Commit c1e7abc3 authored by Stacey Walker's avatar Stacey Walker Committed by Richard Mansfield
Browse files

refactored collection code, better checks for access cloning

parent 680431be
......@@ -832,8 +832,8 @@ class User {
* if groups are allowed collections and other amendments in the future
*/
public function can_edit_collection($c) {
$owner = get_column('collection', 'owner','id',$c);
if ($owner[0] == $this->get('id')) {
$owner = $c->get('owner');
if ($owner == $this->get('id')) {
return true;
}
return false;
......
......@@ -27,9 +27,14 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection/info');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'about');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('collection.php');
define('TITLE', get_string('viewcollection','collection'));
define('TITLE', get_string('viewcollection', 'collection'));
// check that My Collections is enabled in the config
// if not as the user is trying to access this illegally
......@@ -40,19 +45,19 @@ if (!get_config('allowcollections')) {
$collectionid = param_integer('id');
define('COLLECTION', $collectionid);
if (!$USER->can_edit_collection(COLLECTION)) {
$data = get_record_select('collection', 'id = ?', array(COLLECTION), '*, ' . db_format_tsfield('ctime'));
$collection = new Collection(COLLECTION, (array)$data);
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$collection = get_record_select('collection', 'id = ?', array(COLLECTION), '*, ' . db_format_tsfield('ctime'));
$collection->ctime = strftime(get_string('strftimedate'), $collection->ctime);
$collection->viewcount = count_records('collection_view','collection',COLLECTION);
$accessoverride = collection_get_master(COLLECTION);
$data->ctime = strftime(get_string('strftimedate'), $data->ctime);
$data->views = count_records('collection_view','collection',COLLECTION);
$data->access = $collection->master();
$smarty = smarty();
$smarty->assign('collection', $collection);
$smarty->assign('accessoverride',$accessoverride);
$smarty->assign('collection', $data);
$smarty->display('collection/info.tpl');
?>
......@@ -27,7 +27,13 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection/access');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'views');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
require_once('view.php');
define('TITLE', get_string('collectionaccess','collection'));
......@@ -40,34 +46,29 @@ if (!get_config('allowcollections')) {
$collectionid = param_integer('id');
define('COLLECTION', $collectionid);
$smarty = smarty();
if (!$USER->can_edit_collection(COLLECTION)) {
$collection = Collection::current_collection();
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$master = $collection->master();
$views = collection_get_views(COLLECTION);
$master = collection_get_master(COLLECTION);
// we only need to have a select list if there is more than one view
if (count($views) > 1) {
$form = null;
if ($collection->has_views()) {
$views = $collection->views();
$options[0] = get_string('nooverride','collection');
foreach ($views as $value) {
$options[$value->view] = $value->title;
foreach ($views as $v) {
$options[$v->view] = $v->title;
}
$elements['collection'] = array(
'type' => 'hidden',
'value' => COLLECTION,
);
$elements['view'] = array(
'type' => 'select',
'title' => get_string('masterview','collection'),
'options' => $options,
'rules' => array('required' => true),
'defaultvalue' => $master ? $master->id : 0,
'defaultvalue' => $master ? $master->view : 0,
);
$elements['submit'] = array(
'type' => 'submit',
......@@ -77,25 +78,47 @@ if (count($views) > 1) {
$form = pieform(array(
'name' => 'access',
'renderer' => 'div',
'plugintype' => 'core',
'pluginname' => 'collection',
'autofocus' => false,
'method' => 'post',
'successcallback' => 'submit',
'renderer' => 'div',
'elements' => $elements,
));
$smarty->assign('form', $form);
}
if ($master) {
$smarty->assign('master',$master->title);
$smarty->assign('masterid',$master->id);
}
$smarty = smarty();
$smarty->assign('master',$master);
$smarty->assign('form', $form);
$smarty->assign('accessdesc',get_string('accessdesc','collection'));
$smarty->assign('viewcount', count($views));
$smarty->display('collection/access.tpl');
function access_submit(Pieform $form, $values) {
collection_set_access($values['collection'],$values['view']);
function submit(Pieform $form, $values) {
global $SESSION, $collection;
$success = $collection->set_master($values['view']);
if (!$success) {
$SESSION->add_ok_msg(get_string('nooverridesaved', 'collection'));
redirect('/collection/access.php?id=' . $collection->get('id'));
}
if ($success['secreturl'] == false) {
$SESSION->add_ok_msg(get_string('accesssaved', 'collection'));
redirect('/collection/access.php?id=' . $collection->get('id'));
}
else {
if (!empty($success['valid'])) {
$SESSION->add_ok_msg(get_string('accesssaved', 'collection'));
$SESSION->add_info_msg(get_string('accessignored', 'collection'));
redirect('/collection/access.php?id=' . $collection->get('id'));
}
else {
$SESSION->add_error_msg(get_string('accesscantbeused', 'collection'));
redirect('/collection/access.php?id=' . $collection->get('id'));
}
}
}
?>
......@@ -27,10 +27,16 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'create');
require(dirname(dirname(__FILE__)) . '/init.php');
define('SECTION_PAGE', 'mycollections');
require_once('pieforms/pieform.php');
require_once('collection.php');
define('TITLE', get_string('newcollection','collection'));
require_once('collection2.php');
define('TITLE', get_string('newcollection', 'collection'));
// check that My Collections is enabled in the config
// if not as the user is trying to access this illegally
......@@ -38,11 +44,30 @@ if (!get_config('allowcollections')) {
die();
}
$form = collection_get_form();
$elements = Collection::get_collectionform_elements();
$elements['submit'] = array(
'type' => 'submitcancel',
'value' => array(get_string('savecollection','collection'), get_string('cancel')),
'goto' => get_config('wwwroot') . 'collection/',
);
$form = pieform(array(
'name' => 'createcollection',
'plugintype' => 'core',
'pluginname' => 'collection',
'successcallback' => 'submit',
'elements' => $elements,
));
$smarty =& smarty();
$smarty = smarty();
$smarty->assign_by_ref('newcollectionform', $form);
$smarty->assign_by_ref('PAGEHEADING', hsc(TITLE));
$smarty->display('collection/new.tpl');
function submit(Pieform $form, $values) {
global $SESSION;
Collection::save($values);
$SESSION->add_ok_msg(get_string('collectionsaved', 'collection'));
redirect('/collection/');
}
?>
......@@ -27,10 +27,16 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'delete');
require(dirname(dirname(__FILE__)) . '/init.php');
define('SECTION_PAGE', 'mycollections');
require_once('pieforms/pieform.php');
require_once('collection.php');
define('TITLE', get_string('deletecollection', 'collection'));
$collectionid = param_integer('id');
// check that My Collections is enabled in the config
// if not as the user is trying to access this illegally
......@@ -38,15 +44,12 @@ if (!get_config('allowcollections')) {
die();
}
$id = param_integer('id');
define('COLLECTION', $id);
if (!$USER->can_edit_collection(COLLECTION)) {
$data = get_record_select('collection', 'id = ?', array($collectionid));
$collection = new Collection($collectionid, (array)$data);
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$collection = get_record_select('collection', 'id = ?', array(COLLECTION));
$form = pieform(array(
'name' => 'deletecollection',
'renderer' => 'div',
......@@ -56,10 +59,6 @@ $form = pieform(array(
'value' => array(get_string('yes'), get_string('no')),
'goto' => get_config('wwwroot') . 'collection/',
),
'collection' => array(
'type' => 'hidden',
'value' => COLLECTION,
),
),
));
......@@ -70,7 +69,10 @@ $smarty->assign('form', $form);
$smarty->display('collection/delete.tpl');
function deletecollection_submit(Pieform $form, $values) {
collection_delete($values['collection']);
global $SESSION, $collection;
$collection->delete();
$SESSION->add_ok_msg(get_string('collectiondeleted', 'collection'));
redirect('/collection/');
}
?>
......@@ -26,9 +26,14 @@
*/
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection');
define('MENUITEM', 'myportfolio/collection/views');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'deleteview');
require(dirname(dirname(__FILE__)) . '/init.php');
define('SECTION_PAGE', 'mycollections');
require_once('pieforms/pieform.php');
require_once('collection.php');
define('TITLE', get_string('deleteview', 'collection'));
......@@ -38,44 +43,44 @@ if (!get_config('allowcollections')) {
die();
}
$id = param_integer('id');
define('VIEW', $id);
$viewid = param_integer('v');
$collectionid = param_integer('c');
define('VIEW', $viewid);
define('COLLECTION', $collectionid);
$collection = get_column('collection_view','collection','view',VIEW);
if (!$USER->can_edit_collection($collection[0])) {
$collection = Collection::current_collection();
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$cv = get_record_select('collection_view', 'collection = ? AND view = ?', array($collection[0], VIEW));
$form = pieform(array(
'name' => 'removeview',
'renderer' => 'div',
'plugintype' => 'core',
'pluginname' => 'collection',
