view.php 15.4 KB
Newer Older
Richard Mansfield's avatar
Richard Mansfield committed
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage core
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
Richard Mansfield's avatar
Richard Mansfield committed
9
10
11
 *
 */
define('INTERNAL', 1);
12
define('PUBLIC', 1);
Aaron Wells's avatar
Aaron Wells committed
13
// Technically these are lies, but we set them like this to hook in the right
14
15
16
17
// plugin stylesheet. This file should be provided by artefact/internal anyway.
define('SECTION_PLUGINTYPE', 'artefact');
define('SECTION_PLUGINNAME', 'internal');
define('SECTION_PAGE', 'view');
18

19
require(dirname(dirname(__FILE__)).'/init.php');
20
require_once('group.php');
21
require_once(get_config('libroot') . 'view.php');
Richard Mansfield's avatar
Richard Mansfield committed
22

23
24
25
26
27
28
29
if (param_variable('acceptfriend_submit', null)) {
    acceptfriend_form(param_integer('id'));
}
else if (param_variable('addfriend_submit', null)) {
    addfriend_form(param_integer('id'));
}

30
$loggedinid = $USER->get('id');
31
32
33

if ($profileurlid = param_alphanumext('profile', null)) {
    if (!$user = get_record('usr', 'urlid', $profileurlid, 'deleted', 0)) {
34
35
36
37
38
39
40
        if ($USER->is_logged_in()) {
            throw new UserNotFoundException("User $profileurlid not found");
        }
        else {
            // For logged-out users we show "access denied" in order to prevent an enumeration attack
            throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
        }
41
42
43
44
    }
    $userid = $user->id;
}
else if (!empty($loggedinid)) {
45
46
47
48
49
    $userid = param_integer('id', $loggedinid);
}
else {
    $userid = param_integer('id');
}
50
51
52
if ($userid == 0) {
    redirect();
}
53

54
// Get the user's details
55
56
if (!isset($user)) {
    if (!$user = get_record('usr', 'id', $userid, 'deleted', 0)) {
57
58
59
60
61
62
63
        if ($USER->is_logged_in()) {
            throw new UserNotFoundException("User with id $userid not found");
        }
        else {
            // For logged-out users we show "access denied" in order to prevent an enumeration attack
            throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
        }
64
    }
65
}
Penny Leach's avatar
Penny Leach committed
66
$is_friend = is_friend($userid, $loggedinid);
67

68
69
70
71
72
73
74
75
76
if ($loggedinid == $userid) {
    $view = $USER->get_profile_view();
}
else {
    $userobj = new User();
    $userobj->find_by_id($userid);
    $view = $userobj->get_profile_view();
}

77
# access will either be logged in (always) or public as well
78
79
if (!$view) {
    // No access, so restrict profile view
80
    throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
81
82
}

83
$viewid = $view->get('id');
84
85
// Special behaviour: Logged in users who the page hasn't been shared with, see a special page
// with the user's name, icon, and little else.
86
$restrictedview = !can_view_view($viewid);
87
88
89
90
// Logged-out users can't see any details, though
if ($restrictedview && !$USER->is_logged_in()) {
    throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
91
if (!$restrictedview) {
92
    $viewcontent = $view->build_rows(); // Build content before initialising smarty in case pieform elements define headers.
93
}
94

Naomi Guyer's avatar
Naomi Guyer committed
95
$javascript = array('paginator', 'lib/pieforms/static/core/pieforms.js');
96
97
$blocktype_js = $view->get_all_blocktype_javascript();
$javascript = array_merge($javascript, $blocktype_js['jsfiles']);
98
if (is_plugin_active('externalvideo', 'blocktype')) {
99
100
    $javascript = array_merge($javascript, array((is_https() ? 'https:' : 'http:') . '//cdn.embedly.com/widgets/platform.js'));
}
101
$inlinejs = "jQuery( function() {\n" . join("\n", $blocktype_js['initjs']) . "\n});";
102

103
// Set up theme
104
105
$viewtheme = $view->get('theme');
if ($viewtheme && $THEME->basename != $viewtheme) {
106
    $THEME = new Theme($view);
107
}
Naomi Guyer's avatar
Naomi Guyer committed
108
$stylesheets = array();
109
$stylesheets = array_merge($stylesheets, $view->get_all_blocktype_css());
110
111
112
// include slimbox2 js and css files, if it is enabled...
if (get_config_plugin('blocktype', 'gallery', 'useslimbox2')) {
    $langdir = (get_string('thisdirection', 'langconfig') == 'rtl' ? '-rtl' : '');
113
    $stylesheets = array_merge($stylesheets, array('<script type="application/javascript" src="' . append_version_number(get_config('wwwroot') . 'lib/slimbox2/js/slimbox2.js') . '"></script>',
114
                     '<link rel="stylesheet" type="text/css" href="' . append_version_number(get_config('wwwroot') . 'lib/slimbox2/css/slimbox2' . $langdir . '.css') . '">'
115
116
                     ));
}
117

118
$name = display_name($user);
Martyn Smith's avatar
Martyn Smith committed
119
define('TITLE', $name);
120
121
122
123
124
125
126
127
128
129
130
131
132
133

$sql = "SELECT g.*, a.type FROM {group} g JOIN (
SELECT gm.group, 'invite' AS type
    FROM {group_member_invite} gm WHERE gm.member = ?
UNION
SELECT gm.group, 'request' AS type
    FROM {group_member_request} gm WHERE gm.member = ?
UNION
SELECT gm.group, gm.role AS type
    FROM {group_member} gm
    WHERE gm.member = ?
) AS a ON a.group = g.id
WHERE g.deleted = 0
ORDER BY g.name";
Nigel McNie's avatar
Nigel McNie committed
134
135
136
if (!$allusergroups = get_records_sql_assoc($sql, array($userid, $userid, $userid))) {
    $allusergroups = array();
}
137
138
139
140
141
142
143
144
145
$groupinvitedlist = false;
$groupinvitedlistform = false;
$grouprequestedlist = false;
$grouprequestedlistform = false;
$remoteusermessage = false;
$remoteuseracceptform = false;
$remoteusernewfriendform = false;
$remoteuserfriendscontrol = false;
$remoteuserrelationship = false;
146
if (!empty($loggedinid) && $loggedinid != $userid) {
147
148
149
150

    $invitedlist = array();   // Groups admin'ed by the logged in user that the displayed user has been invited to
    $requestedlist = array(); // Groups admin'ed by the logged in user that the displayed user has requested membership of

151
152
153
154
155
    // Get all groups where either:
    // - the logged in user is an admin, or
    // - the logged in user has a role which is allowed to assess submitted views, or
    // - the logged in user is a member & is allowed to invite friends (when the displayed user is a friend)
    $groups = array();
156
    foreach (group_get_user_groups() as $g) {
157
158
159
160
161
        if ($g->role == 'admin' || $g->see_submitted_views || ($is_friend && $g->invitefriends)) {
            $groups[] = $g;
        }
    }
    if ($groups) {
162
163
164
        $invitelist     = array(); // List of groups the displayed user can be invited to join
        $controlledlist = array(); // List of groups the displayed user can be directly added to

165
        foreach ($groups as $group) {
166
            if (array_key_exists($group->id, $allusergroups)) {
167
168
169
170
171
172
173
174
175
176
177
178
                if ($allusergroups[$group->id]->type == 'invite') {
                    $invitedlist[$group->id] = $group->name;
                }
                else if ($allusergroups[$group->id]->type == 'request') {
                    $requestedlist[$group->id] = $group->name;
                    $controlledlist[$group->id] = $group->name;
                    continue;
                }
                else {
                    continue; // Already a member
                }
            }
179
180
            $canadd = $group->role == 'admin' || $group->see_submitted_views;
            if ($canadd && $group->jointype == 'controlled') {
181
182
183
184
                $controlledlist[$group->id] = $group->name;
            }
            if (!isset($invitedlist[$group->id])) {
                $invitelist[$group->id] = $group->name;
185
186
            }
        }
187
        $groupinvitedlist = join(', ', $invitedlist);
188
189
190
191
192
        if (count($invitelist) > 0) {
            $default = array_keys($invitelist);
            $default = $default[0];
            $inviteform = pieform(array(
                'name'              => 'invite',
Clare Lenihan's avatar
Clare Lenihan committed
193
194
                'successcallback'   => 'invite_submit',
                'renderer'          => 'div',
195
                'class'             => 'form-inline with-heading invite-friend',
196
197
198
199
200
                'elements'          => array(
                    'id' => array(
                        'type'  => 'hidden',
                        'value' => $userid,
                    ),
Naomi Guyer's avatar
Naomi Guyer committed
201
202
203
204
205
206
207
208
209
210
211
212
                    'invitegroup' => array (
                        'type' => 'fieldset',
                        'class' => 'input-group',
                        'elements'          => array(
                            'group' => array(
                                'class'               => 'last hide-label input-sm',
                                'type'                => 'select',
                                'title'               => get_string('inviteusertojoingroup', 'group'),
                                'collapseifoneoption' => false,
                                'options'             => $invitelist,
                                'defaultvalue'        => $default,
                            ),
213

Naomi Guyer's avatar
Naomi Guyer committed
214
215
216
                            'submit' => array(
                                'type'  => 'button',
                                'usebuttontag' => true,
217
                                'class' => 'btn-sm btn-primary input-group-btn',
218
                                'value' => '<span class="icon icon-paper-plane left" role="presentation" aria-hidden="true"></span>' . get_string('sendinvitation', 'group'),
Naomi Guyer's avatar
Naomi Guyer committed
219
220
221
                            )
                        )
                    )
222
223
                ),
            ));
224
            $groupinvitedlistform = $inviteform;
225
        }
226

227
        $grouprequestedlist = join(', ', $requestedlist);
228
229
230
231
232
        if (count($controlledlist) > 0) {
            $default = array_keys($controlledlist);
            $default = $default[0];
            $addform = pieform(array(
                'name'                => 'addmember',
Clare Lenihan's avatar
Clare Lenihan committed
233
234
                'successcallback'     => 'addmember_submit',
                'renderer'            => 'div',
Naomi Guyer's avatar
Naomi Guyer committed
235
                'class'             => 'form-inline with-heading with-user-icon',
236
                'autofocus'           => false,
237
                'elements'            => array(
238
239
                    'member' => array(
                        'type'  => 'hidden',
Aaron Wells's avatar
Aaron Wells committed
240
                        'value' => $userid,
241
                    ),
Naomi Guyer's avatar
Naomi Guyer committed
242
243
244
245
246
247
248
249
250
251
252
253
                    'addgroup' => array (
                        'type' => 'fieldset',
                        'class' => 'input-group',
                        'elements'  => array(
                            'group' => array(
                                'class'   => 'last hide-label input-sm',
                                'type'    => 'select',
                                'title'   => get_string('addusertogroup', 'group'),
                                'collapseifoneoption' => false,
                                'options' => $controlledlist,
                                'defaultvalue' => $default,
                            ),
254

Naomi Guyer's avatar
Naomi Guyer committed
255
256
257
                            'submit' => array(
                                'type'  => 'button',
                                'usebuttontag' => true,
258
                                'class' => 'btn-sm btn-primary input-group-btn',
259
                                'value' => '<span class="icon icon-plus left" role="presentation" aria-hidden="true"></span>' . get_string('add'),
Naomi Guyer's avatar
Naomi Guyer committed
260
261
262
                            )
                        )
                    )
263
                ),
264
            ));
265
            $grouprequestedlistform = $addform;
Aaron Wells's avatar
Aaron Wells committed
266
        }
267
    }
268

Penny Leach's avatar
Penny Leach committed
269
    if ($is_friend) {
Clare Lenihan's avatar
Clare Lenihan committed
270
        $relationship = 'existingfriend';
271
    }
Clare Lenihan's avatar
Clare Lenihan committed
272
273
    else if (record_exists('usr_friend_request', 'requester', $loggedinid, 'owner', $userid)) {
        $relationship = 'requestedfriendship';
274
    }
Clare Lenihan's avatar
Clare Lenihan committed
275
276
    else if ($record = get_record('usr_friend_request', 'requester', $userid, 'owner', $loggedinid)) {
        $relationship = 'pending';
277
278
        $remoteusermessage = $record->message;
        $remoteuseracceptform = acceptfriend_form($userid);
279
    }
Clare Lenihan's avatar
Clare Lenihan committed
280
281
282
283
    else {
        $relationship = 'none';
        $friendscontrol = get_account_preference($userid, 'friendscontrol');
        if ($friendscontrol == 'auto') {
284
            $remoteusernewfriendform = addfriend_form($userid);
Clare Lenihan's avatar
Clare Lenihan committed
285
        }
286
        $remoteuserfriendscontrol = $friendscontrol;
Clare Lenihan's avatar
Clare Lenihan committed
287
    }
288
    $remoteuserrelationship = $relationship;
Penny Leach's avatar
Penny Leach committed
289
290
}

291
if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
292
    $loginas = get_string('loginasuser', 'admin', display_username($user));
293
294
295
} else {
    $loginas = null;
}
296
297
298
299
300
301
302
303
304
305
306
// Set up skin, if the page has one
$viewskin = $view->get('skin');
$owner    = $view->get('owner');
$issiteview = $view->get('institution') == 'mahara';
if ($viewskin && get_config('skins') && can_use_skins($owner, false, $issiteview) && (!isset($THEME->skins) || $THEME->skins !== false)) {
    $skin = array('skinid' => $viewskin, 'viewid' => $view->get('id'));
}
else {
    $skin = false;
}

307
308
309
310
311
312
$smarty = smarty(
    $javascript,
    $stylesheets,
    array(),
    array(
        'sidebars'    => false,
313
        'skin' => $skin
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
    )
);
$smarty->assign('restrictedview', $restrictedview);
if ($groupinvitedlist) {
    $smarty->assign('invitedlist', $groupinvitedlist);
}
if ($groupinvitedlistform) {
    $smarty->assign('inviteform',$groupinvitedlistform);
}
if ($grouprequestedlist) {
    $smarty->assign('requestedlist', $grouprequestedlist);
}
if ($grouprequestedlistform) {
    $smarty->assign('addform',$grouprequestedlistform);
}
if ($remoteusermessage) {
    $smarty->assign('message', $record->message);
}
if ($remoteuseracceptform) {
    $smarty->assign('acceptform', acceptfriend_form($userid));
}
if ($remoteusernewfriendform) {
    $smarty->assign('newfriendform', addfriend_form($userid));
}
if ($remoteuserfriendscontrol) {
    $smarty->assign('friendscontrol', $friendscontrol);
}
if ($remoteuserrelationship) {
    $smarty->assign('relationship', $relationship);
}

345
346
$smarty->assign('loginas', $loginas);

347
348
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);

349
$smarty->assign('institutions', get_institution_string_for_user($userid));
350
$smarty->assign('canmessage', $loggedinid != $userid && can_send_message($loggedinid, $userid));
351
$smarty->assign('USERID', $userid);
352
$smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true)));
353
$smarty->assign('viewtype', 'profile');
354
$smarty->assign('PAGEHEADING', null);
355
$smarty->assign('user', $user);
356
357
358
359
if ($loggedinid && $loggedinid == $userid) {
    $smarty->assign('ownprofile', true);
}
$smarty->assign('pageheadinghtml', $view->display_title(false));
360

361
if (!$restrictedview) {
362
    $smarty->assign('viewcontent', $viewcontent);
363
}
364
365
safe_require('module', 'multirecipientnotification');
$smarty->assign('mrmoduleactive', PluginModuleMultirecipientnotification::is_active());
366

367
368
$smarty->display('user/view.tpl');

369
mahara_touch_record('view', $viewid); // Update record 'atime'
370
mahara_log('views', "$viewid"); // Log view visits
371

372
// Send an invitation to the user to join a group
373
function invite_submit(Pieform $form, $values) {
Clare Lenihan's avatar
Clare Lenihan committed
374
375
    global $userid;
    redirect('/group/invite.php?id=' . $values['group'] . '&user=' . $userid);
376
377
}

378
// Add the user as a member of a group
379
function addmember_submit(Pieform $form, $values) {
Clare Lenihan's avatar
Clare Lenihan committed
380
    global $USER, $SESSION, $userid;
381

382
    $group = get_group_by_id($values['group'], true);
383
    $ctitle = $group->name;
384
    $adduser = get_record('usr', 'id', $userid);
385

386
    try {
387
        group_add_user($values['group'], $userid, 'member');
Clare Lenihan's avatar
Clare Lenihan committed
388
        $lang = get_user_language($userid);
389
        require_once(get_config('libroot') . 'activity.php');
390
391
392
393
        activity_occurred('maharamessage', array(
            'users'   => array($userid),
            'subject' => get_string_from_language($lang, 'addedtogroupsubject', 'group'),
            'message' => get_string_from_language($lang, 'addedtogroupmessage', 'group', display_name($USER, $adduser), $ctitle),
394
            'url'     => group_homepage_url($group, false),
395
396
            'urltext' => $ctitle,
        ));
Clare Lenihan's avatar
Clare Lenihan committed
397
        $SESSION->add_ok_msg(get_string('useradded', 'group'));
398
399
    }
    catch (SQLException $e) {
400
        $SESSION->add_error_msg(get_string('adduserfailed', 'group'));
401
    }
402
    redirect(profile_url($adduser));
403
}