MDL-42883 Administration: Check sessionkey before taking action on user profile fields
[moodle.git] / notes / delete.php
CommitLineData
2f4a2f27 1<?php
83e70cc2 2
3require_once('../config.php');
4require_once('lib.php');
5
6// retrieve parameters
241bcec5 7$noteid = required_param('id', PARAM_INT);
83e70cc2 8
a6855934 9$PAGE->set_url('/notes/delete.php', array('id'=>$noteid));
2f4a2f27 10
83e70cc2 11// locate note information
12if (!$note = note_load($noteid)) {
38eac4d5 13 print_error('invalidid');
83e70cc2 14}
15
16// locate course information
b3829d0a 17if (!$course = $DB->get_record('course', array('id'=>$note->courseid))) {
38eac4d5 18 print_error('invalidcourseid');
83e70cc2 19}
b26adbef 20
21// locate user information
b3829d0a 22 if (!$user = $DB->get_record('user', array('id'=>$note->userid))) {
38eac4d5 23 print_error('invaliduserid');
b26adbef 24 }
25
83e70cc2 26// require login to access notes
241bcec5 27require_login($course);
83e70cc2 28
29// locate context information
30$context = get_context_instance(CONTEXT_COURSE, $course->id);
31
32// check capability
33if (!has_capability('moodle/notes:manage', $context)) {
38eac4d5 34 print_error('nopermissiontodelete', 'notes');
83e70cc2 35}
36
90658eef 37if (empty($CFG->enablenotes)) {
38 print_error('notesdisabled', 'notes');
39}
40
294ce987 41if (data_submitted() && confirm_sesskey()) {
83e70cc2 42//if data was submitted and is valid, then delete note
43 $returnurl = $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&amp;user=' . $note->userid;
44 if (note_delete($noteid)) {
45 add_to_log($note->courseid, 'notes', 'delete', 'index.php?course='.$note->courseid.'&amp;user='.$note->userid . '#note-' . $note->id , 'delete note');
46 } else {
38eac4d5 47 print_error('cannotdeletepost', 'notes', $returnurl);
83e70cc2 48 }
49 redirect($returnurl);
241bcec5 50
83e70cc2 51} else {
52// if data was not submitted yet, then show note data with a delete confirmation form
53 $strnotes = get_string('notes', 'notes');
241bcec5 54 $optionsyes = array('id'=>$noteid, 'sesskey'=>sesskey());
55 $optionsno = array('course'=>$course->id, 'user'=>$note->userid);
83e70cc2 56
57// output HTML
fb676024 58 $link = null;
b26adbef 59 if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
a6855934 60 $link = new moodle_url('/user/index.php',array('id'=>$course->id));
b26adbef 61 }
fb676024 62 $PAGE->navbar->add(get_string('participants'), $link);
a6855934
PS
63 $PAGE->navbar->add(fullname($user), new moodle_url('/user/view.php', array('id'=>$user->id,'course'=>$course->id)));
64 $PAGE->navbar->add(get_string('notes', 'notes'), new moodle_url('/notes/index.php', array('user'=>$user->id,'course'=>$course->id)));
fb676024 65 $PAGE->navbar->add(get_string('delete'));
66 $PAGE->set_title($course->shortname . ': ' . $strnotes);
67 $PAGE->set_heading($course->fullname);
68 echo $OUTPUT->header();
4fa7dc61 69 echo $OUTPUT->confirm(get_string('deleteconfirm', 'notes'), new moodle_url('delete.php',$optionsyes), new moodle_url('index.php',$optionsno));
83e70cc2 70 echo '<br />';
71 note_print($note, NOTES_SHOW_BODY | NOTES_SHOW_HEAD);
3c1d69dd 72 echo $OUTPUT->footer();
db4ff7f8 73}