Commit 3660d9a4 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Stop users from editing/deleting submitted blogs & hide links from the My Blogs page


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 52c5e8a5
......@@ -40,8 +40,13 @@ if ($delete = param_integer('delete', 0)) {
$blog = artefact_instance_from_id($delete);
if ($blog instanceof ArtefactTypeBlog) {
$blog->check_permission();
$blog->delete();
$SESSION->add_ok_msg(get_string('blogdeleted', 'artefact.blog'));
if ($blog->get('locked')) {
$SESSION->add_error_msg(get_string('submittedforassessment', 'view'));
}
else {
$blog->delete();
$SESSION->add_ok_msg(get_string('blogdeleted', 'artefact.blog'));
}
}
}
......
......@@ -289,10 +289,10 @@ class ArtefactTypeBlog extends ArtefactType {
public static function get_blog_list($limit, $offset) {
global $USER;
($result = get_records_sql_array("
SELECT b.id, b.title, b.description, COUNT(p.id) AS postcount
SELECT b.id, b.title, b.description, b.locked, COUNT(p.id) AS postcount
FROM {artefact} b LEFT JOIN {artefact} p ON (p.parent = b.id AND p.artefacttype = 'blogpost')
WHERE b.owner = ? AND b.artefacttype = 'blog'
GROUP BY b.id, b.title, b.description
GROUP BY b.id, b.title, b.description, b.locked
ORDER BY b.title", array($USER->get('id')), $offset, $limit))
|| ($result = array());
......
......@@ -63,6 +63,9 @@ if (!$blogpost) {
else {
$blogpostobj = new ArtefactTypeBlogPost($blogpost);
$blogpostobj->check_permission();
if ($blogpostobj->get('locked')) {
throw new AccessDeniedException(get_string('submittedforassessment', 'view'));
}
$blog = $blogpostobj->get('parent');
$title = $blogpostobj->get('title');
$description = $blogpostobj->get('description');
......@@ -74,6 +77,10 @@ else {
define('TITLE', get_string('editblogpost','artefact.blog'));
}
$blogobj = new ArtefactTypeBlog($blog);
if ($blogobj->get('locked')) {
throw new AccessDeniedException(get_string('submittedforassessment', 'view'));
}
$folder = param_integer('folder', 0);
$browse = (int) param_variable('browse', 0);
......
......@@ -39,6 +39,10 @@ safe_require('artefact', 'blog');
$id = param_integer('id');
$blog = new ArtefactTypeBlog($id);
$blog->check_permission();
if ($blog->get('locked')) {
throw new AccessDeniedException(get_string('submittedforassessment', 'view'));
}
$form = pieform(array(
'name' => 'editblog',
......
......@@ -12,10 +12,14 @@
<div>{$blog->description|clean_html|safe}</div>
</td>
<td class="right">
{if $blog->locked}
{str tag=submittedforassessment section=view}
{else}
<a href="{$WWWROOT}artefact/blog/view/?id={$blog->id}">{$blog->postcount}</a>
<a href="{$WWWROOT}artefact/blog/settings/?id={$blog->id}" class="btn-settings">{str tag=settings}</a>
<a onClick="confirmdelete({$blog->id});" class="btn-del">{str tag=delete}</a>
<a href="{$WWWROOT}artefact/blog/post.php?blog={$blog->id}" class="btn-add">{str tag=addpost section=artefact.blog}</a>
{/if}
</td>
</tr>
{/foreach}
......@@ -37,6 +37,15 @@ $id = param_integer('id');
$blogpost = new ArtefactTypeBlogPost($id);
$blogpost->check_permission();
if ($blogpost->get('locked')) {
json_reply('local', get_string('submittedforassessment', 'view'));
}
if ($blogpost->get('parent')) {
$blog = new ArtefactTypeBlog($blogpost->get('parent'));
if ($blog->get('locked')) {
json_reply('local', get_string('submittedforassessment', 'view'));
}
}
$blogpost->delete();
json_reply(false, get_string('blogpostdeleted', 'artefact.blog'));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment