mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-20 16:04:25 +02:00
Code Issues Projects Releases Wiki Activity

MDL-81778 mod_bigbluebuttonbn: access checks when getting meeting URL.

Browse Source
This commit is contained in:
Paul Holden 2024-05-02 22:25:41 +01:00 committed by Jun Pataleta
parent 891e9994b4
commit 500cec5757
No known key found for this signature in database
GPG Key ID: F83510526D99E2C7
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mod/bigbluebuttonbn/classes/external/get_join_url.php vendored
View File

@ -55,6 +55,8 @@ class get_join_url extends external_api {
* @param int $cmid the bigbluebuttonbn course module id
* @param null|int $groupid
* @return array (empty array for now)
*
* @throws restricted_context_exception
*/
public static function execute(
int $cmid,
@ -81,7 +83,11 @@ class get_join_url extends external_api {
}
$instance->set_group_id($groupid);
// Validate that the user has access to this activity and to join the meeting.
self::validate_context($instance->get_context());
if (!$instance->can_join()) {
throw new restricted_context_exception();
}
try {
$result['join_url'] = meeting::join_meeting($instance);

24
mod/bigbluebuttonbn/tests/external/get_join_url_test.php vendored
View File

@ -16,7 +16,9 @@
namespace mod_bigbluebuttonbn\external;
use context_course;
use core_external\external_api;
use core_external\restricted_context_exception;
use mod_bigbluebuttonbn\instance;
use mod_bigbluebuttonbn\test\testcase_helper_trait;
use moodle_exception;
@ -86,6 +88,28 @@ class get_join_url_test extends \externallib_advanced_testcase {
$this->get_join_url($instance->get_cm_id());
}
/**
* Test execution with a user who doesn't have the capability to join the meeting
*/
public function test_execute_without_capability(): void {
global $DB;
$this->resetAfterTest();
$course = $this->getDataGenerator()->create_course();
$record = $this->getDataGenerator()->create_module('bigbluebuttonbn', ['course' => $course->id]);
$instance = instance::get_from_instanceid($record->id);
$user = $this->getDataGenerator()->create_and_enrol($course);
$this->setUser($user);
$student = $DB->get_field('role', 'id', ['shortname' => 'student'], MUST_EXIST);
assign_capability('mod/bigbluebuttonbn:join', CAP_PROHIBIT, $student, context_course::instance($course->id), true);
$this->expectException(restricted_context_exception::class);
$this->get_join_url($instance->get_cm_id());
}
/**
* Test execute API CALL with invalid login
*/