mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-06 00:42:44 +02:00
Code Issues Projects Releases Wiki Activity

MDL-82757 mod_data: Improve group access handling

Browse Source 
* Improved handling of group access to ensure correct visibility of records.
This commit is contained in:
Laurent David 2024-10-10 13:26:42 +02:00 committed by Jenkins
parent cf5e586d03
commit 5f4c55e16a
3 changed files with 104 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mod/data/locallib.php
View File

@ -1082,11 +1082,7 @@ function data_search_entries($data, $cm, $context, $mode, $currentgroup, $search
// If a student is not part of a group and seperate groups is enabled, we don't
// want them seeing all records.
$groupmode = groups_get_activity_groupmode($cm);
if ($currentgroup == 0 && $groupmode == 1 && !$canmanageentries) {
$canviewallrecords = false;
} else {
$canviewallrecords = true;
}
$canviewallrecords = $groupmode != SEPARATEGROUPS || has_capability('moodle/site:accessallgroups', $context);
$numentries = data_numentries($data);
$requiredentriesallowed = true;

8
mod/data/tests/behat/group_mode.feature
View File

@ -16,6 +16,8 @@ Feature: Group data activity
And the following "users" exist:
| username | firstname | lastname | email |
| teacher1 | TeacherG1 | 1 | teacher1@example.com |
| teacher2 | TeacherGNone | 2 | teacher2@example.com |
| teacher3 | TeacherGNone | 3 | teacher3@example.com |
| user1 | User1G1 | 1 | user1@example.com |
| user2 | User2G2 | 2 | user2@example.com |
| user3 | User3None | 3 | user3@example.com |
@ -23,6 +25,8 @@ Feature: Group data activity
And the following "course enrolments" exist:
| user | course | role |
| teacher1 | C1 | editingteacher |
| teacher2 | C1 | editingteacher |
| teacher3 | C1 | teacher |
| user1 | C1 | student |
| user2 | C1 | student |
| user3 | C1 | student |
@ -73,11 +77,15 @@ Feature: Group data activity
Examples:
| data | user | all | G1 | G2 | user1 | user2 |
| data1 | teacher1 | should see | should see | should see | should see | should see |
| data1 | teacher2 | should see | should see | should see | should see | should see |
| data1 | teacher3 | should see | should not see | should not see | should not see | should not see |
| data1 | user1 | should not see | should see | should not see | should see | should not see |
| data1 | user2 | should not see | should not see | should see | should not see | should see |
| data1 | user3 | should see | should not see | should not see | should not see | should not see |
| data1 | user4 | should see | should not see | should not see | should not see | should not see |
| data2 | teacher1 | should see | should see | should see | should see | should see |
| data2 | teacher2 | should see | should see | should see | should see | should see |
| data2 | teacher3 | should see | should see | should see | should see | should not see |
| data2 | user1 | should see | should see | should see | should see | should not see |
| data2 | user2 | should see | should see | should see | should not see | should see |
| data2 | user3 | should see | should see | should see | should see | should not see |

95
mod/data/tests/locallib_test.php
View File

@ -96,6 +96,101 @@ class locallib_test extends \advanced_testcase {
$this->assert_record_entries_contains($records, $captionfield->field->id, 'caption');
}
/**
* Confirms that search is working with groups
* @covers ::data_search_entries
*/
public function test_data_search_entries_with_groups(): void {
$this->resetAfterTest();
$this->setAdminUser();
$course = $this->getDataGenerator()->create_course(['groupmode' => SEPARATEGROUPS, 'groupmodeforce' => 1]);
$group1 = $this->getDataGenerator()->create_group(['courseid' => $course->id]);
$group2 = $this->getDataGenerator()->create_group(['courseid' => $course->id]);
$student1 = $this->getDataGenerator()->create_and_enrol($course);
$student2 = $this->getDataGenerator()->create_and_enrol($course);
$student3 = $this->getDataGenerator()->create_and_enrol($course);
$teacher1 = $this->getDataGenerator()->create_and_enrol($course, 'teacher');
$teacher2 = $this->getDataGenerator()->create_and_enrol($course, 'teacher');
$teacher3 = $this->getDataGenerator()->create_and_enrol($course, 'teacher');
groups_add_member($group1->id, $student1->id);
groups_add_member($group1->id, $teacher1->id);
groups_add_member($group2->id, $student3->id);
groups_add_member($group2->id, $teacher3->id);
$record = new \stdClass();
$record->course = $course->id;
$record->name = "Mod data delete test";
$record->intro = "Some intro of some sort";
$module = $this->getDataGenerator()->create_module('data', $record);
$titlefield = $this->getDataGenerator()->get_plugin_generator('mod_data')->create_field(
(object) [
'name' => 'title',
'type' => 'text',
'required' => 1,
],
$module);
$captionfield = $this->getDataGenerator()->get_plugin_generator('mod_data')->create_field(
(object) [
'name' => 'caption',
'type' => 'text',
'required' => 1,
],
$module);
$this->getDataGenerator()->get_plugin_generator('mod_data')->create_entry($module, [
$titlefield->field->id => 'Entry 1 - group 1',
$captionfield->field->id => 'caption',
],
$group1->id,
[],
null,
$student1->id
);
$this->getDataGenerator()->get_plugin_generator('mod_data')->create_entry($module, [
$titlefield->field->id => 'Entry 2 - group 1',
$captionfield->field->id => 'caption',
],
$group1->id,
[],
null,
$student1->id
);
$this->getDataGenerator()->get_plugin_generator('mod_data')->create_entry($module, [
$titlefield->field->id => 'Entry 3 - group 2',
$captionfield->field->id => '',
],
$group2->id,
[],
null,
$student3->id
);
$this->getDataGenerator()->get_plugin_generator('mod_data')->create_entry($module, [
$titlefield->field->id => 'Entry 3 - no group',
$captionfield->field->id => '',
],
0,
[],
null,
$student2->id
);
$cm = get_coursemodule_from_id('data', $module->cmid);
$this->setUser($teacher1);
// As a non editing teacher in group 1, I should see only the entries for group 1.
list($records, $maxcount, $totalcount, $page, $nowperpage, $sort, $mode) =
data_search_entries($module, $cm, \context_course::instance($course->id), 'list', $group1->id);
$this->assertCount(3, $records); // Record with group 1 and record with no group.
// As a non editing teacher not in a group, I should see the entry from users not in a group.
$this->setUser($teacher3);
list($records, $maxcount, $totalcount, $page, $nowperpage, $sort, $mode) =
data_search_entries($module, $cm, \context_course::instance($course->id), 'list', $group2->id);
$this->assertCount(2, $records); // Record with group 2 and record with no group.
// As a non editing teacher not in a group, I should see the entry from users not in a group.
$this->setUser($teacher2);
list($records, $maxcount, $totalcount, $page, $nowperpage, $sort, $mode) =
data_search_entries($module, $cm, \context_course::instance($course->id), 'list', 0);
$this->assertCount(1, $records); // Just the record with no group.
$this->assert_record_entries_contains($records, $titlefield->field->id, 'Entry 3 - no group');
}
/**
* Assert that all records contains a value for the matching field id.
*