Commit a527e807 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Update edit view access for group views

parent 9d44d447
......@@ -213,17 +213,13 @@ function activity_get_viewaccess_users($view, $owner, $type) {
FROM {group_member} m
JOIN {view_access_group} vg ON vg.group = m.group
JOIN {group} g ON (g.id = vg.group AND g.deleted = 0)
WHERE vg.view = ? AND (vg.tutoronly = ? OR m.tutor = ?)
UNION SELECT g.owner
FROM {group} g
JOIN {view_access_group} ag ON ag.group = g.id
WHERE ag.view = ? AND g.deleted = 0
WHERE vg.view = ? AND (vg.role IS NULL OR vg.role = m.role)
) AS userlist
JOIN {usr} u ON u.id = userlist.userid
LEFT JOIN {usr_activity_preference} p ON p.usr = u.id
LEFT OUTER JOIN {usr_account_preference} ap ON (ap.usr = u.id AND ap.field = \'lang\')
WHERE p.activity = ?';
$values = array($owner, $owner, $owner, 'friends', $view, $view, $view, 0, 1, $view, $type->id);
$values = array($owner, $owner, $owner, 'friends', $view, $view, $view, $type->id);
if (!$u = get_records_sql_assoc($sql, $values)) {
$u = array();
}
......
......@@ -307,6 +307,7 @@
<FIELD NAME="grouptype" TYPE="char" LENGTH="20" NOTNULL="true" />
<FIELD NAME="role" TYPE="text" NOTNULL="true" />
<FIELD NAME="edit_views" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="1" />
<FIELD NAME="see_submitted_views" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
</FIELDS>
<KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="grouptype,role" />
......
......@@ -1126,6 +1126,11 @@ function xmldb_core_upgrade($oldversion=0) {
execute_sql("UPDATE {grouptype_roles} SET edit_views = 0 WHERE grouptype = 'course' AND role = 'member'");
}
if ($oldversion < 2008062306) {
execute_sql('ALTER TABLE {grouptype_roles} ADD COLUMN see_submitted_views SMALLINT NOT NULL DEFAULT 0');
execute_sql("UPDATE {grouptype_roles} SET see_submitted_views = 1 WHERE grouptype = 'course' AND role = 'tutor'");
}
return $status;
}
......
......@@ -474,19 +474,22 @@ abstract class GroupType {
public function install() {
$classname = get_class($this);
$type = strtolower(substr($classname, strlen('GroupType')));
$assessingroles = $this->get_view_assessing_roles();
insert_record('grouptype', (object) array(
'name' => $type,
'submittableto' => $this->takes_view_submissions(),
'submittableto' => !empty($assessingroles),
));
$roles = $this->get_roles();
if (!in_array($roles, 'admin')) {
$roles[] = 'admin';
}
$editingroles = $this->get_view_editing_roles();
foreach ($roles as $r) {
insert_record('grouptype_roles', (object) array(
'grouptype' => $type,
'role' => $r,
'edit_views' => $this->role_can_edit_views($r),
'edit_views' => in_array($r, $editingroles),
'see_submitted_views' => in_array($r, $assessingroles),
));
}
}
......@@ -508,13 +511,7 @@ abstract class GroupType {
public static abstract function get_view_editing_roles();
public static function takes_view_submissions() {
return false;
}
public static function role_can_edit_views($role) {
return in_array($this->get_view_editing_roles(), $role);
}
public static abstract function get_view_assessing_roles();
}
......
......@@ -48,8 +48,8 @@ class GroupTypeCourse extends GroupType {
return array('tutor', 'admin');
}
public static function takes_view_submissions() {
return true;
public static function get_view_assessing_roles() {
return array('tutor');
}
}
......
......@@ -42,6 +42,10 @@ class GroupTypeStandard extends GroupType {
return array('member', 'admin');
}
public static function get_view_assessing_roles() {
return array();
}
}
?>
......@@ -1285,6 +1285,7 @@ function can_view_view($view_id, $user_id=null) {
SELECT
v.title,
v.owner,
v.group,
' . db_format_tsfield('v.startdate','startdate') . ',
' . db_format_tsfield('v.stopdate','stopdate') . ',
a.accesstype,
......@@ -1294,7 +1295,8 @@ function can_view_view($view_id, $user_id=null) {
FROM
{view} v
LEFT OUTER JOIN {view_access} a ON v.id=a.view
INNER JOIN {usr} u ON (u.id = v.owner AND u.deleted = 0)
LEFT OUTER JOIN {usr} u ON (u.id = v.owner AND u.deleted = 0)
LEFT OUTER JOIN {group} g ON (g.id = v.group AND g.deleted = 0)
WHERE v.id=?
', array($view_id));
......@@ -1309,6 +1311,7 @@ function can_view_view($view_id, $user_id=null) {
foreach ( $view_data as $row ) {
$view_record['title'] = $row->title;
$view_record['owner'] = $row->owner;
$view_record['group'] = $row->group;
$view_record['startdate'] = $row->startdate;
$view_record['stopdate'] = $row->stopdate;
$view_record['submittedto'] = $row->submittedto;
......@@ -1328,7 +1331,16 @@ function can_view_view($view_id, $user_id=null) {
return true;
}
if ($view_record['submittedto'] && record_exists('group_member', 'group', $view_record['submittedto'], 'member', $user_id, 'tutor', 1)) {
if ($view_record['submittedto'] && get_field_sql('
SELECT
r.see_submitted_views
FROM
group_member m
INNER JOIN group g ON (m.group = g.id AND g.deleted = 0)
INNER JOIN grouptype_roles r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?', array($user_id, $view_record['submittedto']))) {
//log_debug('Yes - View is submitted for assesment to a group you are a tutor in');
return true;
}
......@@ -1425,9 +1437,9 @@ function can_view_view($view_id, $user_id=null) {
a.view = ?
AND ( a.startdate < ? OR a.startdate IS NULL )
AND ( a.stopdate > ? OR a.stopdate IS NULL )
AND ( ( m.member = ? AND (a.tutoronly = 0 OR m.tutor = 1 ) ) OR g.owner = ?)
AND ( m.member = ? AND ( a.role IS NULL OR a.role = m.role ) )
LIMIT 1',
array(0, $view_id, $dbnow, $dbnow, $user_id, $user_id )
array(0, $view_id, $dbnow, $dbnow, $user_id)
)
) {
//log_debug('Yes - View is available to a specific group');
......
......@@ -27,7 +27,7 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2008062305;
$config->version = 2008062306;
$config->release = '1.1.0alpha';
$config->minupgradefrom = 2007080700;
$config->minupgraderelease = '0.8.0 (release tag 0.8.0_RELEASE)';
......
......@@ -265,17 +265,16 @@ class View {
// Get access for users and groups
$extradata = get_records_sql_array("
SELECT 'user' AS type, usr AS id, 0 AS tutoronly, startdate, stopdate
SELECT 'user' AS type, usr AS id, NULL AS role, startdate, stopdate
FROM {view_access_usr}
WHERE view = ?
UNION
SELECT 'group', \"group\", tutoronly, startdate, stopdate FROM {view_access_group}
SELECT 'group', \"group\", role, startdate, stopdate FROM {view_access_group}
INNER JOIN {group} g ON (\"group\" = g.id AND g.deleted = ?)
WHERE view = ?", array($this->id, 0, $this->id));
if ($extradata) {
foreach ($extradata as &$extraitem) {
$extraitem = (array)$extraitem;
$extraitem['tutoronly'] = (int)$extraitem['tutoronly'];
}
$data = array_merge($data, $extradata);
}
......@@ -363,7 +362,7 @@ class View {
break;
case 'group':
$accessrecord->group = $item['id'];
$accessrecord->tutoronly = $item['tutoronly'];
$accessrecord->role = $item['role'];
insert_record('view_access_group', $accessrecord);
break;
}
......
......@@ -585,7 +585,7 @@ class PluginSearchInternal extends PluginSearch {
global $USER;
$sql = "
SELECT
id, name, description, jointype, ctime, mtime
id, name, description, grouptype, jointype, ctime, mtime
FROM
{group}
WHERE (
......@@ -651,7 +651,7 @@ class PluginSearchInternal extends PluginSearch {
global $USER;
$sql = "
SELECT
id, name, description, jointype, ctime, mtime
id, name, description, grouptype, jointype, ctime, mtime
FROM
{group}
WHERE (
......
......@@ -71,7 +71,7 @@ function renderAccessListItem(item) {
var row = TABLE({'class': cssClass},
TBODY(null,
TR(null,
TH(null, name, (item.tutoronly ? ' ' + '{{str tag=tutors section=view}}' : '')),
TH(null, name, (item.role ? ' ' + item.role : '')),
TD({'class': 'right'}, removeButton)
),
TR(null,
......@@ -91,11 +91,11 @@ function renderAccessListItem(item) {
:
null
),
(typeof(item.tutoronly) != 'undefined' ?
(typeof(item.role) != 'undefined' ?
INPUT({
'type': 'hidden',
'name': 'accesslist[' + count + '][tutoronly]',
'value': item.tutoronly
'name': 'accesslist[' + count + '][role]',
'value': item.role
})
:
null
......@@ -208,25 +208,26 @@ searchTable.rowfunction = function(rowdata, rownumber, globaldata) {
var addButton = BUTTON({'type': 'button', 'class': 'button'}, '{{str tag=add}}');
connect(addButton, 'onclick', function() {
rowdata.tutoronly = 0;
appendChildNodes('accesslist', renderAccessListItem(rowdata));
});
appendChildNodes(buttonTD, addButton);
var identityNodes = [], profileIcon = null, tutorAddButton = null;
var identityNodes = [], profileIcon = null, roleSelector = null;
if (rowdata.type == 'user') {
profileIcon = IMG({'src': config.wwwroot + 'thumb.php?type=profileicon&maxwidth=40&maxheight=40&id=' + rowdata.id});
identityNodes.push(A({'href': config.wwwroot + 'user/view.php?id=' + rowdata.id, 'target': '_blank'}, rowdata.name));
}
else if (rowdata.type == 'group') {
if (rowdata.jointype == 'controlled') {
tutorAddButton = BUTTON({'type': 'button', 'class': 'button'}, '{{str tag=addtutors section=view}}');
connect(tutorAddButton, 'onclick', function() {
rowdata.tutoronly = 1;
appendChildNodes('accesslist', renderAccessListItem(rowdata));
});
appendChildNodes(buttonTD, tutorAddButton);
rowdata.role = null;
var options = [OPTION({'value':null, 'selected':true}, '{{str tag=all}}')];
for (r in globaldata.roles[rowdata.grouptype]) {
options.push(OPTION({'value':globaldata.roles[rowdata.grouptype][r].name}, globaldata.roles[rowdata.grouptype][r].display));
}
roleSelector = SELECT({'name':'role'}, options);
connect(roleSelector, 'onchange', function() {
rowdata.role = this.value;
});
appendChildNodes(buttonTD, roleSelector);
identityNodes.push(A({'href': config.wwwroot + 'group/view.php?id=' + rowdata.id, 'target': '_blank'}, rowdata.name));
}
......
......@@ -44,6 +44,11 @@ switch ($type) {
break;
case 'group':
$data = search_group($query, $limit, $offset);
$roles = get_records_array('grouptype_roles');
$data['roles'] = array();
foreach ($roles as $r) {
$data['roles'][$r->grouptype][] = array('name' => $r->role, 'display' => get_string($r->role));
}
break;
}
......
......@@ -34,8 +34,10 @@ require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('pieforms/pieform/elements/calendar.php');
require_once(get_config('docroot') . 'lib/view.php');
require_once(get_config('docroot') . 'lib/group.php');
$view = new View(param_integer('id'));
$group = $view->get('group');
$new = param_boolean('new');
if ($new) {
......@@ -45,6 +47,10 @@ else {
define('TITLE', get_string('editaccessforview', 'view', $view->get('title')));
}
if ($group && !group_user_access($group)) {
throw new AccessDeniedException();
}
$smarty = smarty(array('tablerenderer'), pieform_element_calendar_get_headdata(pieform_element_calendar_configure(array())), array('mahara' => array('From', 'To')));
$artefacts = $view->get_artefact_metadata();
......@@ -129,21 +135,29 @@ function editaccess_validate(Pieform $form, $values) {
}
function editaccess_cancel_submit() {
global $view, $new;
global $view, $new, $group;
if ($new) {
$view->delete();
}
redirect('/view/');
if ($group) {
redirect('/view/groupviews.php?group='.$group);
}
redirect('/view');
}
function editaccess_submit(Pieform $form, $values) {
global $SESSION, $view, $new;
global $SESSION, $view, $new, $group;
if (param_boolean('back')) {
redirect('/view/blocks.php?id=' . $view->get('id') . '&new=' . $new);
}
if ($group && !group_user_access($group)) {
$SESSION->add_error_msg(get_string('notamember', 'group'));
redirect('/view/groupviews.php?group='.$group);
}
$view->set_access($values['accesslist']);
$view->set('startdate', $values['startdate']);
......@@ -157,7 +171,11 @@ function editaccess_submit(Pieform $form, $values) {
$str = get_string('viewaccesseditedsuccessfully', 'view');
}
$SESSION->add_ok_msg($str);
if ($group) {
redirect('/view/groupviews.php?group='.$group);
}
redirect('/view/');
}
......
......@@ -31,8 +31,10 @@ define('SECTION_PLUGINNAME', 'view');
define('SECTION_PAGE', 'blocks');
require(dirname(dirname(__FILE__)) . '/init.php');
require('view.php');
require_once(get_config('docroot') . 'lib/group.php');
$view = new View(param_integer('id'));
$group = $view->get('group');
// If the view has been submitted to a group, disallow editing
$submittedto = $view->get('submittedto');
......@@ -49,9 +51,16 @@ else {
define('TITLE', get_string('editblocksforview', 'view', $view->get('title')));
}
if ($group && !group_user_access($group)) {
throw new AccessDeniedException();
}
// check if cancel was selected
if ($new && isset($_POST['cancel'])) {
$view->delete();
if ($group) {
redirect(get_config('wwwroot') . '/view/groupviews.php?group='.$group);
}
redirect(get_config('wwwroot') . '/view/');
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment