mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-28452 core_user: add custom profilefield capability

Browse Source 
Add a setting to show custom profilefields to self or others
with capability moodle/sit:viewuseridentity in the course context only
This commit is contained in:
Bas Brands 2021-03-15 13:29:56 +01:00
parent 2c89b82e17
commit 0fe5d5faa8
4 changed files with 49 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/en/admin.php
View File

@ -1036,6 +1036,7 @@ $string['profilevisible_help'] = '* Not visible - For private data only viewable
$string['profilevisibleall'] = 'Visible to everyone';
$string['profilevisiblenone'] = 'Not visible';
$string['profilevisibleprivate'] = 'Visible to user';
$string['profilevisibleteachers'] = 'Visible to user teachers and admins';
$string['profiling'] = 'Profiling';
$string['profilingallowall'] = 'Continuous profiling';
$string['profilingallowall_help'] = 'If you enable this setting, then, at any moment, you can use the PROFILEALL parameter anywhere (PGC) to enable profiling for all the executed scripts along the Moodle session life. Analogously, you can use the PROFILEALLSTOP parameter to stop it.';

2
user/profile/definelib.php
View File

@ -75,7 +75,9 @@ class profile_define_base {
$choices = array();
$choices[PROFILE_VISIBLE_NONE] = get_string('profilevisiblenone', 'admin');
$choices[PROFILE_VISIBLE_PRIVATE] = get_string('profilevisibleprivate', 'admin');
$choices[PROFILE_VISIBLE_TEACHERS] = get_string('profilevisibleteachers', 'admin');
$choices[PROFILE_VISIBLE_ALL] = get_string('profilevisibleall', 'admin');
$form->addElement('select', 'visible', get_string('profilevisible', 'admin'), $choices);
$form->addHelpButton('visible', 'profilevisible', 'admin');
$form->setDefault('visible', PROFILE_VISIBLE_ALL);

18
user/profile/lib.php
View File

@ -22,6 +22,13 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Visible to anyone who has the moodle/site:viewuseridentity permission.
* Editable by the profile owner if they have the moodle/user:editownprofile capability
* or any user with the moodle/user:update capability.
*/
define('PROFILE_VISIBLE_TEACHERS', '3');
/**
* Visible to anyone who can view the user.
* Editable by the profile owner if they have the moodle/user:editownprofile capability
@ -428,11 +435,20 @@ class profile_field_base {
* @return bool
*/
public function is_visible() {
global $USER;
global $USER, $COURSE;
$context = ($this->userid > 0) ? context_user::instance($this->userid) : context_system::instance();
switch ($this->field->visible) {
case PROFILE_VISIBLE_TEACHERS:
if ($this->is_signup_field() && (empty($this->userid) || isguestuser($this->userid))) {
return true;
} else if ($this->userid == $USER->id) {
return true;
} else {
$coursecontext = context_course::instance($COURSE->id);
return has_capability('moodle/site:viewuseridentity', $coursecontext);
}
case PROFILE_VISIBLE_ALL:
return true;
case PROFILE_VISIBLE_PRIVATE:

34
user/tests/behat/custom_profile_fields.feature
View File

@ -41,12 +41,21 @@ Feature: Custom profile fields should be visible and editable by those with the
| Who is this field visible to? | Visible to everyone |
And I click on "Save changes" "button"
And I set the field "datatype" to "Text input"
And I set the following fields to these values:
| Short name | teachervisible_field |
| Name | teachervisible_field |
| Display on signup page? | Yes |
| Who is this field visible to? | Visible to user teachers and admins |
And I click on "Save changes" "button"
And I navigate to "Users > Accounts > Browse list of users" in site administration
And I click on ".icon[title=Edit]" "css_element" in the "userwithinformation@example.com" "table_row"
And I expand all fieldsets
And I set the field "notvisible_field" to "notvisible_field_information"
And I set the field "uservisible_field" to "uservisible_field_information"
And I set the field "everyonevisible_field" to "everyonevisible_field_information"
And I set the field "teachervisible_field" to "teachervisible_field_information"
And I click on "Update profile" "button"
And I log out
@ -59,6 +68,7 @@ Feature: Custom profile fields should be visible and editable by those with the
Then I should not see "notvisible_field"
And I should see "uservisible_field"
And I should not see "everyonevisible_field"
And I should see "teachervisible_field"
@javascript
Scenario: Visible custom profile fields can be part of the sign up form for guest users.
@ -70,15 +80,17 @@ Feature: Custom profile fields should be visible and editable by those with the
Then I should not see "notvisible_field"
And I should see "uservisible_field"
And I should not see "everyonevisible_field"
And I should see "teachervisible_field"
@javascript
Scenario: User with moodle/user:update but without moodle/user:viewalldetails can only update visible profile fields.
Scenario: User with moodle/user:update but without moodle/user:viewalldetails or moodle/site:viewuseridentity can only update visible profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| Update Users | updateusers | updateusers | |
And the following "permission overrides" exist:
| capability | permission | role | contextlevel | reference |
| moodle/user:update | Allow | updateusers | System | |
| capability | permission | role | contextlevel | reference |
| moodle/user:update | Allow | updateusers | System | |
| moodle/site:viewuseridentity | Prohibit | updateusers | System | |
And the following "users" exist:
| username | firstname | lastname | email |
| user_updateusers | updateusers | 1 | updateusers@example.com |
@ -99,14 +111,17 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should not see "uservisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"
And I should not see "teachervisible_field"
And I should not see "teachervisible_field_information"
And I follow "Edit profile"
And the following fields match these values:
| everyonevisible_field | everyonevisible_field_information |
And I should not see "uservisible_field"
And I should not see "notvisible_field"
And I should not see "teachervisible_field"
@javascript
Scenario: User with moodle/user:viewalldetails but without moodle/user:update can view all profile fields.
Scenario: User with moodle/user:viewalldetails and moodle/site:viewuseridentity but without moodle/user:update can view all profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| View All Details | viewalldetails | viewalldetails | |
@ -133,10 +148,12 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "uservisible_field_information"
And I should see "notvisible_field"
And I should see "notvisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "Edit profile"
@javascript
Scenario: User with moodle/user:viewalldetails and moodle/user:update capabilities can view and edit all profile fields.
Scenario: User with moodle/user:viewalldetails and moodle/user:update and moodle/site:viewuseridentity capabilities can view and edit all profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| View All Details and Update Users | viewalldetailsandupdateusers | viewalldetailsandupdateusers | |
@ -164,11 +181,14 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "uservisible_field_information"
And I should see "notvisible_field"
And I should see "notvisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I follow "Edit profile"
And the following fields match these values:
| everyonevisible_field | everyonevisible_field_information |
| uservisible_field | uservisible_field_information |
| notvisible_field | notvisible_field_information |
| teachervisible_field | teachervisible_field_information |
@javascript
Scenario: Users can view and edit custom profile fields except those marked as not visible.
@ -179,6 +199,8 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "everyonevisible_field_information"
And I should see "uservisible_field"
And I should see "uservisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"
@ -209,6 +231,8 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "everyonevisible_field_information"
And I should see "uservisible_field"
And I should see "uservisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"