Commit 25873215 authored by Martyn Smith's avatar Martyn Smith Committed by Martyn Smith
Browse files
parents 27257207 54937807
......@@ -44,27 +44,10 @@ if ($stopmonitoring) {
try {
foreach ($_GET as $k => $v) {
if (preg_match('/^stopviews\-(\d+)$/',$k,$m)) {
$recurse = param_boolean($k . '-recurse', null);
if (!empty($recurse)) {
$sql = 'DELETE FROM ' . $prefix . 'usr_watchlist_artefact
WHERE usr = ? AND (artefact IN (
SELECT artefact FROM ' . $prefix . 'artefact_parent_cache WHERE parent IN (
SELECT artefact FROM ' . $prefix . 'view_artefact WHERE view = ? ) )
OR artefact IN (
SELECT artefact FROM ' . $prefix . 'view_artefact WHERE view = ?))';
delete_records_sql($sql, array($userid, $m[1], $m[1]));
}
delete_records('usr_watchlist_view', 'usr', $userid, 'view', $m[1]);
$count++;
}
else if (preg_match('/^stopartefacts\-(\d+)$/',$k,$m)) {
$recurse = param_boolean($k . '-recurse', null);
if (!empty($recurse)) {
$sql = 'DELETE FROM ' . $prefix . 'usr_watchlist_artefact
WHERE usr = ? AND artefact IN (
SELECT artefact FROM ' . $prefix . 'artefact_parent_cache WHERE parent = ?)';
delete_records_sql($sql, array($userid, $m[1]));
}
delete_records('usr_watchlist_artefact', 'usr', $userid, 'artefact', $m[1]);
$count++;
}
......@@ -133,7 +116,7 @@ $records = array();
if ($type == 'views') {
$count = count_records('usr_watchlist_view', 'usr', $userid);
$sql = 'SELECT v.*, v.title AS name
$sql = 'SELECT v.*, v.title AS name, w.recurse
FROM ' . $prefix . 'view v
JOIN ' . $prefix . 'usr_watchlist_view w ON w.view = v.id
WHERE w.usr = ?';
......@@ -157,7 +140,7 @@ else if ($type == 'communities') {
}
else if ($type == 'artefacts') {
$count = count_records('usr_watchlist_artefact', 'usr', $userid);
$sql = 'SELECT a.* , a.title AS name
$sql = 'SELECT a.* , a.title AS name, w.view, w.recurse
FROM ' . $prefix . 'artefact a
JOIN ' . $prefix . 'usr_watchlist_artefact w ON w.artefact = a.id
WHERE w.usr = ?';
......
......@@ -36,36 +36,38 @@ $artefactstring = get_string('artefacts', 'activity');
$monitoredstring = get_string('monitored', 'activity');
$allusersstring = get_string('allusers');
$andchildren = ' * ' . get_string('andchildren', 'activity');
$savefailed = get_string('stopmonitoringfailed', 'activity');
$savesuccess = get_string('stopmonitoringsuccess', 'activity');
$recursestr = '[<a href="" onClick="toggleChecked(\'tocheck-r\'); return false;">'
. get_string('recurseall', 'activity')
. '</a>]';
$recursestrjs = str_replace("'", "\'", $recursestr);
$wwwroot = get_config('wwwroot');
$javascript = <<<JAVASCRIPT
var watchlist = new TableRenderer(
'watchlist',
'index.json.php',
[
function(r) {
if (r.url) {
return TD(null,A({'href': r.url}, r.name));
}
return TD(null, r.name);
function(r, d) {
var url = '';
if (d.type == 'communities') {
url = '{$wwwroot}/contacts/communities/view.php?id=' + r.id;
}
else if (d.type == 'views') {
url = '{$wwwroot}/view/view.php?view=' + r.id;
}
else {
url = '{$wwwroot}/view/view.php?view=' + r.view + '&artefact=' + r.id;
}
var star = '';
if (r.recurse) {
star = ' *';
}
return TD(null, A({'href': url}, r.name), star);
},
function (r, d) {
return TD(null, INPUT({'type' : 'checkbox', 'class': 'tocheck', 'name': 'stop' + d.type + '-' + r.id}));
},
function (r, d) {
if (d.type != 'communities') {
return TD(null, INPUT({'type' : 'checkbox', 'class': 'tocheck-r', 'name': 'stop' + d.type + '-' + r.id + '-recurse'}));
}
else {
return '';
}
}
]
);
......@@ -79,6 +81,12 @@ watchlist.rowfunction = function(r, n) { return TR({'id': r.id, 'class': 'view r
function changeTitle(title) {
var titles = { 'views': '{$viewstring}', 'communities': '{$communitystring}', 'artefacts': '{$artefactstring}' };
$('typeheader').innerHTML = '{$monitoredstring} ' + titles[title];
if (title != 'communities') {
$('typeandchildren').innerHTML = '{$andchildren}';
}
else {
$('typeandchildren').innerHTML = '';
}
}
function stopmonitoring(form) {
......@@ -133,12 +141,10 @@ function statusChange() {
changeTitle(typevalue);
$('messagediv').innerHTML = '';
if (typevalue == 'communities') {
$('recurseheader').innerHTML = '';
$('user').options.length = 0;
$('user').disabled = true;
}
else {
$('recurseheader').innerHTML = '{$recursestrjs}';
var pd = {'userlist': typevalue};
var d = loadJSONDoc('index.json.php', pd);
d.addCallbacks(function (data) {
......@@ -180,7 +186,6 @@ $smarty = smarty(array('tablerenderer'));
$smarty->assign('viewusers', $viewusers);
$smarty->assign('typestr', get_string('views', 'activity'));
$smarty->assign('selectall', 'toggleChecked(\'tocheck\'); return false;');
$smarty->assign('recursestr', $recursestr);
$smarty->assign('stopmonitoring', 'stopmonitoring(this); return false;');
$smarty->assign('INLINEJAVASCRIPT', $javascript);
$smarty->display('account/watchlist/index.tpl');
......
......@@ -31,6 +31,7 @@ define('SUBMENUITEM', 'adminfiles');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
safe_require('artefact', 'file');
define('TITLE', get_string('adminfiles', 'admin'));
$copyright = get_field('site_content', 'content', 'name', 'uploadcopyright');
$wwwroot = get_config('wwwroot');
......
......@@ -29,6 +29,7 @@ define('ADMIN', 1);
define('MENUITEM', 'configsite');
define('SUBMENUITEM', 'sitemenu');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
define('TITLE', get_string('sitemenu', 'admin'));
$strings = array('edit','delete','update','cancel','add','name','unknownerror');
$adminstrings = array('confirmdeletemenuitem', 'deletefailed','deletingmenuitem','savingmenuitem',
......
......@@ -31,6 +31,7 @@ define('SUBMENUITEM', 'siteoptions');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
require_once('pieforms/pieform.php');
define('TITLE', get_string('siteoptions', 'admin'));
$langoptions = get_languages();
$themeoptions = get_themes();
......
......@@ -30,6 +30,7 @@ define('MENUITEM', 'configsite');
define('SUBMENUITEM', 'sitepages');
require(dirname(dirname(dirname(__FILE__))).'/init.php');
require_once('pieforms/pieform.php');
define('TITLE', get_string('sitepages', 'admin'));
$sitepages = get_records_array('site_content');
$pageoptions = array();
......
......@@ -26,6 +26,7 @@
define('INTERNAL', 1);
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
require_once('file.php');
$uploadnumber = param_integer('uploadnumber');
$createid = param_variable('createid');
......
......@@ -25,14 +25,63 @@
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
safe_require('artefact', 'file');
require_once('artefact.php');
require_once('file.php');
$fileid = param_integer('file');
$viewid = param_integer('view', null);
if ($viewid && $fileid) {
if (!artefact_in_view($fileid, $viewid)) {
throw new UserException('Artefact ' . $fileid . ' is not in view ' . $viewid);
}
if (!can_view_view($viewid)) {
throw new AccessDeniedException();
}
$file = artefact_instance_from_id($fileid);
$path = $file->get_path();
$title = $file->get('title');
serve_file($path, $title);
}
// We just have a file ID
$file = artefact_instance_from_id($fileid);
$path = $file->get_path();
log_debug('just a file ID - checking permissions');
// If the file is in the public directory, it's fine to serve
$fileispublic = $file->get('parent') == ArtefactTypeFolder::admin_public_folder_id();
$fileispublic &= $file->get('adminfiles');
$fileispublic &= record_exists('site_menu', 'file', $fileid, 'public', 1);
if (!$fileispublic) {
log_debug('file is NOT in the public menu');
// If the file is in the logged in menu and the user is logged in then
// they can view it
$fileinloggedinmenu = $file->get('adminfiles');
$fileinloggedinmenu &= $file->get('parent') == null;
$fileinloggedinmenu &= record_exists('site_menu', 'file', $fileid, 'public', 0);
$fileinloggedinmenu &= $USER->is_logged_in();
if (!$fileinloggedinmenu) {
log_debug('file is NOT in logged in menu, or user is not logged in');
// Alternatively, if you own the file or you are an admin, it should always work
$fileisavailable = $USER->get('admin') || $file->get('owner') == $USER->get('id');
if (!$fileisavailable) {
log_debug('user does NOT own the file, or they are NOT an admin');
throw new AccessDeniedException();
}
}
}
log_debug('file permissions ok');
$path = $file->get_path();
$title = $file->get('title');
serve_file($path, $title);
serve_file($path, $title, array('lifetime' => 0) /* only for debugging */);
?>
......@@ -282,7 +282,7 @@ function FileBrowser(element, source, statevars, changedircallback, actionname,
dirNode = dirNode.parent;
}
return '/' + folders.join('/');
return get_string('home') + ' / ' + folders.join(' / ');
}
this.breadcrumbUpdate = function() {
......
......@@ -98,4 +98,6 @@ $string['removefromwatchlist'] = 'Remove from watchlist';
$string['removedcommunityfromwatchlist'] = 'The community has been removed from your watchlist';
$string['addedcommunitytowatchlist'] = 'The community was added to your watchlist';
$string['andchildren'] = 'Children are also being monitored'
?>
......@@ -292,6 +292,7 @@ $string['editview'] = 'Edit View';
$string['editviewinformation'] = 'Edit View Information';
$string['myviews'] = 'My Views';
$string['notownerofview'] = 'You are not the owner of this view';
$string['reallyaddaccesstoemptyview'] = 'Your view contains no artefacts. Do you really want to give these users access to the view?';
$string['saveaccess'] = 'Save Access';
$string['submitview'] = 'Submit View';
$string['submitviewfailed'] = 'Submit view failed';
......
......@@ -262,21 +262,45 @@ function handle_activity($activitytype, $data, $cron=false) {
}
$data->message = get_string('onartefact', 'activity')
. ' ' . $ainfo->title . ' ' . get_string('ownedby', 'activity');
$sql = 'SELECT DISTINCT u.*, p.method, ?||wa.view as url
FROM ' . $prefix . 'usr_watchlist_artefact wa
LEFT JOIN ' . $prefix . 'artefact_parent_cache pc
ON (pc.parent = wa.artefact OR pc.artefact = wa.artefact)
JOIN ' . $prefix . 'usr u
ON wa.usr = u.id
LEFT JOIN ' . $prefix . 'usr_activity_preference p
ON p.usr = u.id
WHERE (p.activity = ? OR p.activity IS NULL)
AND (pc.parent = ? OR wa.artefact = ?)
';
$users = get_records_sql_array($sql,
array(get_config('wwwroot') . 'view/view.php?view='
. $data->artefact . '&view=', 'watchlist',
$data->artefact, $data->artefact));
/*
this query selects four different cases
1. user is watching the artefact directly
2. user is watching a parent artefact with recurse = on
3. user is watching a view with recurse = on; and:
a. artefact is directly associated with view
b. artefact is a child of an artefact associated with view
*/
$sql = '
SELECT DISTINCT u.*, p.method, ?||wa.view AS url
FROM ' . $prefix . 'usr u
LEFT JOIN ' . $prefix . 'usr_activity_preference p
ON p.usr = u.id
JOIN (
SELECT wa.usr AS uid, wa.view AS view
FROM ' . $prefix . 'usr_watchlist_artefact wa
WHERE wa.artefact = ?
