mirror of
https://github.com/moodle/moodle.git
synced 2025-04-13 12:32:08 +02:00
MDL-52895 webservice: Fix capability checks
This commit is contained in:
Juan Leyva
parent
c9d91bb734
commit
0bf6c0bebe
@ -1544,13 +1544,15 @@ class mod_assign_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/assign:view', CAP_PROHIBIT, $teacherrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_assign_external::view_grading_table($assign->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
$this->fail('Exception expected due to missing view capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -99,13 +99,15 @@ class mod_folder_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/folder:view', CAP_PROHIBIT, $studentrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_folder_external::view_folder($folder->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -99,13 +99,15 @@ class mod_imscp_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/imscp:view', CAP_PROHIBIT, $studentrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_imscp_external::view_imscp($imscp->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
@ -168,10 +170,12 @@ class mod_imscp_external_testcase extends externallib_advanced_testcase {
|
||||
$contextcourse1 = context_course::instance($course1->id);
|
||||
// Prohibit capability = mod:imscp:view on Course1 for students.
|
||||
assign_capability('mod/imscp:view', CAP_PROHIBIT, $studentrole->id, $contextcourse1->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
$imscps = mod_imscp_external::get_imscps_by_courses(array($course1->id));
|
||||
$imscps = external_api::clean_returnvalue(mod_imscp_external::get_imscps_by_courses_returns(), $imscps);
|
||||
$this->assertFalse(isset($imscps['imscps'][0]['intro']));
|
||||
$this->assertCount(0, $imscps['imscps']);
|
||||
}
|
||||
}
|
||||
|
||||
@ -209,11 +209,13 @@ class mod_lti_external_testcase extends externallib_advanced_testcase {
|
||||
$contextcourse1 = context_course::instance($this->course->id);
|
||||
// Prohibit capability = mod:lti:view on Course1 for students.
|
||||
assign_capability('mod/lti:view', CAP_PROHIBIT, $this->studentrole->id, $contextcourse1->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
$ltis = mod_lti_external::get_ltis_by_courses(array($this->course->id));
|
||||
$ltis = external_api::clean_returnvalue(mod_lti_external::get_ltis_by_courses_returns(), $ltis);
|
||||
$this->assertFalse(isset($ltis['ltis'][0]['intro']));
|
||||
$this->assertCount(0, $ltis['ltis']);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -264,13 +266,15 @@ class mod_lti_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/lti:view', CAP_PROHIBIT, $this->studentrole->id, $this->context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_lti_external::view_lti($this->lti->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -98,13 +98,15 @@ class mod_page_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/page:view', CAP_PROHIBIT, $studentrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_page_external::view_page($page->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -99,13 +99,15 @@ class mod_resource_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/resource:view', CAP_PROHIBIT, $studentrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_resource_external::view_resource($resource->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -98,13 +98,15 @@ class mod_url_external_testcase extends externallib_advanced_testcase {
|
||||
// Test user with no capabilities.
|
||||
// We need a explicit prohibit since this capability is only defined in authenticated user and guest roles.
|
||||
assign_capability('mod/url:view', CAP_PROHIBIT, $studentrole->id, $context->id);
|
||||
// Empty all the caches that may be affected by this change.
|
||||
accesslib_clear_all_caches_for_unit_testing();
|
||||
course_modinfo::clear_instance_cache();
|
||||
|
||||
try {
|
||||
mod_url_external::view_url($url->id);
|
||||
$this->fail('Exception expected due to missing capability.');
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('nopermissions', $e->errorcode);
|
||||
$this->assertEquals('requireloginerror', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user