Commit 349cde3b authored by Darryl Hamilton's avatar Darryl Hamilton
Browse files

Add institutions control of public view access for their members



Bug #794385 - Implemented as a checkbox on the institution details
page. This checkbox is disabled if the site wide setting is not set.

Additional method on the User class that returns true if any of
the institutions that the user belongs to allows public views.

Change-Id: I0d58d1056efb0d84eb5ee092c4ee2db978853ce6
Signed-off-by: default avatarDarryl Hamilton <darrylh@catalyst.net.nz>
parent b43f7069
......@@ -181,6 +181,7 @@ if ($institution || $add) {
$data->theme = 'sitedefault';
$data->defaultmembershipperiod = null;
$data->showonlineusers = 2;
$data->allowinstitutionpublicviews = get_config('allowpublicviews') ? 1 : 0;
$lockedprofilefields = array();
$authtypes = auth_get_available_auth_types();
......@@ -317,6 +318,16 @@ if ($institution || $add) {
'disabled' => true,
);
}
$elements['allowinstitutionpublicviews'] = array(
'type' => 'checkbox',
'title' => get_string('allowinstitutionpublicviews', 'admin'),
'description' => get_string('allowinstitutionpublicviewsdescription','admin'),
'defaultvalue' => get_config('allowpublicviews') && $data->allowinstitutionpublicviews,
'disabled' => get_config('allowpublicviews') == false,
'help' => true,
);
if ($USER->get('admin')) {
$elements['maxuseraccounts'] = array(
'type' => 'text',
......@@ -470,6 +481,8 @@ function institution_submit(Pieform $form, $values) {
}
}
$newinstitution->allowinstitutionpublicviews = (isset($values['allowinstitutionpublicviews']) && $values['allowinstitutionpublicviews']) ? 1 : 0;
if (!empty($values['authplugin'])) {
$allinstances = array_merge($values['authplugin']['instancearray'], $values['authplugin']['deletearray']);
......
......@@ -708,6 +708,23 @@ class User {
return $this->get('admin') || $this->is_institutional_admin($institution);
}
public function institution_allows_public_views($institution = null) {
$user_institutions = $this->get('institutions');
if (empty($user_institutions)) {
// user belongs to no institutions
return true;
}
else if (is_null($institution) || !isset($user_institutions[$institution->institution])) {
foreach ($user_institutions as $institution) {
if ($institution->allowinstitutionpublicviews == 1) {
return true;
}
}
return false;
}
return $user_institutions[$institution->institution]->allowinstitutionpublicviews == 1;
}
/**
* Returns whether this user is allowed to perform administration type
* actions on another user.
......
......@@ -217,6 +217,8 @@ $string['adminsandstaffonly'] = 'Administrators and Staff only';
$string['advanced'] = 'Advanced';
$string['allowpublicviews'] = 'Allow public pages';
$string['allowpublicviewsdescription'] = 'If set to yes, users will be able to create portfolio pages that are accessable to the public rather than only to logged in users';
$string['allowinstitutionpublicviews'] = 'Allow institution public pages';
$string['allowinstitutionpublicviewsdescription'] = 'If set to yes, users belonging to this institution will be able to create portfolio pages that are accessable to the public rather than only to logged in users';
$string['allowpublicprofiles'] = 'Allow public profiles';
$string['allowpublicprofilesdescription'] = 'If set to yes, users will be able to set their profile pages to be accessable to the public rather than only to logged in users';
$string['anonymouscomments'] = 'Anonymous Comments';
......
<h3>Allow institution public views</h3>
<p>If you wish to allow users belonging to this institution to create pages that may be made accessible to the public, this checkbox should be ticked.</p>
<p>If this checkbox is unticked, users of this institution may still be able to create public views if they belong to other institutions that allow them.</p>
<p>Public pages are still only editable by their owner.</p>
<h3>Public Page Access</h3>
<p>Public access to pages has been revoked.</p>
<p>If a site or institution admin allows public access again in the future, your page will become public automatically. If you do not want that, please remove the the public access from the list below. You are not able to add it again until public access is allowed for your institution.</p>
......@@ -48,6 +48,7 @@
<FIELD NAME="priority" TYPE="int" LENGTH="10" NOTNULL="true" DEFAULT="1"/>
<FIELD NAME="defaultquota" TYPE="int" LENGTH="10" NOTNULL="false"/>
<FIELD NAME="showonlineusers" TYPE="int" LENGTH="10" NOTNULL="true" DEFAULT="2"/>
<FIELD NAME="allowinstitutionpublicviews" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0"/>
</FIELDS>
<KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="name" />
......
......@@ -2400,6 +2400,11 @@ function xmldb_core_upgrade($oldversion=0) {
$index = new XMLDBIndex('shortnameuk');
$index->setAttributes(XMLDB_KEY_UNIQUE, array('institution', 'shortname'));
add_index($table, $index);
$table = new XMLDBTable('institution');
$field = new XMLDBField('allowinstitutionpublicviews');
$field->setAttributes(XMLDB_TYPE_INTEGER, 1, null, XMLDB_NOTNULL, null, null, null, 1);
add_field($table, $field);
}
return $status;
......
......@@ -33,7 +33,7 @@
* @return string The HTML for the element
*/
function pieform_element_viewacl(Pieform $form, $element) {
global $USER;
global $USER, $SESSION;
$smarty = smarty_core();
$smarty->left_delimiter = '{{';
$smarty->right_delimiter = '}}';
......@@ -41,7 +41,7 @@ function pieform_element_viewacl(Pieform $form, $element) {
$value = $form->get_value($element);
// Look for the presets and split them into two groups
$public = get_config('allowpublicviews') == '1';
$public = get_config('allowpublicviews') == '1' && $USER->institution_allows_public_views();
$presets = array();
$loggedinindex = 0;
if ($public) {
......@@ -56,6 +56,9 @@ function pieform_element_viewacl(Pieform $form, $element) {
if ($value) {
foreach ($value as $key => &$item) {
if (is_array($item)) {
if ($item['accesstype'] == 'public') {
$item['publicallowed'] = (int)$public;
}
if (in_array($item['type'], $presets)) {
$item['name'] = get_string($item['type'], 'view');
$item['preset'] = true;
......@@ -133,11 +136,10 @@ function pieform_render_viewacl_getvaluebytype($type, $id) {
return get_field('group', 'name', 'id', $id);
break;
}
return "$type: $id";
return sprintf("%s: %s", ucfirst($type), $id);
}
function pieform_element_viewacl_get_value(Pieform $form, $element) {
global $USER;
$values = null;
$global = ($form->get_property('method') == 'get') ? $_GET : $_POST;
if (isset($element['value'])) {
......@@ -150,24 +152,5 @@ function pieform_element_viewacl_get_value(Pieform $form, $element) {
else if (isset($element['defaultvalue'])) {
$values = $element['defaultvalue'];
}
if (get_config('allowpublicviews') != '1' && $values) {
foreach ($values as $key => $value) {
if ($value['type'] == 'public' || $value['type'] == 'token') {
unset($values[$key]);
}
}
}
/*
If the above foreach() loop removes any items, json_encode() converts
it into an object, which can't be iterated over - array_merge() with
only one argument effects a renumber of the array, which json_encode()
then handles with expected results.
*/
if (is_array($values)) {
return array_values($values);
}
else {
return $values;
}
return $values;
}
......@@ -1651,6 +1651,16 @@ function can_view_view($view_id, $user_id=null) {
require_once(get_config('libroot') . 'view.php');
$view = new View($view_id);
// group views and logged in users are not affected by
// the institution level config for public views
if (empty($user_id) && $ownerobj = $view->get_owner_object()) {
$owner = new User();
$owner->find_by_id($ownerobj->id);
if (!$owner->institution_allows_public_views()) {
return false;
}
}
if ($user_id && $user->can_edit_view($view)) {
return true;
}
......
......@@ -1256,7 +1256,7 @@ function load_user_institutions($userid) {
throw new InvalidArgumentException("couldn't load institutions, no user id specified");
}
if ($institutions = get_records_sql_assoc('
SELECT u.institution,'.db_format_tsfield('ctime').','.db_format_tsfield('u.expiry', 'membership_expiry').',u.studentid,u.staff,u.admin,i.theme,i.registerallowed, i.showonlineusers
SELECT u.institution,'.db_format_tsfield('ctime').','.db_format_tsfield('u.expiry', 'membership_expiry').',u.studentid,u.staff,u.admin,i.theme,i.registerallowed, i.showonlineusers,i.allowinstitutionpublicviews
FROM {usr_institution} u INNER JOIN {institution} i ON u.institution = i.name
WHERE u.usr = ? ORDER BY i.priority DESC', array($userid))) {
return $institutions;
......
......@@ -3485,6 +3485,14 @@ class View {
$publicviews = get_config('allowpublicviews');
$publicprofiles = get_config('allowpublicprofiles');
// a group view won't have an 'owner'
if ($publicviews && $ownerobj = $this->get_owner_object()) {
$owner = new User();
$owner->find_by_id($ownerobj->id);
$publicviews = $owner->institution_allows_public_views();
}
$allowcomments = false;
$approvecomments = true;
......@@ -3684,6 +3692,11 @@ class View {
* @return array
*/
public static function get_accesslists($owner=null, $group=null, $institution=null) {
if (!is_null($owner) && $owner > 0) {
$ownerobj = new User();
$ownerobj->find_by_id($owner);
}
$data = array();
list($data['collections'], $data['views']) = self::get_views_and_collections($owner, $group, $institution);
......@@ -3721,6 +3734,14 @@ class View {
}
foreach ($accessgroups as $access) {
// remove 'Public' from the list if the owner isn't allowed to have them
if ($access->accesstype == 'public'
&& (get_config('allowpublicviews') != 1
|| (isset($ownerobj) && !$ownerobj->institution_allows_public_views()))
) {
continue;
}
$vi = $viewindex[$access->view];
// Just count secret urls.
......
......@@ -1881,6 +1881,9 @@ table.secreturls {
height: 16px;
cursor: pointer;
}
#accesslistitems .item-disabled {
background: #666;
}
.accesslistname {
width: 220px;
}
......
......@@ -127,11 +127,23 @@ function renderAccessListItem(item) {
if (item.type == 'user') {
icon = IMG({'src': config.wwwroot + 'thumb.php?type=profileicon&id=' + item.id + '&maxwidth=20&maxheight=20'});
}
// if this item is 'public' and public pages are disabled
// change the background colour and add some contextual help
if (item.accesstype == 'public' && !item.publicallowed) {
cssClass += ' item-disabled';
var helpText = SPAN({'class': 'page-help-icon'}, SPAN({'class': 'help'}, contextualHelpIcon('', '', 'core', 'view', 'publicaccessrevoked', '')));
name.push(helpText);
}
var notpublicorallowed = (item.accesstype != 'public' || item.publicallowed);
var row = TR({'class': cssClass, 'id': 'accesslistitem' + count},
TD(null, icon),
TH({'class': 'accesslistname'}, name),
TD(null, makeCalendarInput(item, 'start'), makeCalendarLink(item, 'start')),
TD(null, makeCalendarInput(item, 'stop'), makeCalendarLink(item, 'stop')),
TD(null, makeCalendarInput(item, 'start', notpublicorallowed), makeCalendarLink(item, 'start', notpublicorallowed)),
TD(null, makeCalendarInput(item, 'stop', notpublicorallowed), makeCalendarLink(item, 'stop', notpublicorallowed)),
TD({'class': 'center comments' + (allowcomments ? ' hidden' : '')}, allowfdbk),
TD({'class': 'center comments' + (allowcomments ? ' hidden' : '')}, approvefdbk),
TD({'class': 'right removebutton'}, removeButton,
......@@ -170,19 +182,25 @@ function renderAccessListItem(item) {
appendChildNodes('accesslistitems', row);
removeElementClass('accesslisttable', 'hidden');
setupCalendar(item, 'start');
setupCalendar(item, 'stop');
if (notpublicorallowed) {
setupCalendar(item, 'start');
setupCalendar(item, 'stop');
}
count++;
}
function makeCalendarInput(item, type) {
return INPUT({
function makeCalendarInput(item, type, disabled) {
input = INPUT({
'type':'text',
'name': 'accesslist[' + count + '][' + type + 'date]',
'id' : type + 'date_' + count,
'value': item[type + 'date'] ? item[type + 'date'] : '',
'size': '15'
});
input.disabled = (disabled == 0);
return input;
}
function makeCalendarLink(item, type) {
......@@ -195,6 +213,7 @@ function makeCalendarLink(item, type) {
'src': '{{theme_url filename='images/calendar.gif'}}',
'alt': ''})
);
return link;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment