merged fix for MDL-10564, wrong userid used in get_my_courses() for blogs
[moodle-linuxchix.git] / blog / edit.php
blob5743b66bc531bba89263dc6a516b48114050da44
1 <?php //$Id$
3 require_once('../config.php');
4 include_once('lib.php');
6 $action = required_param('action', PARAM_ALPHA);
7 $id = optional_param('id', 0, PARAM_INT);
8 $confirm = optional_param('confirm', 0, PARAM_BOOL);
9 $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tab - does nothing here
11 require_login();
13 if (empty($CFG->bloglevel)) {
14 error('Blogging is disabled!');
17 if (isguest()) {
18 error(get_string('noguestpost', 'blog'));
21 $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
22 if (!has_capability('moodle/blog:create', $sitecontext) and !has_capability('moodle/blog:manageentries', $sitecontext)) {
23 error('You can not post or edit blogs.');
26 // Make sure that the person trying to edit have access right
27 if ($id) {
28 if (!$existing = get_record('post', 'id', $id)) {
29 error('Wrong blog post id');
32 if (!blog_user_can_edit_post($existing)) {
33 error(get_string('notallowedtoedit', 'blog'));
35 $userid = $existing->userid;
36 $returnurl = $CFG->wwwroot.'/blog/index.php?userid='.$existing->userid;
37 } else {
38 if (!has_capability('moodle/blog:create', $sitecontext)) {
39 error(get_string('nopost', 'blog')); // manageentries is not enough for adding
41 $existing = false;
42 $userid = $USER->id;
43 $returnurl = 'index.php?userid='.$USER->id;
45 if (!empty($courseid)) {
46 $returnurl .= '&amp;courseid='.$courseid;
50 $strblogs = get_string('blogs','blog');
52 if ($action=='delete'){
53 if (!$existing) {
54 error('Incorrect blog post id');
56 if (data_submitted() and $confirm and confirm_sesskey()) {
57 do_delete($existing);
58 redirect($returnurl);
59 } else {
60 $optionsyes = array('id'=>$id, 'action'=>'delete', 'confirm'=>1, 'sesskey'=>sesskey(), 'courseid'=>$courseid);
61 $optionsno = array('userid'=>$existing->userid, 'courseid'=>$courseid);
62 print_header("$SITE->shortname: $strblogs", $SITE->fullname);
63 blog_print_entry($existing);
64 echo '<br />';
65 notice_yesno(get_string('blogdeleteconfirm', 'blog'), 'edit.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
66 print_footer();
67 die;
71 require_once('edit_form.php');
72 $blogeditform = new blog_edit_form(null, compact('existing', 'sitecontext'));
74 if ($blogeditform->is_cancelled()){
75 redirect($returnurl);
76 } else if ($blogeditform->no_submit_button_pressed()) {
77 no_submit_button_actions($blogeditform, $sitecontext);
80 } else if ($fromform = $blogeditform->get_data()){
81 //save stuff in db
82 switch ($action) {
83 case 'add':
84 do_add($fromform, $blogeditform);
85 break;
87 case 'edit':
88 if (!$existing) {
89 error('Incorrect blog post id');
91 do_edit($fromform, $blogeditform);
92 break;
93 default :
94 error('Unknown action!');
96 redirect($returnurl);
100 // gui setup
101 switch ($action) {
102 case 'add':
103 // prepare new empty form
104 $post->publishstate = 'draft';
105 $strformheading = get_string('addnewentry', 'blog');
106 $post->action = $action;
107 break;
109 case 'edit':
110 if (!$existing) {
111 error('Incorrect blog post id');
113 $post->id = $existing->id;
114 $post->subject = $existing->subject;
115 $post->summary = $existing->summary;
116 $post->publishstate = $existing->publishstate;
117 $post->format = $existing->format;
118 $post->action = $action;
119 $strformheading = get_string('updateentrywithid', 'blog');
121 if ($ptags = get_records_sql_menu("SELECT t.id, t.text FROM
122 {$CFG->prefix}tags t,
123 {$CFG->prefix}blog_tag_instance bti
124 WHERE t.id = bti.tagid
125 AND t.type = 'personal'
126 AND bti.entryid = {$post->id}")) {
128 $post->ptags = implode(', ', $ptags);
129 } else {
130 //$idsql = " AND bti.entryid = 0";
131 //was used but seems redundant.
132 $post->ptags = '';
134 if ($otags = get_records_sql_menu("SELECT t.id, t.text FROM
135 {$CFG->prefix}tags t,
136 {$CFG->prefix}blog_tag_instance bti
137 WHERE t.id = bti.tagid
138 AND t.type = 'official'
139 AND bti.entryid = {$post->id}")){
140 $post->otags = array_keys($otags);
142 break;
143 default :
144 error('Unknown action!');
147 // done here in order to allow deleting of posts with wrong user id above
148 if (!$user = get_record('user', 'id', $userid)) {
149 error('Incorrect user id');
152 print_header("$SITE->shortname: $strblogs", $SITE->fullname,
153 '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$userid.'">'.fullname($user).'</a> ->
154 <a href="'.$CFG->wwwroot.'/blog/index.php?userid='.$userid.'">'.$strblogs.'</a> -> '.$strformheading,'','',true);
155 $blogeditform->set_data($post);
156 $blogeditform->display();
159 print_footer();
162 die;
164 /***************************** edit.php functions ***************************/
165 function no_submit_button_actions(&$blogeditform, $sitecontext){
166 $mform =& $blogeditform->_form;
167 $data = $mform->exportValues();
168 //sesskey has been checked already no need to check that
169 //check for official tags to add
170 if (!empty($data['addotags']) && !empty($data['otagsadd'])){ // adding official tag
171 $error = add_otag($data['otagsadd']);
173 if (!empty($error)){
174 $mform->setElementError('otagsgrp', $error);
176 if (!empty($data['deleteotags']) && !empty($data['otags'])){ // adding official tag
177 delete_otags($data['otags'], $sitecontext);
179 $blogeditform->otags_select_setup();
182 function delete_otags($tagids, $sitecontext){
183 foreach ($tagids as $tagid) {
185 if (!$tag = get_record('tags', 'id', $tagid)) {
186 error('Can not delete tag, tag doesn\'t exist');
189 if ($tag->type == 'official' and !has_capability('moodle/blog:manageofficialtags', $sitecontext)) {
190 //can not delete
191 error('Can not delete tag, you don\'t have permission to delete an official tag');
194 if ($tag->type == 'personal' and !has_capability('moodle/blog:managepersonaltags', $sitecontext)) {
195 //can not delete
196 error('Can not delete tag, you don\'t have permission to delete a personal tag');
199 // Delete the tag itself
200 if (!delete_records('tags', 'id', $tagid)) {
201 error('Can not delete tag');
204 // Deleteing all references to this tag
205 if (!delete_records('blog_tag_instance', 'tagid', $tagid)) {
206 error('Can not delete blog tag instances');
213 function add_otag($otag){
214 global $USER;
215 $error = '';
216 if ($tag = get_record('tags', 'text', $otag)) {
217 if ($tag->type == 'official') {
218 // official tag already exist
219 $error = get_string('tagalready');
220 } else {
221 $tag->type = 'official';
222 update_record('tags', $tag);
223 $tagid = $tag->id;
225 } else { // Brand new offical tag
227 $tag = new object();
228 $tag->userid = $USER->id;
229 $tag->text = $otag;
230 $tag->type = 'official';
232 if (!$tagid = insert_record('tags', $tag)) {
233 error('Can not create tag!');
236 return $error;
240 * Delete blog post from database
242 function do_delete($post) {
243 global $returnurl;
245 $status = delete_records('post', 'id', $post->id);
246 $status = delete_records('blog_tag_instance', 'entryid', $post->id) and $status;
248 blog_delete_old_attachments($post);
250 add_to_log(SITEID, 'blog', 'delete', 'index.php?userid='. $post->userid, 'deleted blog entry with entry id# '. $post->id);
252 if (!$status) {
253 error('Error occured while deleting post', $returnurl);
258 * Write a new blog entry into database
260 function do_add($post, $blogeditform) {
261 global $CFG, $USER, $returnurl;
263 $post->module = 'blog';
264 $post->userid = $USER->id;
265 $post->lastmodified = time();
266 $post->created = time();
268 // Insert the new blog entry.
269 if ($id = insert_record('post', $post)) {
270 $post->id = $id;
271 // add blog attachment
272 $dir = blog_file_area_name($post);
273 if ($blogeditform->save_files($dir) and $newfilename = $blogeditform->get_new_filename()) {
274 set_field("post", "attachment", $newfilename, "id", $post->id);
276 add_tags_info($post->id);
277 add_to_log(SITEID, 'blog', 'add', 'index.php?userid='.$post->userid.'&postid='.$post->id, $post->subject);
279 } else {
280 error('There was an error adding this post in the database', $returnurl);
286 * @param . $post argument is a reference to the post object which is used to store information for the form
287 * @param . $bloginfo_arg argument is reference to a blogInfo object.
288 * @todo complete documenting this function. enable trackback and pingback between entries on the same server
290 function do_edit($post, $blogeditform) {
292 global $CFG, $USER, $returnurl;
295 $post->lastmodified = time();
297 $dir = blog_file_area_name($post);
298 if ($blogeditform->save_files($dir) and $newfilename = $blogeditform->get_new_filename()) {
299 $post->attachment = $newfilename;
302 // update record
303 if (update_record('post', $post)) {
304 // delete all tags associated with this entry
305 delete_records('blog_tag_instance', 'entryid', $post->id);
306 // add them back
307 add_tags_info($post->id);
310 add_to_log(SITEID, 'blog', 'update', 'index.php?userid='.$post->userid.'&postid='.$post->id, $post->subject);
312 } else {
313 error('There was an error updating this post in the database', $returnurl);
318 * function to attach tags into a post
319 * @param int postid - id of the blog
321 function add_tags_info($postid) {
323 global $USER;
325 $post = get_record('post', 'id', $postid);
327 $tag = new object();
328 $tag->entryid = $post->id;
329 $tag->userid = $post->userid;
330 $tag->timemodified = time();
332 /// Attach official tags
333 if ($otags = optional_param('otags', '', PARAM_INT)) {
334 foreach ($otags as $otag) {
335 $tag->tagid = $otag;
336 insert_record('blog_tag_instance', $tag);
340 /// Attach Personal Tags
341 if ($ptags = optional_param('ptags', '', PARAM_NOTAGS)) {
342 $ptags = explode(',', $ptags);
343 foreach ($ptags as $ptag) {
344 $ptag = trim($ptag);
345 // check for existance
346 // it does not matter whether it is an offical tag or personal tag
347 // we do not want to have 1 copy of offical tag and 1 copy of personal tag (for the same tag)
348 if ($ctag = get_record('tags', 'text', $ptag)) {
349 $tag->tagid = $ctag->id;
350 insert_record('blog_tag_instance', $tag);
351 } else { // create a personal tag
352 $ctag = new object;
353 $ctag->userid = $USER->id;
354 $ctag->text = $ptag;
355 $ctag->type = 'personal';
356 if ($tagid = insert_record('tags', $ctag)) {
357 $tag->tagid = $tagid;
358 insert_record('blog_tag_instance', $tag);