UNION SELECT wa.usr AS uid, wa.view AS view
FROM ' . $prefix . 'artefact_parent_cache pc
JOIN ' . $prefix . 'usr_watchlist_artefact wa
ON wa.artefact = pc.parent
WHERE pc.artefact = ? AND wa.recurse = 1
UNION SELECT wv.usr AS uid, wv.view AS view
FROM ' . $prefix . 'artefact_parent_cache pc
JOIN ' . $prefix . 'view_artefact va
ON va.artefact = pc.parent
JOIN ' . $prefix . 'usr_watchlist_view wv
ON va.view = wv.view
WHERE (pc.artefact = ? OR va.artefact = ?)AND wv.recurse = 1
) wa ON wa.uid = u.id
WHERE p.activity = ? OR p.activity IS NULL';
$values = array(get_config('wwwroot') . 'view/view.php?artefact='
. $data->artefact . '&view=',
$data->artefact, $data->artefact,
$data->artefact, $data->artefact,
'watchlist');
log_debug($sql);
log_debug($values);
$users = get_records_sql_array($sql, $values);
if (empty($users)) {
$users = array();
}
......
......@@ -678,5 +678,22 @@ class AccessDeniedException extends UserException {
}
}
/**
* Exception - Not found. Throw this if a user is trying to view something
* that doesn't exist
*/
class NotFoundException extends UserException {
public function strings() {
return array_merge(parent::strings(),
array('message' => 'The page you are looking for could not be found',
'title' => 'Not found'));
}
public function render_exception() {
header('HTTP/1.0 404 Not Found', true);
return parent::render_exception();
}
}
?>
This diff is collapsed.
......@@ -1348,18 +1348,4 @@ function get_dir_contents($directory) {
return $contents;
}
function serve_file($file, $filename) {
if (!file_exists($file)) {
header('HTTP/1.0 404 Not Found');
exit;
}
// Moodle security stuff went here...
require_once('file.php');
session_write_close(); // unlock session during fileserving
send_file($file, $filename);
}
?>
......@@ -23,13 +23,13 @@
</select>
</form>
<div id="typeheader">{str section='activity' tag='monitored'} {$typestr}</div>
<div id="typeandchildren">* {str section='activity' tag='andchildren}</div>
<form method="post" onSubmit="{$stopmonitoring}">
<table id="watchlist" class="tablerenderer">
<thead>
<tr>
<th></th>
<th>[<a href="" onClick="{$selectall}">{str section='activity' tag='selectall'}</a>]</th>
<th id="recurseheader">{$recursestr}</th>
</tr>
</thead>
<tbody>
......
......@@ -35,6 +35,22 @@ $createid = param_integer('createid', null);
$data = $SESSION->get('create_' . $createid);
if (empty($data['artefacts'])) {
$confirmmessage = get_string('reallyaddaccesstoemptyview');
$backpage = get_config('wwwroot') . 'view/create3.php?createid=' . $createid;
$js = <<<EOF
addLoadEvent(function() {
connect('createview4_submit', 'onclick', function () {
var accesslistrows = getElementsByTagAndClassName('tr', null, 'accesslistitems');
if (accesslistrows.length > 0 && !confirm('{$confirmmessage}')) {
replaceChildNodes('accesslistitems', []);
}
});
});
EOF;
$smarty->assign('INLINEJAVASCRIPT', $js);
}
$form = array(
'name' => 'createview4',
'elements' => array(
......@@ -53,8 +69,10 @@ function createview4_submit_cancel() {
redirect('/view/');
}
function createview4_submit(Pieform $form, $values) {
global $SESSION, $USER, $createid, $data;
log_debug($values);
if (param_boolean('back')) {
$data['accesslist'] = array_values((array)$values['accesslist']);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment