view.php 16.6 KB
Newer Older
Richard Mansfield's avatar
Richard Mansfield committed
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage core
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
Richard Mansfield's avatar
Richard Mansfield committed
9
10
11
 *
 */
define('INTERNAL', 1);
12
define('PUBLIC', 1);
Aaron Wells's avatar
Aaron Wells committed
13
// Technically these are lies, but we set them like this to hook in the right
14
15
16
17
// plugin stylesheet. This file should be provided by artefact/internal anyway.
define('SECTION_PLUGINTYPE', 'artefact');
define('SECTION_PLUGINNAME', 'internal');
define('SECTION_PAGE', 'view');
18

19
require(dirname(dirname(__FILE__)).'/init.php');
20
require_once('group.php');
21
require_once('pieforms/pieform.php');
22
require_once(get_config('libroot') . 'view.php');
Richard Mansfield's avatar
Richard Mansfield committed
23

24
25
26
27
28
29
30
if (param_variable('acceptfriend_submit', null)) {
    acceptfriend_form(param_integer('id'));
}
else if (param_variable('addfriend_submit', null)) {
    addfriend_form(param_integer('id'));
}

31
$loggedinid = $USER->get('id');
32
33
34

if ($profileurlid = param_alphanumext('profile', null)) {
    if (!$user = get_record('usr', 'urlid', $profileurlid, 'deleted', 0)) {
35
36
37
38
39
40
41
        if ($USER->is_logged_in()) {
            throw new UserNotFoundException("User $profileurlid not found");
        }
        else {
            // For logged-out users we show "access denied" in order to prevent an enumeration attack
            throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
        }
42
43
44
45
    }
    $userid = $user->id;
}
else if (!empty($loggedinid)) {
46
47
48
49
50
    $userid = param_integer('id', $loggedinid);
}
else {
    $userid = param_integer('id');
}
51
52
53
if ($userid == 0) {
    redirect();
}
54

55
// Get the user's details
56
57
if (!isset($user)) {
    if (!$user = get_record('usr', 'id', $userid, 'deleted', 0)) {
58
59
60
61
62
63
64
        if ($USER->is_logged_in()) {
            throw new UserNotFoundException("User with id $userid not found");
        }
        else {
            // For logged-out users we show "access denied" in order to prevent an enumeration attack
            throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
        }
65
    }
66
}
Penny Leach's avatar
Penny Leach committed
67
$is_friend = is_friend($userid, $loggedinid);
68

69
70
71
72
73
74
75
76
77
if ($loggedinid == $userid) {
    $view = $USER->get_profile_view();
}
else {
    $userobj = new User();
    $userobj->find_by_id($userid);
    $view = $userobj->get_profile_view();
}

78
# access will either be logged in (always) or public as well
79
80
if (!$view) {
    // No access, so restrict profile view
81
    throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
82
83
}

84
$viewid = $view->get('id');
85
86
// Special behaviour: Logged in users who the page hasn't been shared with, see a special page
// with the user's name, icon, and little else.
87
$restrictedview = !can_view_view($viewid);
88
89
90
91
// Logged-out users can't see any details, though
if ($restrictedview && !$USER->is_logged_in()) {
    throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
92
if (!$restrictedview) {
93
    $viewcontent = $view->build_rows(); // Build content before initialising smarty in case pieform elements define headers.
94
}
95

96
$javascript = array('paginator', 'lib/pieforms/static/core/pieforms.js', 'expandable');
97
98
99
$blocktype_js = $view->get_all_blocktype_javascript();
$javascript = array_merge($javascript, $blocktype_js['jsfiles']);
$inlinejs = "addLoadEvent( function() {\n" . join("\n", $blocktype_js['initjs']) . "\n});";
100

101
// Set up theme
102
103
104
$viewtheme = $view->get('theme');
if ($viewtheme && $THEME->basename != $viewtheme) {
    $THEME = new Theme($viewtheme);
105
}
106
$stylesheets = array('<link rel="stylesheet" type="text/css" href="' . append_version_number(get_config('wwwroot') . 'theme/views.css') . '">');
107
$stylesheets = array_merge($stylesheets, $view->get_all_blocktype_css());
108
109
110
// include slimbox2 js and css files, if it is enabled...
if (get_config_plugin('blocktype', 'gallery', 'useslimbox2')) {
    $langdir = (get_string('thisdirection', 'langconfig') == 'rtl' ? '-rtl' : '');
111
    $stylesheets = array_merge($stylesheets, array('<script type="application/javascript" src="' . append_version_number(get_config('wwwroot') . 'lib/slimbox2/js/slimbox2.js') . '"></script>',
112
                     '<link rel="stylesheet" type="text/css" href="' . append_version_number(get_config('wwwroot') . 'lib/slimbox2/css/slimbox2' . $langdir . '.css') . '">'
113
114
                     ));
}
115

116
$name = display_name($user);
Martyn Smith's avatar
Martyn Smith committed
117
define('TITLE', $name);
118
119
120
121
122
123
124
125
126
127
128
129
130
131

$sql = "SELECT g.*, a.type FROM {group} g JOIN (
SELECT gm.group, 'invite' AS type
    FROM {group_member_invite} gm WHERE gm.member = ?
UNION
SELECT gm.group, 'request' AS type
    FROM {group_member_request} gm WHERE gm.member = ?
UNION
SELECT gm.group, gm.role AS type
    FROM {group_member} gm
    WHERE gm.member = ?
) AS a ON a.group = g.id
WHERE g.deleted = 0
ORDER BY g.name";
Nigel McNie's avatar
Nigel McNie committed
132
133
134
if (!$allusergroups = get_records_sql_assoc($sql, array($userid, $userid, $userid))) {
    $allusergroups = array();
}
135
136
137
138
139
140
141
142
143
$groupinvitedlist = false;
$groupinvitedlistform = false;
$grouprequestedlist = false;
$grouprequestedlistform = false;
$remoteusermessage = false;
$remoteuseracceptform = false;
$remoteusernewfriendform = false;
$remoteuserfriendscontrol = false;
$remoteuserrelationship = false;
144
if (!empty($loggedinid) && $loggedinid != $userid) {
145
146
147
148

    $invitedlist = array();   // Groups admin'ed by the logged in user that the displayed user has been invited to
    $requestedlist = array(); // Groups admin'ed by the logged in user that the displayed user has requested membership of

149
150
151
152
153
    // Get all groups where either:
    // - the logged in user is an admin, or
    // - the logged in user has a role which is allowed to assess submitted views, or
    // - the logged in user is a member & is allowed to invite friends (when the displayed user is a friend)
    $groups = array();
154
    foreach (group_get_user_groups() as $g) {
155
156
157
158
159
        if ($g->role == 'admin' || $g->see_submitted_views || ($is_friend && $g->invitefriends)) {
            $groups[] = $g;
        }
    }
    if ($groups) {
160
161
162
        $invitelist     = array(); // List of groups the displayed user can be invited to join
        $controlledlist = array(); // List of groups the displayed user can be directly added to

163
        foreach ($groups as $group) {
164
            if (array_key_exists($group->id, $allusergroups)) {
165
166
167
168
169
170
171
172
173
174
175
176
                if ($allusergroups[$group->id]->type == 'invite') {
                    $invitedlist[$group->id] = $group->name;
                }
                else if ($allusergroups[$group->id]->type == 'request') {
                    $requestedlist[$group->id] = $group->name;
                    $controlledlist[$group->id] = $group->name;
                    continue;
                }
                else {
                    continue; // Already a member
                }
            }
177
178
            $canadd = $group->role == 'admin' || $group->see_submitted_views;
            if ($canadd && $group->jointype == 'controlled') {
179
180
181
182
                $controlledlist[$group->id] = $group->name;
            }
            if (!isset($invitedlist[$group->id])) {
                $invitelist[$group->id] = $group->name;
183
184
            }
        }
185
        $groupinvitedlist = join(', ', $invitedlist);
186
187
188
189
190
        if (count($invitelist) > 0) {
            $default = array_keys($invitelist);
            $default = $default[0];
            $inviteform = pieform(array(
                'name'              => 'invite',
Clare Lenihan's avatar
Clare Lenihan committed
191
192
                'successcallback'   => 'invite_submit',
                'renderer'          => 'div',
Naomi Guyer's avatar
Naomi Guyer committed
193
                'class'             => 'form-inline with-heading pbs',
194
195
196
197
198
                'elements'          => array(
                    'id' => array(
                        'type'  => 'hidden',
                        'value' => $userid,
                    ),
Naomi Guyer's avatar
Naomi Guyer committed
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
                    'invitegroup' => array (
                        'type' => 'fieldset',
                        'class' => 'input-group',
                        'elements'          => array(
                            'group' => array(
                                'class'               => 'last hide-label input-sm',
                                'type'                => 'select',
                                'title'               => get_string('inviteusertojoingroup', 'group'),
                                'collapseifoneoption' => false,
                                'options'             => $invitelist,
                                'defaultvalue'        => $default,
                            ),
                            
                            'submit' => array(
                                'type'  => 'button',
                                'usebuttontag' => true,
                                'class' => 'btn btn-sm btn-primary input-group-btn',
                                'value' => '<span class="icon icon-paper-plane prs"></span>' . get_string('sendinvitation', 'group'),
                            )
                        )
                    )
220
221
                ),
            ));
222
            $groupinvitedlistform = $inviteform;
223
        }
224

225
        $grouprequestedlist = join(', ', $requestedlist);
226
227
228
229
230
        if (count($controlledlist) > 0) {
            $default = array_keys($controlledlist);
            $default = $default[0];
            $addform = pieform(array(
                'name'                => 'addmember',
Clare Lenihan's avatar
Clare Lenihan committed
231
232
                'successcallback'     => 'addmember_submit',
                'renderer'            => 'div',
Naomi Guyer's avatar
Naomi Guyer committed
233
                'class'             => 'form-inline with-heading with-user-icon',
234
                'autofocus'           => false,
235
                'elements'            => array(
236
237
                    'member' => array(
                        'type'  => 'hidden',
Aaron Wells's avatar
Aaron Wells committed
238
                        'value' => $userid,
239
                    ),
Naomi Guyer's avatar
Naomi Guyer committed
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
                    'addgroup' => array (
                        'type' => 'fieldset',
                        'class' => 'input-group',
                        'elements'  => array(
                            'group' => array(
                                'class'   => 'last hide-label input-sm',
                                'type'    => 'select',
                                'title'   => get_string('addusertogroup', 'group'),
                                'collapseifoneoption' => false,
                                'options' => $controlledlist,
                                'defaultvalue' => $default,
                            ),
                            
                            'submit' => array(
                                'type'  => 'button',
                                'usebuttontag' => true,
                                'class' => 'btn btn-sm btn-primary input-group-btn',
                                'value' => '<span class="icon icon-plus prs"></span>' . get_string('add'),
                            )
                        )
                    )
261
                ),
262
            ));
263
            $grouprequestedlistform = $addform;
Aaron Wells's avatar
Aaron Wells committed
264
        }
265
    }
266

Penny Leach's avatar
Penny Leach committed
267
    if ($is_friend) {
Clare Lenihan's avatar
Clare Lenihan committed
268
        $relationship = 'existingfriend';
269
    }
Clare Lenihan's avatar
Clare Lenihan committed
270
271
    else if (record_exists('usr_friend_request', 'requester', $loggedinid, 'owner', $userid)) {
        $relationship = 'requestedfriendship';
272
    }
Clare Lenihan's avatar
Clare Lenihan committed
273
274
    else if ($record = get_record('usr_friend_request', 'requester', $userid, 'owner', $loggedinid)) {
        $relationship = 'pending';
275
276
        $remoteusermessage = $record->message;
        $remoteuseracceptform = acceptfriend_form($userid);
277
    }
Clare Lenihan's avatar
Clare Lenihan committed
278
279
280
281
    else {
        $relationship = 'none';
        $friendscontrol = get_account_preference($userid, 'friendscontrol');
        if ($friendscontrol == 'auto') {
282
            $remoteusernewfriendform = addfriend_form($userid);
Clare Lenihan's avatar
Clare Lenihan committed
283
        }
284
        $remoteuserfriendscontrol = $friendscontrol;
Clare Lenihan's avatar
Clare Lenihan committed
285
    }
286
    $remoteuserrelationship = $relationship;
Penny Leach's avatar
Penny Leach committed
287
288
}

289
if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
290
    $loginas = get_string('loginasuser', 'admin', display_username($user));
291
292
293
} else {
    $loginas = null;
}
294
295
296
297
298
299
300
301
302
303
304
305
// Set up skin, if the page has one
$viewskin = $view->get('skin');
$owner    = $view->get('owner');
$issiteview = $view->get('institution') == 'mahara';
if ($viewskin && get_config('skins') && can_use_skins($owner, false, $issiteview) && (!isset($THEME->skins) || $THEME->skins !== false)) {
    $skin = array('skinid' => $viewskin, 'viewid' => $view->get('id'));
    $skindata = unserialize(get_field('skin', 'viewskin', 'id', $viewskin));
}
else {
    $skin = false;
}

