Merge branch 'MDL-62707' of https://github.com/paulholden/moodle

2025-03-22 00:20:37 +01:00 · 2020-12-09 08:51:53 +08:00 · 2020-12-09 08:51:53 +08:00 · 47eda9594a
commit 47eda9594a
parent 7430e7c074 e7e62a4b2e
2 changed files with 39 additions and 3 deletions
--- a/search/classes/manager.php
+++ b/search/classes/manager.php
@ -823,8 +823,8 @@ class manager {
            }
        }

-        // Add all supported block contexts, in a single query for performance.
-        if (!empty($areasbylevel[CONTEXT_BLOCK])) {
+        // Add all supported block contexts for course contexts that user can access, in a single query for performance.
+        if (!empty($areasbylevel[CONTEXT_BLOCK]) && !empty($coursecontextids)) {
            // Get list of all block types we care about.
            $blocklist = [];
            foreach ($areasbylevel[CONTEXT_BLOCK] as $areaid => $searchclass) {
--- a/search/tests/manager_test.php
+++ b/search/tests/manager_test.php
@ -791,7 +791,6 @@ class search_manager_testcase extends advanced_testcase {
        $this->assertEquals($contexts['block_html-content'], $limitedcontexts['block_html-content']);

        // Get block context ids for the blocks that appear.
-        global $DB;
        $blockcontextids = $DB->get_fieldset_sql('
            SELECT x.id
              FROM {block_instances} bi
@ -811,6 +810,43 @@ class search_manager_testcase extends advanced_testcase {
        $this->assertCount(1, $contexts['block_html-content']);
    }

+    /**
+     * Tests retrieval of users search areas when limiting to a course the user is not enrolled in
+     */
+    public function test_search_users_accesses_limit_non_enrolled_course() {
+        global $DB;
+
+        $this->resetAfterTest();
+
+        $user = $this->getDataGenerator()->create_user();
+        $this->setUser($user);
+
+        $search = testable_core_search::instance();
+        $search->add_core_search_areas();
+
+        $course = $this->getDataGenerator()->create_course();
+        $context = context_course::instance($course->id);
+
+        // Limit courses to search to only those the user is enrolled in.
+        set_config('searchallavailablecourses', 0);
+
+        $usercontexts = $search->get_areas_user_accesses([$course->id])->usercontexts;
+        $this->assertNotEmpty($usercontexts);
+        $this->assertArrayNotHasKey('core_course-course', $usercontexts);
+
+        // This config ensures the search will also include courses the user can view.
+        set_config('searchallavailablecourses', 1);
+
+        // Allow "Authenticated user" role to view the course without being enrolled in it.
+        $userrole = $DB->get_record('role', ['shortname' => 'user'], '*', MUST_EXIST);
+        role_change_permission($userrole->id, $context, 'moodle/course:view', CAP_ALLOW);
+
+        $usercontexts = $search->get_areas_user_accesses([$course->id])->usercontexts;
+        $this->assertNotEmpty($usercontexts);
+        $this->assertArrayHasKey('core_course-course', $usercontexts);
+        $this->assertEquals($context->id, reset($usercontexts['core_course-course']));
+    }
+
    /**
     * Test get_areas_user_accesses with regard to the 'all available courses' config option.
     *