diff --git a/course/edit_form.php b/course/edit_form.php index c8453318920..06f74359cfc 100644 --- a/course/edit_form.php +++ b/course/edit_form.php @@ -99,11 +99,14 @@ class course_edit_form extends moodleform { $mform->addElement('select', 'visible', get_string('visible'), $choices); $mform->addHelpButton('visible', 'visible'); $mform->setDefault('visible', $courseconfig->visible); - if (!has_capability('moodle/course:visibility', $context)) { - $mform->hardFreeze('visible'); - if (!empty($course->id)) { + if (!empty($course->id)) { + if (!has_capability('moodle/course:visibility', $coursecontext)) { + $mform->hardFreeze('visible'); $mform->setConstant('visible', $course->visible); - } else { + } + } else { + if (!guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext)) { + $mform->hardFreeze('visible'); $mform->setConstant('visible', $courseconfig->visible); } } diff --git a/enrol/guest/lib.php b/enrol/guest/lib.php index 5c5d466d2fa..65444bdd6b6 100644 --- a/enrol/guest/lib.php +++ b/enrol/guest/lib.php @@ -183,7 +183,11 @@ class enrol_guest_plugin extends enrol_plugin { } $header = $this->get_instance_name($instance); - $config = has_capability('enrol/guest:config', $context); + if (!$i) { + $config = guess_if_creator_will_have_course_capability('enrol/guest:config', $context); + } else { + $config = has_capability('enrol/guest:config', $context); + } $mform->addElement('header', 'enrol_guest_header_'.$i, $header); @@ -196,12 +200,27 @@ class enrol_guest_plugin extends enrol_plugin { $mform->setAdvanced('enrol_guest_status_'.$i, $this->get_config('status_adv')); if (!$config) { $mform->hardFreeze('enrol_guest_status_'.$i); + if (!$i) { + $mform->setConstant('enrol_guest_status_'.$i, $this->get_config('status')); + } else { + $mform->setConstant('enrol_guest_status_'.$i, $instance->status); + } } $mform->addElement('passwordunmask', 'enrol_guest_password_'.$i, get_string('password', 'enrol_guest')); $mform->addHelpButton('enrol_guest_password_'.$i, 'password', 'enrol_guest'); if (!$config) { $mform->hardFreeze('enrol_guest_password_'.$i); + if (!$i) { + if ($this->get_config('requirepassword')) { + $password = generate_password(20); + } else { + $password = ''; + } + $mform->setConstant('enrol_guest_password_'.$i, $password); + } else { + $mform->setConstant('enrol_guest_password_'.$i, $instance->password); + } } else { $mform->disabledIf('enrol_guest_password_'.$i, 'enrol_guest_status_'.$i, 'noteq', ENROL_INSTANCE_ENABLED); } @@ -279,57 +298,46 @@ class enrol_guest_plugin extends enrol_plugin { public function course_updated($inserted, $course, $data) { global $DB; - $context = context_course::instance($course->id); - - if (has_capability('enrol/guest:config', $context)) { - if ($inserted) { - if (isset($data->enrol_guest_status_0)) { - $fields = array('status'=>$data->enrol_guest_status_0); - if ($fields['status'] == ENROL_INSTANCE_ENABLED) { - $fields['password'] = $data->enrol_guest_password_0; - } else { - if ($this->get_config('requirepassword')) { - $fields['password'] = generate_password(20); - } - } - $this->add_instance($course, $fields); + if ($inserted) { + if (isset($data->enrol_guest_status_0)) { + $fields = array('status'=>$data->enrol_guest_status_0); + if ($fields['status'] == ENROL_INSTANCE_ENABLED) { + $fields['password'] = $data->enrol_guest_password_0; } else { - if ($this->get_config('defaultenrol')) { - $this->add_default_instance($course); + if ($this->get_config('requirepassword')) { + $fields['password'] = generate_password(20); } } + $this->add_instance($course, $fields); } else { - $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'enrol'=>'guest')); - foreach ($instances as $instance) { - $i = $instance->id; - - if (isset($data->{'enrol_guest_status_'.$i})) { - $reset = ($instance->status != $data->{'enrol_guest_status_'.$i}); - - $instance->status = $data->{'enrol_guest_status_'.$i}; - $instance->timemodified = time(); - if ($instance->status == ENROL_INSTANCE_ENABLED) { - if ($instance->password !== $data->{'enrol_guest_password_'.$i}) { - $reset = true; - } - $instance->password = $data->{'enrol_guest_password_'.$i}; - } - $DB->update_record('enrol', $instance); - - if ($reset) { - $context->mark_dirty(); - } - } + if ($this->get_config('defaultenrol')) { + $this->add_default_instance($course); } } } else { - if ($inserted) { - if ($this->get_config('defaultenrol')) { - $this->add_default_instance($course); + $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'enrol'=>'guest')); + foreach ($instances as $instance) { + $i = $instance->id; + + if (isset($data->{'enrol_guest_status_'.