public function test_check_capability() {
$this->resetAfterTest(true);
$syscontext = context_system::instance();
$course1 = $this->getDataGenerator()->create_course();
$course1context = context_course::instance($course1->id);
$course2 = $this->getDataGenerator()->create_course();
$course2context = context_course::instance($course2->id);
$forumdata = new stdClass();
$forumdata->course = $course1->id;
$forumc1 = $this->getDataGenerator()->create_module('forum', $forumdata);
$forumc1context = context_module::instance($forumc1->cmid);
$forumdata->course = $course2->id;
$forumc2 = $this->getDataGenerator()->create_module('forum', $forumdata);
$forumc2context = context_module::instance($forumc2->cmid);
$blockdata = new stdClass();
$blockdata->parentcontextid = $course1context->id;
$blockc1 = $this->getDataGenerator()->create_block('online_users', $blockdata);
$blockc1context = context_block::instance($blockc1->id);
$blockdata->parentcontextid = $course2context->id;
$blockc2 = $this->getDataGenerator()->create_block('online_users', $blockdata);
$blockc2context = context_block::instance($blockc2->id);
$user1 = $this->getDataGenerator()->create_user();
$user1context = context_user::instance($user1->id);
$user2 = $this->getDataGenerator()->create_user();
$user2context = context_user::instance($user2->id);
// New role prohibiting Flickr Public access.
$roleid = create_role('No Flickr Public', 'noflickrpublic', 'No Flickr Public', '');
assign_capability('repository/flickr_public:view', CAP_PROHIBIT, $roleid, $syscontext, true);
// Disallow system access to Flickr Public to user 2.
role_assign($roleid, $user2->id, $syscontext->id);
accesslib_clear_all_caches_for_unit_testing();
// Enable repositories.
$this->getDataGenerator()->create_repository_type('flickr_public');
$this->getDataGenerator()->create_repository_type('dropbox');
// Instance on a site level.
$repoid = $this->getDataGenerator()->create_repository('flickr_public')->id;
$systemrepo = repository::get_repository_by_id($repoid, $syscontext);
// Check that everyone with right capability can view a site-wide repository.
$this->setUser($user1);
$this->assertTrue($systemrepo->check_capability());
// Without the capability, we cannot view a site-wide repository.
$this->setUser($user2);
$caughtexception = false;
try {
$systemrepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Instance on a course level.
$record = new stdClass();
$record->contextid = $course1context->id;
$courserepoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;
// Within the course, I can view the repository.
$courserepo = repository::get_repository_by_id($courserepoid, $course1context);
$this->setUser($user1);
$this->assertTrue($courserepo->check_capability());
// But not without the capability.
$this->setUser($user2);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// From another course I cannot, with or without the capability.
$courserepo = repository::get_repository_by_id($courserepoid, $course2context);
$this->setUser($user1);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
$this->setUser($user2);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// From a module within the course, I can view the repository.
$courserepo = repository::get_repository_by_id($courserepoid, $forumc1context);
$this->setUser($user1);
$this->assertTrue($courserepo->check_capability());
// But not without the capability.
$this->setUser($user2);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// From a module in the wrong course, I cannot view the repository.
$courserepo = repository::get_repository_by_id($courserepoid, $forumc2context);
$this->setUser($user1);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// From a block within the course, I can view the repository.
$courserepo = repository::get_repository_by_id($courserepoid, $blockc1context);
$this->setUser($user1);
$this->assertTrue($courserepo->check_capability());
// But not without the capability.
$this->setUser($user2);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// From a block in the wrong course, I cannot view the repository.
$courserepo = repository::get_repository_by_id($courserepoid, $blockc2context);
$this->setUser($user1);
$caughtexception = false;
try {
$courserepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Instance on a user level.
// Instance on a course level.
$record = new stdClass();
$record->contextid = $user1context->id;
$user1repoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;
$record->contextid = $user2context->id;
$user2repoid = $this->getDataGenerator()->create_repository('flickr_public', $record)->id;
// Check that a user can see its own repository.
$userrepo = repository::get_repository_by_id($user1repoid, $syscontext);
$this->setUser($user1);
$this->assertTrue($userrepo->check_capability());
// But not without the capability.
$userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
$this->setUser($user2);
$caughtexception = false;
try {
$userrepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Check that a user cannot see someone's repository.
$userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
$this->setUser($user1);
$caughtexception = false;
try {
$userrepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Make sure the repo from user 2 was accessible.
role_unassign($roleid, $user2->id, $syscontext->id);
accesslib_clear_all_caches_for_unit_testing();
$this->setUser($user2);
$this->assertTrue($userrepo->check_capability());
role_assign($roleid, $user2->id, $syscontext->id);
accesslib_clear_all_caches_for_unit_testing();
// Check that a user can view SOME repositories when logged in as someone else.
$params = new stdClass();
$params->name = 'Dropbox';
$params->dropbox_key = 'key';
$params->dropbox_secret = 'secret';
$privaterepoid = $this->getDataGenerator()->create_repository('dropbox')->id;
$notprivaterepoid = $this->getDataGenerator()->create_repository('upload')->id;
$privaterepo = repository::get_repository_by_id($privaterepoid, $syscontext);
$notprivaterepo = repository::get_repository_by_id($notprivaterepoid, $syscontext);
$userrepo = repository::get_repository_by_id($user1repoid, $syscontext);
$this->setAdminUser();
session_loginas($user1->id, $syscontext);
// Logged in as, I cannot view a user instance.
$caughtexception = false;
try {
$userrepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Logged in as, I cannot view a private instance.
$caughtexception = false;
try {
$privaterepo->check_capability();
} catch (repository_exception $e) {
$caughtexception = true;
}
$this->assertTrue($caughtexception);
// Logged in as, I can view a non-private instance.
$this->assertTrue($notprivaterepo->check_capability());
}
$systemcontext = context_system::instance();
$coursecontext = context_course::instance($course->id);
require_login();
if (has_capability('moodle/user:loginas', $systemcontext)) {
if (is_siteadmin($userid)) {
print_error('nologinas');
}
$context = $systemcontext;
$PAGE->set_context($context);
} else {
require_login($course);
require_capability('moodle/user:loginas', $coursecontext);
if (is_siteadmin($userid)) {
print_error('nologinas');
}
if (!is_enrolled($coursecontext, $userid)) {
print_error('usernotincourse');
}
$context = $coursecontext;
}
/// Login as this user and return to course home page.
$oldfullname = fullname($USER, true);
session_loginas($userid, $context);
$newfullname = fullname($USER, true);
add_to_log($course->id, "course", "loginas", "../user/view.php?id={$course->id}&user={$userid}", "{$oldfullname} -> {$newfullname}");
$strloginas = get_string('loginas');
$strloggedinas = get_string('loggedinas', '', $newfullname);
$PAGE->set_title($strloggedinas);
$PAGE->set_heading($course->fullname);
$PAGE->navbar->add($strloggedinas);
notice($strloggedinas, "{$CFG->wwwroot}/course/view.php?id={$course->id}");
}
$context = $systemcontext;
} else {
require_login($course);
require_capability('moodle/user:loginas', $coursecontext);
if (!has_capability('moodle/course:view', $coursecontext, $viewasstudent, false)) {
print_error('This user is not in this course!');
}
if (has_capability('moodle/site:doanything', $coursecontext, $viewasstudent, false)) {
print_error('nologinas');
}
$context = $coursecontext;
}
/// Login as this user and return to course home page.
if (function_exists('session_loginas')) {
session_loginas($viewasstudent, $context);
} else {
$oldfullname = fullname($USER, true);
$olduserid = $USER->id;
/// Create the new USER object with all details and reload needed capabilitites
$USER = get_complete_user_data('id', $viewasstudent);
$USER->realuser = $olduserid;
$USER->loginascontext = $context;
check_enrolment_plugins($USER);
load_all_capabilities();
// reload capabilities
if (isset($SESSION->currentgroup)) {
// Remember current cache setting for later
$SESSION->oldcurrentgroup = $SESSION->currentgroup;
unset($SESSION->currentgroup);
}
