MDL-53744 question file access: fix access checks
[moodle.git] / notes / index.php
CommitLineData
2f4a2f27 1<?php
ed6fc262
AD
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
83e70cc2 16
2f4a2f27 17/**
18 * file index.php
19 * index page to view notes.
20 * if a course id is specified then the entries from that course are shown
21 * if a user id is specified only notes related to that user are shown
22 */
23require_once('../config.php');
24require_once('lib.php');
83e70cc2 25
2f4a2f27 26$courseid = optional_param('course', SITEID, PARAM_INT);
27$userid = optional_param('user', 0, PARAM_INT);
28$filtertype = optional_param('filtertype', '', PARAM_ALPHA);
29$filterselect = optional_param('filterselect', 0, PARAM_INT);
30
9dbf62d2
MG
31if (empty($CFG->enablenotes)) {
32 print_error('notesdisabled', 'notes');
33}
34
a6855934 35$url = new moodle_url('/notes/index.php');
7b2e259c 36if ($courseid != SITEID) {
2f4a2f27 37 $url->param('course', $courseid);
38}
39if ($userid !== 0) {
40 $url->param('user', $userid);
41}
2f4a2f27 42$PAGE->set_url($url);
83e70cc2 43
ed6fc262 44// Tabs compatibility.
2f4a2f27 45switch($filtertype) {
46 case 'course':
47 $courseid = $filterselect;
48 break;
49 case 'site':
50 $courseid = SITEID;
51 break;
52}
83e70cc2 53
7b5f1cd8
SH
54if (empty($courseid)) {
55 $courseid = SITEID;
56}
57
ed6fc262 58$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
83e70cc2 59
2f4a2f27 60if ($userid) {
ed6fc262 61 $user = $DB->get_record('user', array('id' => $userid), '*', MUST_EXIST);
2f4a2f27 62 $filtertype = 'user';
63 $filterselect = $user->id;
64
65 if ($user->deleted) {
66 echo $OUTPUT->header();
67 echo $OUTPUT->heading(get_string('userdeleted'));
68 echo $OUTPUT->footer();
69 die;
83e70cc2 70 }
71
2f4a2f27 72} else {
73 $filtertype = 'course';
74 $filterselect = $course->id;
4e1f6047 75 $user = $USER;
2f4a2f27 76}
77
2f4a2f27 78require_login($course);
ed6fc262
AD
79
80// Output HTML.
2f4a2f27 81if ($course->id == SITEID) {
ed6fc262 82 $coursecontext = context_system::instance();
2f4a2f27 83} else {
ed6fc262 84 $coursecontext = context_course::instance($course->id);
2f4a2f27 85}
ed6fc262 86
9dbf62d2 87require_capability('moodle/notes:view', $coursecontext);
ed6fc262 88$systemcontext = context_system::instance();
2f4a2f27 89
c4f9401c 90// Trigger event.
f0c5f840 91note_view($coursecontext, $userid);
c4f9401c 92
2f4a2f27 93$strnotes = get_string('notes', 'notes');
327e68e6 94if ($userid && $course->id == SITEID) {
bf0f06b1 95 $PAGE->set_context(context_user::instance($user->id));
7a7e209d 96 $PAGE->navigation->extend_for_user($user);
f495187d
AG
97 // If we are looking at our own notes, then change focus to 'my notes'.
98 if ($userid == $USER->id) {
99 $notenode = $PAGE->navigation->find('notes', null)->make_inactive();
100 }
327e68e6
DC
101
102 $notesurl = new moodle_url('/notes/index.php', array('user' => $userid));
103 $PAGE->navbar->add(get_string('notes', 'notes'), $notesurl);
104} else if ($course->id != SITEID) {
105 $notenode = $PAGE->navigation->find('currentcoursenotes', null)->make_inactive();
327e68e6
DC
106
107 $notesurl = new moodle_url('/notes/index.php', array('user' => $userid, 'course' => $courseid));
108 $PAGE->navbar->add(get_string('notes', 'notes'), $notesurl);
109
110 $PAGE->set_context(context_course::instance($courseid));
7a7e209d 111} else {
3406acde 112 $link = null;
ed6fc262
AD
113 if (has_capability('moodle/course:viewparticipants', $coursecontext)
114 || has_capability('moodle/site:viewparticipants', $systemcontext)) {
115
116 $link = new moodle_url('/user/index.php', array('id' => $course->id));
3406acde 117 }
2f4a2f27 118}
3406acde 119
369484bf 120$PAGE->set_pagelayout('incourse');
4e1f6047 121$PAGE->set_title($course->fullname);
327e68e6
DC
122if ($course->id == SITEID) {
123 $PAGE->set_heading(fullname($user));
124} else {
125 $PAGE->set_heading($course->fullname);
126}
2f4a2f27 127
128echo $OUTPUT->header();
327e68e6
DC
129
130if ($course->id != SITEID) {
131 $headerinfo = array('heading' => fullname($user), 'user' => $user);
132 echo $OUTPUT->context_header($headerinfo, 2);
133}
134
4e1f6047 135echo $OUTPUT->heading($strnotes);
2f4a2f27 136
137$strsitenotes = get_string('sitenotes', 'notes');
138$strcoursenotes = get_string('coursenotes', 'notes');
139$strpersonalnotes = get_string('personalnotes', 'notes');
140$straddnewnote = get_string('addnewnote', 'notes');
141
142echo $OUTPUT->box_start();
143
144if ($courseid != SITEID) {
bf0f06b1 145 $context = context_course::instance($courseid);
2f4a2f27 146 $addid = has_capability('moodle/notes:manage', $context) ? $courseid : 0;
147 $view = has_capability('moodle/notes:view', $context);
91d284c1 148 $fullname = format_string($course->fullname, true, array('context' => $context));
ed6fc262
AD
149 note_print_notes(
150 '<a name="sitenotes"></a>' . $strsitenotes,
151 $addid,
152 $view,
153 0,
154 $userid,
155 NOTES_STATE_SITE,
156 0
157 );
158 note_print_notes(
159 '<a name="coursenotes"></a>' . $strcoursenotes. ' ('.$fullname.')',
160 $addid,
161 $view,
162 $courseid,
163 $userid,
164 NOTES_STATE_PUBLIC,
165 0
166 );
167 note_print_notes(
168 '<a name="personalnotes"></a>' . $strpersonalnotes,
169 $addid,
170 $view,
171 $courseid,
172 $userid,
173 NOTES_STATE_DRAFT,
174 $USER->id
175 );
176
177} else { // Normal course.
bf0f06b1 178 $view = has_capability('moodle/notes:view', context_system::instance());
2f4a2f27 179 note_print_notes('<a name="sitenotes"></a>' . $strsitenotes, 0, $view, 0, $userid, NOTES_STATE_SITE, 0);
180 echo '<a name="coursenotes"></a>';
181
182 if (!empty($userid)) {
df997f84 183 $courses = enrol_get_users_courses($userid);
ed6fc262 184 foreach ($courses as $c) {
bf0f06b1 185 $ccontext = context_course::instance($c->id);
91d284c1
SH
186 $cfullname = format_string($c->fullname, true, array('context' => $ccontext));
187 $header = '<a href="' . $CFG->wwwroot . '/course/view.php?id=' . $c->id . '">' . $cfullname . '</a>';
bf0f06b1 188 if (has_capability('moodle/notes:manage', context_course::instance($c->id))) {
2f4a2f27 189 $addid = $c->id;
190 } else {
191 $addid = 0;
83e70cc2 192 }
2f4a2f27 193 note_print_notes($header, $addid, $view, $c->id, $userid, NOTES_STATE_PUBLIC, 0);
83e70cc2 194 }
2f6c662f 195 }
2f4a2f27 196}
83e70cc2 197
2f4a2f27 198echo $OUTPUT->box_end();
83e70cc2 199
1d422980 200echo $OUTPUT->footer();