Date limits for groups (bug #1017354) - obey limits

Add date limits (from-until) to groups; members will only be able to make
changes in the group during the specified time period.

This commit restricts user access to within the date limits.

Change-Id: I4574ad724d87fbaeb72063d952741114f8ea8d85
Signed-off-by: Jiri Baum <jiri@catalyst-au.net>

htdocs/artefact/file/form/elements/filebrowser.php

@@ -750,6 +750,9 @@ function pieform_element_filebrowser_upload(Pieform $form, $element, $data) {
         }
         $data->institution = $institution;
     } else if ($group) {
+        if (!group_within_edit_window($group)) {
+            return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
+        }
         if (!$parentfolder) {
             if (!pieform_element_filebrowser_edit_group_folder($group, 0)) {
                 return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
@@ -942,6 +945,9 @@ function pieform_element_filebrowser_createfolder(Pieform $form, $element, $data
     if ($institution) {
         $data->institution = $institution;
     } else if ($group) {
+        if (!group_within_edit_window($group)) {
+            return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));
+        }
         if (!$parentfolder) {
             if (!pieform_element_filebrowser_edit_group_folder($group, 0)) {
                 return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file'));

htdocs/artefact/file/groupfiles.php

@@ -38,7 +38,7 @@ safe_require('artefact', 'file');
 define('GROUP', param_integer('group'));
 $group = group_current_group();
 
-if (!$role = group_user_access($group->id)) {
+if (!$role = group_user_access($group->id) || !group_within_edit_window($group)) {
     throw new AccessDeniedException();
 }
 define('TITLE', $group->name . ' - ' . get_string('groupfiles', 'artefact.file'));

htdocs/artefact/file/lib.php

@@ -523,6 +523,16 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
             $highlight = array($file); // todo convert to file1=1&file2=2 etc
         }
 
+        // Check whether the user may upload files; either the group needs to
+        // be within its edit window (if one is set) or the user needs to be
+        // the group admin.
+        if (!empty($group)) {
+            $editfilesfolders = group_within_edit_window($group);
+        }
+        else {
+            $editfilesfolders = true;
+        }
+
         $form = array(
             'name'               => 'files',
             'jsform'             => true,
@@ -543,12 +553,12 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
                     'edit'         => $edit,
                     'page'         => $page,
                     'config'       => array(
-                        'upload'          => true,
+                        'upload'          => $editfilesfolders,
                         'uploadagreement' => get_config_plugin('artefact', 'file', 'uploadagreement'),
                         'resizeonuploaduseroption' => get_config_plugin('artefact', 'file', 'resizeonuploaduseroption'),
                         'resizeonuploaduserdefault' => $resizeonuploaduserdefault,
-                        'createfolder'    => true,
-                        'edit'            => true,
+                        'createfolder'    => $editfilesfolders,
+                        'edit'            => $editfilesfolders,
                         'select'          => false,
                     ),
                 ),

htdocs/auth/user.php

@@ -950,6 +950,9 @@ class User {
         if ($role == 'admin') {
             return true;
         }
+        if (!group_within_edit_window($group)) {
+            return false;
+        }
         if ($this->id == $a->get('author')) {
             return true;
         }

htdocs/interaction/forum/deletepost.php

@@ -66,7 +66,7 @@ if (!$post) {
 $membership = user_can_access_forum((int)$post->forum);
 $moderator = (bool)($membership & INTERACTION_FORUM_MOD);
 
-if (!$moderator) {
+if (!$moderator || ($post->group && !group_within_edit_window($post->group))) {
     throw new AccessDeniedException(get_string('cantdeletepost', 'interaction.forum'));
 }
 

htdocs/interaction/forum/deletetopic.php

@@ -72,7 +72,7 @@ $moderator = (bool)($membership & INTERACTION_FORUM_MOD);
 
 $topic->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $topic->ctime);
 
-if (!$moderator) {
+if (!$moderator || ($topic->group && !group_within_edit_window($topic->group))) {
     throw new AccessDeniedException(get_string('cantdeletetopic', 'interaction.forum'));
 }
 

htdocs/interaction/forum/editpost.php

@@ -90,6 +90,9 @@ $membership = user_can_access_forum((int)$parent->forum);
 $moderator = (bool)($membership & INTERACTION_FORUM_MOD);
 
 if (!isset($postid)) { // post reply
+    if (!group_within_edit_window($parent->group)) {
+        throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum'));
+    }
     if (!$membership) {
         throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum'));
     }
@@ -100,6 +103,9 @@ if (!isset($postid)) { // post reply
     define('TITLE', $parent->topicsubject . ' - ' . $action);
 }
 else { // edit post
+    if (!group_within_edit_window($parent->group)) {
+        throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum'));
+    }
     // no record for edits to own posts with 30 minutes
     if (user_can_edit_post($post->poster, $post->ctime)) {
         $post->editrecord = false;

htdocs/interaction/forum/edittopic.php

@@ -86,6 +86,10 @@ if (!$membership || ($forumconfig['createtopicusers']->value == 'moderators' &&
     throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum'));
 }
 
+if (!group_within_edit_window($forum->groupid)) {
+    throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum'));
+}
+
 if (!isset($topicid)) { // new topic
     define('TITLE', $forum->title . ' - ' . get_string('addtopic','interaction.forum'));
 }

htdocs/interaction/forum/theme/raw/post.tpl

@@ -8,9 +8,9 @@
 {include file="interaction:forum:simplepost.tpl" post=$post groupadmins=$groupadmins nosubject=true}
 {/if}
 <div class="postbtns">
-{if $moderator || ($membership && !$closed)}<span class="btn"><a href="{$WWWROOT}interaction/forum/editpost.php?parent={$post->id}" class="icon btn-reply">{str tag="Reply" section=interaction.forum}</a></span>{/if}
+{if ($moderator || ($membership && !$closed)) && $ineditwindow}<span class="btn"><a href="{$WWWROOT}interaction/forum/editpost.php?parent={$post->id}" class="icon btn-reply">{str tag="Reply" section=interaction.forum}</a></span>{/if}
 {if $post->canedit}<span class="btn"><a href="{$WWWROOT}interaction/forum/editpost.php?id={$post->id}" class="icon btn-edit"> {str tag="edit"}</a></span>{/if}
 {if $moderator && $post->parent} <span class="btn"><a href="{$WWWROOT}interaction/forum/deletepost.php?id={$post->id}" class="icon btn-del"> {str tag="delete"}</a></span>{/if}
 </div>
 </div>
-{/if}
\ No newline at end of file
+{/if}

htdocs/interaction/forum/theme/raw/view.tpl

@@ -11,7 +11,7 @@
 <div id="forumdescription">{$forum->description|clean_html|safe}</div>
 <div id="viewforum" class="rel">
 	<h3>{str tag=Topics section="interaction.forum"}</h3>
-    {if $membership && ($moderator || $forum->newtopicusers != 'moderators') }
+    {if $membership && ($moderator || ($forum->newtopicusers != 'moderators') && $ineditwindow) }
     <div class="rbuttons">
 	<a href="{$WWWROOT}interaction/forum/edittopic.php?forum={$forum->id}" class="btn newforumtopic">{str tag="newtopic" section="interaction.forum"}</a>
 	</div>

htdocs/interaction/forum/topic.php

@@ -59,11 +59,13 @@ if (!$topic) {
 
 define('GROUP', $topic->groupid);
 
-$publicgroup = get_field('group', 'public', 'id', $topic->groupid);
+$group = get_record('group', 'id', $topic->groupid);
+$publicgroup = $group->public;
+$ineditwindow = group_within_edit_window($group);
 $feedlink = get_config('wwwroot') . 'interaction/forum/atom.php?type=t&id=' . $topic->id;
 
