Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
a527e807
Commit
a527e807
authored
Jul 03, 2008
by
Richard Mansfield
Browse files
Update edit view access for group views
parent
9d44d447
Changes
14
Hide whitespace changes
Inline
Side-by-side
htdocs/lib/activity.php
View file @
a527e807
...
...
@@ -213,17 +213,13 @@ function activity_get_viewaccess_users($view, $owner, $type) {
FROM {group_member} m
JOIN {view_access_group} vg ON vg.group = m.group
JOIN {group} g ON (g.id = vg.group AND g.deleted = 0)
WHERE vg.view = ? AND (vg.tutoronly = ? OR m.tutor = ?)
UNION SELECT g.owner
FROM {group} g
JOIN {view_access_group} ag ON ag.group = g.id
WHERE ag.view = ? AND g.deleted = 0
WHERE vg.view = ? AND (vg.role IS NULL OR vg.role = m.role)
) AS userlist
JOIN {usr} u ON u.id = userlist.userid
LEFT JOIN {usr_activity_preference} p ON p.usr = u.id
LEFT OUTER JOIN {usr_account_preference} ap ON (ap.usr = u.id AND ap.field = \'lang\')
WHERE p.activity = ?'
;
$values
=
array
(
$owner
,
$owner
,
$owner
,
'friends'
,
$view
,
$view
,
$view
,
0
,
1
,
$view
,
$type
->
id
);
$values
=
array
(
$owner
,
$owner
,
$owner
,
'friends'
,
$view
,
$view
,
$view
,
$type
->
id
);
if
(
!
$u
=
get_records_sql_assoc
(
$sql
,
$values
))
{
$u
=
array
();
}
...
...
htdocs/lib/db/install.xml
View file @
a527e807
...
...
@@ -307,6 +307,7 @@
<FIELD
NAME=
"grouptype"
TYPE=
"char"
LENGTH=
"20"
NOTNULL=
"true"
/>
<FIELD
NAME=
"role"
TYPE=
"text"
NOTNULL=
"true"
/>
<FIELD
NAME=
"edit_views"
TYPE=
"int"
LENGTH=
"1"
NOTNULL=
"true"
DEFAULT=
"1"
/>
<FIELD
NAME=
"see_submitted_views"
TYPE=
"int"
LENGTH=
"1"
NOTNULL=
"true"
DEFAULT=
"0"
/>
</FIELDS>
<KEYS>
<KEY
NAME=
"primary"
TYPE=
"primary"
FIELDS=
"grouptype,role"
/>
...
...
htdocs/lib/db/upgrade.php
View file @
a527e807
...
...
@@ -1126,6 +1126,11 @@ function xmldb_core_upgrade($oldversion=0) {
execute_sql
(
"UPDATE
{
grouptype_roles
}
SET edit_views = 0 WHERE grouptype = 'course' AND role = 'member'"
);
}
if
(
$oldversion
<
2008062306
)
{
execute_sql
(
'ALTER TABLE {grouptype_roles} ADD COLUMN see_submitted_views SMALLINT NOT NULL DEFAULT 0'
);
execute_sql
(
"UPDATE
{
grouptype_roles
}
SET see_submitted_views = 1 WHERE grouptype = 'course' AND role = 'tutor'"
);
}
return
$status
;
}
...
...
htdocs/lib/group.php
View file @
a527e807
...
...
@@ -474,19 +474,22 @@ abstract class GroupType {
public
function
install
()
{
$classname
=
get_class
(
$this
);
$type
=
strtolower
(
substr
(
$classname
,
strlen
(
'GroupType'
)));
$assessingroles
=
$this
->
get_view_assessing_roles
();
insert_record
(
'grouptype'
,
(
object
)
array
(
'name'
=>
$type
,
'submittableto'
=>
$this
->
takes_view_submissions
(
),
'submittableto'
=>
!
empty
(
$assessingroles
),
));
$roles
=
$this
->
get_roles
();
if
(
!
in_array
(
$roles
,
'admin'
))
{
$roles
[]
=
'admin'
;
}
$editingroles
=
$this
->
get_view_editing_roles
();
foreach
(
$roles
as
$r
)
{
insert_record
(
'grouptype_roles'
,
(
object
)
array
(
'grouptype'
=>
$type
,
'role'
=>
$r
,
'edit_views'
=>
$this
->
role_can_edit_views
(
$r
),
'edit_views'
=>
in_array
(
$r
,
$editingroles
),
'see_submitted_views'
=>
in_array
(
$r
,
$assessingroles
),
));
}
}
...
...
@@ -508,13 +511,7 @@ abstract class GroupType {
public
static
abstract
function
get_view_editing_roles
();
public
static
function
takes_view_submissions
()
{
return
false
;
}
public
static
function
role_can_edit_views
(
$role
)
{
return
in_array
(
$this
->
get_view_editing_roles
(),
$role
);
}
public
static
abstract
function
get_view_assessing_roles
();
}
...
...
htdocs/lib/grouptype/course.php
View file @
a527e807
...
...
@@ -48,8 +48,8 @@ class GroupTypeCourse extends GroupType {
return
array
(
'tutor'
,
'admin'
);
}
public
static
function
takes
_view_
submission
s
()
{
return
true
;
public
static
function
get
_view_
assessing_role
s
()
{
return
array
(
'tutor'
)
;
}
}
...
...
htdocs/lib/grouptype/standard.php
View file @
a527e807
...
...
@@ -42,6 +42,10 @@ class GroupTypeStandard extends GroupType {
return
array
(
'member'
,
'admin'
);
}
public
static
function
get_view_assessing_roles
()
{
return
array
();
}
}
?>
htdocs/lib/mahara.php
View file @
a527e807
...
...
@@ -1285,6 +1285,7 @@ function can_view_view($view_id, $user_id=null) {
SELECT
v.title,
v.owner,
v.group,
'
.
db_format_tsfield
(
'v.startdate'
,
'startdate'
)
.
',
'
.
db_format_tsfield
(
'v.stopdate'
,
'stopdate'
)
.
',
a.accesstype,
...
...
@@ -1294,7 +1295,8 @@ function can_view_view($view_id, $user_id=null) {
FROM
{view} v
LEFT OUTER JOIN {view_access} a ON v.id=a.view
INNER JOIN {usr} u ON (u.id = v.owner AND u.deleted = 0)
LEFT OUTER JOIN {usr} u ON (u.id = v.owner AND u.deleted = 0)
LEFT OUTER JOIN {group} g ON (g.id = v.group AND g.deleted = 0)
WHERE v.id=?
'
,
array
(
$view_id
));
...
...
@@ -1309,6 +1311,7 @@ function can_view_view($view_id, $user_id=null) {
foreach
(
$view_data
as
$row
)
{
$view_record
[
'title'
]
=
$row
->
title
;
$view_record
[
'owner'
]
=
$row
->
owner
;
$view_record
[
'group'
]
=
$row
->
group
;
$view_record
[
'startdate'
]
=
$row
->
startdate
;
$view_record
[
'stopdate'
]
=
$row
->
stopdate
;
$view_record
[
'submittedto'
]
=
$row
->
submittedto
;
...
...
@@ -1328,7 +1331,16 @@ function can_view_view($view_id, $user_id=null) {
return
true
;
}
if
(
$view_record
[
'submittedto'
]
&&
record_exists
(
'group_member'
,
'group'
,
$view_record
[
'submittedto'
],
'member'
,
$user_id
,
'tutor'
,
1
))
{
if
(
$view_record
[
'submittedto'
]
&&
get_field_sql
(
'
SELECT
r.see_submitted_views
FROM
group_member m
INNER JOIN group g ON (m.group = g.id AND g.deleted = 0)
INNER JOIN grouptype_roles r ON (g.grouptype = r.grouptype AND r.role = m.role)
WHERE
m.member = ?
AND m.group = ?'
,
array
(
$user_id
,
$view_record
[
'submittedto'
])))
{
//log_debug('Yes - View is submitted for assesment to a group you are a tutor in');
return
true
;
}
...
...
@@ -1425,9 +1437,9 @@ function can_view_view($view_id, $user_id=null) {
a.view = ?
AND ( a.startdate < ? OR a.startdate IS NULL )
AND ( a.stopdate > ? OR a.stopdate IS NULL )
AND (
(
m.member = ? AND (a.
tutoronly = 0 OR m.tutor = 1 ) ) OR g.owner = ?
)
AND ( m.member = ? AND (
a.
role IS NULL OR a.role = m.role )
)
LIMIT 1'
,
array
(
0
,
$view_id
,
$dbnow
,
$dbnow
,
$user_id
,
$user_id
)
array
(
0
,
$view_id
,
$dbnow
,
$dbnow
,
$user_id
)
)
)
{
//log_debug('Yes - View is available to a specific group');
...
...
htdocs/lib/version.php
View file @
a527e807
...
...
@@ -27,7 +27,7 @@
defined
(
'INTERNAL'
)
||
die
();
$config
=
new
StdClass
;
$config
->
version
=
200806230
5
;
$config
->
version
=
200806230
6
;
$config
->
release
=
'1.1.0alpha'
;
$config
->
minupgradefrom
=
2007080700
;
$config
->
minupgraderelease
=
'0.8.0 (release tag 0.8.0_RELEASE)'
;
...
...
htdocs/lib/view.php
View file @
a527e807
...
...
@@ -265,17 +265,16 @@ class View {
// Get access for users and groups
$extradata
=
get_records_sql_array
(
"
SELECT 'user' AS type, usr AS id,
0 AS tutoronly
, startdate, stopdate
SELECT 'user' AS type, usr AS id,
NULL AS role
, startdate, stopdate
FROM
{
view_access_usr
}
WHERE view = ?
UNION
SELECT 'group',
\"
group
\"
,
tutoronly
, startdate, stopdate FROM
{
view_access_group
}
SELECT 'group',
\"
group
\"
,
role
, startdate, stopdate FROM
{
view_access_group
}
INNER JOIN
{
group
}
g ON (
\"
group
\"
= g.id AND g.deleted = ?)
WHERE view = ?"
,
array
(
$this
->
id
,
0
,
$this
->
id
));
if
(
$extradata
)
{
foreach
(
$extradata
as
&
$extraitem
)
{
$extraitem
=
(
array
)
$extraitem
;
$extraitem
[
'tutoronly'
]
=
(
int
)
$extraitem
[
'tutoronly'
];
}
$data
=
array_merge
(
$data
,
$extradata
);
}
...
...
@@ -363,7 +362,7 @@ class View {
break
;
case
'group'
:
$accessrecord
->
group
=
$item
[
'id'
];
$accessrecord
->
tutoronly
=
$item
[
'
tutoronly
'
];
$accessrecord
->
role
=
$item
[
'
role
'
];
insert_record
(
'view_access_group'
,
$accessrecord
);
break
;
}
...
...
htdocs/search/internal/lib.php
View file @
a527e807
...
...
@@ -585,7 +585,7 @@ class PluginSearchInternal extends PluginSearch {
global
$USER
;
$sql
=
"
SELECT
id, name, description, jointype, ctime, mtime
id, name, description,
grouptype,
jointype, ctime, mtime
FROM
{
group
}
WHERE (
...
...
@@ -651,7 +651,7 @@ class PluginSearchInternal extends PluginSearch {
global
$USER
;
$sql
=
"
SELECT
id, name, description, jointype, ctime, mtime
id, name, description,
grouptype,
jointype, ctime, mtime
FROM
{
group
}
WHERE (
...
...
htdocs/theme/default/templates/form/viewacl.tpl
View file @
a527e807
...
...
@@ -71,7 +71,7 @@ function renderAccessListItem(item) {
var
row
=
TABLE
(
{
'class'
:
cssClass
}
,
TBODY
(
null
,
TR
(
null
,
TH
(
null
,
name
,
(
item
.
tutoronly
?
'
'
+
'
{
{
str
tag
=
tutors
section
=
view
}
}
'
:
''
)),
TH
(
null
,
name
,
(
item
.
role
?
'
'
+
item
.
role
:
''
)),
TD
(
{
'class'
:
'right'
}
,
removeButton
)
),
TR
(
null
,
...
...
@@ -91,11 +91,11 @@ function renderAccessListItem(item) {
:
null
),
(
typeof
(
item
.
tutoronly
)
!=
'
undefined
'
?
(
typeof
(
item
.
role
)
!=
'
undefined
'
?
INPUT
({
'
type
'
:
'
hidden
'
,
'
name
'
:
'
accesslist[
'
+
count
+
'
][
tutoronly
]
'
,
'
value
'
:
item
.
tutoronly
'
name
'
:
'
accesslist[
'
+
count
+
'
][
role
]
'
,
'
value
'
:
item
.
role
})
:
null
...
...
@@ -208,25 +208,26 @@ searchTable.rowfunction = function(rowdata, rownumber, globaldata) {
var
addButton
=
BUTTON
(
{
'type'
:
'button'
,
'class'
:
'button'
}
,
'
{
{
str
tag
=
add
}
}
'
);
connect
(
addButton
,
'
onclick
'
,
function
()
{
rowdata
.
tutoronly
=
0
;
appendChildNodes
(
'
accesslist
'
,
renderAccessListItem
(
rowdata
));
});
appendChildNodes
(
buttonTD
,
addButton
);
var
identityNodes
=
[],
profileIcon
=
null
,
tutorAddBut
to
n
=
null
;
var
identityNodes
=
[],
profileIcon
=
null
,
roleSelec
to
r
=
null
;
if
(
rowdata
.
type
==
'
user
'
)
{
profileIcon
=
IMG
(
{
'src'
:
config
.
wwwroot
+
'thumb.php?type=profileicon&maxwidth=40&maxheight=40&id='
+
rowdata
.
id
}
);
identityNodes
.
push
(
A
(
{
'href'
:
config
.
wwwroot
+
'user/view.php?id='
+
rowdata
.
id
,
'target'
:
'_blank'
}
,
rowdata
.
name
));
}
else
if
(
rowdata
.
type
==
'
group
'
)
{
if
(
rowdata
.
jointype
==
'
controlled
'
)
{
tutorAddButton
=
BUTTON
(
{
'type'
:
'button'
,
'class'
:
'button'
}
,
'
{
{
str
tag
=
addtutors
section
=
view
}
}
'
);
connect
(
tutorAddButton
,
'
onclick
'
,
function
()
{
rowdata
.
tutoronly
=
1
;
appendChildNodes
(
'
accesslist
'
,
renderAccessListItem
(
rowdata
));
});
appendChildNodes
(
buttonTD
,
tutorAddButton
);
rowdata
.
role
=
null
;
var
options
=
[
OPTION
(
{
'value'
:
null
,
'selected'
:
true
}
,
'
{
{
str
tag
=
all
}
}
'
)];
for
(
r
in
globaldata
.
roles
[
rowdata
.
grouptype
])
{
options
.
push
(
OPTION
(
{
'value'
:
globaldata
.
roles
[
rowdata
.
grouptype
][
r
].
name
}
,
globaldata
.
roles
[
rowdata
.
grouptype
][
r
].
display
));
}
roleSelector
=
SELECT
(
{
'name'
:
'role'
}
,
options
);
connect
(
roleSelector
,
'
onchange
'
,
function
()
{
rowdata
.
role
=
this
.
value
;
});
appendChildNodes
(
buttonTD
,
roleSelector
);
identityNodes
.
push
(
A
(
{
'href'
:
config
.
wwwroot
+
'group/view.php?id='
+
rowdata
.
id
,
'target'
:
'_blank'
}
,
rowdata
.
name
));
}
...
...
htdocs/view/access.json.php
View file @
a527e807
...
...
@@ -44,6 +44,11 @@ switch ($type) {
break
;
case
'group'
:
$data
=
search_group
(
$query
,
$limit
,
$offset
);
$roles
=
get_records_array
(
'grouptype_roles'
);
$data
[
'roles'
]
=
array
();
foreach
(
$roles
as
$r
)
{
$data
[
'roles'
][
$r
->
grouptype
][]
=
array
(
'name'
=>
$r
->
role
,
'display'
=>
get_string
(
$r
->
role
));
}
break
;
}
...
...
htdocs/view/access.php
View file @
a527e807
...
