[moodle.git] / rss / file.php

<?PHP //$Id$
    //This file returns the required rss feeds
    //The URL format MUST include:
    //    course: the course id
    //    user:   the user id
    //    name:   the name of the module (forum...)
    //    id:     the id (instance) of the module (forumid...)
    //If the course has a password or it doesn't
    //allow guest access then the user field is
    //required to see that the user is enrolled
    //in the course, else no check is performed.
    //This allows to limit a bit the rss access
    //to correct users. It isn't unbreakable,
    //obviously, but its the best I've thought!!

    $nomoodlecookie = true;     // Because it interferes with caching

    require_once('../config.php');
    require_once($CFG->libdir.'/filelib.php');
    require_once($CFG->libdir.'/rsslib.php');

    $lifetime = 3600;  // Seconds for files to remain in caches - 1 hour

    $relativepath = get_file_argument('file.php');


    if (!$relativepath) {
        rss_not_found();
    }

    // extract relative path components
    $args = explode('/', trim($relativepath, '/'));

    if (count($args) < 5) {
        rss_not_found();
    }

    $courseid   = (int)$args[0];
    $userid     = (int)$args[1];
    $modulename = clean_param($args[2], PARAM_FILE);
    $instance   = $args[3];
    $filename   = 'rss.xml';

    if ($isblog = $modulename == 'blog') {
       $blogid   = (int)$args[4];  // could be groupid / courseid  / userid  depending on $instance
       if ($args[5] != 'rss.xml') {
           $tagid = (int)$args[5];
       } else {
           $tagid = 0;
       }
    } else {
        $instance = (int)$instance;  // we know it's an id number
    }


    if (!$course = get_record('course', 'id', $courseid)) {
        rss_not_found();
    }

    //Check name of module
    if (!$isblog) {
        $mods = get_list_of_plugins("mod");
        if (!in_array(strtolower($modulename), $mods)) {
            rss_not_found();
        }
    }

    //Get course_module to check it's visible
    if (!$isblog && (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) ) {
        rss_not_found();
    }

    $context = get_context_instance(CONTEXT_MODULE, $cm->id);
    $isuser = has_capability('moodle/course:view', $context, $userid);
    
    //Check for "security" if !course->guest or course->password
    if ($course->id != SITEID) {
        if ((!$course->guest || $course->password) && (!$isuser)) {
            rss_not_found();
        }
    }

    //Check for "security" if the course is hidden or the activity is hidden
    if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
        rss_not_found();
    }

    //Work out the filename of the RSS file
    if ($isblog) {
        require_once($CFG->dirroot.'/blog/rsslib.php');
        $pathname = blog_generate_rss_feed($instance, $blogid, $tagid);
    } else {
        $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml';
    }

    //Check that file exists
    if (!file_exists($pathname)) {
        rss_not_found();
    }

    //Send it to user!
    send_file($pathname, $filename, $lifetime);

    function rss_not_found() {
        /// error, send some XML with error message
        global $lifetime, $filename;
        send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
    }
?>
Commit	Line	Data
e7f927a0	1	<?PHP //$Id$
8adcb49f	2	//This file returns the required rss feeds
	3	//The URL format MUST include:
	4	// course: the course id
e7f927a0	5	// user: the user id
	6	// name: the name of the module (forum...)
	7	// id: the id (instance) of the module (forumid...)
8adcb49f	8	//If the course has a password or it doesn't
7fe0ce4e	9	//allow guest access then the user field is
8adcb49f	10	//required to see that the user is enrolled
	11	//in the course, else no check is performed.
	12	//This allows to limit a bit the rss access
	13	//to correct users. It isn't unbreakable,
	14	//obviously, but its the best I've thought!!
	15
e7f927a0	16	$nomoodlecookie = true; // Because it interferes with caching
7fe0ce4e	17
e7f927a0	18	require_once('../config.php');
7ade05c5	19	require_once($CFG->libdir.'/filelib.php');
48b29ba4	20	require_once($CFG->libdir.'/rsslib.php');
8adcb49f	21
e7f927a0	22	$lifetime = 3600; // Seconds for files to remain in caches - 1 hour
8adcb49f	23
e7f927a0	24	$relativepath = get_file_argument('file.php');
8adcb49f	25
7fe0ce4e	26
e7f927a0	27	if (!$relativepath) {
66c52fdf	28	rss_not_found();
8adcb49f	29	}
8adcb49f	30
e7f927a0	31	// extract relative path components
e7f927a0	32	$args = explode('/', trim($relativepath, '/'));
7fe0ce4e	33
a848c48c	34	if (count($args) < 5) {
66c52fdf	35	rss_not_found();
8adcb49f	36	}
8adcb49f	37
e7f927a0	38	$courseid = (int)$args[0];
	39	$userid = (int)$args[1];
	40	$modulename = clean_param($args[2], PARAM_FILE);
a848c48c	41	$instance = $args[3];
c5152930	42	$filename = 'rss.xml';
7fe0ce4e	43
a848c48c	44	if ($isblog = $modulename == 'blog') {
	45	$blogid = (int)$args[4]; // could be groupid / courseid / userid depending on $instance
	46	if ($args[5] != 'rss.xml') {
6619a7f4	47	$tagid = (int)$args[5];
	48	} else {
	49	$tagid = 0;
a848c48c	50	}
	51	} else {
	52	$instance = (int)$instance; // we know it's an id number
	53	}
	54
	55
	56	if (!$course = get_record('course', 'id', $courseid)) {
66c52fdf	57	rss_not_found();
8adcb49f	58	}
7fe0ce4e	59
c062fee6	60	//Check name of module
a848c48c	61	if (!$isblog) {
	62	$mods = get_list_of_plugins("mod");
	63	if (!in_array(strtolower($modulename), $mods)) {
	64	rss_not_found();
	65	}
8adcb49f	66	}
8adcb49f	67
c0f778a2	68	//Get course_module to check it's visible
a848c48c	69	if (!$isblog && (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) ) {
66c52fdf	70	rss_not_found();
c0f778a2	71	}
c0f778a2	72
d02eeded	73	$context = get_context_instance(CONTEXT_MODULE, $cm->id);
	74	$isuser = has_capability('moodle/course:view', $context, $userid);
	75
8adcb49f	76	//Check for "security" if !course->guest or course->password
56e8032e	77	if ($course->id != SITEID) {
d02eeded	78	if ((!$course->guest \|\| $course->password) && (!$isuser)) {
66c52fdf	79	rss_not_found();
56e8032e	80	}
c0f778a2	81	}
c0f778a2	82
7fe0ce4e	83	//Check for "security" if the course is hidden or the activity is hidden
d02eeded	84	if (!$isblog and (!$course->visible \|\| !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
66c52fdf	85	rss_not_found();
8adcb49f	86	}
8adcb49f	87
6619a7f4	88	//Work out the filename of the RSS file
7fe0ce4e	89	if ($isblog) {
6619a7f4	90	require_once($CFG->dirroot.'/blog/rsslib.php');
6619a7f4	91	$pathname = blog_generate_rss_feed($instance, $blogid, $tagid);
7fe0ce4e	92	} else {
	93	$pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml';
	94	}
6619a7f4	95
e7f927a0	96	//Check that file exists
e7f927a0	97	if (!file_exists($pathname)) {
6619a7f4	98	rss_not_found();
8adcb49f	99	}
8adcb49f	100
e7f927a0	101	//Send it to user!
	102	send_file($pathname, $filename, $lifetime);
	103
66c52fdf	104	function rss_not_found() {
e7f927a0	105	/// error, send some XML with error message
be88433c	106	global $lifetime, $filename;
be88433c	107	send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
e7f927a0	108	}
8adcb49f	109	?>