$i})) { + $reset = ($instance->status != $data->{'enrol_guest_status_'.$i}); + + $instance->status = $data->{'enrol_guest_status_'.$i}; + $instance->timemodified = time(); + if ($instance->status == ENROL_INSTANCE_ENABLED) { + if ($instance->password !== $data->{'enrol_guest_password_'.$i}) { + $reset = true; + } + $instance->password = $data->{'enrol_guest_password_'.$i}; + } + $DB->update_record('enrol', $instance); + + if ($reset) { + $context = context_course::instance($course->id); + $context->mark_dirty(); + } } - } else { - // bad luck, user can not change anything } } } diff --git a/lib/accesslib.php b/lib/accesslib.php index 1b4f87e0dea..0d31a88f6d0 100644 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -545,6 +545,62 @@ function has_all_capabilities(array $capabilities, context $context, $user = nul return true; } +/** + * Is course creator going to have capability in a new course? + * + * This is intended to be used in enrolment plugins before or during course creation, + * do not use after the course is fully created. + * + * @category access + * + * @param string $capability the name of the capability to check. + * @param context $context course or category context where is course going to be created + * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user. + * @return boolean true if the user will have this capability. + * + * @throws coding_exception if different type of context submitted + */ +function guess_if_creator_will_have_course_capability($capability, context $context, $user = null) { + global $CFG; + + if ($context->contextlevel != CONTEXT_COURSE and $context->contextlevel != CONTEXT_COURSECAT) { + throw new coding_exception('Only course or course category context expected'); + } + + if (has_capability($capability, $context, $user)) { + // User already has the capability, it could be only removed if CAP_PROHIBIT + // was involved here, but we ignore that. + return true; + } + + if (!has_capability('moodle/course:create', $context, $user)) { + return false; + } + + if (!enrol_is_enabled('manual')) { + return false; + } + + if (empty($CFG->creatornewroleid)) { + return false; + } + + if ($context->contextlevel == CONTEXT_COURSE) { + if (is_viewing($context, $user, 'moodle/role:assign') or is_enrolled($context, $user, 'moodle/role:assign')) { + return false; + } + } else { + if (has_capability('moodle/course:view', $context, $user) and has_capability('moodle/role:assign', $context, $user)) { + return false; + } + } + + // Most likely they will be enrolled after the course creation is finished, + // does the new role have the required capability? + list($neededroles, $forbiddenroles) = get_roles_with_cap_in_context($context, $capability); + return isset($neededroles[$CFG->creatornewroleid]); +} + /** * Check if the user is an admin at the site level. * diff --git a/lib/tests/accesslib_test.php b/lib/tests/accesslib_test.php index 034b90b7d6f..144967414a1 100644 --- a/lib/tests/accesslib_test.php +++ b/lib/tests/accesslib_test.php @@ -1545,6 +1545,131 @@ class accesslib_testcase extends advanced_testcase { $this->assertFalse(has_all_capabilities($sca, $coursecontext, 0)); } + /** + * Test if course creator future capability lookup works. + */ + public function test_guess_if_creator_will_have_course_capability() { + global $DB, $CFG, $USER; + + $this->resetAfterTest(); + + $category = $this->getDataGenerator()->create_category(); + $course = $this->getDataGenerator()->create_course(array('category'=>$category->id)); + + $syscontext = context_system::instance(); + $categorycontext = context_coursecat::instance($category->id); + $coursecontext = context_course::instance($course->id); + $studentrole = $DB->get_record('role', array('shortname'=>'student'), '*', MUST_EXIST); + $teacherrole = $DB->get_record('role', array('shortname'=>'editingteacher'), '*', MUST_EXIST); + $creatorrole = $DB->get_record('role', array('shortname'=>'coursecreator'), '*', MUST_EXIST); + $managerrole = $DB->get_record('role', array('shortname'=>'manager'), '*', MUST_EXIST); + + $this->assertEquals($teacherrole->id, $CFG->creatornewroleid); + + $creator = $this->getDataGenerator()->create_user(); + $manager = $this->getDataGenerator()->create_user(); + role_assign($managerrole->id, $manager->id, $categorycontext); + + $this->assertFalse(has_capability('moodle/course:view', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/role:assign', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $creator)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $creator)); + + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext, $manager)); + $this->assertTrue(has_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertTrue(has_capability('moodle/course:visibility', $coursecontext, $manager)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $manager->id)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $manager->id)); + + $this->assertEquals(0, $USER->id); + $this->assertFalse(has_capability('moodle/course:view', $categorycontext)); + $this->assertFalse(has_capability('moodle/role:assign', $categorycontext)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext)); + + $this->setUser($manager); + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext)); + $this->assertTrue(has_capability('moodle/course:visibility', $categorycontext)); + $this->assertTrue(has_capability('moodle/course:visibility', $coursecontext)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext)); + + $this->setAdminUser(); + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext)); + $this->assertTrue(has_capability('moodle/course:visibility', $categorycontext)); + $this->assertTrue(has_capability('moodle/course:visibility', $coursecontext)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext)); + $this->setUser(0); + + role_assign($creatorrole->id, $creator->id, $categorycontext); + + $this->assertFalse(has_capability('moodle/role:assign', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $creator)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $creator)); + + $this->setUser($creator); + $this->assertFalse(has_capability('moodle/role:assign', $categorycontext, null)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, null)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, null)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, null)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, null)); + $this->setUser(0); + + set_config('creatornewroleid', $studentrole->id); + + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $creator)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $creator)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $creator)); + + set_config('creatornewroleid', $teacherrole->id); + + role_change_permission($managerrole->id, $categorycontext, 'moodle/course:visibility', CAP_PREVENT); + role_assign($creatorrole->id, $manager->id, $categorycontext); + + $this->assertTrue(has_capability('moodle/course:view', $categorycontext, $manager)); + $this->assertTrue(has_capability('moodle/course:view', $coursecontext, $manager)); + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext, $manager)); + $this->assertTrue(has_capability('moodle/role:assign', $coursecontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $manager)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $manager)); + + role_change_permission($managerrole->id, $categorycontext, 'moodle/course:view', CAP_PREVENT); + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $manager)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $manager)); + + $this->getDataGenerator()->enrol_user($manager->id, $course->id, 0); + + $this->assertTrue(has_capability('moodle/role:assign', $categorycontext, $manager)); + $this->assertTrue(has_capability('moodle/role:assign', $coursecontext, $manager)); + $this->assertTrue(is_enrolled($coursecontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertFalse(has_capability('moodle/course:visibility', $coursecontext, $manager)); + $this->assertTrue(guess_if_creator_will_have_course_capability('moodle/course:visibility', $categorycontext, $manager)); + $this->assertFalse(guess_if_creator_will_have_course_capability('moodle/course:visibility', $coursecontext, $manager)); + + // Test problems. + + try { + guess_if_creator_will_have_course_capability('moodle/course:visibility', $syscontext, $creator); + $this->fail('Exception expected when non course/category context passed to guess_if_creator_will_have_course_capability()'); + } catch (moodle_exception $e) { + $this->assertInstanceOf('coding_exception', $e); + } + } + /** * Test require_capability() exceptions. * @return void