moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 17:06:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

264
mod/forum/post.php
View file

@ -12,14 +12,18 @@
$prune = optional_param('prune',0,PARAM_INT);
$name = optional_param('name','',PARAM_CLEAN);
$confirm = optional_param('confirm',0,PARAM_INT);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
if (isguest()) {
$wwwroot = $CFG->wwwroot.'/login/index.php';
if (!empty($CFG->loginhttps)) {
$wwwroot = str_replace('http:','https:', $wwwroot);
$wwwroot = str_replace('http','https', $wwwroot);
}
if (!empty($forum)) { // User is starting a new discussion in a forum
if (isset($forum)) { // User is starting a new discussion in a forum
if (! $forum = get_record('forum', 'id', $forum)) {
error('The forum number was incorrect');
}
@ -38,7 +42,10 @@
error('The course number was incorrect');
}
if (!$cm = get_coursemodule_from_instance('forum', $forum->id, $course->id)) { // For the logs
// Teacher forum?
$cm->id = 0;
} else {
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
}
$strforums = get_string('modulenameplural', 'forum');
@ -61,84 +68,54 @@
require_login(0, false); // Script is useless unless they're logged in
if ($post = data_submitted()) {
if (! $forum = get_record('forum', 'id', $forum)) {
error('The forum number was incorrect');
if (empty($post->course)) {
error('No course was defined!');
}
if (!$course = get_record('course', 'id', $forum->course)) {
if (!$course = get_record('course', 'id', $post->course)) {
error('Could not find specified course!');
}
require_login($course->id, false);
$adminedit = (isadmin() and !empty($CFG->admineditalways));
if (!empty($course->lang)) { // Override current language
$CFG->courselang = $course->lang;
}
if (empty($SESSION->fromurl)) {
$errordestination = "$CFG->wwwroot/mod/forum/view.php?f=$forum->id";
$errordestination = "$CFG->wwwroot/mod/forum/view.php?f=$post->forum";
} else {
$errordestination = $SESSION->fromurl;
}
$post->subject = clean_param(strip_tags($post->subject, '<lang><span>'), PARAM_CLEAN); // Strip all tags except multilang
$post->subject = strip_tags($post->subject, '<lang><span>'); // Strip all tags except lang
//$post->message will be cleaned later before display
//$post->message = clean_text($post->message, $post->format); // Clean up any bad tags
$post->attachment = isset($_FILES['attachment']) ? $_FILES['attachment'] : NULL;
if (!$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) { // For the logs
if (!$cm = get_coursemodule_from_instance("forum", $post->forum, $course->id)) { // For the logs
$cm->id = 0;
}
if (($post->subject == '') or ($post->message == '')) {
if (!$post->subject or !$post->message) {
$post->error = get_string("emptymessage", "forum");
} else if ($post->edit) {
/// Updating a post
if (! $oldpost = forum_get_post_full($post->edit)) {
error("Post ID was incorrect");
}
if (($oldpost->userid <> $USER->id) and !$adminedit) {
error("You can't edit other people's posts!");
}
if (! $discussion = get_record("forum_discussions", "id", $oldpost->discussion)) {
error("This post is not part of a discussion!");
}
if ($discussion->forum != $forum->id) {
error("The forum number is incorrect");
}
if ($discussion->course != $course->id) {
error("The course number is incorrect");
}
if (!($forum->type == 'news' && !$oldpost->parent && $discussion->timestart > time())) {
if (((time() - $oldpost->created) > $CFG->maxeditingtime) and !$adminedit) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)) );
}
}
$updatepost = new object;
$updatepost->id = $oldpost->id;
$updatepost->parent = $oldpost->parent;
$updatepost->forum = $oldpost->forum;
$updatepost->discussion = $oldpost->discussion;
$updatepost->userid = $oldpost->userid;
$updatepost->subject = $post->subject; //already cleaned
$updatepost->message = $post->message; //cleaning only before display
$updatepost->format = $post->format;
$updatepost->attachment = $post->attachment;
$updatepost->course = $course->id;
$updatepost->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$updatepost->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
} else if ($post->edit) { // Updating a post
$post->id = $post->edit;
$message = '';
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$oldpost->parent) {
$updatediscussion = new object;
$updatediscussion->id = $oldpost->discussion;
//fix for bug #4314
if (!$realpost = get_record('forum_posts','id',$post->id)){
$realpost = new object;
$realpost->userid = -1;
}
if ( !(($realpost->userid == $USER->id && has_capability('mod/forum:replypost', $modcontext->id)) ||
has_capability('mod/forum:editanypost', $modcontext->id)) )
error("You can not update this post");
}
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$post->parent) {
$updatediscussion->id = $post->discussion;
if (empty($post->timestartdisabled)) {
$updatediscussion->timestart = make_timestamp($post->timestartyear, $post->timestartmonth, $post->timestartday);
} else {
@ -158,10 +135,10 @@
if (!isset($post->error)) {
if (forum_update_post($updatepost,$message)) {
if (forum_update_post($post,$message)) {
add_to_log($course->id, "forum", "update post",
"discuss.php?d=$updatepost->discussion&amp;parent=$updatepost->id", "$updatepost->id", $cm->id);
"discuss.php?d=$post->discussion&amp;parent=$post->id", "$post->id", $cm->id);
$timemessage = 2;
if (!empty($message)) { // if we're printing stuff about the file upload
@ -169,10 +146,10 @@
}
$message .= '<br />'.get_string("postupdated", "forum");
if ($subscribemessage = forum_post_subscription($updatepost)) {
if ($subscribemessage = forum_post_subscription($post)) {
$timemessage = 4;
}
redirect(forum_go_back_to("discuss.php?d=$updatepost->discussion#$updatepost->id"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("discuss.php?d=$post->discussion#$post->id"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotupdate", "forum"), $errordestination);
@ -180,49 +157,12 @@
exit;
}
} else if ($post->discussion) {
/// Adding a new post to an existing discussion
if (! $discussion = get_record("forum_discussions", "id", $post->discussion)) {
error("This post is not part of a discussion!");
}
if ($discussion->forum != $forum->id) {
error("The forum number is incorrect");
}
if ($discussion->course != $course->id) {
error("The course number is incorrect");
}
if (! $parent = forum_get_post_full($post->parent)) {
error("Parent post does not exist");
}
if ($parent->discussion != $discussion->id) {
error("Parent not in this discussion");
}
if (! forum_user_can_post($forum)) {
error("Sorry, but you can not post in this forum.");
}
$newpost = new object;
$newpost->parent = $post->parent;
$newpost->forum = $forum->id;
$newpost->discussion = $discussion->id;
$newpost->parent = $parent->id;
$newpost->subject = $post->subject; //already cleaned
$newpost->message = $post->message; //cleaning only before display
$newpost->format = $post->format;
$newpost->mailnow = optional_param('mailnow', 0, PARAM_BOOL);
$newpost->course = $course->id;
$newpost->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$newpost->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
} else if ($post->discussion) { // Adding a new post to an existing discussion
$message = '';
if ($newpost->id = forum_add_new_post($newpost,$message)) {
if ($post->id = forum_add_new_post($post,$message)) {
add_to_log($course->id, "forum", "add post",
"discuss.php?d=$newpost->discussion&amp;parent=$newpost->id", "$newpost->id", $cm->id);
"discuss.php?d=$post->discussion&amp;parent=$post->id", "$post->id", $cm->id);
$timemessage = 2;
if (!empty($message)) { // if we're printing stuff about the file upload
@ -230,51 +170,29 @@
}
$message .= '<br />'.get_string("postadded", "forum", format_time($CFG->maxeditingtime));
if ($subscribemessage = forum_post_subscription($newpost)) {
if ($subscribemessage = forum_post_subscription($post)) {
$timemessage = 4;
}
if ($newpost->mailnow) {
if ($post->mailnow) {
$message .= get_string("postmailnow", "forum");
$timemessage = 4;
}
redirect(forum_go_back_to("discuss.php?d=$newpost->discussion#$newpost->id"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("discuss.php?d=$post->discussion#$post->id"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotadd", "forum"), $errordestination);
}
exit;
} else {
/// Adding a new discussion
if (! forum_user_can_post_discussion($forum)) {
error("Sorry, but you can not post a new discussion in this forum.");
}
$discussion = new object;
$discussion->forum = $forum->id;
$discussion->course = $course->id;
$discussion->mailnow = optional_param('mailnow', 0, PARAM_BOOL);
$discussion->name = $post->subject;
} else { // Adding a new discussion
$post->mailnow = empty($post->mailnow) ? 0 : 1;
$discussion = $post;
$discussion->name = $post->subject;
$discussion->intro = $post->message;
$discussion->format = $post->format;
$discussion->groupid = get_current_group($course->id);
if (isteacheredit($course->id) and $discussion->groupid == 0) {
$discussion->groupid = -1;
}
$discussion->course = $course->id;
$discussion->subscribe = optional_param('subscribe', 0, PARAM_BOOL);
$discussion->unsubscribe = optional_param('unsubscribe', 0, PARAM_BOOL);
if (! forum_user_can_post_discussion($forum)) {
error("Sorry, but you can not post a new discussion in this forum.");
}
$newstopic = false;
if (get_field('forum', 'type', 'id', $forum) == 'news') {
if (get_field('forum', 'type', 'id', $forum) == 'news' && !$post->parent) {
$newstopic = true;
}
if ($newstopic && empty($post->timestartdisabled)) {
@ -302,7 +220,7 @@
}
$message .= '<br />'.get_string("postadded", "forum", format_time($CFG->maxeditingtime));
if ($discussion->mailnow) {
if ($post->mailnow) {
$message .= get_string("postmailnow", "forum");
$timemessage = 4;
}
@ -311,7 +229,7 @@
$timemessage = 4;
}
redirect(forum_go_back_to("view.php?f=$discussion->forum"), $message.$subscribemessage, $timemessage);
redirect(forum_go_back_to("view.php?f=$post->forum"), $message.$subscribemessage, $timemessage);
} else {
error(get_string("couldnotadd", "forum"), $errordestination);
@ -328,8 +246,7 @@
$defaultformat = FORMAT_MOODLE;
}
if (!empty($post->error)) {
/// User is re-editing a failed posting
if (isset($post->error)) { // User is re-editing a failed posting
// Set up all the required objects again, and reuse the same $post
@ -369,14 +286,9 @@
}
}
} else if (!empty($forum)) {
/// User is starting a new discussion in a forum
} else if (!empty($forum)) { // User is starting a new discussion in a forum
if (!empty($_SERVER["HTTP_REFERER"])) {
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
} else {
$SESSION->fromurl = '';
}
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
if (! $forum = get_record("forum", "id", $forum)) {
error("The forum number was incorrect ($forum)");
@ -390,7 +302,7 @@
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (!$cm->visible and !isteacher($course->id)) {
if (!$cm->visible and !has_capability('moodle/course:manageactivities', $coursecontext->id)) {
error(get_string("activityiscurrentlyhidden"));
}
}
@ -406,10 +318,14 @@
$post->message = "";
$post->format = $defaultformat;
$post->groupid = get_current_group($course->id);
if ($post->groupid == 0) {
$post->groupid = -1;
}
forum_set_return();
} else if (!empty($reply)) {
/// User is writing a new reply
} else if (!empty($reply)) { // User is writing a new reply
if (! $parent = forum_get_post_full($reply)) {
error("Parent post ID was incorrect");
@ -429,13 +345,13 @@
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
if (groupmode($course, $cm) and !isteacheredit($course->id)) { // Make sure user can post here
if (groupmode($course, $cm)) { // Make sure user can post here
$mygroupid = mygroupid($course->id);
if (!((empty($mygroupid) and $discussion->groupid == -1) || (ismember($discussion->groupid)/*$mygroupid == $discussion->groupid*/))) {
error("Sorry, but you can not post in this discussion.");
}
}
if (!$cm->visible and !isteacher($course->id)) {
if (!$cm->visible and !has_capability('moodle/course:manageactivities', $coursecontext->id)) {
error(get_string("activityiscurrentlyhidden"));
}
}
@ -458,15 +374,13 @@
unset($SESSION->fromdiscussion);
} else if (!empty($edit)) {
/// User is editing their own post
$adminedit = (isadmin() and !empty($CFG->admineditalways));
} else if (!empty($edit)) { // User is editing their own post
if (! $post = forum_get_post_full($edit)) {
error("Post ID was incorrect");
}
if (($post->userid <> $USER->id) and !$adminedit) {
if (($post->userid <> $USER->id) and
!has_capability('mod/forum:editanypost', $modcontext->id)) {
error("You can't edit other people's posts!");
}
if ($post->parent) {
@ -481,9 +395,9 @@
error("The forum number was incorrect ($discussion->forum)");
}
if (!($forum->type == 'news' && !$post->parent && $discussion->timestart > time())) {
if (((time() - $post->created) > $CFG->maxeditingtime) and !$adminedit) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)),
"$CFG->wwwroot/mod/forum/discuss.php?d=$discussion->id#$post->id" );
if (((time() - $post->created) > $CFG->maxeditingtime) and
!has_capability('mod/forum:editanypost', $modcontext->id)) {
error( get_string("maxtimehaspassed", "forum", format_time($CFG->maxeditingtime)) );
}
}
if (! $course = get_record("course", "id", $discussion->course)) {
@ -500,8 +414,7 @@
unset($SESSION->fromdiscussion);
} else if (!empty($delete)) {
/// User is deleting a post
} else if (!empty($delete)) { // User is deleting a post
if (! $post = forum_get_post_full($delete)) {
error("Post ID was incorrect");
@ -512,8 +425,9 @@
if (! $forum = get_record("forum", "id", $discussion->forum)) {
error("The forum number was incorrect ($discussion->forum)");
}
if (($post->userid <> $USER->id) and !isteacher($forum->course)) {
