Example #1
    public function test_check_capability() {

        $syscontext = context_system::instance();
        $course1 = $this->getDataGenerator()->create_course();
        $course1context = context_course::instance($course1->id);
        $course2 = $this->getDataGenerator()->create_course();
        $course2context = context_course::instance($course2->id);

        $forumdata = new stdClass();
        $forumdata->course = $course1->id;
        $forumc1 = $this->getDataGenerator()->create_module('forum', $forumdata);
        $forumc1context = context_module::instance($forumc1->cmid);
        $forumdata->course = $course2->id;
        $forumc2 = $this->getDataGenerator()->create_module('forum', $forumdata);
        $forumc2context = context_module::instance($forumc2->cmid);

        $blockdata = new stdClass();
        $blockdata->parentcontextid = $course1context->id;
        $blockc1 = $this->getDataGenerator()->create_block('online_users', $blockdata);
        $blockc1context = context_block::instance($blockc1->id);
        $blockdata->parentcontextid = $course2context->id;
        $blockc2 = $this->getDataGenerator()->create_block('online_users', $blockdata);
        $blockc2context = context_block::instance($blockc2->id);

        $user1 = $this->getDataGenerator()->create_user();
        $user1context = context_user::instance($user1->id);
        $user2 = $this->getDataGenerator()->create_user();
        $user2context = context_user::instance($user2->id);

        // New role prohibiting Flickr Public access.
        $roleid = create_role('No Flickr Public', 'noflickrpublic', 'No Flickr Public', '');
        assign_capability('repository/flickr_public:view', CAP_PROHIBIT, $roleid, $syscontext, true);

        // Disallow system access to Flickr Public to user 2.
        role_assign($roleid, $user2->id, $syscontext->id);

        // Enable repositories.

        // Instance on a site level.
        $repoid = $this->getDataGenerator()->create_repository('flickr_public')->id;
        $systemrepo = repository::get_repository_by_id($repoid, $syscontext);

        // Check that everyone with right capability can view a site-wide repository.

        // Without the capability, we cannot view a site-wide repository.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // Instance on a course level.
        $record = new stdClass();
        $record->contextid = $course1context->id;
        $courserepoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;

        // Within the course, I can view the repository.
        $courserepo = repository::get_repository_by_id($courserepoid, $course1context);
        // But not without the capability.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // From another course I cannot, with or without the capability.
        $courserepo = repository::get_repository_by_id($courserepoid, $course2context);
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // From a module within the course, I can view the repository.
        $courserepo = repository::get_repository_by_id($courserepoid, $forumc1context);
        // But not without the capability.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // From a module in the wrong course, I cannot view the repository.
        $courserepo = repository::get_repository_by_id($courserepoid, $forumc2context);
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // From a block within the course, I can view the repository.
        $courserepo = repository::get_repository_by_id($courserepoid, $blockc1context);
        // But not without the capability.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // From a block in the wrong course, I cannot view the repository.
        $courserepo = repository::get_repository_by_id($courserepoid, $blockc2context);
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // Instance on a user level.
        // Instance on a course level.
        $record = new stdClass();
        $record->contextid = $user1context->id;
        $user1repoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;
        $record->contextid = $user2context->id;
        $user2repoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;

        // Check that a user can see its own repository.
        $userrepo = repository::get_repository_by_id($user1repoid, $syscontext);
        // But not without the capability.
        $userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // Check that a user cannot see someone's repository.
        $userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;
        // Make sure the repo from user 2 was accessible.
        role_unassign($roleid, $user2->id, $syscontext->id);
        role_assign($roleid, $user2->id, $syscontext->id);

        // Check that a user can view SOME repositories when logged in as someone else.
        $params = new stdClass();
        $params->name = 'Dropbox';
        $params->dropbox_key = 'key';
        $params->dropbox_secret = 'secret';
        $privaterepoid = $this->getDataGenerator()->create_repository('dropbox')->id;
        $notprivaterepoid = $this->getDataGenerator()->create_repository('upload')->id;

        $privaterepo = repository::get_repository_by_id($privaterepoid, $syscontext);
        $notprivaterepo = repository::get_repository_by_id($notprivaterepoid, $syscontext);
        $userrepo = repository::get_repository_by_id($user1repoid, $syscontext);

        session_loginas($user1->id, $syscontext);

        // Logged in as, I cannot view a user instance.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // Logged in as, I cannot view a private instance.
        $caughtexception = false;
        try {
        } catch (repository_exception $e) {
            $caughtexception = true;

        // Logged in as, I can view a non-private instance.
Example #2
$systemcontext = context_system::instance();
$coursecontext = context_course::instance($course->id);
if (has_capability('moodle/user:loginas', $systemcontext)) {
    if (is_siteadmin($userid)) {
    $context = $systemcontext;
} else {
    require_capability('moodle/user:loginas', $coursecontext);
    if (is_siteadmin($userid)) {
    if (!is_enrolled($coursecontext, $userid)) {
    $context = $coursecontext;
/// Login as this user and return to course home page.
$oldfullname = fullname($USER, true);
session_loginas($userid, $context);
$newfullname = fullname($USER, true);
add_to_log($course->id, "course", "loginas", "../user/view.php?id={$course->id}&user={$userid}", "{$oldfullname} -> {$newfullname}");
$strloginas = get_string('loginas');
$strloggedinas = get_string('loggedinas', '', $newfullname);
notice($strloggedinas, "{$CFG->wwwroot}/course/view.php?id={$course->id}");
Example #3
     $context = $systemcontext;
 } else {
     require_capability('moodle/user:loginas', $coursecontext);
     if (!has_capability('moodle/course:view', $coursecontext, $viewasstudent, false)) {
         print_error('This user is not in this course!');
     if (has_capability('moodle/site:doanything', $coursecontext, $viewasstudent, false)) {
     $context = $coursecontext;
 /// Login as this user and return to course home page.
 if (function_exists('session_loginas')) {
     session_loginas($viewasstudent, $context);
 } else {
     $oldfullname = fullname($USER, true);
     $olduserid = $USER->id;
     /// Create the new USER object with all details and reload needed capabilitites
     $USER = get_complete_user_data('id', $viewasstudent);
     $USER->realuser = $olduserid;
     $USER->loginascontext = $context;
     // reload capabilities
     if (isset($SESSION->currentgroup)) {
         // Remember current cache setting for later
         $SESSION->oldcurrentgroup = $SESSION->currentgroup;