Commit 06626d19 authored by Richard Mansfield's avatar Richard Mansfield Committed by Gerrit Code Review
Browse files

Merge "User profile: restricted view for users with insufficient priveleges"

parents fdef4406 40e01729
......@@ -132,6 +132,7 @@ $string['viewunobjectionablebody'] = '%s has looked at %s by %s and marked it as
$string['updatewatchlistfailed'] = 'Update of watchlist failed';
$string['watchlistupdated'] = 'Your watchlist has been updated';
$string['viewvisitcount'] = '%d page visit(s) from %s to %s';
$string['profilenotshared'] = 'Full access to this user profile is restricted.';
$string['friend'] = 'Friend';
$string['profileicon'] = 'Profile Picture';
......
......@@ -1589,6 +1589,9 @@ table.attachments td {
border-bottom: 2px solid #ddd;
}
/* User/view */
.user-icon-name td {
vertical-align: middle;
}
#userview {
margin: 0 0 20px 0;
}
......
{if $microheaders}
{include file="viewmicroheader.tpl"}
{else}
{include file="header.tpl"}{if $pageheadinghtml}<h1>{$pageheadinghtml|safe}</h1>{/if}
{include file="header.tpl"}
<table class="user-icon-name"><tr>
<td><img src="{profile_icon_url user=$user maxwidth=60 maxheight=60}" alt="" /></td>
{if $pageheadinghtml}
<td><h1>{$pageheadinghtml|safe}</h1></td>
{/if}
</tr></table>
{if $ownprofile}
<div class="rbuttons">
<a title="{str tag=editthisview section=view}" href="{$WWWROOT}view/blocks.php?profile=1" class="btn">{str tag=editthisview section=view}</a>
......@@ -53,7 +59,11 @@
<div id="view" class="cl">
<div id="bottom-pane">
<div id="column-container">
{if $restrictedview}
<strong>{str tag=profilenotshared section=view}</strong>
{else}
{$viewcontent|safe}
{/if}
<div class="cb"></div>
</div>
</div>
......
......@@ -66,10 +66,13 @@ else {
$viewid = $view->get('id');
# access will either be logged in (always) or public as well
if (!$view || !can_view_view($viewid)) {
if (!$view) {
// No access, so restrict profile view
throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
}
$restrictedview = !can_view_view($viewid);
$javascript = array('paginator', 'jquery', 'lib/pieforms/static/core/pieforms.js', 'artefact/resume/resumeshowhide.js');
$javascript = array_merge($javascript, $view->get_blocktype_javascript());
......@@ -91,6 +94,7 @@ $smarty = smarty(
'sidebars' => false,
)
);
$smarty->assign('restrictedview', $restrictedview);
$sql = "SELECT g.*, a.type FROM {group} g JOIN (
SELECT gm.group, 'invite' AS type
......@@ -286,6 +290,7 @@ $smarty->assign('USERID', $userid);
$smarty->assign('viewtitle', get_string('usersprofile', 'mahara', display_name($user, null, true)));
$smarty->assign('viewtype', 'profile');
$smarty->assign('user', $user);
if (get_config('viewmicroheaders')) {
$smarty->assign('microheaders', true);
$smarty->assign('microheadertitle', $view->display_title(true, false));
......@@ -306,7 +311,10 @@ else {
$smarty->assign('pageheadinghtml', $view->display_title(false));
}
$smarty->assign('viewcontent', $view->build_columns());
if (!$restrictedview) {
$smarty->assign('viewcontent', $view->build_columns());
}
$smarty->display('user/view.tpl');
mahara_log('views', "$viewid"); // Log view visits
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment