diff --git a/admin/settings/courses.php b/admin/settings/courses.php index 86d198e361b..2037a6372d8 100644 --- a/admin/settings/courses.php +++ b/admin/settings/courses.php @@ -343,6 +343,11 @@ if ($hassiteconfig or has_any_capability($capabilities, $systemcontext)) { // Import defaults section. $temp->add(new admin_setting_heading('importsettings', new lang_string('importsettings', 'backup'), '')); + $temp->add(new admin_setting_configcheckbox_with_lock( + 'backup/backup_import_permissions', + new lang_string('generalpermissions', 'backup'), + new lang_string('configgeneralpermissions', 'backup'), + array('value' => 0, 'locked' => 0))); $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_activities', new lang_string('generalactivities','backup'), new lang_string('configgeneralactivities','backup'), array('value'=>1, 'locked'=>0))); $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_blocks', new lang_string('generalblocks','backup'), new lang_string('configgeneralblocks','backup'), array('value'=>1, 'locked'=>0))); $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_filters', new lang_string('generalfilters','backup'), new lang_string('configgeneralfilters','backup'), array('value'=>1, 'locked'=>0))); @@ -517,6 +522,9 @@ if ($hassiteconfig or has_any_capability($capabilities, $systemcontext)) { $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_role_assignments', new lang_string('generalroleassignments', 'backup'), new lang_string('configrestoreroleassignments', 'backup'), array('value' => 1, 'locked' => 0))); + $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_permissions', + new lang_string('generalpermissions', 'backup'), + new lang_string('configrestorepermissions', 'backup'), array('value' => 1, 'locked' => 0))); $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_activities', new lang_string('generalactivities', 'backup'), new lang_string('configrestoreactivities', 'backup'), array('value' => 1, 'locked' => 0))); diff --git a/backup/moodle2/backup_root_task.class.php b/backup/moodle2/backup_root_task.class.php index 478ae2a4c29..673b58b9d4e 100644 --- a/backup/moodle2/backup_root_task.class.php +++ b/backup/moodle2/backup_root_task.class.php @@ -99,6 +99,13 @@ class backup_root_task extends backup_task { $this->add_setting($roleassignments); $users->add_dependency($roleassignments); + // Define permission. + if ($this->plan->get_mode() == backup::MODE_IMPORT) { + $permissions = new backup_permissions_setting('permissions', base_setting::IS_BOOLEAN, false); + $permissions->set_ui(new backup_setting_ui_checkbox($permissions, get_string('rootsettingpermissions', 'backup'))); + $this->add_setting($permissions); + } + // Define activities $activities = new backup_activities_setting('activities', base_setting::IS_BOOLEAN, true); $activities->set_ui(new backup_setting_ui_checkbox($activities, get_string('rootsettingactivities', 'backup'))); diff --git a/backup/moodle2/backup_settingslib.php b/backup/moodle2/backup_settingslib.php index 59ea2523cf8..ca9224f1707 100644 --- a/backup/moodle2/backup_settingslib.php +++ b/backup/moodle2/backup_settingslib.php @@ -65,6 +65,12 @@ class backup_filename_setting extends backup_generic_setting { */ class backup_users_setting extends backup_generic_setting {} +/** + * root setting to control if backup will include permission information by roles + */ +class backup_permissions_setting extends backup_generic_setting { +} + /** * root setting to control if backup will include group information depends on @backup_users_setting * diff --git a/backup/moodle2/restore_root_task.class.php b/backup/moodle2/restore_root_task.class.php index 3b37acc5ffb..40345c12aad 100644 --- a/backup/moodle2/restore_root_task.class.php +++ b/backup/moodle2/restore_root_task.class.php @@ -146,6 +146,19 @@ class restore_root_task extends restore_task { $this->add_setting($roleassignments); $users->add_dependency($roleassignments); + // Define permissions. + $defaultvalue = false; // Safer default. + $changeable = false; + // Enable when available, or key doesn't exist (backward compatibility). + if (!array_key_exists('permissions', $rootsettings) || !empty($rootsettings['permissions'])) { + $defaultvalue = true; + $changeable = true; + } + $permissions = new restore_permissions_setting('permissions', base_setting::IS_BOOLEAN, $defaultvalue); + $permissions->set_ui(new backup_setting_ui_checkbox($permissions, get_string('rootsettingpermissions', 'backup'))); + $permissions->get_ui()->set_changeable($changeable); + $this->add_setting($permissions); + // Define activitites $defaultvalue = false; // Safer default $changeable = false; diff --git a/backup/moodle2/restore_settingslib.php b/backup/moodle2/restore_settingslib.php index 61124de3ce6..fb9e064fcd2 100644 --- a/backup/moodle2/restore_settingslib.php +++ b/backup/moodle2/restore_settingslib.php @@ -43,6 +43,12 @@ class restore_generic_setting extends root_backup_setting {} */ class restore_users_setting extends restore_generic_setting {} +/** + * root setting to control if restore will create override permission information by roles + */ +class restore_permissions_setting extends restore_generic_setting { +} + /** * root setting to control if restore will create groups/grouping information. Depends on @restore_users_setting * diff --git a/backup/moodle2/restore_stepslib.php b/backup/moodle2/restore_stepslib.php index 8c63c499ae8..7e51a1f9d85 100644 --- a/backup/moodle2/restore_stepslib.php +++ b/backup/moodle2/restore_stepslib.php @@ -2058,7 +2058,9 @@ class restore_ras_and_caps_structure_step extends restore_structure_step { if ($this->get_setting_value('role_assignments')) { $paths[] = new restore_path_element('assignment', '/roles/role_assignments/assignment'); } - $paths[] = new restore_path_element('override', '/roles/role_overrides/override'); + if ($this->get_setting_value('permissions')) { + $paths[] = new restore_path_element('override', '/roles/role_overrides/override'); + } return $paths; } diff --git a/backup/tests/backup_restore_base_testcase.php b/backup/tests/backup_restore_base_testcase.php new file mode 100644 index 00000000000..8b122963c3d --- /dev/null +++ b/backup/tests/backup_restore_base_testcase.php @@ -0,0 +1,123 @@ +. + +/** + * Backup restore base tests. + * + * @package core_backup + * @copyright Tomo Tsuyuki + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +defined('MOODLE_INTERNAL') || die(); + +global $CFG; +require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php'); +require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php'); + +/** + * Basic testcase class for backup / restore functionality. + */ +abstract class core_backup_backup_restore_base_testcase extends advanced_testcase { + + /** + * Setup test data. + */ + protected function setUp(): void { + $this->resetAfterTest(); + $this->setAdminUser(); + } + + /** + * Backup the course by general mode. + * + * @param stdClass $course Course for backup. + * @return string Hash string ID from the backup. + * @throws coding_exception + * @throws moodle_exception + */ + protected function perform_backup($course): string { + global $CFG, $USER; + + $coursecontext = context_course::instance($course->id); + + // Start backup process. + $bc = new backup_controller(backup::TYPE_1COURSE, $course->id, backup::FORMAT_MOODLE, + backup::INTERACTIVE_NO, backup::MODE_GENERAL, $USER->id); + $bc->execute_plan(); + $backupid = $bc->get_backupid(); + $bc->destroy(); + + // Get the backup file. + $fs = get_file_storage(); + $files = $fs->get_area_files($coursecontext->id, 'backup', 'course', false, 'id ASC'); + $backupfile = reset($files); + + // Extract backup file. + $path = $CFG->tempdir . DIRECTORY_SEPARATOR . "backup" . DIRECTORY_SEPARATOR . $backupid; + + $fp = get_file_packer('application/vnd.moodle.backup'); + $fp->extract_to_pathname($backupfile, $path); + + return $backupid; + } + + /** + * Restore from backupid to course. + * + * @param string $backupid Hash string ID from backup. + * @param stdClass $course Course which is restored for. + * @throws restore_controller_exception + */ + protected function perform_restore($backupid, $course): void { + global $USER; + + // Set up restore. + $rc = new restore_controller($backupid, $course->id, + backup::INTERACTIVE_NO, backup::MODE_GENERAL, $USER->id, backup::TARGET_EXISTING_ADDING); + // Execute restore. + $rc->execute_precheck(); + $rc->execute_plan(); + $rc->destroy(); + } + + /** + * Import course from course1 to course2. + * + * @param stdClass $course1 Course to be backuped up. + * @param stdClass $course2 Course to be restored. + * @throws restore_controller_exception + */ + protected function perform_import($course1, $course2): void { + global $USER; + + // Start backup process. + $bc = new backup_controller(backup::TYPE_1COURSE, $course1->id, backup::FORMAT_MOODLE, + backup::INTERACTIVE_NO, backup::MODE_IMPORT, $USER->id); + $backupid = $bc->get_backupid(); + $bc->execute_plan(); + $bc->destroy(); + + // Set up restore. + $rc = new restore_controller($backupid, $course2->id, + backup::INTERACTIVE_NO, backup::MODE_SAMESITE, $USER->id, backup::TARGET_EXISTING_ADDING); + // Execute restore. + $rc->execute_precheck(); + $rc->execute_plan(); + $rc->destroy(); + } + +} diff --git a/backup/tests/backup_restore_permission_test.php b/backup/tests/backup_restore_permission_test.php new file mode 100644 index 00000000000..42929a426b0 --- /dev/null +++ b/backup/tests/backup_restore_permission_test.php @@ -0,0 +1,156 @@ +. + +/** + * Backup restore permission tests. + * + * @package core_backup + * @copyright Tomo Tsuyuki + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +defined('MOODLE_INTERNAL') || die(); + +global $CFG; +require_once('backup_restore_base_testcase.php'); +require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php'); +require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php'); + +/** + * Testcase class for permission backup / restore functionality. + */ +class core_backup_backup_restore_permission_testcase extends core_backup_backup_restore_base_testcase { + + /** @var stdClass A test course which is restored/imported from. */ + protected $course1; + + /** @var stdClass A test course which is restored/imported to. */ + protected $course2; + + /** @var stdClass A user for using in this test. */ + protected $user; + + /** @var string Capability name for using in this test. */ + protected $capabilityname; + + /** @var context_course Context instance for course1. */ + protected $course1context; + + /** @var context_course Context instance for course2. */ + protected $course2context; + + /** + * Setup test data. + */ + protected function setUp(): void { + global $DB; + + parent::setUp(); + // Create a course with some availability data set. + $generator = $this->getDataGenerator(); + $this->course1 = $generator->create_course(); + $this->course1context = context_course::instance($this->course1->id); + $this->course2 = $generator->create_course(); + $this->course2context = context_course::instance($this->course2->id); + $this->capabilityname = 'enrol/manual:enrol'; + $this->user = $generator->create_user(); + + // Set additional permission for course 1. + $teacherrole = $DB->get_record('role', ['shortname' => 'teacher'], '*', MUST_EXIST); + role_change_permission($teacherrole->id, $this->course1context, $this->capabilityname, CAP_ALLOW); + + // Enrol to the courses. + $generator->enrol_user($this->user->id, $this->course1->id, $teacherrole->id); + $generator->enrol_user($this->user->id, $this->course2->id, $teacherrole->id); + } + + /** + * Test having settings. + */ + public function test_having_settings(): void { + $this->assertEquals(0, get_config('backup', 'backup_import_permissions')); + $this->assertEquals(1, get_config('restore', 'restore_general_permissions')); + } + + /** + * Test for restore with permission. + */ + public function test_backup_restore_with_permission(): void { + + // Set default setting to restore with permission. + set_config('restore_general_permissions', 1, 'restore'); + + // Confirm course1 has the capability for the user. + $this->assertTrue(has_capability($this->capabilityname, $this->course1context, $this->user)); + + // Confirm course2 does not have the capability for the user. + $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user)); + + // Perform backup and restore. + $backupid = $this->perform_backup($this->course1); + $this->perform_restore($backupid, $this->course2); + + // Confirm course2 has the capability for the user. + $this->assertTrue(has_capability($this->capabilityname, $this->course2context, $this->user)); + } + + /** + * Test for backup / restore without restore permission. + */ + public function test_backup_restore_without_permission(): void { + + // Set default setting to restore without permission. + set_config('restore_general_permissions', 0, 'restore'); + + // Perform backup and restore. + $backupid = $this->perform_backup($this->course1); + $this->perform_restore($backupid, $this->course2); + + // Confirm course2 does not have the capability for the user. + $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user)); + } + + /** + * Test for import with permission. + */ + public function test_backup_import_with_permission(): void { + + // Set default setting to restore with permission. + set_config('backup_import_permissions', 1, 'backup'); + + // Perform import. + $this->perform_import($this->course1, $this->course2); + + // Confirm course2 does not have the capability for the user. + $this->assertTrue(has_capability($this->capabilityname, $this->course2context, $this->user)); + } + + /** + * Test for import without permission. + */ + public function test_backup_import_without_permission(): void { + + // Set default setting to restore without permission. + set_config('backup_import_permissions', 0, 'backup'); + + // Perform import. + $this->perform_import($this->course1, $this->course2); + + // Confirm course2 does not have the capability for the user. + $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user)); + } + +} diff --git a/backup/upgrade.txt b/backup/upgrade.txt index a07e0b4e2b5..825f55bcdde 100644 --- a/backup/upgrade.txt +++ b/backup/upgrade.txt @@ -1,7 +1,13 @@ This files describes API changes in /backup/*, information provided here is intended especially for developers. +=== 3.11 === + + * New setting called "Include override permissions" has been implemented. The default + settings is OFF for import, and ON for restore. + === 3.10 === + * Local plugins can now hook into a backup and restore process of grade items by using define_grade_item_plugin_structure method (See MDL-69418). diff --git a/backup/util/dbops/backup_controller_dbops.class.php b/backup/util/dbops/backup_controller_dbops.class.php index e5c016313b8..7b5cbd4bd3b 100644 --- a/backup/util/dbops/backup_controller_dbops.class.php +++ b/backup/util/dbops/backup_controller_dbops.class.php @@ -577,6 +577,7 @@ abstract class backup_controller_dbops extends backup_dbops { 'backup_import_blocks' => 'blocks', 'backup_import_filters' => 'filters', 'backup_import_calendarevents' => 'calendarevents', + 'backup_import_permissions' => 'permissions', 'backup_import_questionbank' => 'questionbank', 'backup_import_groups' => 'groups', 'backup_import_competencies' => 'competencies', diff --git a/backup/util/dbops/restore_controller_dbops.class.php b/backup/util/dbops/restore_controller_dbops.class.php index 216da03d556..4cc7ee21851 100644 --- a/backup/util/dbops/restore_controller_dbops.class.php +++ b/backup/util/dbops/restore_controller_dbops.class.php @@ -146,6 +146,7 @@ abstract class restore_controller_dbops extends restore_dbops { 'restore_general_users' => 'users', 'restore_general_enrolments' => 'enrolments', 'restore_general_role_assignments' => 'role_assignments', + 'restore_general_permissions' => 'permissions', 'restore_general_activities' => 'activities', 'restore_general_blocks' => 'blocks', 'restore_general_filters' => 'filters', diff --git a/backup/util/ui/tests/behat/import_course.feature b/backup/util/ui/tests/behat/import_course.feature index 5adde7f3d8e..52c1452106d 100644 --- a/backup/util/ui/tests/behat/import_course.feature +++ b/backup/util/ui/tests/behat/import_course.feature @@ -4,19 +4,21 @@ Feature: Import course's contents into another course As a teacher I need to import a course contents into another course selecting what I want to import - Scenario: Import course's contents to another course + Background: Given the following "courses" exist: | fullname | shortname | category | - | Course 1 | C1 | 0 | - | Course 2 | C2 | 0 | + | Course 1 | C1 | 0 | + | Course 2 | C2 | 0 | And the following "users" exist: - | username | firstname | lastname | email | - | teacher1 | Teacher | 1 | teacher1@example.com | + | username | firstname | lastname | email | + | teacher1 | Teacher | 1 | teacher1@example.com | And the following "course enrolments" exist: - | user | course | role | - | teacher1 | C1 | editingteacher | - | teacher1 | C2 | editingteacher | - And I log in as "teacher1" + | user | course | role | + | teacher1 | C1 | editingteacher | + | teacher1 | C2 | editingteacher | + + Scenario: Import course's contents to another course + Given I log in as "teacher1" And I am on "Course 1" course homepage with editing mode on And I add a "Database" to section "1" and I fill the form with: | Name | Test database name | @@ -32,3 +34,26 @@ Feature: Import course's contents into another course And I should see "Test forum name" And I should see "Comments" in the "Comments" "block" And I should see "Recent blog entries" + + Scenario: Import process with permission option + Given the following "permission overrides" exist: + | capability | permission | role | contextlevel | reference | + | enrol/manual:enrol | Allow | teacher | Course | C1 | + And I log in as "teacher1" + When I import "Course 1" course into "Course 2" course using this options: + | Initial | Include override permissions | 1 | + And I navigate to "Users > Permissions" in current page administration + Then I should see "Non-editing teacher (1)" + And I set the field "Advanced role override" to "Non-editing teacher (1)" + And I press "Go" + And "enrol/manual:enrol" capability has "Allow" permission + + Scenario: Import process without permission option + Given the following "permission overrides" exist: + | capability | permission | role | contextlevel | reference | + | enrol/manual:enrol | Allow | teacher | Course | C1 | + And I log in as "teacher1" + When I import "Course 1" course into "Course 2" course using this options: + | Initial | Include override permissions | 0 | + And I navigate to "Users > Permissions" in current page administration + Then I should see "Non-editing teacher (0)" diff --git a/backup/util/ui/tests/behat/restore_moodle2_courses.feature b/backup/util/ui/tests/behat/restore_moodle2_courses.feature index d1bae452395..fb32d18205a 100644 --- a/backup/util/ui/tests/behat/restore_moodle2_courses.feature +++ b/backup/util/ui/tests/behat/restore_moodle2_courses.feature @@ -244,3 +244,29 @@ Feature: Restore Moodle 2 course backups And I should not see "Topic 16" And I should see "Test URL name" in the "Topic 3" "section" And I should see "Test forum name" in the "Topic 1" "section" + + @javascript + Scenario: Restore a backup with override permission + Given the following "permission overrides" exist: + | capability | permission | role | contextlevel | reference | + | enrol/manual:enrol | Allow | teacher | Course | C1 | + And I backup "Course 1" course using this options: + | Confirmation | Filename | test_backup.mbz | + When I restore "test_backup.mbz" backup into a new course using this options: + | Settings | Include override permissions | 1 | + Then I navigate to "Users > Permissions" in current page administration + And I should see "Non-editing teacher (1)" + And I set the field "Advanced role override" to "Non-editing teacher (1)" + And "enrol/manual:enrol" capability has "Allow" permission + + @javascript + Scenario: Restore a backup without override permission + Given the following "permission overrides" exist: + | capability | permission | role | contextlevel | reference | + | enrol/manual:enrol | Allow | teacher | Course | C1 | + And I backup "Course 1" course using this options: + | Confirmation | Filename | test_backup.mbz | + When I restore "test_backup.mbz" backup into a new course using this options: + | Settings | Include override permissions | 0 | + Then I navigate to "Users > Permissions" in current page administration + And I should see "Non-editing teacher (0)" diff --git a/lang/en/backup.php b/lang/en/backup.php index 4eea4125cc3..c200a72c512 100644 --- a/lang/en/backup.php +++ b/lang/en/backup.php @@ -135,6 +135,7 @@ $string['configgenerallogs'] = 'If enabled logs will be included in backups by d $string['configgeneralquestionbank'] = 'If enabled the question bank will be included in backups by default. PLEASE NOTE: Disabling this setting will disable the backup of activities which use the question bank, such as the quiz.'; $string['configgeneralgroups'] = 'Sets the default for including groups and groupings in a backup.'; $string['configgeneralroleassignments'] = 'If enabled by default roles assignments will also be backed up.'; +$string['configgeneralpermissions'] = 'If enabled the role permissions will be imported. This may override existing permissions for enrolled users.'; $string['configgeneraluserscompletion'] = 'If enabled user completion information will be included in backups by default.'; $string['configgeneralusers'] = 'Sets the default for whether to include users in backups.'; $string['configlegacyfiles'] = 'Sets the default for including legacy course files in a backup. Legacy course files are from versions of Moodle prior to 2.0.'; @@ -152,6 +153,7 @@ $string['configrestorehistories'] = 'Sets the default for restoring user history $string['configrestorelogs'] = 'If enabled logs will be restored by default if they were included in the backup.'; $string['configrestoregroups'] = 'Sets the default for restoring groups and groupings if they were included in the backup.'; $string['configrestoreroleassignments'] = 'If enabled by default roles assignments will be restored if they were included in the backup.'; +$string['configrestorepermissions'] = 'If enabled the role permissions will be restored. This may override existing permissions for enrolled users.'; $string['configrestoreuserscompletion'] = 'If enabled user completion information will be restored by default if it was included in the backup.'; $string['configrestoreusers'] = 'Sets the default for whether to restore users if they were included in the backup.'; $string['confirmcancel'] = 'Cancel backup'; @@ -237,6 +239,7 @@ $string['mergerestoredefaults'] = 'Restore defaults when merging into another co $string['replacerestoredefaults'] = 'Restore defaults when restoring into another course deleting contents'; $string['generalrestoresettings'] = 'General restore settings'; $string['generalroleassignments'] = 'Include role assignments'; +$string['generalpermissions'] = 'Include override permissions'; $string['generalsettings'] = 'General backup settings'; $string['generaluserscompletion'] = 'Include user completion information'; $string['generalusers'] = 'Include users'; @@ -350,6 +353,7 @@ $string['rootsettings'] = 'Backup settings'; $string['rootsettingusers'] = 'Include enrolled users'; $string['rootsettinganonymize'] = 'Anonymize user information'; $string['rootsettingroleassignments'] = 'Include user role assignments'; +$string['rootsettingpermissions'] = 'Include override permissions'; $string['rootsettingactivities'] = 'Include activities and resources'; $string['rootsettingbadges'] = 'Include badges'; $string['rootsettingblocks'] = 'Include blocks'; diff --git a/version.php b/version.php index 4da6d10a62d..1ac78467693 100644 --- a/version.php +++ b/version.php @@ -29,7 +29,7 @@ defined('MOODLE_INTERNAL') || die(); -$version = 2021052500.81; // YYYYMMDD = weekly release date of this DEV branch. +$version = 2021052500.82; // YYYYMMDD = weekly release date of this DEV branch. // RR = release increments - 00 in DEV branches. // .XX = incremental changes. $release = '4.0dev (Build: 20210420)'; // Human-friendly version name