editaccess.php 6.82 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php
/**
 * This program is part of Mahara
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 *
 * @package    mahara
 * @subpackage core
 * @author     Nigel McNie <nigel@catalyst.net.nz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
 *
 */

Nigel McNie's avatar
Nigel McNie committed
27
28
// @todo Maybe later have a cron job to clean up access to views when the access expires
// @todo Currently you can add access with start date after end date, this should be restricted
29
// @todo Currently you can add multpile access that is exactly the same (e.g. 3x public with no dates)
Nigel McNie's avatar
Nigel McNie committed
30
31
//       This might need to be checked for. As it stands that just results in three rows in the database,
//       which are collapsed when access to the view is edited
32
33
34
define('INTERNAL', 1);
define('MENUITEM', 'view');
require(dirname(dirname(__FILE__)) . '/init.php');
Martyn Smith's avatar
Martyn Smith committed
35
define('TITLE', get_string('editaccess', 'view'));
36
37
require_once('pieforms/pieform.php');
require_once('pieforms/pieform/elements/calendar.php');
38
$smarty = smarty(array('tablerenderer'), pieform_element_calendar_get_headdata(pieform_element_calendar_configure(array())));
39
40
41
42
43

$viewid = param_integer('viewid');
$prefix = get_config('dbprefix');

if (!$data = get_records_sql_array('SELECT va.accesstype AS type, va.startdate, va.stopdate
44
45
46
    FROM ' . $prefix . 'view v
    LEFT JOIN ' . $prefix . 'view_access va ON (va.view = v.id)
    WHERE v.id = ?
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
    AND v.owner = ?
    ORDER BY va.accesstype', array($viewid, $USER->get('id')))) {
    $SESSION->add_error_msg(get_string('canteditdontown', 'view'));
    redirect(get_config('wwwroot') . 'view/');
}

foreach ($data as &$item) {
    $item = (array)$item;
}
log_debug($data);

// Get access for users, groups and communities
$extradata = get_records_sql_array("
    SELECT 'user' AS type, usr AS id, 0 AS tutoronly, startdate, stopdate
        FROM {$prefix}view_access_usr
        WHERE view = ?
UNION
    SELECT 'group', grp, 0, startdate, stopdate
        FROM {$prefix}view_access_group
        WHERE view = ?
UNION
    SELECT 'community', community, tutoronly, startdate, stopdate
        FROM {$prefix}view_access_community
        WHERE view = ?", array($viewid, $viewid, $viewid));
if ($extradata) {
    foreach ($extradata as &$extraitem) {
        $extraitem = (array)$extraitem;
    }
    $data = array_merge($data, $extradata);
}


$form = array(
    'name' => 'editviewaccess',
    'elements' => array(
        'accesslist' => array(
            'type'         => 'viewacl',
            'defaultvalue' => $data
        ),
        'viewid' => array(
            'type' => 'hidden',
            'value' => $viewid
        ),
        'submit' => array(
            'type' => 'submitcancel',
            'value' => array(get_string('saveaccess'), get_string('cancel'))
        )
    )
);

function editviewaccess_cancel_submit() {
98
    redirect('view/');
99
100
}

101
function editviewaccess_submit(Pieform $form, $values) {
102
    global $SESSION, $USER, $viewid, $data;
103

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
    // For users who are being removed from having access to this view, they
    // need to have the view and any attached artefacts removed from their
    // watchlist.
    $oldusers = array();
    foreach ($data as $item) {
        if ($item['type'] == 'user') {
            $oldusers[] = $item;
        }
    }

    $newusers = array();
    foreach ($values['accesslist'] as $item) {
        if ($item['type'] == 'user') {
            $newusers[] = $item;
        }
    }

    $userstodelete = array();
    foreach ($oldusers as $olduser) {
        foreach ($newusers as $newuser) {
            if ($olduser['id'] == $newuser['id']) {
                continue(2);
            }
        }
        $userstodelete[] = $olduser;
    }

    if ($userstodelete) {
        $userids = array();
        foreach ($userstodelete as $user) {
            $userids[] = intval($user['id']);
        }
        $userids = implode(',', $userids);

        $prefix = get_config('dbprefix');
        execute_sql('DELETE FROM ' . $prefix . 'usr_watchlist_view
            WHERE view = ' . $viewid . '
            AND usr IN (' . $userids . ')');
        execute_sql('DELETE FROM ' . $prefix . 'usr_watchlist_artefact
            WHERE view = ' . $viewid . '
            AND usr IN(' . $userids . ')');
    }

    // Procedure:
    // get list of current friends - this is available in global $data
    // compare with list of new friends
    // work out which friends are being removed
    // foreach friend
    //     // remove record from usr_watchlist_view where usr = ? and view = ?
    //     // remove records from usr_watchlist_artefact where usr = ? and view = ?
    // endforeach
    //
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
    db_begin();
    delete_records('view_access', 'view', $viewid);
    delete_records('view_access_usr', 'view', $viewid);
    delete_records('view_access_group', 'view', $viewid);
    delete_records('view_access_community', 'view', $viewid);
    $time = db_format_timestamp(time());

    // View access
    foreach ($values['accesslist'] as $item) {
        $accessrecord = new StdClass;
        $accessrecord->view = $viewid;
        $accessrecord->startdate = db_format_timestamp($item['startdate']);
        $accessrecord->stopdate  = db_format_timestamp($item['stopdate']);
        switch ($item['type']) {
            case 'public':
            case 'loggedin':
            case 'friends':
                $accessrecord->accesstype = $item['type'];
                insert_record('view_access', $accessrecord);
                break;
            case 'user':
                $accessrecord->usr = $item['id'];
                insert_record('view_access_usr', $accessrecord);
                break;
            case 'group':
                $accessrecord->grp = $item['id'];
                insert_record('view_access_group', $accessrecord);
                break;
            case 'community':
                $accessrecord->community = $item['id'];
                insert_record('view_access_community', $accessrecord);
                break;
        }
    }
    db_commit();
    $SESSION->add_ok_msg(get_string('viewaccesseditedsuccessfully'));
192
    redirect('view/');
193
194
}

Martyn Smith's avatar
Martyn Smith committed
195
$smarty->assign('titlestr', get_string('editaccess', 'view'));
196
197
198
199
$smarty->assign('form', pieform($form));
$smarty->display('view/create4.tpl');

?>