Permalink
Browse files

MDL-26854 COMMENT

1. added pluginname_comment_validate callback to comments api
2. change permission callback defaults to false
3. Tidied up serveal areas of comments and implemented callback to
ignore system permissions for view (credits to Sam Hemelryk)

AMOS BEGIN
    MOV [modulerejectcomment,error],[callbackrejectcomment,error]
AMOS END
  • Loading branch information...
1 parent b8df941 commit c1951ea9538aa8ca148d62b5127982eb2d332ef7 @dcai dcai committed May 4, 2011
@@ -1,5 +1,31 @@
<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+/**
+ * The comments block
+ *
+ * @package block
+ * @subpackage comments
+ * @copyright 2009 Dongsheng Cai <dongsheng@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+// Obviously required
require_once($CFG->dirroot . '/comment/lib.php');
class block_comments extends block_base {
@@ -38,13 +64,12 @@ function get_content() {
$this->content->footer = '';
$this->content->text = '';
list($context, $course, $cm) = get_context_info_array($PAGE->context->id);
- $args = new stdClass();
+
+ $args = new stdClass;
$args->context = $PAGE->context;
$args->course = $course;
$args->area = 'page_comments';
$args->itemid = 0;
- // set 'env' to tell moodle tweak ui for this block
- $args->env = 'block_comments';
$args->component = 'block_comments';
$args->linktext = get_string('showcomments');
$args->notoggle = true;
View
@@ -966,3 +966,65 @@ function blog_get_associated_count($courseid, $cmid=null) {
}
return $DB->count_records('blog_association', array('contextid' => $context->id));
}
+
+/**
+ * Running addtional permission check on plugin, for example, plugins
+ * may have switch to turn on/off comments option, this callback will
+ * affect UI display, not like pluginname_comment_validate only throw
+ * exceptions.
+ * Capability check has been done in comment->check_permissions(), we
+ * don't need to do it again here.
+ *
+ * @param stdClass $comment_param {
+ * context => context the context object
+ * courseid => int course id
+ * cm => stdClass course module object
+ * commentarea => string comment area
+ * itemid => int itemid
+ * }
+ * @return array
+ */
+function blog_comment_permissions($comment_param) {
+ return array('post'=>true, 'view'=>true);
+}
+
+/**
+ * Validate comment parameter before perform other comments actions
+ *
+ * @param stdClass $comment {
+ * context => context the context object
+ * courseid => int course id
+ * cm => stdClass course module object
+ * commentarea => string comment area
+ * itemid => int itemid
+ * }
+ * @return boolean
+ */
+function blog_comment_validate($comment_param) {
+ global $DB;
+ // validate comment itemid
+ if (!$entry = $DB->get_record('post', array('id'=>$comment_param->itemid))) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ // validate comment area
+ if ($comment_param->commentarea != 'format_blog') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ // validation for comment deletion
+ if (!empty($comment_param->commentid)) {
+ if ($record = $DB->get_record('comments', array('id'=>$comment_param->commentid))) {
+ if ($record->commentarea != 'format_blog') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ if ($record->contextid != $comment_param->context->id) {
+ throw new comment_exception('invalidcontext');
+ }
+ if ($record->itemid != $comment_param->itemid) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ } else {
+ throw new comment_exception('invalidcommentid');
+ }
+ }
+ return true;
+}
View
@@ -40,7 +40,6 @@ M.core_comment = {
this.component = args.component;
this.courseid = args.courseid;
this.contextid = args.contextid;
- this.env = args.env;
this.autostart = (args.autostart);
// expand comments?
if (this.autostart) {
@@ -116,7 +115,6 @@ bodyContent: '<div class="comment-delete-confirm"><a href="#" id="confirmdelete-
scope = args['scope'];
}
//params['page'] = args.page?args.page:'';
- params['env'] = '';
// the form element only accept certain file types
params['sesskey'] = M.cfg.sesskey;
params['action'] = args.action?args.action:'';
@@ -348,7 +346,7 @@ bodyContent: '<div class="comment-delete-confirm"><a href="#" id="confirmdelete-
var d = container.getStyle('display');
if (d=='none'||d=='') {
// show
- if (this.autostart) {
+ if (!this.autostart) {
this.load(page);
} else {
this.register_delete_buttons();
View
@@ -1,5 +1,4 @@
<?php
-
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
@@ -24,87 +23,96 @@
require_once($CFG->dirroot . '/comment/lib.php');
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
+$action = optional_param('action', '', PARAM_ALPHA);
+
+if (empty($CFG->usecomments)) {
+ throw new comment_exception('commentsnotenabled', 'moodle');
+}
+
list($context, $course, $cm) = get_context_info_array($contextid);
-$PAGE->set_context($context);
$PAGE->set_url('/comment/comment_ajax.php');
-$action = optional_param('action', '', PARAM_ALPHA);
+// Allow anonymous user to view comments providing forcelogin now enabled
+require_course_login($course, true, $cm);
+$PAGE->set_context($context);
+if (!empty($cm)) {
+ $PAGE->set_cm($cm, $course);
+} else if (!empty($course)) {
+ $PAGE->set_course($course);
+}
if (!confirm_sesskey()) {
- $error = array('error'=>get_string('invalidsesskey'));
+ $error = array('error'=>get_string('invalidsesskey', 'error'));
die(json_encode($error));
}
-if (!isloggedin()) {
- // display comments on front page without permission check
- if ($action == 'get') {
- if ($context->id == get_context_instance(CONTEXT_COURSE, SITEID)->id) {
- $ignore_permission = true;
- } else {
- // tell user to log in to view comments
- $ignore_permission = false;
- echo json_encode(array('error'=>'require_login'));
- die;
- }
- } else {
- // ignore request
- die;
- }
-} else {
- $ignore_permission = false;
-}
-
+$client_id = required_param('client_id', PARAM_ALPHANUM);
$area = optional_param('area', '', PARAM_ALPHAEXT);
-$client_id = optional_param('client_id', '', PARAM_RAW);
$commentid = optional_param('commentid', -1, PARAM_INT);
$content = optional_param('content', '', PARAM_RAW);
$itemid = optional_param('itemid', '', PARAM_INT);
$page = optional_param('page', 0, PARAM_INT);
$component = optional_param('component', '', PARAM_ALPHAEXT);
-echo $OUTPUT->header(); // send headers
-
// initilising comment object
-if (!empty($client_id)) {
- $args = new stdClass();
- $args->context = $context;
- $args->course = $course;
- $args->cm = $cm;
- $args->area = $area;
- $args->itemid = $itemid;
- $args->client_id = $client_id;
- $args->component = $component;
- // only for comments in frontpage
- $args->ignore_permission = $ignore_permission;
- $manager = new comment($args);
-} else {
- die;
-}
+$args = new stdClass;
+$args->context = $context;
+$args->course = $course;
+$args->cm = $cm;
+$args->area = $area;
+$args->itemid = $itemid;
+$args->client_id = $client_id;
+$args->component = $component;
+$manager = new comment($args);
+
+echo $OUTPUT->header(); // send headers
// process ajax request
switch ($action) {
case 'add':
- $result = $manager->add($content);
- if (!empty($result) && is_object($result)) {
- $result->count = $manager->count();
- $result->client_id = $client_id;
- echo json_encode($result);
+ if ($manager->can_post()) {
+ $result = $manager->add($content);
+ if (!empty($result) && is_object($result)) {
+ $result->count = $manager->count();
+ $result->client_id = $client_id;
+ echo json_encode($result);
+ die();
+ }
}
break;
case 'delete':
- $result = $manager->delete($commentid);
- if ($result === true) {
- echo json_encode(array('client_id'=>$client_id, 'commentid'=>$commentid));
+ $comment_record = $DB->get_record('comments', array('id'=>$commentid));
+ if ($manager->can_delete($commentid) || $comment_record->userid == $USER->id) {
+ if ($manager->delete($commentid)) {
+ $result = array(
+ 'client_id' => $client_id,
+ 'commentid' => $commentid
+ );
+ echo json_encode($result);
+ die();
+ }
}
break;
case 'get':
default:
- $result = array();
- $comments = $manager->get_comments($page);
- $result['list'] = $comments;
- $result['count'] = $manager->count();
- $result['pagination'] = $manager->get_pagination($page);
- $result['client_id'] = $client_id;
- echo json_encode($result);
+ if ($manager->can_view()) {
+ $comments = $manager->get_comments($page);
+ $result = array(
+ 'list' => $comments,
+ 'count' => $manager->count(),
+ 'pagination' => $manager->get_pagination($page),
+ 'client_id' => $client_id
+ );
+ echo json_encode($result);
+ die();
+ }
+ break;
+}
+
+if (!isloggedin()) {
+ // tell user to log in to view comments
+ echo json_encode(array('error'=>'require_login'));
}
+// ignore request
+die;
View
@@ -1,5 +1,4 @@
<?php
-
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
@@ -21,35 +20,40 @@
require_once('../config.php');
require_once($CFG->dirroot . '/comment/lib.php');
+if (empty($CFG->usecomments)) {
+ throw new comment_exception('commentsnotenabled', 'moodle');
+}
+
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
list($context, $course, $cm) = get_context_info_array($contextid);
require_login($course, true, $cm);
require_sesskey();
-$action = optional_param('action', '', PARAM_ALPHA);
-$area = optional_param('area', '', PARAM_ALPHAEXT);
-$commentid = optional_param('commentid', -1, PARAM_INT);
-$content = optional_param('content', '', PARAM_RAW);
-$itemid = optional_param('itemid', '', PARAM_INT);
-$returnurl = optional_param('returnurl', '', PARAM_URL);
-$component = optional_param('component', '', PARAM_ALPHAEXT);
+$action = optional_param('action', '', PARAM_ALPHA);
+$area = optional_param('area', '', PARAM_ALPHAEXT);
+$content = optional_param('content', '', PARAM_RAW);
+$itemid = optional_param('itemid', '', PARAM_INT);
+$returnurl = optional_param('returnurl', '/', PARAM_URL);
+$component = optional_param('component', '', PARAM_ALPHAEXT);
+
+// Currently this script can only add comments
+if ($action !== 'add') {
+ redirect($returnurl);
+}
-$cmt = new stdClass();
+$cmt = new stdClass;
$cmt->contextid = $contextid;
$cmt->courseid = $course->id;
+$cmt->cm = $cm;
$cmt->area = $area;
$cmt->itemid = $itemid;
$cmt->component = $component;
$comment = new comment($cmt);
-switch ($action) {
-case 'add':
+if ($comment->can_post()) {
$cmt = $comment->add($content);
if (!empty($cmt) && is_object($cmt)) {
redirect($returnurl);
}
- break;
-default:
- exit;
}
View
@@ -20,7 +20,7 @@
*/
require_once('../config.php');
require_once($CFG->libdir.'/adminlib.php');
-require_once('locallib.php');
+require_once($CFG->dirroot.'/comment/locallib.php');
require_login();
admin_externalpage_setup('comments', '', null, '', array('pagelayout'=>'report'));
@@ -81,8 +81,11 @@
}
if (empty($action)) {
echo '<form method="post">';
- $manager->print_comments($page);
- echo '<input type="submit" id="comments_delete" name="batchdelete" value="'.get_string('delete').'" />';
+ $return = $manager->print_comments($page);
+ // if no comments available, $return will be false
+ if ($return) {
+ echo '<input type="submit" id="comments_delete" name="batchdelete" value="'.get_string('delete').'" />';
+ }
echo '</form>';
}
Oops, something went wrong.

0 comments on commit c1951ea

Please sign in to comment.