web service MDL-12886 check that a user is a course participant before to add it to a group

2025-04-21 00:12:56 +02:00 · 2009-03-13 06:51:30 +00:00 · 2009-03-13 06:51:30 +00:00 · 0d4723ee62
commit 0d4723ee62
parent fe4126c8c3
5 changed files with 118 additions and 13 deletions
--- a/course/lib.php
+++ b/course/lib.php
@ -3565,4 +3565,41 @@ function update_course($data) {
    return false;
 }

+/**
+ * Return all course participant for a given course
+ * @global object $DB
+ * @param integer $courseid
+ * @return array of user
+ */
+function get_course_participants ($courseid) {
+    global $DB;
+    $users = get_users_by_capability(
+                        get_context_instance(CONTEXT_COURSE, $courseid),
+                        'moodle/course:view');
+    return $users;
+}
+
+
+/**
+ * Return true if the user is a participant for a given course
+ * @global object $DB
+ * @param integer $userid
+ * @param integer $courseid
+ * @return boolean
+ */
+function is_course_participant ($userid, $courseid) {
+    global $DB;
+    $users = get_users_by_capability(
+                        get_context_instance(CONTEXT_COURSE, $courseid),
+                        'moodle/course:view','u.id');
+    
+    foreach($users as $user) {
+        if ($user->id == $userid) {
+            return true;
+        }
+    }
+   
+    return false;
+}
+
 ?>
--- a/group/external.php
+++ b/group/external.php
@ -106,11 +106,22 @@ final class group_external {
    /**
     * Return all internal members for a group id (do not return remotely registered user)
     * @param array|struct $params
-     * @subparam integer $params:member->groupid
+     * @subparam integer $params:groupid
     * @return array $return
     * $subparam string $return:username
     */
    static function tmp_get_groupmembers($params){
+        if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) {
+            $members = array();
+            foreach ($params as $groupid) {
+                $groupmembers = groups_get_members($groupid);
+                $members[] = array("groupid" => $groupid, "members" => $groupmembers);
+            }
+            return $members;
+        }
+        else {
+            throw new moodle_exception('wscouldnotgetgroupnopermission');
+        }
    }

     /**
@ -127,6 +138,10 @@ final class group_external {
            foreach($params as $member) {
                $groupid = clean_param($member['groupid'], PARAM_INTEGER);
                $userid = clean_param($member['userid'], PARAM_INTEGER);
+
+                //check that the user is participant of the course
+                
+
                if (!groups_add_member($groupid, $userid)) {
                    $addmembersuccessfull = false;
                }
@ -147,7 +162,7 @@ final class group_external {
     */
    static function tmp_delete_groupmembers($params){
        if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) {
-             $addmembersuccessfull = true;
+            $addmembersuccessfull = true;
            foreach($params as $member) {
                $groupid = clean_param($member['groupid'], PARAM_INTEGER);
                $userid = clean_param($member['userid'], PARAM_INTEGER);
--- a/group/lib.php
+++ b/group/lib.php
@ -27,10 +27,16 @@ function groups_add_member($groupid, $userid) {
        throw new moodle_exception('useriddoesntexist');
    }

-    if (!groups_group_exists($groupid)) {
+    $group = $DB->get_record('groups', array('id'=>$groupid));
+    if (empty($group)) {
        throw new moodle_exception('cannotaddmembergroupiddoesntexist');
    }

+    //check if the user a participant of the group course
+    if (!is_course_participant ($userid, $group->courseid)) {
+        throw new moodle_exception('userisnotaparticipant');
+    }
+
    if (groups_is_member($groupid, $userid)) {
        return true;
    }
--- a/group/simpletest/testexternal.php
+++ b/group/simpletest/testexternal.php
@ -48,8 +48,11 @@ class group_external_test extends UnitTestCase {
    var $userid2;
    var $userid3;
    var $userid4;
+    var $userid5;
    var $course;
    var $categoryid;
+    var $roleid;
+    var $context;

    function setUp() {
        global $DB;
@ -87,7 +90,7 @@ class group_external_test extends UnitTestCase {
        $user->password = 'mockuserfortestingY_password';
        $this->userid2 = tmp_create_user($user);

-         //create some more test users (not add yet to any group)
+        //create some more test users (not add yet to any group)
        $user = new stdClass();
        $user->username = 'mockuserfortestingZ';
        $user->firstname = 'mockuserfortestingZ_firstname';
@ -103,6 +106,26 @@ class group_external_test extends UnitTestCase {
        $user->password = 'mockuserfortestingZ2_password';
        $this->userid4 = tmp_create_user($user);

+        //create a user, don't add it to a role or group
+        $user = new stdClass();
+        $user->username = 'mockuserfortestingZ23';
+        $user->firstname = 'mockuserfortestingZ23_firstname';
+        $user->lastname = 'mockuserfortestingZ23_lastname';
+        $user->email = 'mockuserfortestingZ23@moodle.com';
+        $user->password = 'mockuserfortestingZ23_password';
+        $this->userid5 = tmp_create_user($user);
+
+        //we're creating a new test role with viewcourse capabilyt
+        $this->context = $DB->get_record('context',array('contextlevel' => 50, 'instanceid' => $this->course->id));
+        $this->roleid = create_role('testrole', 'testrole', 'testrole');
+        assign_capability('moodle/course:view', CAP_ALLOW, $this->roleid, $this->context->id);
+
+        //assign the students to this role
+        role_assign($this->roleid, $this->userid1, null, $this->context->id);
+        role_assign($this->roleid, $this->userid2, null, $this->context->id);
+        role_assign($this->roleid, $this->userid3, null, $this->context->id);
+        role_assign($this->roleid, $this->userid4, null, $this->context->id);
+
        /// create a group with these two students
        $this->group = new stdClass();
        $this->group->courseid = $this->course->id;
@ -143,6 +166,13 @@ class group_external_test extends UnitTestCase {
        delete_user($user);
        $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ2', 'mnethostid'=>1));
        delete_user($user);
+
+        //delete the user without group
+        $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ23', 'mnethostid'=>1));
+        delete_user($user);
+
+        //delete role
+        delete_role($this->roleid);
    }

    function testTmp_create_groups() {
@ -198,33 +228,49 @@ class group_external_test extends UnitTestCase {
        $result = group_external::tmp_add_groupmembers($params);
    }

-     function testTmp_add_group_members2() {
+    function testTmp_add_group_members2() {
        //the group id doesn't exist
        $params = array(array("groupid" => 6465465, "userid" => $this->userid3), array("groupid" => $this->group->id, "userid" => $this->userid4));
        $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist'));
        $result = group_external::tmp_add_groupmembers($params);
-     }
+    }

-     function testTmp_delete_group_members() {
+    function testTmp_add_group_members3() {
+        //the user is not a participant  
+        $params = array(array("groupid" => $this->group->id, "userid" => $this->userid5));
+        $this->expectException(new moodle_exception('userisnotaparticipant'));
+        $result = group_external::tmp_add_groupmembers($params);
+       
+    }
+
+    function testTmp_get_groupmembers() {
+        $params = array($this->group->id, $this->group2->id);
+        $groups = group_external::tmp_get_groupmembers($params);
+        $this->assertEqual(sizeof($groups), 2);
+        $this->assertEqual(sizeof($groups[0]['members']), 2);
+        $this->assertEqual(sizeof($groups[1]['members']), 1);      
+    }
+
+    function testTmp_delete_group_members() {
        //One of the userid doesn't exist
        $params = array(array("groupid" => $this->group->id, "userid" => 654685), array("groupid" => $this->group->id, "userid" => $this->userid2));
        $this->expectException(new moodle_exception('useriddoesntexist'));
        $result = group_external::tmp_delete_groupmembers($params);
-     }
+    }

-      function testTmp_delete_group_members2() {
-         //the group id doesn't exist
+    function testTmp_delete_group_members2() {
+        //the group id doesn't exist
        $params = array(array("groupid" => 6465465, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2));
        $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist'));
        $result = group_external::tmp_delete_groupmembers($params);
-     }
+    }

-     function testTmp_delete_group_members3() {
+    function testTmp_delete_group_members3() {
        //delete members from group
        $params = array(array("groupid" => $this->group->id, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2));
        $result = group_external::tmp_delete_groupmembers($params);
        $this->assertEqual($result, true);
-     }
+    }

    function testTmp_delete_groups() {
        $params = array($this->group->id, $this->group2->id);
--- a/lang/en_utf8/error.php
+++ b/lang/en_utf8/error.php
@ -448,6 +448,7 @@ $string['urlnotdefinerss'] = 'URL not defined for RSS feed';
 $string['userautherror'] = 'Unknown auth plugin';
 $string['userauthunsupported'] = 'Auth plugin not supported here';
 $string['useriddoesntexist'] = 'User id doesn\'t exist';
+$string['userisnotaparticipant'] = 'The user is not a course participant';
 $string['useremailduplicate'] = 'Duplicate address';
 $string['usermustbemnet'] = 'Users in the MNET access control list must be remote MNET users';
 $string['usernotaddedadmin'] = 'Cannot delete admin accounts';