MDL-82659 quizaccess_seb: Add capabilities to control require options.

Adding capabilities 'quizaccess/seb:manage_seb_configuremanually' and
'quizaccess/seb:manage_seb_usesebclientconfig' to control SEB
requirement options 'Yes – configure manually' and
'Yes – Use SEB client config' respectively.

Other changes include code indentation corrections within quizacess_seb.

mod/quiz/accessrule/seb/classes/settings_provider.php

@@ -511,13 +511,14 @@ class settings_provider {
     }
 
     /**
-     * Check that we have conflicting permissions.
+     * Check that we have conflicting permissions with the current SEB settings.
      *
-     * In Some point we can have settings save by the person who use specific
-     * type of SEB usage (e.g. use templates). But then another person who can't
-     * use template (but still can update other settings) edit the same quiz. This is
-     * conflict of permissions and we'd like to build the settings form having this in
-     * mind.
+     * Check if the existing settings of the quiz (if any) are conflicting with the
+     * capabilities of the managing user.
+     *
+     * E.g. a quiz is using an SEB template and a site admin is able to select this
+     * option while a course manager cannot. Therefore it will return true for a course
+     * manager and return false for a site admin.
      *
      * @param \context $context Context used with capability checking.
      *
@@ -535,17 +536,22 @@ class settings_provider {
         }
 
         if (!self::can_use_seb_template($context) &&
-            $settings->get('requiresafeexambrowser') == self::USE_SEB_TEMPLATE) {
+                $settings->get('requiresafeexambrowser') == self::USE_SEB_TEMPLATE) {
+            return true;
+        }
+
+        if (!self::can_use_seb_client_config($context) &&
+                $settings->get('requiresafeexambrowser') == self::USE_SEB_CLIENT_CONFIG) {
             return true;
         }
 
         if (!self::can_upload_seb_file($context) &&
-            $settings->get('requiresafeexambrowser') == self::USE_SEB_UPLOAD_CONFIG) {
+                $settings->get('requiresafeexambrowser') == self::USE_SEB_UPLOAD_CONFIG) {
             return true;
         }
 
         if (!self::can_configure_manually($context) &&
-            $settings->get('requiresafeexambrowser') == self::USE_SEB_CONFIG_MANUALLY) {
+                $settings->get('requiresafeexambrowser') == self::USE_SEB_CONFIG_MANUALLY) {
             return true;
         }
 
@@ -575,7 +581,9 @@ class settings_provider {
             $options[self::USE_SEB_UPLOAD_CONFIG] = get_string('seb_use_upload', 'quizaccess_seb');
         }
 
-        $options[self::USE_SEB_CLIENT_CONFIG] = get_string('seb_use_client', 'quizaccess_seb');
+        if (self::can_use_seb_client_config($context) || self::is_conflicting_permissions($context)) {
+            $options[self::USE_SEB_CLIENT_CONFIG] = get_string('seb_use_client', 'quizaccess_seb');
+        }
 
         return $options;
     }
@@ -745,6 +753,16 @@ class settings_provider {
         return has_capability('quizaccess/seb:manage_seb_requiresafeexambrowser', $context);
     }
 
+    /**
+     * Check if the current user can select to use the SEB client configuration.
+     *
+     * @param \context $context Context to check access in.
+     * @return bool
+     */
+    public static function can_use_seb_client_config(\context $context): bool {
+        return has_capability('quizaccess/seb:manage_seb_usesebclientconfig', $context);
+    }
+
     /**
      * Check if the current user can use preconfigured templates.
      *
@@ -792,6 +810,10 @@ class settings_provider {
      * @return bool
      */
     public static function can_configure_manually(\context $context): bool {
+        if (!has_capability('quizaccess/seb:manage_seb_configuremanually', $context)) {
+            return false;
+        }
+
         foreach (self::get_seb_config_elements() as $name => $type) {
             if (self::can_manage_seb_config_setting($name, $context)) {
                 return true;

mod/quiz/accessrule/seb/db/access.php

@@ -49,6 +49,26 @@ $capabilities = [
             'editingteacher' => CAP_ALLOW
         ]
     ],
+    // Ability to select "Yes – Configure manually" as an option for "Require the use of Safe Exam Browser".
+    'quizaccess/seb:manage_seb_configuremanually' => [
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'archetypes' => [
+            'manager' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+        ],
+        'clonepermissionsfrom' => 'quizaccess/seb:manage_seb_requiresafeexambrowser',
+    ],
+    // Ability to select "Yes – Use SEB client config" as an option for "Require the use of Safe Exam Browser".
+    'quizaccess/seb:manage_seb_usesebclientconfig' => [
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_MODULE,
+        'archetypes' => [
+            'manager' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+        ],
+        'clonepermissionsfrom' => 'quizaccess/seb:manage_seb_requiresafeexambrowser',
+    ],
     'quizaccess/seb:manage_seb_templateid' => [
         'captype' => 'read',
         'contextlevel' => CONTEXT_MODULE,

mod/quiz/accessrule/seb/lang/en/quizaccess_seb.php

@@ -96,6 +96,7 @@ $string['seb:manage_seb_allowedbrowserexamkeys'] = 'Change SEB quiz setting: All
 $string['seb:manage_seb_allowreloadinexam'] = 'Change SEB quiz setting: Allow reload';
 $string['seb:manage_seb_allowspellchecking'] = 'Change SEB quiz setting: Enable spell checking';
 $string['seb:manage_seb_allowuserquitseb'] = 'Change SEB quiz setting: Allow quit';
+$string['seb:manage_seb_configuremanually'] = 'Change SEB quiz setting: Select manual configuration';
 $string['seb:manage_seb_enableaudiocontrol'] = 'Change SEB quiz setting: Enable audio control';
 $string['seb:manage_seb_expressionsallowed'] = 'Change SEB quiz setting: Simple expressions allowed';
 $string['seb:manage_seb_expressionsblocked'] = 'Change SEB quiz setting: Simple expressions blocked';
@@ -114,6 +115,7 @@ $string['seb:manage_seb_showwificontrol'] = 'Change SEB quiz setting: Show Wi-Fi
 $string['seb:manage_seb_showsebdownloadlink'] = 'Change SEB quiz setting: Show download link';
 $string['seb:manage_seb_templateid'] = 'Change SEB quiz setting: Select SEB template';
 $string['seb:manage_seb_userconfirmquit'] = 'Change SEB quiz setting: Confirm on quit';
+$string['seb:manage_seb_usesebclientconfig'] = 'Change SEB quiz setting: Use SEB client configuration';
 $string['seb:managetemplates'] = 'Manage SEB configuration templates';
 $string['seb_activateurlfiltering'] = 'Enable URL filtering';
 $string['seb_activateurlfiltering_help'] = 'If enabled, URLs will be filtered when loading web pages. The filter set has to be defined below.';

mod/quiz/accessrule/seb/rule.php

@@ -82,6 +82,9 @@ class quizaccess_seb extends access_rule_base {
     /**
      * Validate the data from any form fields added using {@link add_settings_form_fields()}.
      *
+     * If the managing user cannot configure SEB by either lack of permissions or locked
+     * settings, then the form fields will be frozen and no validation will be done.
+     *
      * @param array $errors the errors found so far.
      * @param array $data the submitted form data.
      * @param array $files information about any uploaded files.

mod/quiz/accessrule/seb/tests/settings_provider_test.php

@@ -622,7 +622,7 @@ class settings_provider_test extends \advanced_testcase {
     /**
      * Test SEB usage options.
      *
-     * @param string $settingcapability Setting capability to check manual option against.
+     * @param string $settingcapability Setting capability to check options against.
      *
      * @dataProvider settings_capability_data_provider
      */
@@ -656,15 +656,33 @@ class settings_provider_test extends \advanced_testcase {
 
