view.php 155 KB
Newer Older
Penny Leach's avatar
Penny Leach committed
1
2
<?php
/**
Francois Marier's avatar
Francois Marier committed
3
 * Mahara: Electronic portfolio, weblog, resume builder and social networking
4
5
 * Copyright (C) 2006-2009 Catalyst IT Ltd and others; see:
 *                         http://wiki.mahara.org/Contributors
Penny Leach's avatar
Penny Leach committed
6
 *
Francois Marier's avatar
Francois Marier committed
7
8
9
10
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Penny Leach's avatar
Penny Leach committed
11
 *
Francois Marier's avatar
Francois Marier committed
12
13
14
15
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
Penny Leach's avatar
Penny Leach committed
16
 *
Francois Marier's avatar
Francois Marier committed
17
18
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
Penny Leach's avatar
Penny Leach committed
19
20
21
 *
 * @package    mahara
 * @subpackage core
22
 * @author     Catalyst IT Ltd
Penny Leach's avatar
Penny Leach committed
23
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
24
 * @copyright  (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
Penny Leach's avatar
Penny Leach committed
25
26
27
28
29
30
31
 *
 */

defined('INTERNAL') || die();

class View {

32
33
34
35
36
    private $dirty;
    private $deleted;
    private $id;
    private $owner;
    private $ownerformat;
37
    private $group;
38
    private $institution;
39
40
41
    private $ctime;
    private $mtime;
    private $atime;
42
43
    private $startdate;
    private $stopdate;
44
45
    private $submittedgroup;
    private $submittedhost;
46
    private $submittedtime;
47
48
49
50
51
52
53
    private $title;
    private $description;
    private $loggedin;
    private $friendsonly;
    private $artefact_instances;
    private $artefact_metadata;
    private $ownerobj;
54
    private $groupobj;
55
    private $numcolumns;
56
    private $layout;
Nigel McNie's avatar
Nigel McNie committed
57
    private $theme;
58
    private $columns;
59
    private $dirtycolumns; // for when we change stuff
60
    private $tags;
61
    private $categorydata;
62
    private $editingroles;
63
    private $moderatingroles;
64
    private $template;
65
    private $retainview;
66
    private $copynewuser = 0;
67
    private $copynewgroups;
68
    private $type;
69
    private $visits;
70
    private $allowcomments;
71
    private $approvecomments;
72
    private $collection;
73
    private $accessconf;
Penny Leach's avatar
Penny Leach committed
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
    /**
     * Valid view layouts. These are read at install time and inserted into
     * view_layout, but not updated afterwards, so if you're changing one
     * you'll need to do that manually. Actually, you'd better talk to the
     * Mahara dev team about what else needs changing if you do touch this.
     *
     * A hash of columns => list of view widths
     */
    public static $layouts = array(
        1 => array(
            '100',
        ),
        2 => array(
            '50,50',
            '67,33',
            '33,67',
        ),
        3 => array(
            '33,33,33',
            '25,50,25',
            '15,70,15',
        ),
        4 => array(
            '25,25,25,25',
            '20,30,30,20',
        ),
        5 => array(
            '20,20,20,20,20',
        ),
    );

    /**
     * Which view layout is considered the "default" for views with the given
     * number of columns. Must be present in $layouts of course.
     */
    public static $defaultlayouts = array(
        1 => '100',
        2 => '50,50',
        3 => '33,33,33',
        4 => '25,25,25,25',
        5 => '20,20,20,20,20',
    );

Penny Leach's avatar
Penny Leach committed
118
119
    public function __construct($id=0, $data=null) {
        if (!empty($id)) {
120
121
            $tempdata = get_record('view','id',$id);
            if (empty($tempdata)) {
122
123
                throw new ViewNotFoundException(get_string('viewnotfound', 'error', $id));
            }
124
125
126
127
128
129
            if (!empty($data)) {
                $data = array_merge((array)$tempdata, $data);
            }
            else {
                $data = $tempdata; // use what the database has
            }
Penny Leach's avatar
Penny Leach committed
130
            $this->id = $id;
Penny Leach's avatar
Penny Leach committed
131
132
133
        }
        else {
            $this->ctime = time();
134
            $this->mtime = time();
Penny Leach's avatar
Penny Leach committed
135
            $this->dirty = true;
Penny Leach's avatar
Penny Leach committed
136
137
138
139
140
141
142
143
144
145
146
        }

        if (empty($data)) {
            $data = array();
        }
        foreach ((array)$data as $field => $value) {
            if (property_exists($this, $field)) {
                $this->{$field} = $value;
            }
        }
        $this->atime = time();
147
148
        $this->columns = array();
        $this->dirtycolumns = array();
149
150
        if ($this->group) {
            $group = get_record('group', 'id', $this->group);
151
152
153
            if ($group->deleted) {
                throw new ViewNotFoundException(get_string('viewnotfound', 'error', $id));
            }
154
            safe_require('grouptype', $group->grouptype);
155
            $this->editingroles = call_static_method('GroupType' . ucfirst($group->grouptype), 'get_view_editing_roles');
156
            $this->moderatingroles = call_static_method('GroupType' . ucfirst($group->grouptype), 'get_view_moderating_roles');
157
        }
Penny Leach's avatar
Penny Leach committed
158
159
    }

160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
    /**
     * Creates a new View for the given user/group/institution.
     * 
     * You can specify who the view is being created _by_ with the second 
     * parameter. This defaults to the current logged in user's ID.
     *
     * @param array $viewdata See View::_create
     * @return View           The newly created View
     */
    public static function create($viewdata, $userid=null) {
        if (is_null($userid)) {
            global $USER;
            $userid = $USER->get('id');
        }

        $view = self::_create($viewdata, $userid);
        return $view;
    }

    /**
     * Creates a View for the given user, based off a given template and other 
     * View information supplied.
     *
183
     * Will set a default title of 'Copy of $viewtitle' if title is not 
184
185
186
187
188
189
     * specified in $viewdata.
     *
     * @param array $viewdata See View::_create
     * @param int $templateid The ID of the View to copy
     * @param int $userid     The user who has issued the command to create the 
     *                        view. See View::_create
190
     * @param int $checkaccess Whether to check that the user can see the view before copying it
191
192
193
194
195
196
     * @return array A list consisting of the new view, the template view and 
     *               information about the copy - i.e. how many blocks and 
     *               artefacts were copied
     * @throws SystemException under various circumstances, see the source for 
     *                         more information
     */
197
    public static function create_from_template($viewdata, $templateid, $userid=null, $checkaccess=true) {
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
        if (is_null($userid)) {
            global $USER;
            $userid = $USER->get('id');
        }

        $user = new User();
        $user->find_by_id($userid);

        db_begin();

        $template = new View($templateid);

        if ($template->get('deleted')) {
            throw new SystemException("View::create_from_template: This template has been deleted");
        }

        if (!$template->get('template') && !$user->can_edit_view($template)) {
            throw new SystemException("View::create_from_template: Attempting to create a View from another View that is not marked as a template");
        }
217
        else if ($checkaccess && !can_view_view($templateid, $userid)) {
218
219
220
221
222
223
224
225
226
227
            throw new SystemException("View::create_from_template: User $userid is not permitted to copy View $templateid");
        }

        $view = self::_create($viewdata, $userid);

        // Set a default title if one wasn't set
        if (!isset($viewdata['title'])) {
            $view->set('title', self::new_title(get_string('Copyof', 'mahara', $template->get('title')), (object)$viewdata));
            $view->set('dirty', true);
        }
228
229
230
231
232
233
234
235

        try {
            $copystatus = $view->copy_contents($template);
        }
        catch (QuotaExceededException $e) {
            db_rollback();
            return array(null, $template, array('quotaexceeded' => true));
        }
236
237

        $view->commit();
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

        $blocks = get_records_array('block_instance', 'view', $view->get('id'));
        if ($blocks) {
            foreach ($blocks as $b) {
                $configdata = unserialize($b->configdata);
                if (!isset($configdata['artefactid'])) {
                    continue;
                }
                if (!isset($configdata['copytype']) || $configdata['copytype'] !== 'reference') {
                    continue;
                }
                $va = new StdClass;
                $va->view = $b->view;
                $va->artefact = $configdata['artefactid'];
                $va->block = $b->id;
                insert_record('view_artefact', $va);
            }
        }
256
257
258
259
260
261
262
263
264
265

        if ($template->get('retainview') && !$template->get('institution')) {
            $obj = new StdClass;
            $obj->view  = $view->get('id');
            $obj->ctime = db_format_timestamp(time());
            $obj->usr   = $template->get('owner');
            $obj->group = $template->get('group');
            insert_record('view_access', $obj);
        }

266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
        db_commit();

        return array(
            $view,
            $template,
            $copystatus,
        );
    }

    /**
     * Creates a new View for the given user, based on the given information 
     * about the view.
     *
     * Validation of the view data is performed, then the View is created. If 
     * the View is to be owned by a group, that group is given access to it.
     *
     * @param array $viewdata Data about the view. You can pass in most fields 
     *                        that appear in the view table.
     *
     *                        Note that you set who owns the View by setting 
     *                        either the owner, group or institution field as 
     *                        approriate.
     *
     *                        Currently, you cannot pass in access data. Use 
     *                        $view->set_access() after retrieving the $view 
     *                        object.
     *
     * @param int $userid The user who has issued the command to create the 
     *                    View (note: this is different from the "owner" of the 
     *                    View - a group or institution could be the "owner",
     *                    but it's a _user_ who requests a View is created for it)
     * @return View The created View
     * @throws SystemException if the View data is invalid - mostly this is due 
     *                         to owner information being specified incorrectly.
     */
    private static function _create(&$viewdata, $userid) {
        // If no owner information is provided, assume that the view is being 
        // created by the user for themself
        if (!isset($viewdata['owner']) && !isset($viewdata['group']) && !isset($viewdata['institution'])) {
            $viewdata['owner'] = $userid;
        }

        if (isset($viewdata['owner'])) {
            if ($viewdata['owner'] != $userid) {
                $userobj = new User();
                $userobj->find_by_id($userid);
                if (!$userobj->is_admin_for_user($viewdata['owner'])) {
                    throw new SystemException("View::_create: User $userid is not allowed to create a view for owner {$viewdata['owner']}");
                }
            }

317
            // Users can only have one view of each non-portfolio type
318
            if (isset($viewdata['type']) && $viewdata['type'] != 'portfolio' && get_record('view', 'owner', $viewdata['owner'], 'type', $viewdata['type'])) {
319
320
321
                $viewdata['type'] = 'portfolio';
            }

322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
            // Try to create the view with the owner's default theme if that theme is set by an
            // institution (i.e. if it's different from the site theme)
            //
            // This needs to be modified if users are ever allowed to change their own theme
            // preference.  Currently it's okay because users' themes are forced on them by
            // the site or institution default, but if some users are allowed to change their
            // own theme pref, we should create those users' views without a theme.
            if (!get_config('userscanchooseviewthemes') && !isset($viewdata['theme'])
                && (!isset($viewdata['type']) || $viewdata['type'] != 'dashboard')) {
                global $USER;
                if ($viewdata['owner'] == $USER->get('id')) {
                    $owner = $USER;
                }
                else {
                    $owner = new User();
                    $owner->find_by_id($viewdata['owner']);
                }
                $ownertheme = $owner->get('theme');
                if ($ownertheme && $ownertheme != get_config('theme')) {
                    $viewdata['theme'] = $ownertheme;
                }
            }
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
        }

        if (isset($viewdata['group'])) {
            require_once('group.php');
            if (!group_user_can_edit_views($viewdata['group'], $userid)) {
                throw new SystemException("View::_create: User $userid is not permitted to create a view for group {$viewdata['group']}");
            }
        }

        if (isset($viewdata['institution'])) {
            $user = new User();
            $user->find_by_id($userid);
            if (!$user->can_edit_institution($viewdata['institution'])) {
                throw new SystemException("View::_create: User $userid is not permitted to create a view for institution {$viewdata['institution']}");
            }
        }

        // Create the view
        $defaultdata = array(
            'numcolumns'  => 3,
            'template'    => 0,
            'type'        => 'portfolio',
            'title'       => self::new_title(get_string('Untitled', 'view'), (object)$viewdata),
        );

        $data = (object)array_merge($defaultdata, $viewdata);

        $view = new View(0, $data);
        $view->commit();

        if (isset($viewdata['group'])) {
            // By default, group views should be visible to the group
376
377
378
            insert_record('view_access', (object) array(
                'view'  => $view->get('id'),
                'group' => $viewdata['group'],
379
                'ctime' => db_format_timestamp(time()),
380
            ));
381
382
        }

383
        return new View($view->get('id')); // Reread to ensure defaults are set
384
385
    }

Penny Leach's avatar
Penny Leach committed
386
387
388
389
    public function get($field) {
        if (!property_exists($this, $field)) {
            throw new InvalidArgumentException("Field $field wasn't found in class " . get_class($this));
        }
390
391
392
        if ($field == 'tags') { // special case
            return $this->get_tags();
        }
393
394
395
        if ($field == 'categorydata') {
            return $this->get_category_data();
        }
396
397
398
        if ($field == 'collection') {
            return $this->get_collection();
        }
Penny Leach's avatar
Penny Leach committed
399
400
401
        return $this->{$field};
    }

402
403
404
405
406
407
408
409
410
411
412
413
414
    public function set($field, $value) {
        if (property_exists($this, $field)) {
            if ($this->{$field} != $value) {
                // only set it to dirty if it's changed
                $this->dirty = true;
            }
            $this->{$field} = $value;
            $this->mtime = time();
            return true;
        }
        throw new InvalidArgumentException("Field $field wasn't found in class " . get_class($this));
    }

415
416
417
418
419
420
421
    public function get_tags() {
        if (!isset($this->tags)) {
            $this->tags = get_column('view_tag', 'tag', 'view', $this->get('id'));
        }
        return $this->tags;
    }

422
423
424
    public function get_collection() {
        if (!isset($this->collection)) {
            require_once(get_config('libroot') . 'collection.php');
425
            $this->collection = Collection::search_by_view_id($this->id);
426
427
428
429
430
431
432
433
434
435
436
        }
        return $this->collection;
    }

    public function collection_id() {
        if ($collection = $this->get_collection()) {
            return $collection->get('id');
        }
        return false;
    }

437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
    /**
     * View destructor. Calls commit if necessary.
     *
     * A special case is when the object has just been deleted.  In this case,
     * we do nothing.
     */
    public function __destruct() {
        if ($this->deleted) {
            return;
        }
      
        if (!empty($this->dirty)) {
            return $this->commit();
        }
    }

    /** 
     * This method updates the contents of the view table only.
     */
    public function commit() {
        if (empty($this->dirty)) {
            return;
        }
        $fordb = new StdClass;
        foreach (get_object_vars($this) as $k => $v) {
            $fordb->{$k} = $v;
463
            if (in_array($k, array('mtime', 'ctime', 'atime', 'startdate', 'stopdate', 'submittedtime')) && !empty($v)) {
464
465
466
                $fordb->{$k} = db_format_timestamp($v);
            }
        }
467
468
469

        db_begin();

470
        if (empty($this->id)) {
471
472
            // users are only allowed one profile view
            if ($this->type == 'profile' && record_exists('view', 'owner', $this->owner, 'type', 'profile')) {
473
                throw new SystemException(get_string('onlonlyyoneprofileviewallowed', 'error'));
474
            }
475
476
477
478
479
            $this->id = insert_record('view', $fordb, 'id', true);
        }
        else {
            update_record('view', $fordb, 'id');
        }
480

481
482
483
484
485
        if (isset($this->tags)) {
            delete_records('view_tag', 'view', $this->get('id'));
            foreach ($this->get_tags() as $tag) {
                insert_record('view_tag', (object)array( 'view' => $this->get('id'), 'tag' => $tag));
            }
486
487
        }

488
489
490
491
492
493
494
        if (isset($this->copynewgroups)) {
            delete_records('view_autocreate_grouptype', 'view', $this->get('id'));
            foreach ($this->copynewgroups as $grouptype) {
                insert_record('view_autocreate_grouptype', (object)array( 'view' => $this->get('id'), 'grouptype' => $grouptype));
            }
        }

495
496
        db_commit();

497
498
499
500
        $this->dirty = false;
        $this->deleted = false;
    }

Penny Leach's avatar
Penny Leach committed
501
502
503
504
505
506
507
508
    public function get_artefact_instances() {
        if (!isset($this->artefact_instances)) {
            $this->artefact_instances = false;
            if ($instances = $this->get_artefact_metadata()) {
                foreach ($instances as $instance) {
                    safe_require('artefact', $instance->plugin);
                    $classname = generate_artefact_class_name($instance->artefacttype);
                    $i = new $classname($instance->id, $instance);
Penny Leach's avatar
Penny Leach committed
509
                    $this->childreninstances[] = $i;
Penny Leach's avatar
Penny Leach committed
510
511
512
513
514
515
516
                }
            }
        }
        return $this->artefact_instances;
    }

    public function get_artefact_metadata() {
Penny Leach's avatar
Penny Leach committed
517
        if (!isset($this->artefact_metadata)) {
518
            $sql = 'SELECT a.*, i.name, va.block
519
520
521
                    FROM {view_artefact} va
                    JOIN {artefact} a ON va.artefact = a.id
                    JOIN {artefact_installed_type} i ON a.artefacttype = i.name
Penny Leach's avatar
Penny Leach committed
522
                    WHERE va.view = ?';
523
            $this->artefact_metadata = get_records_sql_array($sql, array($this->id));
Penny Leach's avatar
Penny Leach committed
524
525
526
        }
        return $this->artefact_metadata;
    }
Penny Leach's avatar
Penny Leach committed
527

528
    public function find_artefact_children($artefact, $allchildren, &$refs) {
529
530

        $children = array();        
531
532
533
534
535
536
537
538
539
540
        if ($allchildren) {
            foreach ($allchildren as $child) {
                if ($child->parent != $artefact->id) {
                    continue;
                }
                $children[$child->id] = array();
                $children[$child->id]['artefact'] = $child;
                $refs[$child->id] = $child;
                $children[$child->id]['children'] = $this->find_artefact_children($child, 
                                                            $allchildren, $refs);
541
542
543
544
545
546
            }
        }

        return $children;
    }

Penny Leach's avatar
Penny Leach committed
547

Penny Leach's avatar
Penny Leach committed
548
549
550
551
552
553
    public function has_artefacts() {
        if ($this->get_artefact_metadata()) {
            return true;
        }
        return false;
    }
Penny Leach's avatar
Penny Leach committed
554
555

    public function get_owner_object() {
556
557
558
        if (is_null($this->owner)) {
            return false;
        }
Penny Leach's avatar
Penny Leach committed
559
560
561
562
563
564
        if (!isset($this->ownerobj)) {
            $this->ownerobj = get_record('usr', 'id', $this->get('owner'));
        }
        return $this->ownerobj;
    }

565
566
567
568
569
570
571
    public function get_group_object() {
        if (!isset($this->groupobj)) {
            $this->groupobj = get_record('group', 'id', $this->get('group'));
        }
        return $this->groupobj;
    }

Penny Leach's avatar
Penny Leach committed
572
    
573
    public function delete() {
574
        safe_require('artefact', 'comment');
575
        db_begin();
576
        ArtefactTypeComment::delete_view_comments($this->id);
577
        delete_records('view_access','view',$this->id);
578
        delete_records('view_autocreate_grouptype', 'view', $this->id);
579
        delete_records('view_tag','view',$this->id);
580
        delete_records('view_visit','view',$this->id);
581
        delete_records('collection_view','view',$this->id);
582
        delete_records('usr_watchlist_view','view',$this->id);
583
        if ($blockinstanceids = get_column('block_instance', 'id', 'view', $this->id)) {
584
            require_once(get_config('docroot') . 'blocktype/lib.php');
585
586
587
588
589
            foreach ($blockinstanceids as $id) {
                $bi = new BlockInstance($id);
                $bi->delete();
            }
        }
590
        handle_event('deleteview', $this->id);
591
        delete_records('view','id',$this->id);
592
593
594
595
596
        if (!empty($this->owner) && $this->is_submitted()) {
            // There should be no way to delete a submitted view,
            // but unlock its artefacts just in case.
            ArtefactType::update_locked($this->owner);
        }
597
        $this->deleted = true;
598
        db_commit();
599
600
    }

601
602
603
604
605
606
    /* Only retrieve access records that the owner can edit on the
     * view access page.  Some records are not visible there, such as
     * tutor access records for submitted views and objectionable
     * content access records (visible = 0) and token/secret url
     * records which are managed per-view, on another page.
     */
607
    public function get_access($timeformat=null) {
608
609
610
611
612
        if ($data = $this->get_access_records()) {
            return self::process_access_records($data, $timeformat);
        }
        return array();
    }
613

614
    public function get_access_records() {
615
        $data = get_records_sql_array("
616
            SELECT accesstype, va.group, role, usr, startdate, stopdate, allowcomments, approvecomments
617
            FROM {view_access} va
618
            WHERE view = ? AND visible = 1 AND token IS NULL
619
620
621
622
623
624
            ORDER BY
                accesstype IS NULL, accesstype DESC,
                va.group, role IS NOT NULL, role,
                usr,
                startdate IS NOT NULL, startdate, stopdate IS NOT NULL, stopdate,
                allowcomments, approvecomments",
625
626
            array($this->id)
        );
627
628
        return $data ? $data : array();
    }
629

630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
    public static function process_access_records($data=array(), $timeformat=null) {
        $rolegroups = array();
        foreach ($data as &$item) {
            if ($item->role && !isset($roledata[$item->group])) {
                $rolegroups[$item->group] = 1;
            }
        }
        if ($rolegroups) {
            $grouptypes = get_records_sql_assoc('
                SELECT id, grouptype
                FROM {group}
                WHERE id IN (' . join(',', array_map('intval', array_keys($rolegroups))) . ')
                AND deleted = 0',
                array()
            );
        }
646

647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
        foreach ($data as &$item) {
            $item = (array)$item;
            if ($item['usr']) {
                $item['type'] = 'user';
                $item['id'] = $item['usr'];
            }
            else if ($item['group']) {
                $item['type'] = 'group';
                $item['id'] = $item['group'];
            }
            else {
                $item['type'] = $item['accesstype'];
                $item['id'] = null;
            }

            if ($item['role']) {
                $item['roledisplay'] = get_string($item['role'], 'grouptype.'.$grouptypes[$item['group']]->grouptype);
            }
            if ($timeformat) {
                if ($item['startdate']) {
                    $item['startdate'] = strftime($timeformat, strtotime($item['startdate']));
668
                }
669
670
                if ($item['stopdate']) {
                    $item['stopdate'] = strftime($timeformat, strtotime($item['stopdate']));
671
                }
672
            }
673
        }
674
675
676
        return $data;
    }

677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
    /* Attempt to sort two access records in the same order as the
       query in get_access_records */
    public static function cmp_accesslist($a, $b) {
        if (($c = empty($a->accesstype) - empty($b->accesstype))
            || ($c = strcmp($b->accesstype, $a->accesstype))
            || ($c = $a->group - $b->group)
            || ($c = !empty($a->role) - !empty($b->role))
            || ($c = strcmp($a->role, $b->role))
            || ($c = $a->usr - $b->usr)
            || ($c = !empty($a->startdate) - !empty($b->startdate))
            || ($c = strcmp($a->startdate, $b->startdate))
            || ($c = !empty($a->stopdate) - !empty($b->stopdate))
            || ($c = strcmp($a->stopdate, $b->stopdate))
            || ($c = $a->allowcomments - $b->allowcomments)) {
            return $c;
        }
        return $a->approvecomments - $b->approvecomments;
    }

696
697
698
699
700
701

    public static function update_view_access($config, $viewids) {

        db_begin();

        // Use set_access() on the first view to get a hopefully consistent
702
        // and complete representation of the access list
703
704
        $firstview = new View($viewids[0]);
        $fullaccesslist = $firstview->set_access($config['accesslist']);
705
706

        // Copy the first view's access records to all the other views
707
708
        $firstview->copy_access($viewids);

709
710
711
712
713
        // Sort the full access list in the same order as the list
        // returned by get_access, so that views with the same set of
        // access records get grouped together
        usort($fullaccesslist, array('self', 'cmp_accesslist'));

714
715
716
717
718
719
720
721
722
723
        // Hash the config object so later on we can easily find
        // all the views with the same config/access rights
        $config['accesslist'] = $fullaccesslist;
        $accessconf = substr(md5(serialize($config)), 0, 10);

        foreach ($viewids as $viewid) {
            $v = new View((int) $viewid);
            $v->set('startdate', $config['startdate']);
            $v->set('stopdate', $config['stopdate']);
            $v->set('template', $config['template']);
724
            $v->set('retainview', $config['retainview']);
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
            $v->set('allowcomments', $config['allowcomments']);
            $v->set('approvecomments', $config['approvecomments']);
            if (isset($config['copynewuser'])) {
                $v->set('copynewuser', $config['copynewuser']);
            }
            if (isset($config['copynewgroups'])) {
                $v->set('copynewgroups', $config['copynewgroups']);
            }
            $v->set('accessconf', $accessconf);
            $v->commit();
        }

        db_commit();
    }

740
    public function is_public() {
741
        $accessrecords = self::user_access_records($this->id, 0);
742
743
744
745
        if (!$accessrecords) {
            return false;
        }

746
747
748
        foreach($accessrecords as &$a) {
            if ($a->accesstype == 'public') {
                return true;
749
750
751
752
753
            }
        }
        return false;
    }

754
755
    public function set_access($accessdata) {
        global $USER;
756
        require_once('activity.php');
757
        require_once('group.php');
758
759
760

        $beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess');

761
762
        $select = 'view = ? AND visible = 1 AND token IS NULL';

763
        db_begin();
764
        delete_records_select('view_access', $select, array($this->id));
765
766

        // View access
767
        $accessdata_added = array();
768
        if ($accessdata) {
769
770
771
772
            /*
             * There should be a cleaner way to do this
             * $accessdata_added ensures that the same access is not granted twice because the profile page
             * gets very grumpy if there are duplicate access rules
773
774
775
776
777
778
             *
             * Additional rules:
             * - Don't insert records with stopdate in the past
             * - Remove startdates that are in the past
             * - If view allows comments, access record comment permissions, don't apply, so reset them.
             * @todo: merge overlapping date ranges.
779
             */
780
            $time = time();
781
            foreach ($accessdata as $item) {
782
783
784
785
786
787
788
789
790
791
792
793

                if (!empty($item['stopdate']) && $item['stopdate'] < $time) {
                    continue;
                }
                if (!empty($item['startdate']) && $item['startdate'] < $time) {
                    unset($item['startdate']);
                }
                if ($this->get('allowcomments')) {
                    unset($item['allowcomments']);
                    unset($item['approvecomments']);
                }

794
                $accessrecord = (object)array(
795
796
797
798
799
800
801
802
                    'accesstype'      => null,
                    'group'           => null,
                    'role'            => null,
                    'usr'             => null,
                    'token'           => null,
                    'startdate'       => null,
                    'stopdate'        => null,
                    'allowcomments'   => 0,
803
                    'approvecomments' => 1,
804
                    'ctime'           => db_format_timestamp(time()),
805
                );
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836

                switch ($item['type']) {
                case 'user':
                    $accessrecord->usr = $item['id'];
                    break;
                case 'group':
                    $accessrecord->group = $item['id'];
                    if (isset($item['role']) && strlen($item['role'])) {
                        // Don't insert a record for a role the group doesn't have
                        $roleinfo = group_get_role_info($item['id']);
                        if (!isset($roleinfo[$item['role']])) {
                            break;
                        }
                        $accessrecord->role = $item['role'];
                    }
                    break;
                case 'friends':
                    if (!$this->owner) {
                        continue; // Don't add friend access to group, institution or system views
                    }
                case 'public':
                case 'loggedin':
                    $accessrecord->accesstype = $item['type'];
                }

                if (isset($item['allowcomments'])) {
                    $accessrecord->allowcomments = (int) !empty($item['allowcomments']);
                    if ($accessrecord->allowcomments) {
                        $accessrecord->approvecomments = (int) !empty($item['approvecomments']);
                    }
                }
837
838
839
840
841
842
                if (isset($item['startdate'])) {
                    $accessrecord->startdate = db_format_timestamp($item['startdate']);
                }
                if (isset($item['stopdate'])) {
                    $accessrecord->stopdate  = db_format_timestamp($item['stopdate']);
                }
843

