Commit d5c30d0a authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic Committed by Robert Lyon
Browse files

Bug 1665481: Restrictions when adding journals in pages

behatnotneeded

Change-Id: I202828d9fb16ef9c9c0057ad2f03845683e31551
parent 479868cb
......@@ -156,8 +156,9 @@ class PluginBlocktypeBlog extends MaharaCoreBlocktype {
$where[] = $institution;
}
else if ($group) {
$sql .= " AND a.group = ?";
$sql .= " AND ( a.group = ? OR a.owner = ?)";
$where[] = $group;
$where[] = $USER->get('id');
}
else {
$sql .= " AND a.owner = ?";
......
......@@ -128,8 +128,8 @@ class PluginBlocktypeBlogpost extends MaharaCoreBlocktype {
$where = array($institution);
}
else if ($group) {
$sql .= " AND a.group = ?";
$where = array($group);
$sql .= " AND ( a.group = ? OR a.owner = ? )";
$where = array($group, $USER->get('id'));
}
else {
$sql .= " AND a.owner = ?";
......
......@@ -3400,12 +3400,17 @@ class View {
}
}
}
$blogrelated = isset($data['blocktype']) &&
($data['blocktype'] == 'blog' || $data['blocktype'] == 'blogpost'
|| $data['blocktype'] == 'recentposts');
$from = ' FROM {artefact} a ';
if ($group) {
// Get group-owned artefacts that the user has view
// permission on, and site-owned artefacts
// permission on, and site-owned artefacts.
// For blogs, blogposts and recentposts
// group owned and personal artefacts
$from .= '
LEFT OUTER JOIN (
SELECT
......@@ -3420,7 +3425,12 @@ class View {
AND r.can_view = 1
) ga ON (ga.group = a.group AND a.id = ga.artefact)';
$select = "(a.institution = 'mahara' OR ga.can_view = 1";
if ($blogrelated) {
$select = "(ga.can_view = 1";
}
else {
$select = "(a.institution = 'mahara' OR ga.can_view = 1";
}
if (is_string($group)) {
$ph = array((int)$group, $user->get('id'));
......@@ -3437,15 +3447,20 @@ class View {
}
}
if (!empty($data['userartefactsallowed'])) {
if (!empty($data['userartefactsallowed']) || $blogrelated) {
$select .= ' OR a.owner = ?';
$ph[] = $user->get('id');
}
$select .= ')';
}
else if ($institution) {
// Site artefacts & artefacts owned by this institution
$select = "(a.institution = 'mahara' OR a.institution = ?)";
if ($blogrelated) {
$select = "(a.institution = ?)";
}
else {
// Site artefacts & artefacts owned by this institution
$select = "(a.institution = 'mahara' OR a.institution = ?)";
}
$ph = array($institution);
}
else { // The view is owned by a normal user
......@@ -3468,7 +3483,7 @@ class View {
FROM {group_member} m
JOIN {artefact} aa ON m.group = aa.group
JOIN {artefact_access_role} aar ON aar.role = m.role AND aar.artefact = aa.id
WHERE m.member = ? AND aar.can_republish = 1
WHERE m.member = ? AND aar.can_republish = 1 AND artefacttype NOT IN (\'blog\', \'blogpost\', \'recentposts\')
UNION
SELECT artefact FROM {artefact_access_usr} WHERE usr = ? AND can_republish = 1';
......@@ -3480,7 +3495,7 @@ class View {
$institutions[] = 'mahara';
}
if ($institutions) {
if ($institutions && !$blogrelated) {
$select .= '
UNION
SELECT id FROM {artefact} WHERE institution IN (' . join(',', array_fill(0, count($institutions), '?')) . ')';
......
......@@ -95,6 +95,5 @@ Scenario: Creating a Journal entry
And I follow "Recent journal entries" in the "div#blog" "css_element"
And I press "Add"
And I should see "by group Groupies"
And I check "Admin User's Journal"
And I press "Save"
\ No newline at end of file
And I press "Save"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment