MDL-50173 ratings: Use proper checks to ensure ratings are viewable.
[moodle.git] / rating / index.php
CommitLineData
a09aeee4 1<?php
a09aeee4
AD
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * A page to display a list of ratings for a given item (forum post etc)
19 *
8c335cff
JF
20 * @package core_rating
21 * @category rating
5d354ded
PS
22 * @copyright 2010 Andrew Davis
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
a09aeee4
AD
24 */
25
26require_once("../config.php");
9c1f9627 27require_once("lib.php");
a09aeee4 28
2b04c41c 29$contextid = required_param('contextid', PARAM_INT);
aff24313 30$component = required_param('component', PARAM_COMPONENT);
9502a19c 31$ratingarea = required_param('ratingarea', PARAM_AREA);
2b04c41c
SH
32$itemid = required_param('itemid', PARAM_INT);
33$scaleid = required_param('scaleid', PARAM_INT);
34$sort = optional_param('sort', '', PARAM_ALPHA);
d28a6a5f 35$popup = optional_param('popup', 0, PARAM_INT); // Any non-zero value if in a popup window.
a09aeee4 36
f1f6a755
AD
37list($context, $course, $cm) = get_context_info_array($contextid);
38require_login($course, false, $cm);
a09aeee4 39
d28a6a5f
AD
40$url = new moodle_url('/rating/index.php', array('contextid' => $contextid,
41 'component' => $component,
9502a19c 42 'ratingarea' => $ratingarea,
d28a6a5f
AD
43 'itemid' => $itemid,
44 'scaleid' => $scaleid));
94e40193 45if (!empty($sort)) {
a09aeee4
AD
46 $url->param('sort', $sort);
47}
94e40193
AD
48if (!empty($popup)) {
49 $url->param('popup', $popup);
50}
a09aeee4 51$PAGE->set_url($url);
c8e142dd
AD
52$PAGE->set_context($context);
53
63e87951
AD
54if ($popup) {
55 $PAGE->set_pagelayout('popup');
56}
a09aeee4 57
731c2712
AA
58$params = array('contextid' => $contextid,
59 'component' => $component,
60 'ratingarea' => $ratingarea,
61 'itemid' => $itemid,
62 'scaleid' => $scaleid);
63if (!has_capability('moodle/rating:view', $context) ||
64 !component_callback($component, 'rating_can_see_item_ratings', array($params), true)) {
6c5fcef7 65 print_error('noviewrate', 'rating');
a09aeee4 66}
c73b8d85
JL
67
68$canviewallratings = has_capability('moodle/rating:viewall', $context);
a09aeee4
AD
69
70switch ($sort) {
d28a6a5f
AD
71 case 'firstname':
72 $sqlsort = "u.firstname ASC";
73 break;
74 case 'rating':
75 $sqlsort = "r.rating ASC";
76 break;
77 default:
78 $sqlsort = "r.timemodified ASC";
a09aeee4
AD
79}
80
81$scalemenu = make_grades_menu($scaleid);
82
6c5fcef7 83$strrating = get_string('rating', 'rating');
a09aeee4
AD
84$strname = get_string('name');
85$strtime = get_string('time');
86
d28a6a5f 87$PAGE->set_title(get_string('allratingsforitem', 'rating'));
a09aeee4
AD
88echo $OUTPUT->header();
89
2b04c41c 90$ratingoptions = new stdClass;
b1721f67 91$ratingoptions->context = $context;
2b04c41c
SH
92$ratingoptions->component = $component;
93$ratingoptions->ratingarea = $ratingarea;
b1721f67 94$ratingoptions->itemid = $itemid;
63e87951 95$ratingoptions->sort = $sqlsort;
a8e85df6
AD
96
97$rm = new rating_manager();
63e87951 98$ratings = $rm->get_all_ratings_for_item($ratingoptions);
a09aeee4 99if (!$ratings) {
d28a6a5f
AD
100 $msg = get_string('noratings', 'rating');
101 echo html_writer::tag('div', $msg, array('class' => 'mdl-align'));
a09aeee4 102} else {
d28a6a5f 103 // To get the sort URL, copy the current URL and remove any previous sort.
94e40193
AD
104 $sorturl = new moodle_url($url);
105 $sorturl->remove_params('sort');
f2e72593 106
2b04c41c
SH
107 $table = new html_table;
108 $table->cellpadding = 3;
109 $table->cellspacing = 3;
110 $table->attributes['class'] = 'generalbox ratingtable';
111 $table->head = array(
112 '',
113 html_writer::link(new moodle_url($sorturl, array('sort' => 'firstname')), $strname),
114 html_writer::link(new moodle_url($sorturl, array('sort' => 'rating')), $strrating),
115 html_writer::link(new moodle_url($sorturl, array('sort' => 'time')), $strtime)
116 );
117 $table->colclasses = array('', 'firstname', 'rating', 'time');
118 $table->data = array();
61b00708 119
d28a6a5f
AD
120 // If the scale was changed after ratings were submitted some ratings may have a value above the current maximum.
121 // We can't just do count($scalemenu) - 1 as custom scales start at index 1, not 0.
08f06b1c
AD
122 $maxrating = max(array_keys($scalemenu));
123
a09aeee4 124 foreach ($ratings as $rating) {
c73b8d85
JL
125 if (!$canviewallratings and $USER->id != $rating->userid) {
126 continue;
127 }
128
d28a6a5f
AD
129 // Undo the aliasing of the user id column from user_picture::fields().
130 // We could clone the rating object or preserve the rating id if we needed it again
131 // but we don't.
7bbe9715 132 $rating->id = $rating->userid;
5d354ded 133
2b04c41c
SH
134 $row = new html_table_row();
135 $row->attributes['class'] = 'ratingitemheader';
136 if ($course && $course->id) {
137 $row->cells[] = $OUTPUT->user_picture($rating, array('courseid' => $course->id));
a09aeee4 138 } else {
2b04c41c 139 $row->cells[] = $OUTPUT->user_picture($rating);
a09aeee4 140 }
2b04c41c 141 $row->cells[] = fullname($rating);
07f05a04
AD
142 if ($rating->rating > $maxrating) {
143 $rating->rating = $maxrating;
144 }
2b04c41c
SH
145 $row->cells[] = $scalemenu[$rating->rating];
146 $row->cells[] = userdate($rating->timemodified);
147 $table->data[] = $row;
a09aeee4 148 }
2b04c41c 149 echo html_writer::table($table);
a09aeee4 150}
63e87951
AD
151if ($popup) {
152 echo $OUTPUT->close_window_button();
153}
f2e72593 154echo $OUTPUT->footer();