mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 00:12:56 +02:00
Code Issues Projects Releases Wiki Activity

MDL-52072 enrol: Fix course visibility checks in external functions

Browse Source
This commit is contained in:
Juan Leyva 2015-11-16 16:01:53 +01:00 committed by Dan Poltawski
parent e98dffe129
commit 4323a973d5
4 changed files with 46 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
enrol/externallib.php
View File

@ -645,14 +645,21 @@ class core_enrol_external extends external_api {
*
* @param int $courseid
* @return array of course enrolment methods
* @throws moodle_exception
*/
public static function get_course_enrolment_methods($courseid) {
global $DB;
$params = self::validate_parameters(self::get_course_enrolment_methods_parameters(), array('courseid' => $courseid));
$coursecontext = context_course::instance($params['courseid']);
$categorycontext = $coursecontext->get_parent_context();
self::validate_context($categorycontext);
// Note that we can't use validate_context because the user is not enrolled in the course.
require_login(null, false, null, false, true);
$course = $DB->get_record('course', array('id' => $params['courseid']), '*', MUST_EXIST);
$context = context_course::instance($course->id);
if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $context)) {
throw new moodle_exception('coursehidden');
}
$result = array();
$enrolinstances = enrol_get_instances($params['courseid'], true);

12
enrol/self/externallib.php
View File

@ -52,6 +52,7 @@ class enrol_self_external extends external_api {
*
* @param int $instanceid instance id of self enrolment plugin.
* @return array instance information.
* @throws moodle_exception
*/
public static function get_instance_info($instanceid) {
global $DB, $CFG;
@ -66,10 +67,15 @@ class enrol_self_external extends external_api {
throw new moodle_exception('invaliddata', 'error');
}
// Note that we can't use validate_context because the user is not enrolled in the course.
require_login(null, false, null, false, true);
$enrolinstance = $DB->get_record('enrol', array('id' => $params['instanceid']), '*', MUST_EXIST);
$coursecontext = context_course::instance($enrolinstance->courseid);
$categorycontext = $coursecontext->get_parent_context();
self::validate_context($categorycontext);
$course = $DB->get_record('course', array('id' => $enrolinstance->courseid), '*', MUST_EXIST);
$context = context_course::instance($course->id);
if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $context)) {
throw new moodle_exception('coursehidden');
}
$instanceinfo = (array) $enrolplugin->get_enrol_info($enrolinstance);
if (isset($instanceinfo['requiredparam']->enrolpassword)) {

14
enrol/self/tests/externallib_test.php
View File

@ -47,7 +47,9 @@ class enrol_self_external_testcase extends externallib_advanced_testcase {
$studentrole = $DB->get_record('role', array('shortname'=>'student'));
$this->assertNotEmpty($studentrole);
$course = self::getDataGenerator()->create_course();
$coursedata = new stdClass();
$coursedata->visible = 0;
$course = self::getDataGenerator()->create_course($coursedata);
// Add enrolment methods for course.
$instanceid1 = $selfplugin->add_instance($course, array('status' => ENROL_INSTANCE_ENABLED,
@ -68,6 +70,7 @@ class enrol_self_external_testcase extends externallib_advanced_testcase {
$enrolmentmethods = $DB->get_records('enrol', array('courseid' => $course->id, 'status' => ENROL_INSTANCE_ENABLED));
$this->assertCount(3, $enrolmentmethods);
$this->setAdminUser();
$instanceinfo1 = enrol_self_external::get_instance_info($instanceid1);
$instanceinfo1 = external_api::clean_returnvalue(enrol_self_external::get_instance_info_returns(), $instanceinfo1);
@ -95,6 +98,15 @@ class enrol_self_external_testcase extends externallib_advanced_testcase {
$this->assertEquals('Test instance 3', $instanceinfo3['name']);
$this->assertTrue($instanceinfo3['status']);
$this->assertEquals(get_string('password', 'enrol_self'), $instanceinfo3['enrolpassword']);
// Try to retrieve information using a normal user for a hidden course.
$user = self::getDataGenerator()->create_user();
$this->setUser($user);
try {
enrol_self_external::get_instance_info($instanceid3);
} catch (moodle_exception $e) {
$this->assertEquals('coursehidden', $e->errorcode);
}
}
/**

15
enrol/tests/externallib_test.php
View File

@ -428,7 +428,9 @@ class core_enrol_externallib_testcase extends externallib_advanced_testcase {
$this->assertNotEmpty($studentrole);
$course1 = self::getDataGenerator()->create_course();
$course2 = self::getDataGenerator()->create_course();
$coursedata = new stdClass();
$coursedata->visible = 0;
$course2 = self::getDataGenerator()->create_course($coursedata);
// Add enrolment methods for course.
$instanceid1 = $selfplugin->add_instance($course1, array('status' => ENROL_INSTANCE_ENABLED,
@ -445,6 +447,8 @@ class core_enrol_externallib_testcase extends externallib_advanced_testcase {
$enrolmentmethods = $DB->get_records('enrol', array('courseid' => $course1->id, 'status' => ENROL_INSTANCE_ENABLED));
$this->assertCount(2, $enrolmentmethods);
$this->setAdminUser();
// Check if information is returned.
$enrolmentmethods = core_enrol_external::get_course_enrolment_methods($course1->id);
$enrolmentmethods = external_api::clean_returnvalue(core_enrol_external::get_course_enrolment_methods_returns(),
@ -474,6 +478,15 @@ class core_enrol_externallib_testcase extends externallib_advanced_testcase {
$this->assertEquals('self', $enrolmentmethod['type']);
$this->assertTrue($enrolmentmethod['status']);
$this->assertEquals('enrol_self_get_instance_info', $enrolmentmethod['wsfunction']);
// Try to retrieve information using a normal user for a hidden course.
$user = self::getDataGenerator()->create_user();
$this->setUser($user);
try {
core_enrol_external::get_course_enrolment_methods($course2->id);
} catch (moodle_exception $e) {
$this->assertEquals('coursehidden', $e->errorcode);
}
}
public function get_enrolled_users_setup($capability) {