Commit 06626d19 authored by Richard Mansfield's avatar Richard Mansfield Committed by Gerrit Code Review
Browse files

Merge "User profile: restricted view for users with insufficient priveleges"

parents fdef4406 40e01729
...@@ -132,6 +132,7 @@ $string['viewunobjectionablebody'] = '%s has looked at %s by %s and marked it as ...@@ -132,6 +132,7 @@ $string['viewunobjectionablebody'] = '%s has looked at %s by %s and marked it as
$string['updatewatchlistfailed'] = 'Update of watchlist failed'; $string['updatewatchlistfailed'] = 'Update of watchlist failed';
$string['watchlistupdated'] = 'Your watchlist has been updated'; $string['watchlistupdated'] = 'Your watchlist has been updated';
$string['viewvisitcount'] = '%d page visit(s) from %s to %s'; $string['viewvisitcount'] = '%d page visit(s) from %s to %s';
$string['profilenotshared'] = 'Full access to this user profile is restricted.';
$string['friend'] = 'Friend'; $string['friend'] = 'Friend';
$string['profileicon'] = 'Profile Picture'; $string['profileicon'] = 'Profile Picture';
......
...@@ -1589,6 +1589,9 @@ table.attachments td { ...@@ -1589,6 +1589,9 @@ table.attachments td {
border-bottom: 2px solid #ddd; border-bottom: 2px solid #ddd;
} }
/* User/view */ /* User/view */
.user-icon-name td {
vertical-align: middle;
}
#userview { #userview {
margin: 0 0 20px 0; margin: 0 0 20px 0;
} }
......
{if $microheaders} {if $microheaders}
{include file="viewmicroheader.tpl"} {include file="viewmicroheader.tpl"}
{else} {else}
{include file="header.tpl"}{if $pageheadinghtml}<h1>{$pageheadinghtml|safe}</h1>{/if} {include file="header.tpl"}
<table class="user-icon-name"><tr>
<td><img src="{profile_icon_url user=$user maxwidth=60 maxheight=60}" alt="" /></td>
{if $pageheadinghtml}
<td><h1>{$pageheadinghtml|safe}</h1></td>
{/if}
</tr></table>
{if $ownprofile} {if $ownprofile}
<div class="rbuttons"> <div class="rbuttons">
<a title="{str tag=editthisview section=view}" href="{$WWWROOT}view/blocks.php?profile=1" class="btn">{str tag=editthisview section=view}</a> <a title="{str tag=editthisview section=view}" href="{$WWWROOT}view/blocks.php?profile=1" class="btn">{str tag=editthisview section=view}</a>
...@@ -53,7 +59,11 @@ ...@@ -53,7 +59,11 @@
<div id="view" class="cl"> <div id="view" class="cl">
<div id="bottom-pane"> <div id="bottom-pane">
<div id="column-container"> <div id="column-container">
{$viewcontent|safe} {if $restrictedview}
<strong>{str tag=profilenotshared section=view}</strong>
{else}
{$viewcontent|safe}
{/if}
<div class="cb"></div> <div class="cb"></div>
</div> </div>
</div> </div>
......
...@@ -66,10 +66,13 @@ else { ...@@ -66,10 +66,13 @@ else {
$viewid = $view->get('id'); $viewid = $view->get('id');
# access will either be logged in (always) or public as well # access will either be logged in (always) or public as well
if (!$view || !can_view_view($viewid)) { if (!$view) {
// No access, so restrict profile view
throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error')); throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
} }
$restrictedview = !can_view_view($viewid);
$javascript = array('paginator', 'jquery', 'lib/pieforms/static/core/pieforms.js', 'artefact/resume/resumeshowhide.js'); $javascript = array('paginator', 'jquery', 'lib/pieforms/static/core/pieforms.js', 'artefact/resume/resumeshowhide.js');
$javascript = array_merge($javascript, $view->get_blocktype_javascript()); $javascript = array_merge($javascript, $view->get_blocktype_javascript());
...@@ -91,6 +94,7 @@ $smarty = smarty( ...@@ -91,6 +94,7 @@ $smarty = smarty(
'sidebars' => false, 'sidebars' => false,
) )
); );
$smarty->assign('restrictedview', $restrictedview);
$sql = "SELECT g.*, a.type FROM {group} g JOIN ( $sql = "SELECT g.*, a.type FROM {group} g JOIN (
SELECT gm.group, 'invite' AS type SELECT gm.group, 'invite' AS type
...@@ -286,6 +290,7 @@ $smarty->assign('USERID', $userid); ...@@ -286,6 +290,7 @@ $smarty->assign('USERID', $userid);
$smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true))); $smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true)));
$smarty->assign('viewtype', 'profile'); $smarty->assign('viewtype', 'profile');
$smarty->assign('user', $user);
if (get_config('viewmicroheaders')) { if (get_config('viewmicroheaders')) {
$smarty->assign('microheaders', true); $smarty->assign('microheaders', true);
$smarty->assign('microheadertitle', $view->display_title(true, false)); $smarty->assign('microheadertitle', $view->display_title(true, false));
...@@ -306,7 +311,10 @@ else { ...@@ -306,7 +311,10 @@ else {
$smarty->assign('pageheadinghtml', $view->display_title(false)); $smarty->assign('pageheadinghtml', $view->display_title(false));
} }
$smarty->assign('viewcontent', $view->build_columns()); if (!$restrictedview) {
$smarty->assign('viewcontent', $view->build_columns());
}
$smarty->display('user/view.tpl'); $smarty->display('user/view.tpl');
mahara_log('views', "$viewid"); // Log view visits mahara_log('views', "$viewid"); // Log view visits
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment