rss MDL-23391 committing refactored rss retrieval file

tombola · Jul 20, 2010 · 690aa22 · 690aa22
1 parent c71f326
commit 690aa22
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 45 deletions.
diff --git a/blog/rsslib.php b/blog/rsslib.php
@@ -45,9 +45,20 @@ function blog_rss_print_link($filtertype, $filterselect, $tagid=0, $tooltiptext=
 
 
 // Generate any blog RSS feed via one function (called by ../rss/file.php)
-function blog_rss_get_feed($type, $id, $tagid=0) {
+function blog_rss_get_feed($context, $cm, $instance, $args) {
     global $CFG, $SITE, $DB;
 
+    $type = $instance;
+
+    $id = (int) $args[4];  // could be groupid / courseid  / userid  depending on $instance
+
+    $tagid=0;
+    if ($args[5] != 'rss.xml') {
+        $tagid = (int) $args[5];
+    } else {
+        $tagid = 0;
+    }
+
     if (empty($CFG->enablerssfeeds)) {
         debugging('Sorry, RSS feeds are disabled on this site');
         return '';

diff --git a/mod/data/rsslib.php b/mod/data/rsslib.php
@@ -12,6 +12,11 @@ function data_rss_get_feed($context, $cm, $instance, $args) {
             return null;
         }
 
+        //check capabilities
+        if (!has_capability('mod/data:managetemplates', $context)) {
+            return null;
+        }
+
         $data = $DB->get_record('data', array('id' => $instance), '*', MUST_EXIST);
 
         if (!rss_enabled('data', $data, false, true)) {

diff --git a/mod/glossary/rsslib.php b/mod/glossary/rsslib.php
@@ -11,6 +11,9 @@ function glossary_rss_get_feed($context, $cm, $instance, $args) {
             return null;
         }
 
+        //check capabilities
+        //glossary module doesn't require any capabilities to view glossary entries (aside from being logged in)
+
         $glossary = $DB->get_record('glossary', array('id' => $instance), '*', MUST_EXIST);
 
         if (!rss_enabled('glossary', $glossary)) {

diff --git a/rss/file.php b/rss/file.php
@@ -29,7 +29,7 @@
     rss_not_found();
 }
 
-$lifetime = 3600;  // Seconds for files to remain in caches - 1 hour
+$lifetime = 3600;  // Seconds for files to remain in browser caches - 1 hour
 $filename   = 'rss.xml';
 
 // this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
@@ -56,64 +56,50 @@
     rss_not_authenticated();
 }
 $user = get_complete_user_data('id', $userid);
-session_set_user($user);
+session_set_user($user); //for login and capability checks
 
-//Set context
 $context = get_context_instance_by_id($contextid);
 if (!$context) {
     rss_not_found();
 }
 $PAGE->set_context($context);
 
-//Get course from context
-//TODO: note that in the case of the hub rss feed, the feed is not related to a course context,
-//it is more a "site" context. The Hub RSS bypass the following line using context id = 2
-$coursecontext = get_course_context($context);
-$course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);
+$componentdir = get_component_directory($componentname);
+list($type, $plugin) = normalize_component($componentname);
 
 //this will store the path to the cached rss feed contents
 $pathname = null;
 
-$componentdir = get_component_directory($componentname);
-list($type, $plugin) = normalize_component($componentname);
+//check user's psuedo login created by session_set_user()
+//NOTE the component providing the feed should do its own capability checks
+try {
+    $cm = null;
+    if (!empty($plugin) && !empty($instance)) {
+        $cm = get_coursemodule_from_instance($plugin, $instance, 0, false, MUST_EXIST);
+    }
+
+    //Get course from context
+    //TODO: note that in the case of the hub rss feed, the feed is not related to a course context,
+    //it is more a "site" context. The Hub RSS bypass the following line using context id = 2
+    $coursecontext = get_course_context($context);
+
+    $course = null;
+    if ($coursecontext) {
+        $course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);
+    }
+
+    require_login($course, false, $cm, false, true);
+} catch (Exception $e) {
+    rss_not_found();
+}
 
 if (file_exists($componentdir)) {
     require_once("$componentdir/rsslib.php");
     $functionname = $plugin.'_rss_get_feed';
 
     if (function_exists($functionname)) {
-
-        if ($componentname=='blog') {
-
-            $blogid = (int) $args[4];  // could be groupid / courseid  / userid  depending on $instance
-            if ($args[5] != 'rss.xml') {
-                $tagid = (int) $args[5];
-            } else {
-                $tagid = 0;
-            }
-
-            try {
-                require_login($course, false, NULL, false, true);
-            } catch (Exception $e) {
-                rss_not_found();
-            }
-            $pathname = $functionname($instance, $blogid, $tagid);
-        } else if ($componentname=='local_hub') {
-
-            $pathname = $functionname($args);
-        } else {
-
-            $instance = (int)$instance;
-
-            try {
-                $cm = get_coursemodule_from_instance($plugin, $instance, 0, false, MUST_EXIST);
-                require_login($course, false, $cm, false, true);
-            } catch (Exception $e) {
-                rss_not_found();
-            }
-
-            $pathname = $functionname($context, $cm, $instance, $args);
-        }
+        //$pathname will be null if there was a problem or the user doesn't have the necessary capabilities
+        $pathname = $functionname($context, $cm, $instance, $args);
     }
 }
 
@@ -122,19 +108,19 @@
     rss_not_found();
 }
 
-//rss_update_token_last_access($USER->id);
-
 //Send it to user!
 send_file($pathname, $filename, $lifetime);
 
 function rss_not_found() {
     /// error, send some XML with error message
     global $lifetime, $filename;
     send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
+    die();
 }
 
 function rss_not_authenticated() {
     global $lifetime, $filename;
     send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true);
+    die();
 }