306
307
308
309
310
311
312
$smarty = smarty(
    $javascript,
    $stylesheets,
    array(),
    array(
        'stylesheets' => array('style/views.css'),
        'sidebars'    => false,
313
        'skin' => $skin
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
    )
);
$smarty->assign('restrictedview', $restrictedview);
if ($groupinvitedlist) {
    $smarty->assign('invitedlist', $groupinvitedlist);
}
if ($groupinvitedlistform) {
    $smarty->assign('inviteform',$groupinvitedlistform);
}
if ($grouprequestedlist) {
    $smarty->assign('requestedlist', $grouprequestedlist);
}
if ($grouprequestedlistform) {
    $smarty->assign('addform',$grouprequestedlistform);
}
if ($remoteusermessage) {
    $smarty->assign('message', $record->message);
}
if ($remoteuseracceptform) {
    $smarty->assign('acceptform', acceptfriend_form($userid));
}
if ($remoteusernewfriendform) {
    $smarty->assign('newfriendform', addfriend_form($userid));
}
if ($remoteuserfriendscontrol) {
    $smarty->assign('friendscontrol', $friendscontrol);
}
if ($remoteuserrelationship) {
    $smarty->assign('relationship', $relationship);
}

345
346
$smarty->assign('loginas', $loginas);

347
348
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);

349
$smarty->assign('institutions', get_institution_string_for_user($userid));
350
$smarty->assign('canmessage', $loggedinid != $userid && can_send_message($loggedinid, $userid));
351
$smarty->assign('USERID', $userid);
352
$smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true)));
353
$smarty->assign('viewtype', 'profile');
354

355
$smarty->assign('user', $user);
356
357
358
if (get_config('viewmicroheaders')) {
    $smarty->assign('microheaders', true);
    $smarty->assign('microheadertitle', $view->display_title(true, false));
359
    $smarty->assign('maharalogofilename', 'site-logo-small');
360
361
362
    // Support for normal, light, or dark small Mahara logo - to use with skins
    if ($skin) {
        if ($skindata['header_logo_image'] == 'light') {
363
            $smarty->assign('maharalogofilename', 'site-logo-small-light');
364
365
        }
        else if ($skindata['header_logo_image'] == 'dark') {
366
            $smarty->assign('maharalogofilename', 'site-logo-small-dark');
367
368
        }
    }
369
370
371
    if ($loggedinid && $loggedinid == $userid) {
        $microheaderlinks = array(
            array(
372
                'name' => get_string('editthisview', 'view'),
373
374
375
376
377
                'url' => get_config('wwwroot') . 'view/blocks.php?profile=1',
            ),
        );
        $smarty->assign('microheaderlinks', $microheaderlinks);
    }
378
}
379
else {
380
381
382
    if ($loggedinid && $loggedinid == $userid) {
        $smarty->assign('ownprofile', true);
    }
383
    $smarty->assign('pageheadinghtml', $view->display_title(false));
384
385
386
387
388
389
390
    if ($skin) {
        if ($skindata['header_logo_image'] == 'light' || $skindata['header_logo_image'] == 'dark') {
            // override the default $smarty->assign('sitelogo') that happens
            // in the initial call to smarty()
            $smarty->assign('sitelogo', $THEME->header_logo($skindata['header_logo_image']));
        }
    }
391
}
392

393
if (!$restrictedview) {
394
    $smarty->assign('viewcontent', $viewcontent);
395
396
}

397
398
$smarty->display('user/view.tpl');

399
mahara_log('views', "$viewid"); // Log view visits
400

401
// Send an invitation to the user to join a group
402
function invite_submit(Pieform $form, $values) {
Clare Lenihan's avatar
Clare Lenihan committed
403
404
    global $userid;
    redirect('/group/invite.php?id=' . $values['group'] . '&user=' . $userid);
405
406
}

407
// Add the user as a member of a group
408
function addmember_submit(Pieform $form, $values) {
Clare Lenihan's avatar
Clare Lenihan committed
409
    global $USER, $SESSION, $userid;
410

411
412
    $group = get_record('group', 'id', $values['group']);
    $ctitle = $group->name;
413
    $adduser = get_record('usr', 'id', $userid);
414

415
    try {
416
        group_add_user($values['group'], $userid, 'member');
Clare Lenihan's avatar
Clare Lenihan committed
417
        $lang = get_user_language($userid);
418
        require_once(get_config('libroot') . 'activity.php');
419
420
421
422
        activity_occurred('maharamessage', array(
            'users'   => array($userid),
            'subject' => get_string_from_language($lang, 'addedtogroupsubject', 'group'),
            'message' => get_string_from_language($lang, 'addedtogroupmessage', 'group', display_name($USER, $adduser), $ctitle),
423
            'url'     => group_homepage_url($group, false),
424
425
            'urltext' => $ctitle,
        ));
Clare Lenihan's avatar
Clare Lenihan committed
426
        $SESSION->add_ok_msg(get_string('useradded', 'group'));
427
428
    }
    catch (SQLException $e) {
429
        $SESSION->add_error_msg(get_string('adduserfailed', 'group'));
430
    }
431
    redirect(profile_url($adduser));
432
}