/** * Test user capability check. */ public function test_usercapabilitycheck() { global $DB, $USER; $role = $DB->get_record('role', array('shortname' => 'editingteacher')); // Assign the test user the editing teacher role on a test cluster. $ctx = \local_elisprogram\context\user::instance($this->tuserid); $this->assertNotEmpty(role_assign($role->id, $this->mdluserid, $ctx->id)); load_role_access_by_context($role->id, $ctx, $USER->access); // We need to force the accesslib cache to refresh. // Validate the return value when looking at the 'user' level. $contextsuser = new pm_context_set(); $contextsuser->contexts = array('user' => array($this->tuserid)); $contextsuser->contextlevel = 'user'; $contexts = pm_context_set::for_user_with_capability('user', 'local/elisprogram:userset_enrol_userset_user', $this->mdluserid); $this->assertEquals($contextsuser, $contexts); // Validate checking for users with the given capability on this context. $users = pm_get_users_by_capability('user', $this->tuserid, 'local/elisprogram:userset_enrol_userset_user'); $this->assertEquals($this->mdluserid, current($users)->id); }
/** * Switches the current user to another role for the current session and only * in the given context. * * The caller *must* check * - that this op is allowed * - that the requested role can be switched to in this context (use get_switchable_roles) * - that the requested role is NOT $CFG->defaultuserroleid * * To "unswitch" pass 0 as the roleid. * * This function *will* modify $USER->access - beware * * @param integer $roleid the role to switch to. * @param context $context the context in which to perform the switch. * @return bool success or failure. */ function role_switch($roleid, context $context) { global $USER; // // Plan of action // // - Add the ghost RA to $USER->access // as $USER->access['rsw'][$path] = $roleid // // - Make sure $USER->access['rdef'] has the roledefs // it needs to honour the switcherole // // Roledefs will get loaded "deep" here - down to the last child // context. Note that // // - When visiting subcontexts, our selective accessdata loading // will still work fine - though those ra/rdefs will be ignored // appropriately while the switch is in place // // - If a switcherole happens at a category with tons of courses // (that have many overrides for switched-to role), the session // will get... quite large. Sometimes you just can't win. // // To un-switch just unset($USER->access['rsw'][$path]) // // Note: it is not possible to switch to roles that do not have course:view // Add the switch RA if (!isset($USER->access['rsw'])) { $USER->access['rsw'] = array(); } if ($roleid == 0) { unset($USER->access['rsw'][$context->path]); if (empty($USER->access['rsw'])) { unset($USER->access['rsw']); } return true; } $USER->access['rsw'][$context->path] = $roleid; // Load roledefs load_role_access_by_context($roleid, $context, $USER->access); return true; }
/** * Test whether a user can enrol users into a sub-userset if they have the required capability on the * parent userset. */ public function test_getallowedclusterswithparentpermission() { global $DB; $this->load_csv_data(); // Create role with cap: 'local/elisprogram:class_view'. $testrole = new stdClass(); $testrole->name = 'ELIS Sub-Userset Manager'; $testrole->shortname = '_test_ELIS_3848'; $testrole->description = 'ELIS userset enrol into sub-userser'; $testrole->archetype = ''; $testrole->id = create_role($testrole->name, $testrole->shortname, $testrole->description, $testrole->archetype); // Ensure our new role is assignable to ELIS class contexts. set_role_contextlevels($testrole->id, array(CONTEXT_ELIS_USERSET)); // Ensure the role has our required capability assigned. $syscontext = context_system::instance(); assign_capability('local/elisprogram:userset', CAP_ALLOW, $testrole->id, $syscontext->id, true); assign_capability('local/elisprogram:userset_view', CAP_ALLOW, $testrole->id, $syscontext->id, true); assign_capability('local/elisprogram:userset_create', CAP_ALLOW, $testrole->id, $syscontext->id, true); assign_capability('local/elisprogram:userset_enrol_userset_user', CAP_ALLOW, $testrole->id, $syscontext->id, true); $syscontext->mark_dirty(); // Assign a test user a role within the parent userset. $context = \local_elisprogram\context\userset::instance(1); role_assign($testrole->id, 100, $context->id); // Assign a test user a role within the sub-sub-userset. $ctx2 = \local_elisprogram\context\userset::instance(4); role_assign($testrole->id, 100, $ctx2->id); // Switch to testuser. $USER = $DB->get_record('user', array('id' => 100)); $USER->access = get_user_accessdata($USER->id); load_role_access_by_context($testrole->id, $context, $USER->access); // We need to force the accesslib cache to refresh. $GLOBALS['USER'] = $USER; // Check which of the parent usersets the user has access to based on the sub-userset. $allowed = userset::get_allowed_clusters(2); $this->assertInternalType('array', $allowed); $this->assertEquals(1, count($allowed)); // Check which of the parent usersets the user has access to basdd on the sub-sub-userset. $allowed = userset::get_allowed_clusters(4); $this->assertInternalType('array', $allowed); $this->assertEquals(2, count($allowed)); }