mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 05:58:34 +01:00
Code Issues Projects Releases Wiki Activity

MDL-56065 user: Fix update_users Web Service

Browse Source 
Users won’t be updated if:
- They are admins and the user updating is not
- They are the guest user
- They are mnet users
- They are deleted users
This commit is contained in:
Juan Leyva 2016-09-22 10:52:11 +01:00 committed by Mr. Jenkins (CiBoT)
parent fd9eb89022
commit 42778e124e
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
user/externallib.php
View File

@ -518,7 +518,7 @@ class core_user_external extends external_api {
* @since Moodle 2.2
*/
public static function update_users($users) {
global $CFG, $DB;
global $CFG, $DB, $USER;
require_once($CFG->dirroot."/user/lib.php");
require_once($CFG->dirroot."/user/profile/lib.php"); // Required for customfields related function.
@ -537,6 +537,18 @@ class core_user_external extends external_api {
$transaction = $DB->start_delegated_transaction();
foreach ($params['users'] as $user) {
// First check the user exists.
if (!$existinguser = core_user::get_user($user['id'])) {
continue;
}
// Check if we are trying to update an admin.
if ($existinguser->id != $USER->id and is_siteadmin($existinguser) and !is_siteadmin($USER)) {
continue;
}
// Other checks (deleted, remote or guest users).
if ($existinguser->deleted or is_mnet_remote_user($existinguser) or isguestuser($existinguser->id)) {
continue;
}
user_update_user($user, true, false);
// Update user picture if it was specified for this user.

20
user/tests/externallib_test.php
View File

@ -605,8 +605,26 @@ class core_user_externallib_testcase extends externallib_advanced_testcase {
$context = context_system::instance();
$roleid = $this->assignUserCapability('moodle/user:update', $context->id);
// Check we can't update deleted users, guest users, site admin.
$user2 = $user3 = $user4 = $user1;
$user2['id'] = $CFG->siteguest;
$siteadmins = explode(',', $CFG->siteadmins);
$user3['id'] = array_shift($siteadmins);
$userdeleted = self::getDataGenerator()->create_user();
$user4['id'] = $userdeleted->id;
user_delete_user($userdeleted);
// Call the external function.
core_user_external::update_users(array($user1));
core_user_external::update_users(array($user1, $user2, $user3, $user4));
$dbuser2 = $DB->get_record('user', array('id' => $user2['id']));
$this->assertNotEquals($dbuser2->username, $user2['username']);
$dbuser3 = $DB->get_record('user', array('id' => $user3['id']));
$this->assertNotEquals($dbuser3->username, $user3['username']);
$dbuser4 = $DB->get_record('user', array('id' => $user4['id']));
$this->assertNotEquals($dbuser4->username, $user4['username']);
$dbuser = $DB->get_record('user', array('id' => $user1['id']));
$this->assertEquals($dbuser->username, $user1['username']);