Allow access for admins to views reported as objectionable (bug #522361)

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

htdocs/lang/en.utf8/activity.php

@@ -88,7 +88,7 @@ $string['ongroup'] = 'on Group';
 $string['ownedby'] = 'owned by';
 
 $string['objectionablecontentview'] = 'Objectionable content on View "%s" reported by %s';
-$string['objectionablecontentartefact'] = 'Objectionable content on Artefact "%s" reported by %s';
+$string['objectionablecontentviewartefact'] = 'Objectionable content on View "%s" in "%s" reported by %s';
 
 $string['newgroupmembersubj'] = '%s is now a group member!';
 $string['removedgroupmembersubj'] = '%s is no longer a group member';

htdocs/lang/en.utf8/view.php

@@ -118,6 +118,10 @@ $string['notifysiteadministrator'] = 'Notify site administrator';
 $string['print'] = 'Print';
 $string['reportobjectionablematerial'] = 'Report objectionable material';
 $string['reportsent'] = 'Your report has been sent';
+$string['viewobjectionableunmark'] = 'The View "%s", or something within it, has been reported as containing objectionable content.  If this is no longer the case, you can click the button to remove this notice and notify the other administrators.';
+$string['notobjectionable'] = 'Not objectionable';
+$string['viewunobjectionablesubject'] = 'View %s was marked as not objectionable by %s';
+$string['viewunobjectionablebody'] = '%s has looked at %s by %s and marked it as no longer containing objectionable material.';
 $string['updatewatchlistfailed'] = 'Update of watchlist failed';
 $string['watchlistupdated'] = 'Your watchlist has been updated';
 $string['editmyview'] = 'Edit my View';

htdocs/lib/activity.php

@@ -540,22 +540,23 @@ class ActivityTypeObjectionable extends ActivityTypeAdmin {
         else {
             $this->url = get_config('wwwroot') . 'view/artefact.php?artefact=' . $this->artefact . '&view=' . $this->view;
         }
-    }
-
-    function get_subject($user) {
-        if (!$viewtitle = get_field('view', 'title', 'id', $this->view)) {
-            throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
-        }
-        if (empty($this->artefact)) {
-            return get_string_from_language($user->lang, 'objectionablecontentview', 'activity',
-                                            $viewtitle, display_name($this->reporter, $user));
-        }
-        else {
-            if (!$artefacttitle = get_field('artefact', 'title', 'id', $this->artefact)) {
-                throw new ArtefactNotFoundException(get_string('artefactnotfound', 'error', $this->artefact));
+        if (empty($this->strings->subject)) {
+            $viewtitle = get_field('view', 'title', 'id', $this->view);
+            if (empty($this->artefact)) {
+                $this->strings->subject = (object) array(
+                    'key'     => 'objectionablecontentview',
+                    'section' => 'activity',
+                    'args'    => array($viewtitle, display_default_name($this->reporter)),
+                );
+            }
+            else {
+                $title = get_field('artefact', 'title', 'id', $this->artefact);
+                $this->strings->subject = (object) array(
+                    'key'     => 'objectionablecontentviewartefact',
+                    'section' => 'activity',
+                    'args'    => array($viewtitle, $title, display_default_name($this->reporter)),
+                );
             }
-            return get_string_from_language($user->lang, 'objectionablecontentartefact', 'activity',
-                                            $artefacttitle, display_name($this->reporter, $user));
         }
     }
 

htdocs/lib/db/install.xml

@@ -680,7 +680,7 @@
         <TABLE NAME="view_access">
             <FIELDS>
                 <FIELD NAME="view" TYPE="int" LENGTH="10" NOTNULL="true" />
-                <FIELD NAME="accesstype" TYPE="char" LENGTH="16" NOTNULL="false" ENUM="true" ENUMVALUES="'public', 'loggedin', 'friends'" DEFAULT="public" />
+                <FIELD NAME="accesstype" TYPE="char" LENGTH="16" NOTNULL="false" ENUM="true" ENUMVALUES="'public', 'loggedin', 'friends', 'objectionable'" DEFAULT="public" />
                 <FIELD NAME="group" TYPE="int" LENGTH="10" NOTNULL="false" />
                 <FIELD NAME="role" TYPE="char" LENGTH="255" NOTNULL="false" />
                 <FIELD NAME="usr" TYPE="int" LENGTH="10" NOTNULL="false" />

htdocs/lib/db/upgrade.php

@@ -2074,5 +2074,16 @@ function xmldb_core_upgrade($oldversion=0) {
         reload_html_filters();
     }
 
+    if ($oldversion < 2010071600) {
+        if (is_postgres()) {
+            // change_field_enum should do this
+            execute_sql('ALTER TABLE {view_access} DROP CONSTRAINT {viewacce_acc_ck}');
+        }
+        $table = new XMLDBTable('view_access');
+        $field = new XMLDBField('accesstype');
+        $field->setAttributes(XMLDB_TYPE_CHAR, 16, null, null, null, XMLDB_ENUM, array('public', 'loggedin', 'friends', 'objectionable'));
+        change_field_enum($table, $field);
+    }
+
     return $status;
 }

htdocs/lib/mahara.php

@@ -1621,6 +1621,17 @@ function can_view_view($view_id, $user_id=null, $usertoken=null, $mnettoken=null
                     continue;
                 }
             }
+            else if ($a->accesstype == 'objectionable') {
+                if ($owner = $view->get('owner')) {
+                    if ($USER->is_admin_for_user($owner)) {
+                        return true;
+                    }
+                }
+                else if ($view->get('group') && $USER->get('admin')) {
+                    return true;
+                }
+                continue;
+            }
             // The view must have loggedin access, user access for the user
             // or group/role access for one of the user's groups
             return true;

htdocs/lib/version.php

@@ -28,7 +28,7 @@
 defined('INTERNAL') || die();
 
 $config = new StdClass;
-$config->version = 2010071500;
+$config->version = 2010071600;
 $config->release = '1.3.0beta3dev';
 $config->minupgradefrom = 2008040200;
 $config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';

htdocs/lib/view.php

@@ -2950,7 +2950,7 @@ class View {
                 WHERE va.view = ?
                     AND (va.startdate IS NULL OR va.startdate < current_timestamp)
                     AND (va.stopdate IS NULL OR va.stopdate > current_timestamp)
-                    AND (va.accesstype IN ('public', 'loggedin', 'friends')
+                    AND (va.accesstype IN ('public', 'loggedin', 'friends', 'objectionable')
                          OR va.usr = ? OR va.token IS NOT NULL OR gm.member IS NOT NULL)
                 ORDER BY va.token IS NULL DESC, va.accesstype != 'friends' DESC",
                 array($userid, $viewid, $userid)
@@ -3035,6 +3035,53 @@ class View {
 
         return false;
     }
+
+    // Returns a form to mark a view as unobjectionable, if the user is allowed
+    // to do that.
+    function notrude_form() {
+        global $USER;
+        $owner = $this->get('owner');
+        if (!(($owner && ($USER->get('admin') || $USER->is_admin_for_user($owner)))
+              || ($this->get('group') && $USER->get('admin')))) {
+            return;
+        }
+
+        $access = self::user_access_records($this->id, $USER->get('id'));
+
+        if (empty($access)) {
+            return;
+        }
+
+        $isrude = false;
+        foreach ($access as $a) {
+            // Nasty hack: If the objectionable access record has a stop date, it
+            // means that one of the admins has already dealt with it, so we don't
+            // mark the view as objectionable.
+            if ($a->accesstype == 'objectionable' && empty($a->stopdate)) {
+                $isrude = true;
+                break;
+            }
+        }
+
+        if (!$isrude) {
+            return;
+        }
+
+        return array(
+            'name'     => 'viewnotrude',
+            'elements' => array(
+                'text' => array(
+                    'type' => 'html',
+                    'value' => get_string('viewobjectionableunmark', 'view', $this->title),
+                ),
+                'submit' => array(
+                    'type' => 'submit',
+                    'value' => get_string('notobjectionable', 'view'),
+                ),
+            ),
+        );
+    }
+
 }
 
 
@@ -3204,6 +3251,22 @@ function objection_form_submit(Pieform $form, $values) {
 
     require_once('activity.php');
 
+    db_begin();
+
+    // The objectionable access record ensures the view is visible
+    // to admins, and also marks the view as objectionable.
+
+    $accessrecord = (object) array(
+        'view'            => $view->get('id'),
+        'accesstype'      => 'objectionable',
+        'allowcomments'   => 1,
+        'approvecomments' => 0,
+        'visible'         => 0,
+    );
+
+    delete_records('view_access', 'view', $view->get('id'), 'accesstype', 'objectionable', 'visible', 0);
+    insert_record('view_access', $accessrecord);
+
     $data = new StdClass;
     $data->view       = $view->get('id');
     $data->message    = $values['message'];
@@ -3213,6 +3276,9 @@ function objection_form_submit(Pieform $form, $values) {
     }
 
     activity_occurred('objectionable', $data);
+
+    db_commit();
+
     if ($artefact) {
         $goto = get_config('wwwroot') . 'view/artefact.php?artefact=' . $artefact->get('id') . '&view='.$view->get('id');
     }
@@ -3225,6 +3291,66 @@ function objection_form_submit(Pieform $form, $values) {
     ));
 }
 
+function viewnotrude_submit(Pieform $form, $values) {
+    global $view, $artefact, $USER;
+
+    require_once('activity.php');
+
+    db_begin();
+
+    // Set exipiry date on view access record
+    $accessrecord = (object) array(
+        'view'            => $view->get('id'),
+        'accesstype'      => 'objectionable',
+        'allowcomments'   => 1,
+        'approvecomments' => 0,
+        'visible'         => 0,
+        'stopdate'        => db_format_timestamp(time() + 60*60*24*7),
+    );
+
+    delete_records('view_access', 'view', $view->get('id'), 'accesstype', 'objectionable', 'visible', 0);
+    insert_record('view_access', $accessrecord);
+
+    // Send notification to other admins
+    $reportername = display_default_name($USER);
+
+    if ($artefact) {
+        $goto = get_config('wwwroot') . 'view/artefact.php?artefact=' . $artefact->get('id') . '&view='.$view->get('id');
+    }
+    else {
+        $goto = get_config('wwwroot') . 'view/view.php?id='.$view->get('id');
+    }
+
+    $data = (object) array(
+        'view'      => $view->get('id'),
+        'reporter'  => $USER->get('id'),
+        'subject'   => false,
+        'message'   => false,
+        'strings'   => (object) array(
+            'subject' => (object) array(
+                'key'     => 'viewunobjectionablesubject',
+                'section' => 'view',
+                'args'    => array($view->get('title'), $reportername),
+            ),
+            'message' => (object) array(
+                'key'     => 'viewunobjectionablebody',
+                'section' => 'view',
+                'args'    => array($reportername, $view->get('title'), $view->formatted_owner()),
+            ),
+        ),
+    );
+
+    activity_occurred('objectionable', $data);
+
+    db_commit();
+
+    $form->reply(PIEFORM_OK, array(
+        'message' => get_string('messagesent'),
+        'goto' => $goto,
+    ));
+}
+
+
 function objection_form_cancel_submit(Pieform $form) {
     global $view;
     $form->reply(PIEFORM_OK, array(

htdocs/theme/raw/templates/view/artefact.tpl

 {if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
 
+{if $notrudeform}<div class="message delete">{$notrudeform|safe}</div>{/if}
+
         <h2>
             <a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle}</a>{if $ownername} {str tag=by section=view}
             <a href="{$WWWROOT}{$ownerlink}">{$ownername}</a>{/if}{foreach from=$artefactpath item=a}:

htdocs/theme/raw/templates/view/view.tpl

 {if $microheaders}{include file="viewmicroheader.tpl"}{else}{include file="header.tpl"}{/if}
 
+{if $notrudeform}<div class="message delete">{$notrudeform|safe}</div>{/if}
+
 {if $maintitle}<h1>{$maintitle|safe}</h1>{/if}
 
 {if !$microheaders && $mnethost}

htdocs/view/artefact.php

@@ -123,6 +123,9 @@ if ($artefact->get('allowcomments')) {
     $addfeedbackform = pieform(ArtefactTypeComment::add_comment_form(false, $artefact->get('approvecomments')));
 }
 $objectionform = pieform(objection_form());
+if ($notrudeform = $view->notrude_form()) {
+    $notrudeform = pieform($notrudeform);
+}
 
 $viewbeingwatched = (int)record_exists('usr_watchlist_view', 'usr', $USER->get('id'), 'view', $viewid);
 
@@ -187,6 +190,7 @@ if (isset($addfeedbackform)) {
     $smarty->assign('addfeedbackform', $addfeedbackform);
 }
 $smarty->assign('objectionform', $objectionform);
+$smarty->assign('notrudeform', $notrudeform);
 $smarty->assign('viewbeingwatched', $viewbeingwatched);
 
 $smarty->display('view/artefact.tpl');

htdocs/view/view.php

@@ -150,6 +150,9 @@ if (!empty($releaseform) || ($commenttype = $view->user_comments_allowed($USER))
 }
 if ($USER->is_logged_in()) {
     $objectionform = pieform(objection_form());
+    if ($notrudeform = $view->notrude_form()) {
+        $notrudeform = pieform($notrudeform);
+    }
 }
 
 $viewbeingwatched = (int)record_exists('usr_watchlist_view', 'usr', $USER->get('id'), 'view', $viewid);
@@ -279,6 +282,7 @@ if (isset($addfeedbackform)) {
 }
 if (isset($objectionform)) {
     $smarty->assign('objectionform', $objectionform);
+    $smarty->assign('notrudeform', $notrudeform);
 }
 $smarty->assign('viewbeingwatched', $viewbeingwatched);