.content LIKE "%'.$search.'%") ';
320 } else {
321 $searchselect = ' ';
3d4b223a 322 }
3d4b223a 323
3d45b8e5 324/// To actually fetch the records
325
326 $fromsql = ' FROM '.$tables.$where.$groupselect.$approveselect.$searchselect;
327
328 $sqlselect = 'SELECT '.$what.$fromsql.$sortorder;
329
330 $sqlcount = 'SELECT '.$count.$fromsql; // Total number of records
331
332/// Work out the paging numbers
333
3d4b223a 334 $totalcount = count_records_sql($sqlcount);
335
3d45b8e5 336 if ($record) { // We need to just show one, so where is it in context?
337 $nowperpage = 1;
338 $mode = 'single';
339 if ($sort) { // We need to search by that field
340 if ($content = get_field('data_content', 'content', 'recordid', $record->id, 'fieldid', $sort)) {
341 $content = addslashes($content);
342 if ($order == 'ASC') {
343 $lessthan = " AND c.$sortcontent < '$content' ";
344 } else {
345 $lessthan = " AND c.$sortcontent > '$content' ";
346 }
347 } else { // Failed to find data (shouldn't happen), so fall back to something easy
348 $lessthan = " r.id < '$record->id' ";
349 }
350 } else {
351 $lessthan = " r.id < '$record->id' ";
352 }
353 $sqlindex = 'SELECT COUNT(DISTINCT c.recordid) '.$fromsql.$lessthan.$sortorder;
354 $page = count_records_sql($sqlindex);
355
356 } else if ($mode == 'single') { // We rely on ambient $page settings
357 $nowperpage = 1;
358
359 } else {
360 $nowperpage = $perpage;
361 }
362
363/// Get the actual records
364
365 $limit = sql_paging_limit($page * $nowperpage, $nowperpage);
366 $records = get_records_sql($sqlselect.$limit);
367
368 if (empty($records)) { // Nothing to show!
3d4b223a 369 if ($search){
370 notify(get_string('nomatch','data'));
dbdfc3db 371 } else {
3d4b223a 372 notify(get_string('norecords','data'));
373 }
cf3e199b 374
3d45b8e5 375 } else { // We have some records to print
68c88622 376
3d45b8e5 377 if ($mode == 'single') { // Single template
378 $baseurl = 'view.php?d='.$data->id.'&amp;mode=single&amp;';
3d4b223a 379
3d45b8e5 380 print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page');
381
382 if (empty($data->singletemplate)){
383 notify(get_string('nosingletemplate','data'));
384 }
3d4b223a 385
52373fe7 386 data_print_template('singletemplate', $records, $data, $search, $page);
3d45b8e5 387
388 print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page');
389
390 } else { // List template
391 $baseurl = 'view.php?d='.$data->id.'&amp;';
392
393 print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page');
394
395 if (empty($data->listtemplate)){
396 notify(get_string('nolisttemplate','data'));
397 }
398 echo $data->listtemplateheader;
52373fe7 399 data_print_template('listtemplate', $records, $data, $search, $page);
3d45b8e5 400 echo $data->listtemplatefooter;
401
402 print_paging_bar($totalcount, $page, $nowperpage, $baseurl, $pagevar='page');
403 }
404 }
33819735 405
cf3e199b 406 data_print_preference_form($data, $perpage, $search, $sort, $order);
3d4b223a 407
3d45b8e5 408 print_footer($course);
0997e51a 409?>