/**
* Test user capability check.
*/
public function test_usercapabilitycheck()
{
global $DB, $USER;
$role = $DB->get_record('role', array('shortname' => 'editingteacher'));
// Assign the test user the editing teacher role on a test cluster.
$ctx = \local_elisprogram\context\user::instance($this->tuserid);
$this->assertNotEmpty(role_assign($role->id, $this->mdluserid, $ctx->id));
load_role_access_by_context($role->id, $ctx, $USER->access);
// We need to force the accesslib cache to refresh.
// Validate the return value when looking at the 'user' level.
$contextsuser = new pm_context_set();
$contextsuser->contexts = array('user' => array($this->tuserid));
$contextsuser->contextlevel = 'user';
$contexts = pm_context_set::for_user_with_capability('user', 'local/elisprogram:userset_enrol_userset_user', $this->mdluserid);
$this->assertEquals($contextsuser, $contexts);
// Validate checking for users with the given capability on this context.
$users = pm_get_users_by_capability('user', $this->tuserid, 'local/elisprogram:userset_enrol_userset_user');
$this->assertEquals($this->mdluserid, current($users)->id);
}
/**
* Switches the current user to another role for the current session and only
* in the given context.
*
* The caller *must* check
* - that this op is allowed
* - that the requested role can be switched to in this context (use get_switchable_roles)
* - that the requested role is NOT $CFG->defaultuserroleid
*
* To "unswitch" pass 0 as the roleid.
*
* This function *will* modify $USER->access - beware
*
* @param integer $roleid the role to switch to.
* @param context $context the context in which to perform the switch.
* @return bool success or failure.
*/
function role_switch($roleid, context $context)
{
global $USER;
//
// Plan of action
//
// - Add the ghost RA to $USER->access
// as $USER->access['rsw'][$path] = $roleid
//
// - Make sure $USER->access['rdef'] has the roledefs
// it needs to honour the switcherole
//
// Roledefs will get loaded "deep" here - down to the last child
// context. Note that
//
// - When visiting subcontexts, our selective accessdata loading
// will still work fine - though those ra/rdefs will be ignored
// appropriately while the switch is in place
//
// - If a switcherole happens at a category with tons of courses
// (that have many overrides for switched-to role), the session
// will get... quite large. Sometimes you just can't win.
//
// To un-switch just unset($USER->access['rsw'][$path])
//
// Note: it is not possible to switch to roles that do not have course:view
// Add the switch RA
if (!isset($USER->access['rsw'])) {
$USER->access['rsw'] = array();
}
if ($roleid == 0) {
unset($USER->access['rsw'][$context->path]);
if (empty($USER->access['rsw'])) {
unset($USER->access['rsw']);
}
return true;
}
$USER->access['rsw'][$context->path] = $roleid;
// Load roledefs
load_role_access_by_context($roleid, $context, $USER->access);
return true;
}
/**
* Test whether a user can enrol users into a sub-userset if they have the required capability on the
* parent userset.
*/
public function test_getallowedclusterswithparentpermission()
{
global $DB;
$this->load_csv_data();
// Create role with cap: 'local/elisprogram:class_view'.
$testrole = new stdClass();
$testrole->name = 'ELIS Sub-Userset Manager';
$testrole->shortname = '_test_ELIS_3848';
$testrole->description = 'ELIS userset enrol into sub-userser';
$testrole->archetype = '';
$testrole->id = create_role($testrole->name, $testrole->shortname, $testrole->description, $testrole->archetype);
// Ensure our new role is assignable to ELIS class contexts.
set_role_contextlevels($testrole->id, array(CONTEXT_ELIS_USERSET));
// Ensure the role has our required capability assigned.
$syscontext = context_system::instance();
assign_capability('local/elisprogram:userset', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_view', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_create', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_enrol_userset_user', CAP_ALLOW, $testrole->id, $syscontext->id, true);
$syscontext->mark_dirty();
// Assign a test user a role within the parent userset.
$context = \local_elisprogram\context\userset::instance(1);
role_assign($testrole->id, 100, $context->id);
// Assign a test user a role within the sub-sub-userset.
$ctx2 = \local_elisprogram\context\userset::instance(4);
role_assign($testrole->id, 100, $ctx2->id);
// Switch to testuser.
$USER = $DB->get_record('user', array('id' => 100));
$USER->access = get_user_accessdata($USER->id);
load_role_access_by_context($testrole->id, $context, $USER->access);
// We need to force the accesslib cache to refresh.
$GLOBALS['USER'] = $USER;
// Check which of the parent usersets the user has access to based on the sub-userset.
$allowed = userset::get_allowed_clusters(2);
$this->assertInternalType('array', $allowed);
$this->assertEquals(1, count($allowed));
// Check which of the parent usersets the user has access to basdd on the sub-sub-userset.
$allowed = userset::get_allowed_clusters(4);
$this->assertInternalType('array', $allowed);
$this->assertEquals(2, count($allowed));
}