844
                if (array_search($accessrecord, $accessdata_added) === false) {
845
                    $accessrecord->view = $this->get('id');
846
                    insert_record('view_access', $accessrecord);
847
                    unset($accessrecord->view);
848
                    $accessdata_added[] = $accessrecord;
849
850
851
852
853
854
855
856
857
858
859
860
                }
            }
        }

        $data = new StdClass;
        $data->view = $this->get('id');
        $data->owner = $USER->get('id');
        $data->oldusers = $beforeusers;
        activity_occurred('viewaccess', $data);
        handle_event('saveview', $this->get('id'));

        db_commit();
861
        return $accessdata_added;
862
863
    }

864
    /**
865
866
     * Apply all the access rules among a set of views to every view in
     * the set.
867
     */
868
    public static function combine_access($viewids) {
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
        if (empty($viewids)) {
            return;
        }

        $select = 'view IN (' . join(',', array_map('intval', $viewids)) . ') AND visible = 1';

        if (!$access = get_records_select_array('view_access', $select)) {
            return;
        }

        $unique = array();
        foreach ($access as &$a) {
            unset($a->view);
            $k = serialize($a);
            if (!isset($unique[$k])) {
                $unique[$k] = $a;
            }
        }

        db_begin();

        delete_records_select('view_access', $select);

        foreach ($unique as &$a) {
            foreach ($viewids as $id) {
                $a->view = $id;
895
                $a->ctime = db_format_timestamp(time());
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
                insert_record('view_access', $a);
            }
        }

        db_commit();
    }

    /**
     * Copy access records from one view to a set of other views
     */
    public function copy_access($to) {
        if (empty($this->id)) {
            return;
        }

        $toupdate = array();
        foreach ($to as $viewid) {
            if ($this->id != $viewid) {
                $toupdate[] = (int) $viewid;
            }
        }

        if (empty($toupdate)) {
            return;
        }

922
923
924
925
926
927
        $firstviewaccess = get_records_select_array(
            'view_access',
            'view = ? AND visible = 1 AND token IS NULL',
            array($this->id)
        );

928
        db_begin();
929
930
931
932
933
934
935
936
937
        delete_records_select(
            'view_access',
            'view IN (' . join(',', $toupdate) . ') AND visible = 1 AND token IS NULL'
        );

        if ($firstviewaccess) {
            foreach ($toupdate as $id) {
                foreach ($firstviewaccess as &$a) {
                    $a->view = $id;
938
                    $a->ctime = db_format_timestamp(time());
939
940
941
942
                    insert_record('view_access', $a);
                }
            }
        }
943
944
945
946
        db_commit();
    }


947
948
949
950
951
952
    public function get_autocreate_grouptypes() {
        if (!isset($this->copynewgroups)) {
            $this->copynewgroups = get_column('view_autocreate_grouptype', 'grouptype', 'view', $this->id);
        }
        return $this->copynewgroups;
    }
953

954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
    public function is_submitted() {
        return $this->get('submittedgroup') || $this->get('submittedhost');
    }

    public function submitted_to() {
        if ($group = $this->get('submittedgroup')) {
            return array('type' => 'group', 'id' => $group, 'name' => get_field('group', 'name', 'id', $group));
        }
        if ($host = $this->get('submittedhost')) {
            return array('type' => 'host', 'wwwroot' => $host, 'name' => get_field('host', 'name', 'wwwroot', $host));
        }
        return null;
    }

    public function release($releaseuser=null) {
969
        require_once(get_config('docroot') . 'artefact/lib.php');
970
971
972
        $submitinfo = $this->submitted_to();
        if (is_null($submitinfo)) {
            throw new ParameterException("View with id " . $this->get('id') . " has not been submitted");
973
974
        }
        $releaseuser = optional_userobj($releaseuser);
975
        db_begin();
976
        if ($submitinfo['type'] == 'group') {
977
            $group = $this->get('submittedgroup');
978
            $this->set('submittedgroup', null);
979
980
981
982
            if ($group) {
                // Remove hidden tutor view access records
                delete_records('view_access', 'view', $this->id, 'group', $group, 'visible', 0);
            }
983
984
985
986
        }
        else if ($submitinfo['type'] == 'host') {
            $this->set('submittedhost', null);
        }
987
        $this->set('submittedtime', null);
988
        $this->commit();
989
        ArtefactType::update_locked($this->owner);
990
        db_commit();
991
        $ownerlang = get_user_language($this->get('owner'));
992
        $url = get_config('wwwroot') . 'view/view.php?id=' . $this->get('id');
993
994
        require_once('activity.php');
        activity_occurred('maharamessage', 
995
996
997
998
999
1000
1001
            array(
                'users' => array($this->get('owner')),
                'subject' => get_string_from_language($ownerlang, 'viewreleasedsubject', 'group', $this->get('title'),
                    $submitinfo['name'], display_name($releaseuser, $this->get_owner_object())),
                'message' => get_string_from_language($ownerlang, 'viewreleasedmessage', 'group', $this->get('title'),
                    $submitinfo['name'], display_name($releaseuser, $this->get_owner_object())),
                'url' => $url,
1002
                'urltext' => $this->get('title'),
1003
1004
            )
        );
1005
1006
    }

1007
1008
1009
    /**
     * Returns HTML for the category list
     *
1010
     * @param string $category The currently selected category
1011
    */
1012
1013
    public function build_category_list($category, $new=0) {
        $categories = $this->get_category_data();
1014
1015
1016
1017
1018
1019
1020
        $flag = false;
        foreach ($categories as &$cat) {
            $classes = '';
            if (!$flag) {
                $flag = true;
                $classes[] = 'first';
            }
1021
            if ($category == $cat['name']) {
1022
1023
1024
1025
1026
1027
1028
                $classes[] = 'current';
            }
            if ($classes) {
                $cat['class'] = hsc(implode(' ', $classes)); 
            }
        }

1029
1030
1031
        // Because of the reference in the above loop, $cat refers to the last item
        $cat['class'] = (isset($cat['class'])) ? $cat['class'] . ' last' : 'last';

1032
1033
        $smarty = smarty_core();
        $smarty->assign('categories', $categories);
1034
        $smarty->assign('viewid', $this->get('id'));
1035
        $smarty->assign('new', $new);
1036
1037
1038
        return $smarty->fetch('view/blocktypecategorylist.tpl');
    }

1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
    /**
     * Gets the name of the first blocktype category for this View.
     *
     * This can change based on what blocktypes allow themselves to be in what 
     * types of View. For example, in a group View, blog blocktypes aren't 
     * allowed (yet), so the first blocktype category shown won't be "blog"
     */
    public function get_default_category() {
        $data = $this->get_category_data();
        return $data[0]['name'];
    }

    /**
     * Gets information about blocktype categories for blocks that can be put 
     * in this View
     *
     * For each category, returns its name, a localised title and the number of 
     * blocktypes in the category that can be put in this View.
     *
     * If a category has no blocktypes that can be put in this View, it is not 
     * returned
     */
    private function get_category_data() {
        if (isset($this->category_data)) {
            return $this->category_data;
        }

        require_once(get_config('docroot') . '/blocktype/lib.php');
        $categories = array();
1068
        $sql = 'SELECT bic.* FROM {blocktype_installed_category} bic
1069
1070
            JOIN {blocktype_installed} bi ON (bic.blocktype = bi.name AND bi.active = 1)
            JOIN {blocktype_installed_viewtype} biv ON (bi.name = biv.blocktype AND biv.viewtype = ?)';
1071
        if (function_exists('local_get_allowed_blocktype_categories')) {
1072
            $localallowed = local_get_allowed_blocktype_categories($this);
1073
        }
1074
        foreach (get_records_sql_array($sql, array($this->get('type'))) as $blocktypecategory) {
1075
            if (isset($localallowed) && is_array($localallowed) && !in_array($blocktypecategory->category, $localallowed)) {
1076
1077
                continue;
            }
1078
            safe_require('blocktype', $blocktypecategory->blocktype);
1079
            if (call_static_method(generate_class_name("blocktype", $blocktypecategory->blocktype), "allowed_in_view", $this)) {
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
                if (!isset($categories[$blocktypecategory->category])) {
                    $categories[$blocktypecategory->category] = array(
                        'name'  => $blocktypecategory->category,
                        'title' => call_static_method("PluginBlocktype", "category_title_from_name", $blocktypecategory->category),
                    );
                }
            }
        }

        // The 'internal' plugin is known to the outside world as 'profile', so 
        // we need to sort on the actual name
        usort($categories, create_function('$a, $b', 'return strnatcasecmp($a[\'title\'], $b[\'title\']);'));

        return $this->category_data = $categories;
    }

1096
1097
1098
1099
1100
1101
1102
1103
    /**
     * Returns HTML for the blocktype list for a particular category
     *
     * @param string $category   The category to build the blocktype list for
     * @param bool   $javascript Set to true if the caller is a json script, 
     *                           meaning that nothing for the standard HTML version 
     *                           alone should be output
     */
1104
    public function build_blocktype_list($category, $javascript=false) {
1105
        require_once(get_config('docroot') . 'blocktype/lib.php');
1106
        $blocktypes = PluginBlockType::get_blocktypes_for_category($category, $this);
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117

        $smarty = smarty_core();
        $smarty->assign_by_ref('blocktypes', $blocktypes);
        $smarty->assign('javascript', $javascript);
        return $smarty->fetch('view/blocktypelist.tpl');
    }

    /**
     * Process view changes. This function is used both by the json stuff and 
     * by normal posts
     */
1118
    public function process_changes($category='', $new=0) {
1119
1120
1121
        global $SESSION, $USER;

        // Security
1122
1123
        // TODO this might need to be moved below the requestdata check below, to prevent non owners of the view being 
        // rejected
1124
        if (!$USER->can_edit_view($this)) {
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
            throw new AccessDeniedException(get_string('canteditdontown', 'view'));
        }

        if (!count($_POST) && count($_GET) < 3) {
            return;
        }

        $action = '';
        foreach ($_POST as $key => $value) {
            if (substr($key, 0, 7) == 'action_') {
                $action = substr($key, 7);
1136
                break;
1137
            }
1138
1139
1140
1141
1142
            else if (substr($key, 0, 37) == 'cancel_action_configureblockinstance_'
                     && param_integer('removeoncancel', 0)) {
                $action = 'removeblockinstance_' . substr($key, 37);
                break;
            }
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
        }
        // TODO Scan GET for an action. The only action that is GETted is 
        // confirming deletion of a blockinstance. It _should_ be a POST, but 
        // that can be fixed later.
        if (!$action) {
            foreach ($_GET as $key => $value) {
                if (substr($key, 0, 7) == 'action_') {
                    $action = substr($key, 7);
                }
            }
        }

1155
1156
        $viewtheme = param_variable('viewtheme', '');
        if ($viewtheme && $viewtheme != $this->get('theme')) {
1157
1158
            $action = 'changetheme';
            $values = array('theme' => $viewtheme);
1159
1160
        }

1161
1162
1163
        if (empty($action)) {
            return;
        }
1164
1165
1166

        form_validate(param_alphanum('sesskey', null));

1167
1168
1169
1170
        if (!isset($values)) {
            $actionstring = $action;
            $action = substr($action, 0, strpos($action, '_'));
            $actionstring  = substr($actionstring, strlen($action) + 1);
1171

1172
1173
1174
1175
1176
1177
            // Actions from <input type="image"> buttons send an _x and _y
            if (substr($actionstring, -2) == '_x' || substr($actionstring, -2) == '_y') {
                $actionstring = substr($actionstring, 0, -2);
            }

            $values = self::get_values_for_action($actionstring);
1178
        }
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190

        $result = null;
        switch ($action) {
            // the view class method is the same as the action,
            // but I've left these here in case any additional
            // parameter handling has to be done.
            case 'addblocktype': // requires action_addblocktype  (blocktype in separate parameter)
                $values['blocktype'] = param_alpha('blocktype', null);
            break;
            case 'removeblockinstance': // requires action_removeblockinstance_id_\d
                if (!defined('JSON')) {
                    if (!$sure = param_boolean('sure')) {
1191
1192
1193
1194
1195
1196
1197
1198
1199
                        $yesform = '<form action="' . get_config('wwwroot') . '/view/blocks.php" class="inline">'
                            . '<input type="hidden" name="id" value="' . $this->get('id') . '">'
                            . '<input type="hidden" name="c" value="file">'
                            . '<input type="hidden" name="action_' . $action . '_' .  $actionstring . '" value="1">'
                            . '<input type="hidden" name="sure" value="1">'
                            . '<input type="hidden" name="sesskey" value="' . $USER->get('sesskey') . '">'
                            . '<input type="submit" class="submit" name="removeblock_submit" value="' . get_string('yes') . '">'
                            . '</form>';
                        $baselink = get_config('wwwroot') . 'view/blocks.php?id=' . $this->get('id') . '&c=' . $category . '&new=' . $new;
1200
                        $SESSION->add_info_msg(get_string('confirmdeleteblockinstance', 'view') 
1201
                            . '&nbsp;' . $yesform . ' <a href="' . $baselink . '">' . get_string('no') . '</a>', false);
1202
1203
1204
1205
1206
1207
                        redirect($baselink);
                        exit;
                    }
                }
            break;
            case 'configureblockinstance': // requires action_configureblockinstance_id_\d_column_\d_order_\d
1208
            case 'acsearch': // requires action_acsearch_id_\d
1209
1210
                if (!defined('JSON')) {
                    $this->blockinstance_currently_being_configured = $values['id'];
1211
1212
                    // And we're done here for now
                    return;
1213
1214
1215
1216
                }
            case 'moveblockinstance': // requires action_moveblockinstance_id_\d_column_\d_order_\d
            case 'addcolumn': // requires action_addcolumn_before_\d
            case 'removecolumn': // requires action_removecolumn_column_\d
1217
            case 'changetheme':
1218
1219
1220
1221
            break;
            default:
                throw new InvalidArgumentException(get_string('noviewcontrolaction', 'error', $action));
        }
1222

1223
1224
1225
1226
1227
        $message = '';
        $success = false;
        try {
            $values['returndata'] = defined('JSON');
            $returndata = $this->$action($values);
1228
1229
1230
1231
1232

            // Tell the watchlist that the view changed
            $data = (object)array(
                'view' => $this->get('id'),
            );
1233
            require_once('activity.php');
1234
1235
            activity_occurred('watchlist', $data);

1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
            if (!defined('JSON')) {
                $message = $this->get_viewcontrol_ok_string($action);
            }
            $success = true;
        }
        catch (Exception $e) {
            // if we're in ajax land, just throw it
            // the handler will deal with the message.
            if (defined('JSON')) {
                throw $e;
            }
            $message = $this->get_viewcontrol_err_string($action) . ': ' . $e->getMessage();
        }
        if (!defined('JSON')) {
            // set stuff in the session and redirect
            $fun = 'add_ok_msg';
            if (!$success) {
1253
                $fun = 'add_error_msg';
1254
1255
            }
            $SESSION->{$fun}($message);
1256
            redirect('/view/blocks.php?id=' . $this->get('id') . '&c=' . $category . '&new=' . $new);
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
        }
        return array('message' => $message, 'data' => $returndata);
    }

    /** 
     * Parses the string and returns a hash of values
     *
     * @param string $action expects format name_value_name_value
     *                       where values are all numeric
     * @return array associative
    */
    private static function get_values_for_action($action) {
        $values = array();
        $bits = explode('_', $action);
        if ((count($bits) % 2) == 1) {
            throw new ParamOutOfRangeException(get_string('invalidviewaction', 'error', $action));
        }
        $lastkey = null;
        foreach ($bits as $index => $bit) {
            if ($index % 2 == 0) { 
                $lastkey = $bit;
            }
            else {
                $values[$lastkey] = $bit;
            }
        }
        return $values;
    }

1286
1287
    /**
    * builds up the data structure for  this view
1288
1289
    * @param boolean $force force a re-read from the database
    *                       use this if a column is dirty
1290
1291
1292
    * @private
    * @return void
    */
1293
1294
    private function build_column_datastructure($force=false) {
        if (!empty($this->columns) && empty($force)) { // we've already built it up
1295
1296
1297
            return;
        }

Penny Leach's avatar
Penny Leach committed
1298
1299
1300
1301
        $sql = 'SELECT bi.*
            FROM {block_instance} bi
            WHERE bi.view = ?
            ORDER BY bi.column, bi.order';
1302
1303
1304
1305
1306
1307
1308
1309
1310
        if (!$data = get_records_sql_array($sql, array($this->get('id')))) {
            $data = array();
        }

        // fill up empty columns array keys
        for ($i = 1; $i <= $this->get('numcolumns'); $i++) {
            $this->columns[$i] = array('blockinstances' => array());
        }

1311
        // Set column widths
1312
1313
1314
1315
1316
1317
1318
1319
        $layout = $this->get_layout();
        $i = 0;
        $is_ie6 = (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6.0'));
        foreach (explode(',', $layout->widths) as $width) {
            // IE6 has interesting padding issues that mean we have to tell
            // porkies so all the columns stay beside each other
            if ($is_ie6) {
                $width -= 2;
1320
            }
1321
            $this->columns