Permalink
Browse files

MDL-13805 core_message: fixed the admin's ability to read another use…

…rs messages
  • Loading branch information...
andyjdavis committed Nov 12, 2012
1 parent df93b15 commit 799be0ba8c39951b18c4fcd42f2ae37d5138b059
Showing with 131 additions and 115 deletions.
  1. +2 −2 lib/navigationlib.php
  2. +27 −21 message/index.php
  3. +102 −92 message/lib.php
View
@@ -2150,8 +2150,8 @@ protected function load_for_user($user=null, $forceforcontext=false) {
if (!empty($CFG->messaging)) {
$messageargs = null;
- if ($USER->id!=$user->id) {
- $messageargs = array('id'=>$user->id);
+ if ($USER->id != $user->id) {
+ $messageargs = array('user1' => $user->id);
}
$url = new moodle_url('/message/index.php',$messageargs);
$usernode->add(get_string('messages', 'message'), $url, self::TYPE_SETTING, null, 'messages');
View
@@ -64,43 +64,41 @@
//if they have numerous contacts or are viewing course participants we might need to page through them
$page = optional_param('page', 0, PARAM_INT);
-$url = new moodle_url('/message/index.php');
+$url = new moodle_url('/message/index.php', array('user1' => $user1id));
if ($user2id !== 0) {
$url->param('user2', $user2id);
-}
-if ($user2id !== 0) {
//Switch view back to contacts if:
//1) theyve searched and selected a user
//2) they've viewed recent messages or notifications and clicked through to a user
- if ($viewing == MESSAGE_VIEW_SEARCH || $viewing == MESSAGE_VIEW_SEARCH || $viewing == MESSAGE_VIEW_RECENT_NOTIFICATIONS) {
+ if ($viewing == MESSAGE_VIEW_SEARCH || $viewing == MESSAGE_VIEW_RECENT_NOTIFICATIONS) {
$viewing = MESSAGE_VIEW_CONTACTS;
}
}
-$url->param('viewing', $viewing);
+
+if ($viewing != MESSAGE_VIEW_UNREAD_MESSAGES) {
+ $url->param('viewing', $viewing);
+}
$PAGE->set_url($url);
-$PAGE->set_context(context_user::instance($USER->id));
-$PAGE->navigation->extend_for_user($USER);
-$PAGE->set_pagelayout('course');
+$navigationurl = new moodle_url('/message/index.php', array('user1' => $user1id));
+navigation_node::override_active_url($navigationurl);
// Disable message notification popups while the user is viewing their messages
$PAGE->set_popup_notification_allowed(false);
-$context = context_system::instance();
-
$user1 = null;
$currentuser = true;
-$showcontactactionlinks = true;
+$showactionlinks = true;
if ($user1id != $USER->id) {
$user1 = $DB->get_record('user', array('id' => $user1id));
if (!$user1) {
print_error('invaliduserid');
}
$currentuser = false;//if we're looking at someone else's messages we need to lock/remove some UI elements
- $showcontactactionlinks = false;
+ $showactionlinks = false;
} else {
$user1 = $USER;
}
@@ -115,12 +113,18 @@
}
unset($user2id);
+$systemcontext = context_system::instance();
+
// Is the user involved in the conversation?
// Do they have the ability to read other user's conversations?
-if (!message_current_user_is_involved($user1, $user2) && !has_capability('moodle/site:readallmessages', $context)) {
+if (!message_current_user_is_involved($user1, $user2) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
print_error('accessdenied','admin');
}
+$PAGE->set_context(context_user::instance($user1->id));
+$PAGE->set_pagelayout('course');
+$PAGE->navigation->extend_for_user($user1);
+
/// Process any contact maintenance requests there may be
if ($addcontact and confirm_sesskey()) {
add_to_log(SITEID, 'message', 'add contact', 'index.php?user1='.$addcontact.'&user2='.$USER->id, $addcontact);
@@ -142,10 +146,10 @@
//was a message sent? Do NOT allow someone looking at someone else's messages to send them.
$messageerror = null;
-if ($currentuser && !empty($user2) && has_capability('moodle/site:sendmessage', $context)) {
+if ($currentuser && !empty($user2) && has_capability('moodle/site:sendmessage', $systemcontext)) {
// Check that the user is not blocking us!!
if ($contact = $DB->get_record('message_contacts', array('userid' => $user2->id, 'contactid' => $user1->id))) {
- if ($contact->blocked and !has_capability('moodle/site:readallmessages', $context)) {
+ if ($contact->blocked and !has_capability('moodle/site:readallmessages', $systemcontext)) {
$messageerror = get_string('userisblockingyou', 'message');
}
}
@@ -214,8 +218,10 @@
}
$countunreadtotal = message_count_unread_messages($user1);
-if ($countunreadtotal == 0 && $viewing == MESSAGE_VIEW_UNREAD_MESSAGES && empty($user2)) {
- //default to showing the search
+if ($currentuser && $countunreadtotal == 0 && $viewing == MESSAGE_VIEW_UNREAD_MESSAGES && empty($user2)) {
+ // If the user has no unread messages, show the search box.
+ // We don't do this when a user is viewing another user's messages as search doesn't
+ // handle user A searching user B's messages properly.
$viewing = MESSAGE_VIEW_SEARCH;
}
@@ -224,7 +230,7 @@
list($onlinecontacts, $offlinecontacts, $strangers) = message_get_contacts($user1, $user2);
-message_print_contact_selector($countunreadtotal, $viewing, $user1, $user2, $blockedusers, $onlinecontacts, $offlinecontacts, $strangers, $showcontactactionlinks, $page);
+message_print_contact_selector($countunreadtotal, $viewing, $user1, $user2, $blockedusers, $onlinecontacts, $offlinecontacts, $strangers, $showactionlinks, $page);
echo html_writer::start_tag('div', array('class' => 'messagearea mdl-align'));
if (!empty($user2)) {
@@ -280,11 +286,11 @@
$messagehistorylink .= html_writer::end_tag('div');
- message_print_message_history($user1, $user2, $search, $displaycount, $messagehistorylink, $viewingnewmessages);
+ message_print_message_history($user1, $user2, $search, $displaycount, $messagehistorylink, $viewingnewmessages, $showactionlinks);
echo html_writer::end_tag('div');
//send message form
- if ($currentuser && has_capability('moodle/site:sendmessage', $context)) {
+ if ($currentuser && has_capability('moodle/site:sendmessage', $systemcontext)) {
echo html_writer::start_tag('div', array('class' => 'mdl-align messagesend'));
if (!empty($messageerror)) {
echo html_writer::tag('span', $messageerror, array('id' => 'messagewarning'));
@@ -313,7 +319,7 @@
} else if ($viewing == MESSAGE_VIEW_SEARCH) {
message_print_search($advancedsearch, $user1);
} else if ($viewing == MESSAGE_VIEW_RECENT_CONVERSATIONS) {
- message_print_recent_conversations($user1);
+ message_print_recent_conversations($user1, false, $showactionlinks);
} else if ($viewing == MESSAGE_VIEW_RECENT_NOTIFICATIONS) {
message_print_recent_notifications($user1);
}
Oops, something went wrong.

0 comments on commit 799be0b

Please sign in to comment.