private function view_mail() { $context = context_course::instance($this->courseid); if (!has_capability('block/course_message:viewmail', $context)) { echo get_string('usercannotviewmail', BLOCK_CM_LANG_TABLE); return; } $mailid = required_param('id', PARAM_INT); $folder = required_param('folder', PARAM_TEXT); $mail = new display_mail($mailid, $folder, $this->courseid); if (!$mail->check_user_identification($folder)) { echo get_string('baduseridentification', BLOCK_CM_LANG_TABLE); return 0; } $view = new mail_view($mail, $mailid, $folder); $view->display_mail(); }
/** * This function checks that users who have no copy of the mail they are * trying to view are not allowed to view it. * */ public function test_check_user_identification() { // Check user that has no copy of mail (inbox|sent). $this->setUser($this->martha); $mailid = $this->mailids[self::LASTMAILID]; $folder = 'inbox'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertFalse((bool) $dm->check_user_identification($folder)); $folder = 'sent'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertFalse((bool) $dm->check_user_identification($folder)); $this->setUser($this->friend); // User has copy in inbox, but not in sent. $mailid = $this->mailids[self::LASTMAILID]; $folder = 'inbox'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertTrue((bool) $dm->check_user_identification($folder)); $folder = 'sent'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertFalse((bool) $dm->check_user_identification($folder)); // User has copy in sent, but not in inbox. $mailid = $this->mailids[self::CHILDMAILID]; $folder = 'sent'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertTrue((bool) $dm->check_user_identification($folder)); $folder = 'inbox'; $dm = new display_mail($mailid, $folder, $this->testcourseid, false); $this->assertFalse((bool) $dm->check_user_identification($folder)); }