         $options = settings_provider::get_requiresafeexambrowser_options($this->context);
 
-        $this->assertCount(2, $options);
+        $this->assertCount(1, $options);
         $this->assertFalse(array_key_exists(settings_provider::USE_SEB_CONFIG_MANUALLY, $options));
         $this->assertFalse(array_key_exists(settings_provider::USE_SEB_TEMPLATE, $options));
         $this->assertFalse(array_key_exists(settings_provider::USE_SEB_UPLOAD_CONFIG, $options));
-        $this->assertTrue(array_key_exists(settings_provider::USE_SEB_CLIENT_CONFIG, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_CLIENT_CONFIG, $options));
         $this->assertTrue(array_key_exists(settings_provider::USE_SEB_NO, $options));
 
         assign_capability($settingcapability, CAP_ALLOW, $this->roleid, $this->context->id);
         $options = settings_provider::get_requiresafeexambrowser_options($this->context);
+        $this->assertCount(1, $options);
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_CONFIG_MANUALLY, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_TEMPLATE, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_UPLOAD_CONFIG, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_CLIENT_CONFIG, $options));
+        $this->assertTrue(array_key_exists(settings_provider::USE_SEB_NO, $options));
+
+        assign_capability('quizaccess/seb:manage_seb_configuremanually', CAP_ALLOW, $this->roleid, $this->context->id);
+        $options = settings_provider::get_requiresafeexambrowser_options($this->context);
+        $this->assertCount(2, $options);
+        $this->assertTrue(array_key_exists(settings_provider::USE_SEB_CONFIG_MANUALLY, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_TEMPLATE, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_UPLOAD_CONFIG, $options));
+        $this->assertFalse(array_key_exists(settings_provider::USE_SEB_CLIENT_CONFIG, $options));
+        $this->assertTrue(array_key_exists(settings_provider::USE_SEB_NO, $options));
+
+        assign_capability('quizaccess/seb:manage_seb_usesebclientconfig', CAP_ALLOW, $this->roleid, $this->context->id);
+        $options = settings_provider::get_requiresafeexambrowser_options($this->context);
         $this->assertCount(3, $options);
         $this->assertTrue(array_key_exists(settings_provider::USE_SEB_CONFIG_MANUALLY, $options));
         $this->assertFalse(array_key_exists(settings_provider::USE_SEB_TEMPLATE, $options));
@@ -1134,6 +1152,9 @@ class settings_provider_test extends \advanced_testcase {
 
         $this->assertFalse(settings_provider::can_configure_manually($this->context));
 
+        assign_capability('quizaccess/seb:manage_seb_configuremanually', CAP_ALLOW, $this->roleid, $this->context->id);
+        $this->assertFalse(settings_provider::can_configure_manually($this->context));
+
         assign_capability($settingcapability, CAP_ALLOW, $this->roleid, $this->context->id);
         $this->assertTrue(settings_provider::can_configure_manually($this->context));
     }
@@ -1228,6 +1249,11 @@ class settings_provider_test extends \advanced_testcase {
 
         $this->set_up_user_and_role();
 
+        $this->assertTrue(settings_provider::is_conflicting_permissions($this->context));
+
+        assign_capability('quizaccess/seb:manage_seb_configuremanually', CAP_ALLOW, $this->roleid, $this->context->id);
+        $this->assertTrue(settings_provider::is_conflicting_permissions($this->context));
+
         assign_capability($settingcapability, CAP_ALLOW, $this->roleid, $this->context->id);
         $this->assertFalse(settings_provider::is_conflicting_permissions($this->context));
     }

mod/quiz/accessrule/seb/version.php

@@ -25,7 +25,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version = 2024042200;
+$plugin->version = 2024062800;
 $plugin->requires = 2024041600;
 $plugin->component = 'quizaccess_seb';
 $plugin->maturity = MATURITY_STABLE;