Files
moodle/mod/data/comment.php
T
moodler bbbf2d4015 ROLES AND PERMISSIONS - FIRST CHECK-IN
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
2006-08-08 05:13:06 +00:00

122 lines
4.8 KiB
PHP
Executable File

<?php // $Id$
require_once('../../config.php');
require_once('lib.php');
//param needed to go back to view.php
$rid = required_param('rid', PARAM_INT); // Record ID
$page = optional_param('page', 0, PARAM_INT); // Page ID
//param needed for comment operations
$mode = optional_param('mode','',PARAM_ALPHA);
$commentid = optional_param('commentid','',PARAM_INT);
$confirm = optional_param('confirm','',PARAM_INT);
$commentcontent = trim(optional_param('commentcontent','',PARAM_NOTAGS));
$template = optional_param('template','',PARAM_ALPHA);
if (! $record = get_record('data_records', 'id', $rid)) {
error('Record ID is incorrect');
}
if (! $data = get_record('data', 'id', $record->dataid)) {
error('Data ID is incorrect');
}
if (! $course = get_record('course', 'id', $data->course)) {
error('Course is misconfigured');
}
require_login($course->id);
$cm = data_get_cm($data);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
if ($commentid) {
if (! $comment = get_record('data_comments', 'id', $commentid)) {
error('Comment ID is misconfigured');
}
if ($comment->recordid != $record->id) {
error('Comment ID is misconfigured');
}
if (!has_capability('mod/data:managecomments', $context->id) && $comment->userid != $USER->id) {
error('Comment is not yours to edit!');
}
}
switch ($mode) {
case 'add':
if (empty($commentcontent)) {
redirect('view.php?rid='.$record->id.'&amp;page='.$page, get_string('commentempty', 'data'));
}
$newcomment = new object;
$newcomment->userid = $USER->id;
$newcomment->created = time();
$newcomment->modified = time();
if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $record->id)) {
insert_record('data_comments',$newcomment);
}
redirect('view.php?rid='.$record->id.'&amp;page='.$page, get_string('commentsaved', 'data'));
break;
case 'edit': //print edit form
print_header();
print_heading(get_string('edit'));
echo '<div align="center">';
echo '<form action="comment.php" method="post">';
echo '<input type="hidden" name="commentid" value="'.$comment->id.'" />';
echo '<input type="hidden" name="rid" value="'.$record->id.'" />';
echo '<input type="hidden" name="page" value="'.$page.'" />';
echo '<textarea name="commentcontent">'.s($comment->content).'</textarea>';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="mode" value="editcommit" />';
echo '<br /><input type="submit" value="'.get_string('ok').'" />';
echo '<input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
echo '</form></div>';
print_footer();
break;
case 'editcommit': //update db
if (empty($commentcontent)) {
redirect('view.php?rid='.$record->id.'&amp;page='.$page, get_string('commentempty', 'data'));
}
if ($comment) {
$newcomment = new object;
$newcomment->id = $comment->id;
$newcomment->content = $commentcontent;
$newcomment->modified = time();
update_record('data_comments',$newcomment);
}
redirect('view.php?rid='.$record->id.'&amp;page='.$page, get_string('commentsaved', 'data'));
break;
case 'delete': //deletes single comment from db
if ($confirm and confirm_sesskey() and $comment) {
delete_records('data_comments','id',$comment->id);
redirect('view.php?rid='.$record->id.'&amp;page='.$page, get_string('commentdeleted', 'data'));
} else { //print confirm delete form
print_header();
data_print_comment($data, $comment, $page);
notice_yesno(get_string('deletecomment','data'),
'comment.php?rid='.$record->id.'&amp;commentid='.$comment->id.'&amp;page='.$page.
'&amp;sesskey='.sesskey().'&amp;mode=delete&amp;confirm=1',
'view.php?rid='.$record->id.'&amp;page='.$page);
print_footer();
}
break;
default: //print all listing, and add comment form
print_header();
data_print_comments($data, $record, $search, $template, $sort, $page, $rid, $order, $group);
print_footer();
break;
}
?>