Skip to content

Commit

Permalink
MDL-37245 Blog: Fixed comments.
Browse files Browse the repository at this point in the history
  • Loading branch information
@danpoltawski
Rajesh Taneja authored and danpoltawski committed May 7, 2013
1 parent 9a909b1 commit 89f5e43
Showing 1 changed file with 10 additions and 8 deletions.
18 changes: 10 additions & 8 deletions blog/lib.php
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -65,42 +65,44 @@ function blog_user_can_view_user_entry($targetuserid, $blogentry=null) {
global $CFG, $USER, $DB; global $CFG, $USER, $DB;


if (empty($CFG->enableblogs)) { if (empty($CFG->enableblogs)) {
return false; // blog system disabled return false; // Blog system disabled.
} }


if (isloggedin() && $USER->id == $targetuserid) { if (isloggedin() && $USER->id == $targetuserid) {
return true; // can view own entries in any case return true; // Can view own entries in any case.
} }


$sitecontext = context_system::instance(); $sitecontext = context_system::instance();
if (has_capability('moodle/blog:manageentries', $sitecontext)) { if (has_capability('moodle/blog:manageentries', $sitecontext)) {
return true; // can manage all entries return true; // Can manage all entries.
} }


// coming for 1 entry, make sure it's not a draft // If blog is in draft state, then make sure user have proper capability.
if ($blogentry && $blogentry->publishstate == 'draft' && !has_capability('moodle/blog:viewdrafts', $sitecontext)) { if ($blogentry && $blogentry->publishstate == 'draft' && !has_capability('moodle/blog:viewdrafts', $sitecontext)) {
return false; // can not view draft of others return false; // Can not view draft of others.
} }


// If blog entry is not public, make sure user is logged in. // If blog entry is not public, make sure user is logged in.
if ($blogentry && $blogentry->publishstate != 'public' && !isloggedin()) { if ($blogentry && $blogentry->publishstate != 'public' && !isloggedin()) {
return false; return false;
} }


// If blogentry is not passed or all above checks pass, then check capability based on system config.
switch ($CFG->bloglevel) { switch ($CFG->bloglevel) {
case BLOG_GLOBAL_LEVEL: case BLOG_GLOBAL_LEVEL:
return true; return true;
break; break;


case BLOG_SITE_LEVEL: case BLOG_SITE_LEVEL:
if (isloggedin()) { // not logged in viewers forbidden if (isloggedin()) { // Not logged in viewers forbidden.
return true; return true;
} }
return false; return false;
break; break;


case BLOG_USER_LEVEL: case BLOG_USER_LEVEL:
default: default:
// If user is viewing other user blog, then user should have user:readuserblogs capability.
$personalcontext = context_user::instance($targetuserid); $personalcontext = context_user::instance($targetuserid);
return has_capability('moodle/user:readuserblogs', $personalcontext); return has_capability('moodle/user:readuserblogs', $personalcontext);
break; break;
Expand Down Expand Up @@ -977,14 +979,14 @@ function blog_comment_validate($comment_param) {
throw new comment_exception('nopermissiontocomment'); throw new comment_exception('nopermissiontocomment');
} }


// validate comment area // Validate comment area.
if ($comment_param->commentarea != 'format_blog') { if ($comment_param->commentarea != 'format_blog') {
throw new comment_exception('invalidcommentarea'); throw new comment_exception('invalidcommentarea');
} }


$blogentry = $DB->get_record('post', array('id' => $comment_param->itemid), '*', MUST_EXIST); $blogentry = $DB->get_record('post', array('id' => $comment_param->itemid), '*', MUST_EXIST);


// validation for comment deletion // Validation for comment deletion.
if (!empty($comment_param->commentid)) { if (!empty($comment_param->commentid)) {
if ($record = $DB->get_record('comments', array('id'=>$comment_param->commentid))) { if ($record = $DB->get_record('comments', array('id'=>$comment_param->commentid))) {
if ($record->commentarea != 'format_blog') { if ($record->commentarea != 'format_blog') {
Expand Down

0 comments on commit 89f5e43

Please sign in to comment.