MDL-35558 mod_data: Show only own entries while there are required pending.

2025-08-06 17:36:38 +02:00 · 2012-11-07 19:50:15 +01:00 · 2012-11-07 19:50:15 +01:00 · 9b025da732
commit 9b025da732
parent f87d5a71ef
2 changed files with 32 additions and 23 deletions
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@ -3514,7 +3514,7 @@ function data_get_recordids($alias, $searcharray, $dataid, $recordids) {
 * @param int $sort            DATA_*
 * @param stdClass $data       Data module object
 * @param array $recordids     An array of record IDs.
- * @param string $selectdata   Information for the select part of the sql statement.
+ * @param string $selectdata   Information for the where and select part of the sql statement.
 * @param string $sortorder    Additional sort parameters
 * @return array sqlselect     sqlselect['sql'] has the sql string, sqlselect['params'] contains an array of parameters.
 */
@ -3559,13 +3559,17 @@ function data_get_advanced_search_sql($sort, $data, $recordids, $selectdata, $so
                                 {user} u ';
        $groupsql = ' GROUP BY r.id, r.approved, r.timecreated, r.timemodified, r.userid, u.firstname, u.lastname, ' .$sortcontentfull;
    }
-    $nestfromsql = 'WHERE c.recordid = r.id
-                      AND r.dataid = :dataid
-                      AND r.userid = u.id';
+
+    // Default to a standard Where statement if $selectdata is empty.
+    if ($selectdata == '') {
+        $selectdata = 'WHERE c.recordid = r.id
+                         AND r.dataid = :dataid
+                         AND r.userid = u.id ';
+    }

    // Find the field we are sorting on
    if ($sort > 0 or data_get_field_from_id($sort, $data)) {
-        $nestfromsql .= ' AND c.fieldid = :sort';
+        $selectdata .= ' AND c.fieldid = :sort';
    }

    // If there are no record IDs then return an sql statment that will return no rows.
@ -3574,7 +3578,7 @@ function data_get_advanced_search_sql($sort, $data, $recordids, $selectdata, $so
    } else {
        list($insql, $inparam) = $DB->get_in_or_equal(array('-1'), SQL_PARAMS_NAMED);
    }
-    $nestfromsql .= ' AND c.recordid ' . $insql . $selectdata . $groupsql;
+    $nestfromsql = $selectdata . ' AND c.recordid ' . $insql . $groupsql;
    $sqlselect['sql'] = "$nestselectsql $nestfromsql $sortorder";
    $sqlselect['params'] = $inparam;
    return $sqlselect;
--- a/mod/data/view.php
+++ b/mod/data/view.php
@ -456,11 +456,15 @@ if ($showactivity) {
            $requiredentries_allowed = false;
        }

+        // Initialise the first group of params for advanced searches.
+        $initialparams   = array();
+
    /// setup group and approve restrictions
        if (!$approvecap && $data->approval) {
            if (isloggedin()) {
                $approveselect = ' AND (r.approved=1 OR r.userid=:myid1) ';
                $params['myid1'] = $USER->id;
+                $initialparams['myid1'] = $params['myid1'];
            } else {
                $approveselect = ' AND r.approved=1 ';
            }
@ -471,6 +475,7 @@ if ($showactivity) {
        if ($currentgroup) {
            $groupselect = " AND (r.groupid = :currentgroup OR r.groupid = 0)";
            $params['currentgroup'] = $currentgroup;
+            $initialparams['currentgroup'] = $params['currentgroup'];
        } else {
            if ($canviewallrecords) {
                $groupselect = ' ';
@ -486,6 +491,8 @@ if ($showactivity) {
        $advwhere        = '';
        $advtables       = '';
        $advparams       = array();
+        // This is used for the initial reduction of advanced search results with required entries.
+        $entrysql        = '';

    /// Find the field we are sorting on
        if ($sort <= 0 or !$sortfield = data_get_field_from_id($sort, $data)) {
@ -514,8 +521,7 @@ if ($showactivity) {
            $tables = '{data_content} c,{data_records} r, {data_content} cs, {user} u ';
            $where =  'WHERE c.recordid = r.id
                         AND r.dataid = :dataid
-                         AND r.userid = u.id
-                         AND cs.recordid = r.id ';
+                         AND r.userid = u.id ';
            $params['dataid'] = $data->id;
            $sortorder = ' ORDER BY '.$ordering.', r.id ASC ';
            $searchselect = '';
@ -523,7 +529,9 @@ if ($showactivity) {
            // If requiredentries is not reached, only show current user's entries
            if (!$requiredentries_allowed) {
                $where .= ' AND u.id = :myid2 ';
+                $entrysql = ' AND r.userid = :myid3 ';
                $params['myid2'] = $USER->id;
+                $initialparams['myid3'] = $params['myid2'];
            }

            if (!empty($advanced)) {                                                  //If advanced box is checked.
@ -541,6 +549,7 @@ if ($showactivity) {
                    $advparams = array_merge($advparams, $val->params);
                }
            } else if ($search) {
+                $where .= ' AND cs.recordid = r.id ';
                $searchselect = " AND (".$DB->sql_like('cs.content', ':search1', false)." OR ".$DB->sql_like('u.firstname', ':search2', false)." OR ".$DB->sql_like('u.lastname', ':search3', false)." ) ";
                $params['search1'] = "%$search%";
                $params['search2'] = "%$search%";
@ -558,10 +567,11 @@ if ($showactivity) {
            $count = ' COUNT(DISTINCT c.recordid) ';
            $tables = '{data_content} c, {data_records} r, {data_content} cs, {user} u ';
            $where =  'WHERE c.recordid = r.id
-                         AND c.fieldid = :sort
                         AND r.dataid = :dataid
-                         AND r.userid = u.id
-                         AND cs.recordid = r.id ';
+                         AND r.userid = u.id ';
+            if (!$advanced) {
+                $where .=  'AND c.fieldid = :sort';
+            }
            $params['dataid'] = $data->id;
            $params['sort'] = $sort;
            $sortorder = ' ORDER BY sortorder '.$order.' , r.id ASC ';
@ -569,8 +579,10 @@ if ($showactivity) {

            // If requiredentries is not reached, only show current user's entries
            if (!$requiredentries_allowed) {
-                $where .= ' AND u.id = ' . $USER->id;
+                $where .= ' AND u.id = :myid2';
+                $entrysql = ' AND r.userid = :myid3';
                $params['myid2'] = $USER->id;
+                $initialparams['myid3'] = $params['myid2'];
            }
            $i = 0;
            if (!empty($advanced)) {                                                  //If advanced box is checked.
@ -587,6 +599,7 @@ if ($showactivity) {
                    $advparams = array_merge($advparams, $val->params);
                }
            } else if ($search) {
+                $where .= ' AND cs.recordid = r.id ';
                $searchselect = " AND (".$DB->sql_like('cs.content', ':search1', false)." OR ".$DB->sql_like('u.firstname', ':search2', false)." OR ".$DB->sql_like('u.lastname', ':search3', false)." ) ";
                $params['search1'] = "%$search%";
                $params['search2'] = "%$search%";
@ -599,23 +612,15 @@ if ($showactivity) {
    /// To actually fetch the records

        $fromsql    = "FROM $tables $advtables $where $advwhere $groupselect $approveselect $searchselect $advsearchselect";
-        $sqlcount   = "SELECT $count $fromsql";   // Total number of records when searching
-        $sqlmax     = "SELECT $count FROM $tables $where $groupselect $approveselect"; // number of all recoirds user may see
        $allparams  = array_merge($params, $advparams);

        // Provide initial sql statements and parameters to reduce the number of total records.
-        $selectdata = $groupselect . $approveselect;
-        $initialparams = array();
-        if ($currentgroup) {
-            $initialparams['currentgroup'] = $params['currentgroup'];
-        }
-        if (!$approvecap && $data->approval && isloggedin()) {
-            $initialparams['myid1'] = $params['myid1'];
-        }
+        $initialselect = $groupselect . $approveselect . $entrysql;

-        $recordids = data_get_all_recordids($data->id, $selectdata, $initialparams);
+        $recordids = data_get_all_recordids($data->id, $initialselect, $initialparams);
        $newrecordids = data_get_advance_search_ids($recordids, $search_array, $data->id);
        $totalcount = count($newrecordids);
+        $selectdata = $where . $groupselect . $approveselect;

        if (!empty($advanced)) {
            $advancedsearchsql = data_get_advanced_search_sql($sort, $data, $newrecordids, $selectdata, $sortorder);