'autofocus' => false,
'successcallback' => 'submit',
'elements' => array(
'submit' => array(
'type' => 'submitcancel',
'value' => array(get_string('yes'), get_string('no')),
'goto' => get_config('wwwroot') . 'collection/views.php?id='.$collection[0],
),
'view' => array(
'type' => 'hidden',
'value' => VIEW,
),
'collection' => array(
'type' => 'hidden',
'value' => $collection[0],
'goto' => get_config('wwwroot') . 'collection/views.php?id='.COLLECTION,
),
),
));
$smarty = smarty();
$smarty->assign('subheading', hsc(TITLE));
$smarty->assign('message', get_string('viewconfirmdelete', 'collection'));
$smarty->assign('message', get_string('viewconfirmremove', 'collection'));
$smarty->assign('form', $form);
$smarty->display('collection/delete.tpl');
function removeview_submit(Pieform $form, $values) {
collection_view_delete($values['view'], $values['collection']);
function submit(Pieform $form, $values) {
global $SESSION, $viewid, $collection;
$collection->remove_view($viewid);
$SESSION->add_ok_msg(get_string('viewremovedsuccessfully','collection'));
redirect('/collection/views.php?id='.$collection->get('id'));
}
?>
......@@ -27,7 +27,13 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection/info');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'edit');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
define('TITLE', get_string('editcollection', 'collection'));
......@@ -37,18 +43,39 @@ if (!get_config('allowcollections')) {
die();
}
$id = param_integer('id');
define('COLLECTION', $id);
$collectionid = param_integer('id');
define('COLLECTION', $collectionid);
if (!$USER->can_edit_collection(COLLECTION)) {
$data = get_record_select('collection', 'id = ?', array(COLLECTION));
$collection = new Collection(COLLECTION, (array)$data);
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$collection = get_record_select('collection', 'id = ?', array(COLLECTION));
$editcollection = collection_get_form($collection);
$elements = Collection::get_collectionform_elements($data);
$elements['submit'] = array(
'type' => 'submitcancel',
'value' => array(get_string('savecollection','collection'), get_string('cancel')),
'goto' => get_config('wwwroot') . 'collection/about.php?id='.COLLECTION,
);
$form = pieform(array(
'name' => 'editcollection',
'plugintype' => 'core',
'pluginname' => 'collection',
'successcallback' => 'submit',
'elements' => $elements,
));
$smarty = smarty();
$smarty->assign('editcollection', $editcollection);
$smarty->assign_by_ref('form', $form);
$smarty->display('collection/edit.tpl');
function submit(Pieform $form, $values) {
global $SESSION, $collectionid;
Collection::save($values);
$SESSION->add_ok_msg(get_string('collectionsaved', 'collection'));
redirect('/collection/about.php?id='.$collectionid);
}
?>
......@@ -26,15 +26,16 @@
*/
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
define('TITLE', get_string('mycollections','collection'));
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'mycollections');
define('SECTION_PAGE', 'index');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
define('TITLE', get_string('mycollections', 'collection'));
// check that My Collections is enabled in the config
// if not as the user is trying to access this illegally
......@@ -44,15 +45,31 @@ if (!get_config('allowcollections')) {
// offset and limit for pagination
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
$limit = param_integer('limit', 5);
$collections = collection_get_user_collections($offset, $limit);
collection_build_list_html($collections);
$data = Collection::get_mycollections_data($offset, $limit);
$pagination = build_pagination(array(
'id' => 'collectionslist_pagination',
'class' => 'center',
'url' => get_config('wwwroot') . 'collection/index.php',
'jsonscript' => 'collection/collections.json.php',
'datatable' => 'collectionslist',
'count' => $data->count,
'limit' => $data->limit,
'offset' => $data->offset,
'firsttext' => '',
'previoustext' => '',
'nexttext' => '',
'lasttext' => '',
'numbersincludefirstlast' => false,
'resultcounttextsingular' => get_string('collection', 'collection'),
'resultcounttextplural' => get_string('collections', 'collection'),
));
$smarty = smarty(array('paginator'));
if ($collections['count'] > 0) {
$smarty->assign('collections', $collections);
}
$smarty->assign('collections', $data->data);
$smarty->assign('pagination', $pagination['html']);
$smarty->assign('strnocollectionsaddone',
get_string('nocollectionsaddone','collection','<a href="' . get_config('wwwroot') . 'collection/create.php">', '</a>'));
$smarty->assign('PAGEHEADING', hsc(get_string('mycollections', 'collection')));
......
......@@ -27,6 +27,11 @@
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/collection/views');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'collection');
define('SECTION_PAGE', 'views');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
......@@ -38,30 +43,26 @@ if (!get_config('allowcollections')) {
die();
}
$id = param_integer('id');
define('COLLECTION', $id);
$collectionid = param_integer('id');
define('COLLECTION', $collectionid);
if (!$USER->can_edit_collection(COLLECTION)) {
$data = get_record_select('collection', 'id = ?', array(COLLECTION), '*, ' . db_format_tsfield('ctime'));
$collection = new Collection(COLLECTION, (array)$data);
if (!$USER->can_edit_collection($collection)) {
$SESSION->add_error_msg(get_string('canteditdontown'));
redirect('/collection/');
}
$currentviews = collection_get_views(COLLECTION);
collection_build_view_list_html($currentviews);
$incollection = $collection->views();
$elements = array();
if ($userviews = collection_get_user_views()) {
foreach ($userviews as $value) {
$elements['view_'.$value->id] = array(
if ($available = Collection::available_views()) {
foreach ($available as $a) {
$elements['view_'.$a->id] = array(
'type' => 'checkbox',
'title' => $value->title,
'title' => $a->title,
);
}
$elements['id'] = array(
'type' => 'hidden',
'value' => COLLECTION,
);
$elements['submit'] = array(
'type' => 'submit',
'value' => get_string('add','collection'),
......@@ -70,9 +71,10 @@ if ($userviews = collection_get_user_views()) {
$form = pieform(array(
'name' => 'addviews',
'renderer' => 'div',
'plugintype' => 'core',
'pluginname' => 'collection',
'autofocus' => false,
'method' => 'post',
'successcallback' => 'submit',
'elements' => $elements,
));
}
......@@ -81,9 +83,23 @@ else {
}
$smarty = smarty();
$smarty->assign_by_ref('currentviews', $currentviews);
$smarty->assign_by_ref('incollection', $incollection);
$smarty->assign('form', $form);
$smarty->assign('addviews', get_string('addviews', 'collection'));
$smarty->display('collection/views.tpl');
function submit(Pieform $form, $values) {
global $SESSION, $collection;
$count = $collection->add_views($values);
if ($count > 1) {
$SESSION->add_ok_msg(get_string('viewsaddedtocollection', 'collection'));
}
else {
$SESSION->add_ok_msg(get_string('viewaddedtocollection', 'collection'));
}
redirect('/collection/views.php?id=' . $collection->get('id'));
}
?>
......@@ -36,6 +36,7 @@ $string['accesscantbeused'] = 'Access override not saved. The chosen views acces
$string['accessdesc'] = 'Access for the collection is determined by the master view. Initially collections will have no override for view access unless explicitly set. <br /> This means that each view can have independent access permissions.<br /> Please note that \'secret URL\' access types can not be used as access overrride.';
$string['accessoverride'] = 'Access override';
$string['accesssaved'] = 'Collection access saved successfully.';
$string['accessignored'] = 'Some secret URL access types were ignored.';
$string['add'] = 'Add';
$string['addview'] = 'Add view';
$string['addviews'] = 'Add views to collection';
......@@ -63,7 +64,7 @@ $string['name'] = 'Collection name';
$string['newcollection'] = 'New Collection';
$string['nocollectionsaddone'] = 'No collections yet. %sAdd one%s!';
$string['nooverride'] = 'No override';
$string['nooverridesavedcorrectly'] = 'No override access for views selected.';
$string['nooverridesaved'] = 'No override access for views selected.';
$string['noviews'] = 'No views in collection.';
$string['noviewstochoose'] = 'No views to choose from.';
$string['overrideaccess'] = 'Override Access';
......@@ -73,8 +74,8 @@ $string['usecollectionname'] = 'Use collection name?';
$string['usecollectionnamedesc'] = 'If you wish to use the collection name instead of the Block Title leave this checked.';
$string['viewaddedtocollection'] = 'View added to collection.';
$string['viewcollection'] = 'View Collection Details';
$string['viewconfirmdelete'] = 'Are you sure you wish to remove this view?';
$string['viewcount'] = 'Views';
$string['viewremovedsuccessfully'] = 'View removed successfully.';
$string['views'] = 'Views';
$string['viewsaddedtocollection'] = 'Views added to collection.';
$string['viewstobeadded'] = 'Views to be added';
......
This diff is collapsed.
......@@ -857,6 +857,11 @@ class QuotaExceededException extends UserException {}
*/
class UploadException extends UserException {}