/** * Determines if a user is permitted to send another user a private message. * If no sender is provided then it defaults to the logged in user. * * @param object $recipient User object. * @param object $sender User object. * @return bool true if user is permitted, false otherwise. */ function message_can_post_message($recipient, $sender = null) { global $USER, $DB; if (is_null($sender)) { // The message is from the logged in user, unless otherwise specified. $sender = $USER; } if (!has_capability('moodle/site:sendmessage', context_system::instance(), $sender)) { return false; } // The recipient blocks messages from non-contacts and the // sender isn't a contact. if (message_is_user_non_contact_blocked($recipient, $sender)) { return false; } // The recipient has specifically blocked this sender. if (message_is_user_blocked($recipient, $sender)) { return false; } return true; }
redirect($CFG->wwwroot . '/message/index.php?viewing=contacts&id=' . $addcontact); } if ($removecontact and confirm_sesskey()) { message_remove_contact($removecontact); } if ($blockcontact and confirm_sesskey()) { message_block_contact($blockcontact); } if ($unblockcontact and confirm_sesskey()) { message_unblock_contact($unblockcontact); } //was a message sent? Do NOT allow someone looking at someone else's messages to send them. $messageerror = null; if ($currentuser && !empty($user2) && has_capability('moodle/site:sendmessage', $systemcontext)) { // Check that the user is not blocking us!! if (message_is_user_blocked($user2, $user1)) { $messageerror = get_string('userisblockingyou', 'message'); } // Check that we're not non-contact block by the user. if (message_is_user_non_contact_blocked($user2, $user1)) { $messageerror = get_string('userisblockingyounoncontact', 'message', fullname($user2)); } if (empty($messageerror)) { $mform = new send_form(); $defaultmessage = new stdClass(); $defaultmessage->id = $user2->id; $defaultmessage->viewing = $viewing; $defaultmessage->message = ''; //Check if the current user has sent a message $data = $mform->get_data(); if (!empty($data) && !empty($data->message)) {
/** * Test that message_is_user_blocked returns true if the sender is a contact that is * blocked by the recipient and does not have the moodle/site:readallmessages capability. */ public function test_message_is_user_blocked_true_if_blocked() { $sender = $this->getDataGenerator()->create_user(array('firstname' => 'Test1', 'lastname' => 'User1')); $recipient = $this->getDataGenerator()->create_user(array('firstname' => 'Test2', 'lastname' => 'User2')); $this->setUser($recipient); message_block_contact($sender->id); $context = context_system::instance(); $roleid = $this->getDataGenerator()->create_role(); $this->getDataGenerator()->role_assign($roleid, $sender->id, $context->id); assign_capability('moodle/site:readallmessages', CAP_PROHIBIT, $roleid, $context); $this->assertTrue(message_is_user_blocked($recipient, $sender)); }