mirror of
https://github.com/moodle/moodle.git
synced 2025-08-05 00:46:50 +02:00
forum subscriptions: MDL-14876 user of deprecated functions was breaking managing subscribers.
This was visible when, for example, unusual role definitions meant that someone could access a forum without being enrolled in a course. Note that one of the places that was previously broken was front page forums. Since subscribers.php does not do paging at all, the fact that I have fixed this bug makes this page dangerous on large sites. A proper solution will have to wait until bug 17550 is fixed in HEAD. This also fixes a minor problem introduced by MDL-12979.
This commit is contained in:
tjhunt
parent
3c573960ec
commit
8d8d0bfaae
3 changed files with 66 additions and 48 deletions
|
|
@ -31,10 +31,10 @@
|
|||
|
||||
add_to_log($course->id, "forum", "view subscribers", "subscribers.php?id=$forum->id", $forum->id, $cm->id);
|
||||
|
||||
$strsubscribeall = get_string("subscribeall", "forum");
|
||||
$strsubscribeall = get_string("subscribeall", "forum");
|
||||
$strsubscribenone = get_string("subscribenone", "forum");
|
||||
$strsubscribers = get_string("subscribers", "forum");
|
||||
$strforums = get_string("forums", "forum");
|
||||
$strsubscribers = get_string("subscribers", "forum");
|
||||
$strforums = get_string("forums", "forum");
|
||||
|
||||
$navigation = build_navigation($strsubscribers, $cm);
|
||||
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
if (empty($USER->subscriptionsediting)) { /// Display an overview of subscribers
|
||||
|
||||
if (! $users = forum_subscribed_users($course, $forum, $currentgroup) ) {
|
||||
if (! $users = forum_subscribed_users($course, $forum, $currentgroup, $context) ) {
|
||||
|
||||
print_heading(get_string("nosubscribers", "forum"));
|
||||
|
||||
|
|
@ -93,12 +93,11 @@
|
|||
$strsubscribers = get_string("subscribers", "forum");
|
||||
$strforums = get_string("forums", "forum");
|
||||
|
||||
$searchtext = optional_param('searchtext', '', PARAM_RAW);
|
||||
if ($frm = data_submitted()) {
|
||||
|
||||
/// A form was submitted so process the input
|
||||
|
||||
if (!empty($frm->add) and !empty($frm->addselect)) {
|
||||
|
||||
foreach ($frm->addselect as $addsubscriber) {
|
||||
if (! forum_subscribe($addsubscriber, $id)) {
|
||||
print_error('cannotaddsubscriber', 'forum', '', $addsubscriber);
|
||||
|
|
@ -111,36 +110,40 @@
|
|||
}
|
||||
}
|
||||
} else if (!empty($frm->showall)) {
|
||||
unset($frm->searchtext);
|
||||
$frm->previoussearch = 0;
|
||||
$searchtext = '';
|
||||
}
|
||||
}
|
||||
|
||||
$previoussearch = (!empty($frm->search) or (!empty($frm->previoussearch) && $frm->previoussearch == 1)) ;
|
||||
|
||||
/// Get all existing subscribers for this forum.
|
||||
if (!$subscribers = forum_subscribed_users($course, $forum, $currentgroup)) {
|
||||
if (!$subscribers = forum_subscribed_users($course, $forum, $currentgroup, $context)) {
|
||||
$subscribers = array();
|
||||
}
|
||||
|
||||
$subscriberarray = array();
|
||||
/// Get all the potential subscribers excluding users already subscribed
|
||||
$users = forum_get_potential_subscribers($context, $currentgroup, 'id,email,firstname,lastname', 'firstname ASC, lastname ASC');
|
||||
if (!$users) {
|
||||
$users = array();
|
||||
}
|
||||
foreach ($subscribers as $subscriber) {
|
||||
$subscriberarray[] = $subscriber->id;
|
||||
}
|
||||
$subscriberlist = implode(',', $subscriberarray);
|
||||
|
||||
/// Get search results excluding any users already subscribed
|
||||
|
||||
if (!empty($frm->searchtext) and $previoussearch) {
|
||||
$searchusers = search_users($course->id, $currentgroup, $frm->searchtext, 'firstname ASC, lastname ASC', $subscriberarray);
|
||||
unset($users[$subscriber->id]);
|
||||
}
|
||||
|
||||
/// If no search results then get potential subscribers for this forum excluding users already subscribed
|
||||
if (empty($searchusers)) {
|
||||
$users = get_users_by_capability($context, 'moodle/course:view', '', 'firstname ASC, lastname ASC', '','',$currentgroup,$subscriberlist, false);
|
||||
/// This is yucky, but do the search in PHP, becuase the list we are using comes from get_users_by_capability,
|
||||
/// which does not allow searching in the database. Fortunately the list is only this list of users in this
|
||||
/// course, which is normally OK, except on the site course of a big site. But before you can enter a search
|
||||
/// term, you have already seen a page that lists everyone, since this code never does paging, so you have probably
|
||||
/// already crashed your server if you are going to. This will be fixed properly for Moodle 2.0: MDL-17550.
|
||||
if ($searchtext) {
|
||||
$searchusers = array();
|
||||
$lcsearchtext = moodle_strtolower($searchtext);
|
||||
foreach ($users as $userid => $user) {
|
||||
if (strpos(moodle_strtolower($user->email), $lcsearchtext) !== false ||
|
||||
strpos(moodle_strtolower($user->firstname . ' ' . $user->lastname), $lcsearchtext) !== false) {
|
||||
$searchusers[$userid] = $user;
|
||||
}
|
||||
unset($users[$userid]);
|
||||
}
|
||||
}
|
||||
$searchtext = (isset($frm->searchtext)) ? $frm->searchtext : "";
|
||||
$previoussearch = ($previoussearch) ? '1' : '0';
|
||||
|
||||
print_simple_box_start('center');
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue