Revert "MDL-37164 core_message: prevent users from interacting with themself"

Was breaking unit tests.

This reverts commit 61a73b43c13da988872aab4125a43d0ced322ae9 and 7bb19ee167c6976b4f0910aed8c3070426cd97db.

message/index.php

@@ -115,10 +115,6 @@ unset($user2id);
 
 $systemcontext = context_system::instance();
 
-if (!empty($user2) && $user1->id == $user2->id) {
-    print_error('invaliduserid');
-}
-
 // Is the user involved in the conversation?
 // Do they have the ability to read other user's conversations?
 if (!message_current_user_is_involved($user1, $user2) && !has_capability('moodle/site:readallmessages', $systemcontext)) {

message/lib.php

@@ -1464,7 +1464,7 @@ function message_history_link($userid1, $userid2, $return=false, $keywords='', $
  * @param int|array $courseids Course ID or array of course IDs.
  * @param string $searchtext the text to search for.
  * @param string $sort the column name to order by.
- * @param string|array $exceptions comma separated list or array of user IDs to exclude.
+ * @param string $exceptions comma separated list of user IDs to exclude
  * @return array An array of {@link $USER} records.
  */
 function message_search_users($courseids, $searchtext, $sort='', $exceptions='') {
@@ -1481,7 +1481,12 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='')
     }
 
     $fullname = $DB->sql_fullname();
-    $ufields = user_picture::fields('u');
+
+    if (!empty($exceptions)) {
+        $except = ' AND u.id NOT IN ('. $exceptions .') ';
+    } else {
+        $except = '';
+    }
 
     if (!empty($sort)) {
         $order = ' ORDER BY '. $sort;
@@ -1489,38 +1494,22 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='')
         $order = '';
     }
 
-    $params = array(
-        'userid' => $USER->id,
-        'query' => "%$searchtext%"
-    );
-
-    if (empty($exceptions)) {
-        $exceptions = array();
-    } else if (!empty($exceptions) && is_string($exceptions)) {
-        $exceptions = explode(',', $exceptions);
-    }
-
-    // Ignore self and guest account.
-    $exceptions[] = $USER->id;
-    $exceptions[] = $CFG->siteguest;
-
-    // Exclude exceptions from the search result.
-    list($except, $params_except) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'param', false);
-    $except = ' AND u.id ' . $except;
-    $params = array_merge($params_except, $params);
+    $ufields = user_picture::fields('u');
 
     if (in_array(SITEID, $courseids)) {
         // Search on site level.
+        $params = array($USER->id, "%$searchtext%");
         return $DB->get_records_sql("SELECT $ufields, mc.id as contactlistid, mc.blocked
                                        FROM {user} u
                                        LEFT JOIN {message_contacts} mc
-                                            ON mc.contactid = u.id AND mc.userid = :userid
+                                            ON mc.contactid = u.id AND mc.userid = ?
                                       WHERE u.deleted = '0' AND u.confirmed = '1'
-                                            AND (".$DB->sql_like($fullname, ':query', false).")
+                                            AND (".$DB->sql_like($fullname, '?', false).")
                                             $except
                                      $order", $params);
     } else {
         // Search in courses.
+        $params = array($USER->id, "%$searchtext%");
 
         // Getting the context IDs or each course.
         $contextids = array();
@@ -1537,9 +1526,9 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='')
                                          FROM {user} u
                                          JOIN {role_assignments} ra ON ra.userid = u.id
                                          LEFT JOIN {message_contacts} mc
-                                              ON mc.contactid = u.id AND mc.userid = :userid
+                                              ON mc.contactid = u.id AND mc.userid = ?
                                         WHERE u.deleted = '0' AND u.confirmed = '1'
-                                              AND (".$DB->sql_like($fullname, ':query', false).")
+                                              AND (".$DB->sql_like($fullname, '?', false).")
                                               AND ra.contextid $contextwhere
                                               $except
                                        $order", $params);

message/tests/externallib_test.php

@@ -351,11 +351,12 @@ class core_message_external_testcase extends externallib_advanced_testcase {
         $user5 = self::getDataGenerator()->create_user($user5);
         self::getDataGenerator()->enrol_user($user5->id, $course2->id);
 
+        // Searching for users, keep in mind that 'Admin User' and 'Guest user' can be returned for now.
+        // See MDL-37164 which should fix that. Once fixed, remove the +2's.
         $this->setUser($user1);
         $results = core_message_external::search_contacts('r');
         $results = external_api::clean_returnvalue(core_message_external::search_contacts_returns(), $results);
-        // Should return the 4 users created above with the letter 'r' in name and the admin [admin useR].
-        $this->assertCount(4 + 1, $results);
+        $this->assertCount(4 + 2, $results);
         $results = core_message_external::search_contacts('r', true);
         $results = external_api::clean_returnvalue(core_message_external::search_contacts_returns(), $results);
         $this->assertCount(2, $results);