MDL-22112, fixed xmldb install.xml
[moodle.git] / rss / file.php
CommitLineData
2e9b772f 1<?PHP
8adcb49f 2 //This file returns the required rss feeds
3 //The URL format MUST include:
4 // course: the course id
e7f927a0 5 // user: the user id
6 // name: the name of the module (forum...)
7 // id: the id (instance) of the module (forumid...)
8adcb49f 8 //If the course has a password or it doesn't
7fe0ce4e 9 //allow guest access then the user field is
8adcb49f 10 //required to see that the user is enrolled
11 //in the course, else no check is performed.
12 //This allows to limit a bit the rss access
13 //to correct users. It isn't unbreakable,
14 //obviously, but its the best I've thought!!
15
2e9b772f
PS
16// disable moodle specific debug messages and any errors in output
17define('NO_DEBUG_DISPLAY', true);
18define('NO_MOODLE_COOKIES', true); // session not used here
7fe0ce4e 19
e7f927a0 20 require_once('../config.php');
7ade05c5 21 require_once($CFG->libdir.'/filelib.php');
48b29ba4 22 require_once($CFG->libdir.'/rsslib.php');
8adcb49f 23
e7f927a0 24 $lifetime = 3600; // Seconds for files to remain in caches - 1 hour
8adcb49f 25
1b813f5c 26 // this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
6f5e0852 27 // it should be replaced once we get to codes in urls
a015506a 28
11e7b506 29 $relativepath = get_file_argument();
8adcb49f 30
7fe0ce4e 31
e7f927a0 32 if (!$relativepath) {
66c52fdf 33 rss_not_found();
8adcb49f 34 }
35
e7f927a0 36 // extract relative path components
37 $args = explode('/', trim($relativepath, '/'));
7fe0ce4e 38
a848c48c 39 if (count($args) < 5) {
66c52fdf 40 rss_not_found();
8adcb49f 41 }
42
e7f927a0 43 $courseid = (int)$args[0];
44 $userid = (int)$args[1];
45 $modulename = clean_param($args[2], PARAM_FILE);
a848c48c 46 $instance = $args[3];
c5152930 47 $filename = 'rss.xml';
7fe0ce4e 48
a848c48c 49 if ($isblog = $modulename == 'blog') {
50 $blogid = (int)$args[4]; // could be groupid / courseid / userid depending on $instance
51 if ($args[5] != 'rss.xml') {
6619a7f4 52 $tagid = (int)$args[5];
53 } else {
54 $tagid = 0;
a848c48c 55 }
56 } else {
57 $instance = (int)$instance; // we know it's an id number
58 }
59
60
b3829d0a 61 if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
66c52fdf 62 rss_not_found();
8adcb49f 63 }
7fe0ce4e 64
c062fee6 65 //Check name of module
a848c48c 66 if (!$isblog) {
17da2e6f 67 $mods = get_plugin_list('mod');
68 $mods = array_keys($mods);
a848c48c 69 if (!in_array(strtolower($modulename), $mods)) {
70 rss_not_found();
71 }
72f383b1 72 //Get course_module to check it's visible
73 if (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
74 rss_not_found();
75 }
76 $context = get_context_instance(CONTEXT_MODULE, $cm->id);
4f0c2d00 77 $isuser = has_capability('moodle/course:participate', $context, $userid); // Not ideal, this should be module-specific, but deferring until RSS gets a revamp with codes in the URLs
72f383b1 78 } else {
79 $context = get_context_instance(CONTEXT_COURSE, $course->id);
4f0c2d00 80 $isuser = has_capability('moodle/course:participate', $context, $userid);
8adcb49f 81 }
6f5e0852 82
8adcb49f 83 //Check for "security" if !course->guest or course->password
56e8032e 84 if ($course->id != SITEID) {
d02eeded 85 if ((!$course->guest || $course->password) && (!$isuser)) {
66c52fdf 86 rss_not_found();
56e8032e 87 }
c0f778a2 88 }
89
7fe0ce4e 90 //Check for "security" if the course is hidden or the activity is hidden
d02eeded 91 if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
66c52fdf 92 rss_not_found();
8adcb49f 93 }
94
6619a7f4 95 //Work out the filename of the RSS file
7fe0ce4e 96 if ($isblog) {
6619a7f4 97 require_once($CFG->dirroot.'/blog/rsslib.php');
98 $pathname = blog_generate_rss_feed($instance, $blogid, $tagid);
7fe0ce4e 99 } else {
100 $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml';
101 }
6619a7f4 102
e7f927a0 103 //Check that file exists
104 if (!file_exists($pathname)) {
6619a7f4 105 rss_not_found();
8adcb49f 106 }
107
e7f927a0 108 //Send it to user!
109 send_file($pathname, $filename, $lifetime);
110
66c52fdf 111 function rss_not_found() {
e7f927a0 112 /// error, send some XML with error message
be88433c 113 global $lifetime, $filename;
114 send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
e7f927a0 115 }
2e9b772f 116