...
@@ -34,8 +34,10 @@ require(dirname(dirname(__FILE__)) . '/init.php');
require_once
(
'pieforms/pieform.php'
);
require_once
(
'pieforms/pieform/elements/calendar.php'
);
require_once
(
get_config
(
'docroot'
)
.
'lib/view.php'
);
require_once
(
get_config
(
'docroot'
)
.
'lib/group.php'
);
$view
=
new
View
(
param_integer
(
'id'
));
$group
=
$view
->
get
(
'group'
);
$new
=
param_boolean
(
'new'
);
if
(
$new
)
{
...
...
@@ -45,6 +47,10 @@ else {
define
(
'TITLE'
,
get_string
(
'editaccessforview'
,
'view'
,
$view
->
get
(
'title'
)));
}
if
(
$group
&&
!
group_user_access
(
$group
))
{
throw
new
AccessDeniedException
();
}
$smarty
=
smarty
(
array
(
'tablerenderer'
),
pieform_element_calendar_get_headdata
(
pieform_element_calendar_configure
(
array
())),
array
(
'mahara'
=>
array
(
'From'
,
'To'
)));
$artefacts
=
$view
->
get_artefact_metadata
();
...
...
@@ -129,21 +135,29 @@ function editaccess_validate(Pieform $form, $values) {
}
function
editaccess_cancel_submit
()
{
global
$view
,
$new
;
global
$view
,
$new
,
$group
;
if
(
$new
)
{
$view
->
delete
();
}
redirect
(
'/view/'
);
if
(
$group
)
{
redirect
(
'/view/groupviews.php?group='
.
$group
);
}
redirect
(
'/view'
);
}
function
editaccess_submit
(
Pieform
$form
,
$values
)
{
global
$SESSION
,
$view
,
$new
;
global
$SESSION
,
$view
,
$new
,
$group
;
if
(
param_boolean
(
'back'
))
{
redirect
(
'/view/blocks.php?id='
.
$view
->
get
(
'id'
)
.
'&new='
.
$new
);
}
if
(
$group
&&
!
group_user_access
(
$group
))
{
$SESSION
->
add_error_msg
(
get_string
(
'notamember'
,
'group'
));
redirect
(
'/view/groupviews.php?group='
.
$group
);
}
$view
->
set_access
(
$values
[
'accesslist'
]);
$view
->
set
(
'startdate'
,
$values
[
'startdate'
]);
...
...
@@ -157,7 +171,11 @@ function editaccess_submit(Pieform $form, $values) {
$str
=
get_string
(
'viewaccesseditedsuccessfully'
,
'view'
);
}
$SESSION
->
add_ok_msg
(
$str
);
if
(
$group
)
{
redirect
(
'/view/groupviews.php?group='
.
$group
);
}
redirect
(
'/view/'
);
}
...
...
htdocs/view/blocks.php
View file @
a527e807
...
...
@@ -31,8 +31,10 @@ define('SECTION_PLUGINNAME', 'view');
define
(
'SECTION_PAGE'
,
'blocks'
);
require
(
dirname
(
dirname
(
__FILE__
))
.
'/init.php'
);
require
(
'view.php'
);
require_once
(
get_config
(
'docroot'
)
.
'lib/group.php'
);
$view
=
new
View
(
param_integer
(
'id'
));
$group
=
$view
->
get
(
'group'
);
// If the view has been submitted to a group, disallow editing
$submittedto
=
$view
->
get
(
'submittedto'
);
...
...
@@ -49,9 +51,16 @@ else {
define
(
'TITLE'
,
get_string
(
'editblocksforview'
,
'view'
,
$view
->
get
(
'title'
)));
}
if
(
$group
&&
!
group_user_access
(
$group
))
{
throw
new
AccessDeniedException
();
}
// check if cancel was selected
if
(
$new
&&
isset
(
$_POST
[
'cancel'
]))
{
$view
->
delete
();
if
(
$group
)
{
redirect
(
get_config
(
'wwwroot'
)
.
'/view/groupviews.php?group='
.
$group
);
}
redirect
(
get_config
(
'wwwroot'
)
.
'/view/'
);
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment