Merge "Bug 547332: Adding blogs to the group level"

4bfe2719 · Son Nguyen · Gerrit Code Review · 370af252 · 26564dd4 · 4bfe2719
Commit 4bfe2719 authored Aug 31, 2015 by Son Nguyen Committed by Gerrit Code Review Aug 31, 2015
--- a/htdocs/artefact/blog/blocktype/blog/lib.php
+++ b/htdocs/artefact/blog/blocktype/blog/lib.php
@@ -100,7 +100,8 @@ class PluginBlocktypeBlog extends PluginBlocktype {
            // Only show the 'New entry' link for blogs that you can add an entry to
            $canaddpost = false;
            $institution = $blog->get('institution');
-            if (ArtefactTypeBlog::can_edit_blog($blog, $institution)) {
+            $group = $blog->get('group');
+            if (ArtefactTypeBlog::can_edit_blog($blog, $institution, $group)) {
                $canaddpost = true;
            }

@@ -132,6 +133,7 @@ class PluginBlocktypeBlog extends PluginBlocktype {
        require_once(get_config('libroot') . 'view.php');
        $view = new View($instance->get('view'));
        $institution = $view->get('institution');
+        $group = $view->get('group');

        if (!empty($configdata['artefactid'])) {
            $blog = $instance->get_artefact_instance($configdata['artefactid']);
@@ -148,7 +150,7 @@ class PluginBlocktypeBlog extends PluginBlocktype {
        // Note: the owner check will have to change when we do group/site
        // blogs
        if (empty($configdata['artefactid'])
-            || (ArtefactTypeBlog::can_edit_blog($blog, $institution))) {
+            || (ArtefactTypeBlog::can_edit_blog($blog, $institution, $group))) {
            $where = array('blog');
            $sql = "SELECT a.id FROM {artefact} a
                    WHERE a.artefacttype = ?";
@@ -156,6 +158,10 @@ class PluginBlocktypeBlog extends PluginBlocktype {
                $sql .= " AND a.institution = ?";
                $where[] = $institution;
            }
+            else if ($group) {
+                $sql .= " AND a.group = ?";
+                $where[] = $group;
+            }
            else {
                $sql .= " AND a.owner = ?";
                $where[] = $USER->get('id');
@@ -239,11 +245,10 @@ class PluginBlocktypeBlog extends PluginBlocktype {
    }

    /**
-     * Blog blocktype is only allowed in personal or institution views, because currently
-     * there's no such thing as group blogs
+     * Blog blocktype is only allowed in personal / institution / group views
     */
    public static function allowed_in_view(View $view) {
-        return ($view->get('owner') != null || $view->get('institution') != null);
+        return true;
    }

    public static function feed_url(BlockInstance $instance) {

--- a/htdocs/artefact/blog/blocktype/blogpost/lib.php
+++ b/htdocs/artefact/blog/blocktype/blogpost/lib.php
@@ -117,10 +117,9 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
        // copied in from another View. We won't confuse users by asking them to
        // choose a blog post to put in this block, when the one that is
        // currently in it isn't choosable.
-        //
-        // Note: the owner check will have to change when we do group blogs
        $institution = $instance->get('view_obj')->get('institution');
-        if (empty($configdata['artefactid']) || ArtefactTypeBlog::can_edit_blog($blog, $institution)) {
+        $group = $instance->get('view_obj')->get('group');
+        if (empty($configdata['artefactid']) || ArtefactTypeBlog::can_edit_blog($blog, $institution, $group)) {
            $sql = "SELECT a.id FROM {artefact} a
                    INNER JOIN {artefact_blog_blogpost} p ON p.blogpost = a.id
                    WHERE p.published = 1";
@@ -128,6 +127,10 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
                $sql .= " AND a.institution = ?";
                $where = array($institution);
            }
+            else if ($group) {
+                $sql .= " AND a.group = ?";
+                $where = array($group);
+            }
            else {
                $sql .= " AND a.owner = ?";
                $where = array($USER->get('id'));
@@ -194,11 +197,10 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
    }

    /**
-     * Blogpost blocktype is only allowed in personal and institution views, because currently
-     * there's no such thing as group blogs
+     * Blogpost blocktype is allowed in personal / institution / group views
     */
    public static function allowed_in_view(View $view) {
-        return ($view->get('owner') != null || $view->get('institution') != null);
+        return true;
    }

 }
--- a/htdocs/artefact/blog/index.php
+++ b/htdocs/artefact/blog/index.php
@@ -17,8 +17,6 @@ define('SECTION_PAGE', 'index');
 require(dirname(dirname(dirname(__FILE__))) . '/init.php');
 safe_require('artefact', 'blog');

-define('TITLE', get_string('blogs','artefact.blog'));
-
 if ($delete = param_integer('delete', 0)) {
    ArtefactTypeBlog::delete_form($delete);
 }
@@ -27,12 +25,15 @@ $blogs = (object) array(
    'offset' => param_integer('offset', 0),
    'limit'  => param_integer('limit', 10),
    'institution' => null,
+    'group' => null,
    'data' => false,
    'pagination_js' => false,
 );

-$institutionname = null;
+$subsectionheading = false;
+$institutionname = $groupid = null;
 if ($institution = param_alphanum('institution', null)) {
+    define('TITLE', get_string('blogs','artefact.blog'));
    if ($institution == 'mahara') {
        $institutionname = $institution;
        if (!($USER->get('admin'))) {
@@ -50,18 +51,24 @@ if ($institution = param_alphanum('institution', null)) {
    }
    $blogs->institution = $institutionname;
 }
+else if ($groupid = param_alphanum('group', null)) {
+    $blogs->group = $groupid;
+    $group = get_record('group', 'id', $groupid, 'deleted', 0);
+    $subsectionheading = get_string('blogs','artefact.blog');
+    define('TITLE', $group->name);
+}
+else {
+    define('TITLE', get_string('blogs','artefact.blog'));
+}

-PluginArtefactBlog::set_blog_nav($institution, $institutionname);
+PluginArtefactBlog::set_blog_nav($institution, $institutionname, $groupid);

-list($blogs->count, $blogs->data) = ArtefactTypeBlog::get_blog_list($blogs->limit, $blogs->offset, $blogs->institution);
+list($blogs->count, $blogs->data) = ArtefactTypeBlog::get_blog_list($blogs->limit, $blogs->offset, $blogs->institution, $blogs->group);

-if (!empty($blogs->institution)) {
-    require_once(get_config('libroot') . 'institution.php');
-    $institution = new Institution($blogs->institution);
-}
-else {
+if (empty($blogs->institution) && empty($blogs->group)) {
    if (!$USER->get_account_preference('multipleblogs')) {
        $extra = !empty($institution) ? '?institution=' . $institution : '';
+        $extra = !empty($group) ? '?group=' . $group : '';
        redirect(get_config('wwwroot') . 'artefact/blog/view/index.php' . $extra);
    }
 }
@@ -71,6 +78,10 @@ ArtefactTypeBlog::build_blog_list_html($blogs);
 $smarty = smarty(array('paginator'));
 $smarty->assign_by_ref('blogs', $blogs);
 $smarty->assign('institutionname', $institutionname);
+$smarty->assign('group', $groupid);
+if ($subsectionheading) {
+    $smarty->assign('subsectionheading', $subsectionheading);
+}
 $smarty->assign('PAGEHEADING', TITLE);
 $js = '';
 if ($blogs->pagination_js) {
@@ -90,6 +101,7 @@ function delete_blog_submit(Pieform $form, $values) {
    $blog = new ArtefactTypeBlog($values['delete']);
    $blog->check_permission();
    $institution = $blog->get('institution');
+    $group = $blog->get('group');
    if ($blog->get('locked')) {
        $SESSION->add_error_msg(get_string('submittedforassessment', 'view'));
    }
@@ -101,5 +113,8 @@ function delete_blog_submit(Pieform $form, $values) {
    if ($institution) {
        redirect('/artefact/blog/index.php?institution=' . $institution);
    }
+    else if ($group) {
+        redirect('/artefact/blog/index.php?group=' . $group);
+    }
    redirect('/artefact/blog/index.php');
 }
--- a/htdocs/artefact/blog/lang/en.utf8/artefact.blog.php
+++ b/htdocs/artefact/blog/lang/en.utf8/artefact.blog.php
@@ -17,6 +17,7 @@ $string['blog'] = 'Journal';
 $string['blogs'] = 'Journals';
 $string['siteblogs'] = 'Site journals';
 $string['institutionblogs'] = 'Institution journals';
+$string['groupblogs'] = 'Group journals';
 $string['addblog'] = 'Create journal';
 $string['addpost'] = 'New entry';
 $string['alignment'] = 'Alignment';
@@ -77,6 +78,7 @@ $string['newattachmentsexceedquota'] = 'The total size of the new files that you
 $string['newblog'] = 'New journal';
 $string['newblogsite'] = 'New site journal';
 $string['newbloginstitution'] = 'New "%s" journal';
+$string['newbloggroup'] = '%s : New journal';
 $string['newblogpost'] = 'New journal entry in journal "%s"';
 $string['newerposts'] = 'Newer entries';
 $string['nodefaultblogfound'] = 'No default journal found. This is a bug in the system. To fix it, you need to enable the multiple journals option on the <a href="%saccount/index.php">account settings</a> page.';
@@ -116,9 +118,12 @@ $string['title'] = 'Title';
 $string['update'] = 'Update';
 $string['verticalspace'] = 'Vertical space';
 $string['viewblog'] = 'View journal';
+$string['viewbloggroup'] = 'View "%s" journal';
 $string['youarenottheownerofthisblog'] = 'You are not the owner of this journal.';
 $string['youarenottheownerofthisblogpost'] = 'You are not the owner of this journal entry.';
 $string['youarenotanadminof'] = 'You are not an admin of the "%s" institution.';
+$string['youarenotamemberof'] = 'You are not a member of the "%s" group.';
+$string['youarenotaneditingmemberof'] = 'You do not have the editing permissions for the journals in the group "%s".';
 $string['cannotdeleteblogpost'] = 'An error occurred removing this journal entry.';

 $string['baseline'] = 'Baseline';

--- a/htdocs/artefact/blog/lib.php
+++ b/htdocs/artefact/blog/lib.php
@@ -55,7 +55,7 @@ class PluginArtefactBlog extends PluginArtefact {
        return self::admin_menu_items();
    }

-    public static function set_blog_nav($institution = false, $institutionname = null) {
+    public static function set_blog_nav($institution = false, $institutionname = null, $groupid = null) {
        if ($institutionname == 'mahara') {
            define('ADMIN', 1);
            define('MENUITEM', 'configsite/blogs');
@@ -64,6 +64,10 @@ class PluginArtefactBlog extends PluginArtefact {
            define('INSTITUTIONALADMIN', 1);
            define('MENUITEM', 'manageinstitutions/blogs');
        }
+        else if ($groupid) {
+            define('GROUP', $groupid);
+            define('MENUITEM', 'groups/blogs');
+        }
        else {
            define('MENUITEM', 'content/blogs');
        }
@@ -207,13 +211,16 @@ class ArtefactTypeBlog extends ArtefactType {
    }

    /**
-     * Checks that the person viewing this blog is the owner. If not, throws an
-     * AccessDeniedException. Used in the blog section to ensure only the
-     * owners of the blogs can view or change them there. Other people see
-     * blogs when they are placed in views.
+     * Checks that the person viewing a personal blog is the owner.
+     * Or the person is an institution admin for an institution blog.
+     * Or a group member if viewing a group blog.
+     * Or a group member with editing permissions if editing a blog.
+     * If not, throws an AccessDeniedException.
+     * Other people see blogs when they are placed in views.
     */
-    public function check_permission() {
+    public function check_permission($editing=false) {
        global $USER;
+
        if (!empty($this->institution)) {
            if ($this->institution == 'mahara' && !$USER->get('admin')) {
                throw new AccessDeniedException(get_string('youarenotasiteadmin', 'artefact.blog'));
@@ -222,6 +229,17 @@ class ArtefactTypeBlog extends ArtefactType {
                throw new AccessDeniedException(get_string('youarenotanadminof', 'artefact.blog', $this->institution));
            }
        }
+        else if (!empty($this->group)) {
+            $group = get_record('group', 'id', $this->group, 'deleted', 0);
+            $USER->reset_grouproles();
+            if (!isset($USER->grouproles[$this->group])) {
+                throw new AccessDeniedException(get_string('youarenotamemberof', 'artefact.blog', $group->name));
+            }
+            require_once('group.php');
+            if ($editing && !group_role_can_edit_views($this->group, $USER->grouproles[$this->group])) {
+                throw new AccessDeniedException(get_string('youarenotaneditingmemberof', 'artefact.blog', $group->name));
+            }
+        }
        else {
            if ($USER->get('id') != $this->owner) {
                throw new AccessDeniedException(get_string('youarenottheownerofthisblog', 'artefact.blog'));
@@ -320,12 +338,12 @@ class ArtefactTypeBlog extends ArtefactType {
    }

    /**
-     * This function returns a list of the given user's blogs.
+     * This function returns a list of the given blogs.
     *
     * @param User
     * @return array (count: integer, data: array)
     */
-    public static function get_blog_list($limit, $offset, $institution = null) {
+    public static function get_blog_list($limit, $offset, $institution = null, $group = null) {
        global $USER;

        $sql = "SELECT b.id, b.title, b.description, b.locked, COUNT(p.id) AS postcount
@@ -336,6 +354,11 @@ class ArtefactTypeBlog extends ArtefactType {
            $values = array($institution);
            $count = (int)get_field('artefact', 'COUNT(*)', 'institution', $institution, 'artefacttype', 'blog');
        }
+        else if ($group) {
+            $sql .= ' AND b.group = ?';
+            $values = array($group);
+            $count = (int)get_field('artefact', 'COUNT(*)', 'group', $group, 'artefacttype', 'blog');
+        }
        else {
            $sql .= ' AND b.owner = ?';
            $values = array($USER->get('id'));
@@ -394,6 +417,9 @@ class ArtefactTypeBlog extends ArtefactType {
        if (!empty($values['institution'])) {
            $artefact->set('institution', $values['institution']);
        }
+        else if (!empty($values['group'])) {
+            $artefact->set('group', $values['group']);
+        }
        else {
            $artefact->set('owner', $user->get('id'));
        }
@@ -423,8 +449,9 @@ class ArtefactTypeBlog extends ArtefactType {
        }

        $artefact = new ArtefactTypeBlog($values['id']);
-        $institution = isset($values['institution']) ? $values['institution'] : null;
-        if (!self::can_edit_blog($artefact, $institution)) {
+        $institution = !empty($values['institution']) ? $values['institution'] : null;
+        $group = !empty($values['group']) ? $values['group'] : null;
+        if (!self::can_edit_blog($artefact, $institution, $group)) {
            return;
        }
        $artefact->set('title', $values['title']);
@@ -550,21 +577,27 @@ class ArtefactTypeBlog extends ArtefactType {
        global $USER, $SESSION;

        $viewid = $view->get('id');
-
-        try {
-            $user = get_user($view->get('owner'));
-            set_account_preference($user->id, 'multipleblogs', 1);
+        $groupid = $view->get('group');
+        $institution = $view->get('institution');
+        if ($groupid || $institution) {
            $SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
        }
-        catch (Exception $e) {
-            $SESSION->add_error_msg(get_string('unabletosetmultipleblogs', 'error', $user->username, $viewid, get_config('wwwroot') . 'account/index.php'), false);
-        }
+        else {
+            try {
+                $user = get_user($view->get('owner'));
+                set_account_preference($user->id, 'multipleblogs', 1);
+                $SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
+            }
+            catch (Exception $e) {
+                $SESSION->add_error_msg(get_string('unabletosetmultipleblogs', 'error', $user->username, $viewid, get_config('wwwroot') . 'account/index.php'), false);
+            }

-        try {
-            $USER->accountprefs = load_account_preferences($user->id);
-        }
-        catch (Exception $e) {
-            $SESSION->add_error_msg(get_string('pleaseloginforjournals', 'error'));
+            try {
+                $USER->accountprefs = load_account_preferences($user->id);
+            }
+            catch (Exception $e) {
+                $SESSION->add_error_msg(get_string('pleaseloginforjournals', 'error'));
+            }
        }

        return null;
@@ -578,12 +611,14 @@ class ArtefactTypeBlog extends ArtefactType {
     *
     * @return boolean
     */
-    public static function can_edit_blog($blog, $institution = null) {
+    public static function can_edit_blog($blog, $institution = null, $group = null) {
        global $USER;
-
+        require_once('group.php');
+        $USER->reset_grouproles();
        if (
            ($institution == 'mahara' && $USER->get('admin'))
            || ($institution && $institution != 'mahara' && ($USER->get('admin') || $USER->is_institutional_admin($institution)))
+            || ($group && !empty($USER->grouproles[$group]) && group_role_can_edit_views($group, $USER->grouproles[$group]))
            || ($USER->get('id') == $blog->get('owner'))
           ) {
            return true;
@@ -719,12 +754,14 @@ class ArtefactTypeBlogPost extends ArtefactType {


    /**
-     * Checks that the person viewing this blog is the owner. If not, throws an
-     * AccessDeniedException. Used in the blog section to ensure only the
-     * owners of the blogs can view or change them there. Other people see
-     * blogs when they are placed in views.
+     * Checks that the person viewing a personal blog is the owner.
+     * Or the person is an institution admin for an institution blog.
+     * Or a group member if viewing a group blog.
+     * Or a group member with editing permissions if editing a blog.
+     * If not, throws an AccessDeniedException.
+     * Other people see blogs when they are placed in views.
     */
-    public function check_permission() {
+    public function check_permission($editing=true) {
        global $USER;
        if (!empty($this->institution)) {
            if ($this->institution == 'mahara' && !$USER->get('admin')) {
@@ -734,6 +771,17 @@ class ArtefactTypeBlogPost extends ArtefactType {
                throw new AccessDeniedException(get_string('youarenotanadminof', 'artefact.blog', $this->institution));
            }
        }
+        else if (!empty($this->group)) {
+            $group = get_record('group', 'id', $this->group, 'deleted', 0);
+            $USER->reset_grouproles();
+            if (!isset($USER->grouproles[$this->group])) {
+                throw new AccessDeniedException(get_string('youarenotamemberof', 'artefact.blog', $group->name));
+            }
+            require_once('group.php');
+            if ($editing && !group_role_can_edit_views($this->group, $USER->grouproles[$this->group])) {
+                throw new AccessDeniedException(get_string('youarenotaneditingmemberof', 'artefact.blog', $group->name));
+            }
+        }
        else {
            if ($USER->get('id') != $this->owner) {
                throw new AccessDeniedException(get_string('youarenottheownerofthisblogpost', 'artefact.blog'));
@@ -1198,21 +1246,25 @@ class ArtefactTypeBlogPost extends ArtefactType {
        $blog->commit();

        $blogids[$viewid] = $blog->get('id');
-
-        try {
-            $user = get_user($view->get('owner'));
-            set_account_preference($user->id, 'multipleblogs', 1);
+        if (!empty($data->group) || !empty($data->institution)) {
            $SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
        }
-        catch (Exception $e) {
-            $SESSION->add_error_msg(get_string('unabletosetmultipleblogs', 'error', $user->username, $viewid, get_config('wwwroot') . 'account/index.php'), false);
-        }
+        else {
+            try {
+                $user = get_user($view->get('owner'));
+                set_account_preference($user->id, 'multipleblogs', 1);
+                $SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
+            }
+            catch (Exception $e) {
+                $SESSION->add_error_msg(get_string('unabletosetmultipleblogs', 'error', $user->username, $viewid, get_config('wwwroot') . 'account/index.php'), false);
+            }

-        try {
-            $USER->accountprefs = load_account_preferences($user->id);
-        }
-        catch (Exception $e) {
-            $SESSION->add_error_msg(get_string('pleaseloginforjournals', 'error'));
+            try {
+                $USER->accountprefs = load_account_preferences($user->id);
+            }
+            catch (Exception $e) {
+                $SESSION->add_error_msg(get_string('pleaseloginforjournals', 'error'));
+            }
        }

        return $blogids[$viewid];

--- a/htdocs/artefact/blog/new/index.php
+++ b/htdocs/artefact/blog/new/index.php
@@ -18,17 +18,42 @@ require(dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php');
 require_once('license.php');
 require_once('pieforms/pieform.php');
 safe_require('artefact', 'blog');
-$section = false;
+$subsectionheading = false;
+$institutionname = $groupid = null;
 if ($institutionname = param_alphanum('institution', null)) {
    require_once(get_config('libroot') . 'institution.php');
    $section = 'institution';
    if ($institutionname == 'mahara') {
+        if (!$USER->get('admin')) {
+            throw new AccessDeniedException(get_string('youarenotasiteadmin', 'artefact.blog'));
+        }
        $section = 'site';
    }
+    else {
+        if (!$USER->get('admin') && !$USER->is_institutional_admin($institutionname)) {
+            throw new AccessDeniedException(get_string('youarenotanadminof', 'artefact.blog', $institutionname));
+        }
+    }
+    define('TITLE', get_string('newblog' . $section, 'artefact.blog', institution_display_name($institutionname)) . ': ' . get_string('blogsettings','artefact.blog'));
    PluginArtefactBlog::set_blog_nav(true, $institutionname);
 }
-$title = ($section == 'institution') ? get_string('newblog' .  $section, 'artefact.blog', institution_display_name($institutionname)) : get_string('newblog' . $section,'artefact.blog');
-define('TITLE', $title . ': ' . get_string('blogsettings','artefact.blog'));
+else if ($groupid = param_alphanum('group', null)) {
+    require_once('group.php');
+    $group = get_record('group', 'id', $groupid, 'deleted', 0);
+    $USER->reset_grouproles();
+    if (!isset($USER->grouproles[$group->id])) {
+        throw new AccessDeniedException(get_string('youarenotamemberof', 'artefact.blog', $group->name));
+    }
+    if (!group_role_can_edit_views($groupid, $USER->grouproles[$group->id])) {
+        throw new AccessDeniedException(get_string('youarenotaneditingmemberof', 'artefact.blog', $group->name));
+    }
+    $subsectionheading = get_string('newblog','artefact.blog');
+    define('TITLE', $group->name);
+    PluginArtefactBlog::set_blog_nav(false, null, $groupid);
+}
+else {
+    define('TITLE', get_string('newblog', 'artefact.blog') . ': ' . get_string('blogsettings','artefact.blog'));
+}

 $form = array(
    'name' => 'newblog',
@@ -75,11 +100,15 @@ $form = array(
    )
 );
 $form['elements']['institution'] = array('type' => 'hidden', 'value' => ($institutionname) ? $institutionname : 0);
+$form['elements']['group'] = array('type' => 'hidden', 'value' => ($groupid) ? $groupid : 0);

 $form = pieform($form);

 $smarty =& smarty();
 $smarty->assign_by_ref('form', $form);
+if ($subsectionheading) {
+    $smarty->assign('subsectionheading', $subsectionheading);
+}
 $smarty->assign('PAGEHEADING', TITLE);
 $smarty->display('form.tpl');
 exit;
@@ -93,10 +122,15 @@ function newblog_submit(Pieform $form, $values) {
    global $USER;

    $data = $form->get_element('institution');
+    $group = $form->get_element('group');
    if ($data['value'] != false) {
        ArtefactTypeBlog::new_blog(null, $values);
        redirect('/artefact/blog/index.php?institution=' . $data['value']);
    }
+    else if ($group['value'] != false) {
+        ArtefactTypeBlog::new_blog(null, $values);
+        redirect('/artefact/blog/index.php?group=' . $group['value']);
+    }
    else {
        ArtefactTypeBlog::new_blog($USER, $values);
        redirect('/artefact/blog/index.php');
@@ -108,9 +142,13 @@ function newblog_submit(Pieform $form, $values) {
 */
 function newblog_cancel_submit(Pieform $form) {
    $data = $form->get_element('institution');
+    $group = $form->get_element('group');
    if ($data['value'] != false) {
        redirect('/artefact/blog/index.php?institution=' . $data['value']);
    }
+    if ($group['value'] != false) {
+        redirect('/artefact/blog/index.php?group=' . $group['value']);
+    }
    else {
        redirect('/artefact/blog/index.php');
    }

--- a/htdocs/artefact/blog/post.php
+++ b/htdocs/artefact/blog/post.php
@@ -36,7 +36,7 @@ if (!$blogpost) {
    $tagselect = param_variable('tagselect', '');
    $blog = param_integer('blog');
    $blogobj = new ArtefactTypeBlog($blog);
-    $blogobj->check_permission();
+    $blogobj->check_permission(true);

    $title = '';
    $description = '';
@@ -45,11 +45,18 @@ if (!$blogpost) {
    $pagetitle = get_string('newblogpost', 'artefact.blog', get_field('artefact', 'title', 'id', $blog));
    $focuselement = 'title';
    $attachments = array();
-    define('TITLE', $pagetitle);
+    if ($blogobj->get('group')) {
+        $group = get_record('group', 'id', $blogobj->get('group'), 'deleted', 0);
+        $subsectionheading = $pagetitle;
+        define('TITLE', $group->name);
+    }
+    else {
+        define('TITLE', $pagetitle);
+    }
 }
 else {
    $blogpostobj = new ArtefactTypeBlogPost($blogpost);
-    $blogpostobj->check_permission();
+    $blogpostobj->check_permission(true);
    if ($blogpostobj->get('locked')) {
        throw new AccessDeniedException(get_string('submittedforassessment', 'view'));
    }
@@ -61,16 +68,26 @@ else {
    $pagetitle = get_string('editblogpost', 'artefact.blog');
    $focuselement = 'description'; // Doesn't seem to work with tinyMCE.
    $attachments = $blogpostobj->attachment_id_list();
-    define('TITLE', get_string('editblogpost','artefact.blog'));
+    if ($blogpostobj->get('group')) {
+        $group = get_record('group', 'id', $blogpostobj->get('group'), 'deleted', 0);
+        $subsectionheading = $pagetitle;
+        define('TITLE', $group->name);
+    }
+    else {
+        define('TITLE', $pagetitle);
+    }
 }

-$institution = $institutionname = null;
+$institution = $institutionname = $groupid = null;
 $blogobj = new ArtefactTypeBlog($blog);
 if ($blogobj->get('institution')) {
    $institution = true;
    $institutionname = $blogobj->get('institution');
 }
-PluginArtefactBlog::set_blog_nav($institution, $institutionname);
+else if ($blogobj->get('group')) {
+    $groupid = $blogobj->get('group');
+}
+PluginArtefactBlog::set_blog_nav($institution, $institutionname, $groupid);

 $folder = param_integer('folder', 0);
 $browse = (int) param_variable('browse', 0);
@@ -135,6 +152,7 @@ $form = pieform(array(
            'folder'       => $folder,
            'highlight'    => $highlight,
            'institution'  => $institutionname,
+            'group'        => $groupid,
            'browse'       => $browse,
            'page'         => get_config('wwwroot') . 'artefact/blog/post.php?' . ($blogpost ? ('id=' . $blogpost) : ('blog=' . $blog)) . '&browse=1',
            'browsehelp'   => 'browsemyfiles',
@@ -202,7 +220,10 @@ $smarty = smarty(array(), array(), array(), array(
 ));
 $smarty->assign('INLINEJAVASCRIPT', $javascript);