error("You can't delete other people's posts!");
if ( !(($post->userid == $USER->id && has_capability('mod/forum:deleteownpost', $modcontext->id))
|| has_capability('mod/forum:deleteanypost', $modcontext->id)) ) {
error("You can't delete this post!");
}
if (!empty($forum->course)) {
if ($course = get_record('course', 'id', $forum->course)) {
@ -525,13 +439,13 @@
$replycount = forum_count_replies($post);
if (!empty($confirm) and confirm_sesskey()) { // User has confirmed the delete
if (!empty($confirm)) { // User has confirmed the delete
if ($post->totalscore) {
notice(get_string("couldnotdeleteratings", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
} else if ($replycount && !isteacher($course->id)) {
} else if ($replycount && !has_capability('mod/forum:deleteanypost', $modcontext->id)) {
error(get_string("couldnotdeletereplies", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
@ -552,7 +466,7 @@
redirect("view.php?f=$discussion->forum",
get_string("deleteddiscussion", "forum"), 1);
} else if (forum_delete_post($post, isteacher($course->id))) {
} else if (forum_delete_post($post, has_capability('mod/forum:deleteanypost', $modcontext->id))) {
add_to_log($discussion->course, "forum", "delete post",
"discuss.php?d=$post->discussion", "$post->id", $cm->id);
@ -565,19 +479,18 @@
}
} else {
// User just asked to delete something
} else { // User just asked to delete something
forum_set_return();
if ($replycount) {
if (!isteacher($course->id)) {
if (!has_capability('mof/forum:deleteanypost', $modcontext->id)) {
error(get_string("couldnotdeletereplies", "forum"),
forum_go_back_to("discuss.php?d=$post->discussion"));
}
print_header();
notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
"post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
"post.php?delete=$delete&amp;confirm=$delete",
$_SERVER["HTTP_REFERER"]);
forum_print_post($post, $course->id, $ownpost=false, $reply=false, $link=false);
@ -592,7 +505,7 @@
} else {
print_header();
notice_yesno(get_string("deletesure", "forum", $replycount),
"post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
"post.php?delete=$delete&amp;confirm=$delete",
$_SERVER["HTTP_REFERER"]);
forum_print_post($post, $forum->course, $ownpost=false, $reply=false, $link=false);
}
@ -602,8 +515,7 @@
die;
} else if (!empty($prune)) {
// Teacher is pruning
} else if (!empty($prune)) { // Teacher is pruning
if (!$post = forum_get_post_full($prune)) {
error("Post ID was incorrect");
@ -614,7 +526,7 @@
if (!$forum = get_record("forum", "id", $discussion->forum)) {
error("The forum number was incorrect ($discussion->forum)");
}
if (!isteacher($forum->course)) {
if (!has_capability('mod/forum:splitdiscussions', $modcontext->id)) {
error("You can't split discussions!");
}
if (!$post->parent) {
@ -624,12 +536,11 @@
$cm->id = 0;
}
if (!empty($name) and confirm_sesskey()) { // User has confirmed the prune
if (!empty($name)) { // User has confirmed the prune
$newdiscussion = new object;
$newdiscussion->course = $discussion->course;
$newdiscussion->forum = $discussion->forum;
$newdiscussion->name = strip_tags($name, '<lang><span>'); // Strip all tags except multilang
$newdiscussion->name = $name;
$newdiscussion->firstpost = $post->id;
$newdiscussion->userid = $discussion->userid;
$newdiscussion->groupid = $discussion->groupid;
@ -644,7 +555,7 @@
$newpost->id = $post->id;
$newpost->parent = 0;
$newpost->subject = $newdiscussion->name;
$newpost->subject = $name;
if (!update_record("forum_posts", $newpost)) {
error('Could not update the original post');
@ -752,11 +663,12 @@
if (!empty($parent) && !forum_user_can_see_post($forum,$discussion,$post)) {
error("You cannot reply to this post");
}
if (empty($parent) && !forum_user_can_post_discussion($forum, false, '', $edit)) {
if (empty($parent) && !forum_user_can_post_discussion($forum)) {
error("You cannot start a new discussion in this forum");
}
if ($forum->type == 'qanda' && !isteacher($forum->course) && !forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
if ($forum->type == 'qanda' && !has_capability('mod/forum:viewqandawithoutposting', $modcontext->id) &&
!forum_user_has_posted($forum->id,$discussion->id,$USER->id)) {
notify(get_string('qandanotify','forum'));
}
@ -770,7 +682,7 @@
} else {
$user_read_array = array();
}
if ($forum->type != 'qanda' || forum_user_can_see_discussion($forum,$discussion)) {
if ($forum->type != 'qanda' || forum_user_can_see_discussion($forum, $discussion, $modcontext->id)) {
forum_print_posts_threaded($parent->id, $course->id, 0, false, false, $user_read_array, $discussion->forum);
}
}