 $membership = user_can_access_forum((int)$topic->forumid);
-$moderator = (bool)($membership & INTERACTION_FORUM_MOD);
+$moderator = $ineditwindow && (bool)($membership & INTERACTION_FORUM_MOD);
 
 $forumconfig = get_records_assoc('interaction_forum_instance_config', 'forum', $topic->forumid, '', 'field,value');
 $indentmode = isset($forumconfig['indentmode']) ? $forumconfig['indentmode']->value : 'full_indent';
@@ -73,7 +75,7 @@ if (!$membership
     && !get_field('group', 'public', 'id', $topic->groupid)) {
     throw new GroupAccessDeniedException(get_string('cantviewtopic', 'interaction.forum'));
 }
-$topic->canedit = $moderator || user_can_edit_post($topic->poster, $topic->ctime);
+$topic->canedit = ($moderator || user_can_edit_post($topic->poster, $topic->ctime)) && $ineditwindow;
 
 define('TITLE', $topic->forumtitle . ' - ' . $topic->subject);
 
@@ -134,7 +136,7 @@ foreach ($posts as $post) {
     // Get the number of posts
     $post->postcount = get_postcount($post->poster);
 
-    $post->canedit = $post->parent && ($moderator || user_can_edit_post($post->poster, $post->ctime));
+    $post->canedit = $post->parent && ($moderator || user_can_edit_post($post->poster, $post->ctime)) && $ineditwindow;
     $post->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $post->ctime);
     // Get post edit records
     $post->edit = get_postedits($post->id);
@@ -223,7 +225,7 @@ function buildpostlist($posts, $mode, $max_depth) {
  */
 
 function renderpost($post, $indent) {
-    global $moderator, $topic, $groupadmins, $membership;
+    global $moderator, $topic, $groupadmins, $membership, $ineditwindow;
 
     $smarty = smarty_core();
     $smarty->assign('post', $post);
@@ -232,6 +234,7 @@ function renderpost($post, $indent) {
     $smarty->assign('moderator', $moderator);
     $smarty->assign('membership', $membership);
     $smarty->assign('closed', $topic->closed);
+    $smarty->assign('ineditwindow', $ineditwindow);
     return $smarty->fetch('interaction:forum:post.tpl');
 }
 

htdocs/interaction/forum/view.php

@@ -68,11 +68,17 @@ if (!$forum) {
 $membership = user_can_access_forum((int)$forumid);
 $admin = (bool)($membership & INTERACTION_FORUM_ADMIN);
 $moderator = (bool)($membership & INTERACTION_FORUM_MOD);
-$publicgroup = get_field('group', 'public', 'id', $forum->groupid);
+$group = get_record('group', 'id', $forum->groupid);
+$publicgroup = $group->public;
 if (!$membership && !$publicgroup) {
     throw new GroupAccessDeniedException(get_string('cantviewforums', 'interaction.forum'));
 }
 
+$ineditwindow = group_within_edit_window($group);
+if (!$ineditwindow) {
+    $moderator = false;
+}
+
 define('TITLE', $forum->groupname . ' - ' . $forum->title);
 
 $feedlink = get_config('wwwroot') . 'interaction/forum/atom.php?type=f&id=' . $forum->id;
@@ -257,6 +263,7 @@ $smarty->assign('heading', $forum->groupname);
 $smarty->assign('subheading', $forum->title);
 $smarty->assign('forum', $forum);
 $smarty->assign('publicgroup', $publicgroup);
+$smarty->assign('ineditwindow', $ineditwindow);
 $smarty->assign('feedlink', $feedlink);
 $smarty->assign('membership', $membership);
 $smarty->assign('moderator', $moderator);

htdocs/lib/group.php

@@ -176,12 +176,39 @@ function group_role_can_edit_views($group, $role) {
     }
 
     if ($role == 'member') {
-        return $editroles == 'all';
+        return ($editroles == 'all' && group_within_edit_window($group));
     }
 
     return $editroles != 'admin';
 }
 
+
+/**
+ * Determine if the current date/time is within the editable window of the
+ * group if one is set. By default, a group admin is considered to be within
+ * the window.
+ * @param object $group the group to check
+ * @param bool $admin_always whether the admin should be OK regardless of time
+ */
+function group_within_edit_window($group, $admin_always=true) {
+    if (is_numeric($group)) {
+        $group = get_record('group', 'id', $group);
+    }
+
+    if ($admin_always && group_user_access($group->id) == 'admin') {
+      return true;
+    }
+
+    $start = !empty($group->editwindowstart) ? strtotime($group->editwindowstart) : null;
+    $end = !empty($group->editwindowend) ? strtotime($group->editwindowend) : null;
+    $now = time();
+
+    return (empty($start) && empty($end)) ||
+        (!empty($start) && $now > $start && empty($end)) ||
+        (empty($start) && $now < $end && !empty($end)) ||
+        ($start < $now && $now < $end);
+}
+
 function group_role_can_moderate_views($group, $role) {
     static $moderatingroles = array();
 

htdocs/view/access.php

@@ -67,6 +67,10 @@ View::set_nav($group, $institution, true);
 if (!$USER->can_edit_view($view)) {
     throw new AccessDeniedException();
 }
+if ($group && !group_within_edit_window($group)) {
+    throw new AccessDeniedException();
+}
+
 
 $form = array(
     'name' => 'editaccess',

htdocs/view/blocks.php

@@ -73,6 +73,10 @@ if ($view->is_submitted()) {
 $group = $view->get('group');
 $institution = $view->get('institution');
 
+if ($group && !group_within_edit_window($group)) {
+    throw new AccessDeniedException();
+}
+
 // If a block was configured & submitted, build the form now so it can
 // be processed without having to render the other blocks.
 if ($blockid = param_integer('blockconfig', 0)) {

htdocs/view/choosetemplate.php

@@ -43,7 +43,7 @@ if ($usetemplate = param_integer('usetemplate', null)) {
     pieform(create_view_form($groupid, $institution, $usetemplate, param_integer('copycollection', null)));
 }
 
-if ($groupid && !group_user_can_edit_views($groupid) || $institution && !$USER->can_edit_institution($institution)) {
+if ($groupid && (!group_user_can_edit_views($groupid) || !group_within_edit_window($groupid)) || $institution && !$USER->can_edit_institution($institution)) {
     throw new AccessDeniedException();
 }
 

htdocs/view/delete.php

@@ -37,6 +37,10 @@ if (!$view || !$USER->can_edit_view($view)) {
     throw new AccessDeniedException(get_string('cantdeleteview', 'view'));
 }
 $groupid = $view->get('group');
+if (!group_within_edit_window($group)) {
+    throw new AccessDeniedException(get_string('cantdeleteview', 'view'));
+}
+
 $institution = $view->get('institution');
 View::set_nav($groupid, $institution);
 

htdocs/view/edit.php

@@ -58,6 +58,10 @@ $institution = $view->get('institution');
 $view->set_edit_nav();
 $view->set_user_theme();
 
+if ($group && !group_within_edit_window($group)) {
+    throw new AccessDeniedException();
+}
+
 $new = param_boolean('new', 0);
 
 if ($new) {

htdocs/view/submit.php

@@ -46,7 +46,7 @@ $group = get_record_sql(
     array($USER->get('id'), $groupid)
 );
 
-if (!$group) {
+if (!$group || !group_within_edit_window($group)) {
     throw new AccessDeniedException(get_string('cantsubmittogroup', 'view'));
 }
 

htdocs/view/urls.php

@@ -49,6 +49,9 @@ View::set_nav($group, $institution, true);
 if (!$USER->can_edit_view($view)) {
     throw new AccessDeniedException();
 }
+if ($group && !group_within_edit_window($group)) {
+    throw new AccessDeniedException();
+}
 
 $newform = array(
     'name'     => 'newurl',