mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-25 01:50:55 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-71621-master' of git://github.com/aanabit/moodle

Browse Source
This commit is contained in:
abgreeve 2021-08-02 10:11:15 +08:00
commit a5f13c6b3b
3 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lang/en/admin.php
View File

@ -1026,7 +1026,7 @@ $string['profileshortnamenotunique'] = 'This short name is already in use';
$string['profilesignup'] = 'Display on signup page?';
$string['profilespecificsettings'] = 'Specific settings';
$string['profilevisible'] = 'Who is this field visible to?';
$string['profilevisible_help'] = '* Not visible - For private data only viewable by administrators
$string['profilevisible_help'] = '* Not visible - For private data only viewable by administrators and managers
* Visible to user - For private data only viewable by the user and administrators
* Visible to user, teachers and admins - For private data only viewable by the user, administrators and teachers (on course profile)
* Visible to everyone';

12
user/profile/lib.php
View File

@ -453,6 +453,8 @@ class profile_field_base {
return true;
} else if ($this->userid == $USER->id) {
return true;
} else if ($this->userid > 0) {
return has_capability('moodle/user:viewalldetails', $context);
} else {
$coursecontext = context_course::instance($COURSE->id);
return has_capability('moodle/site:viewuseridentity', $coursecontext);
@ -468,6 +470,10 @@ class profile_field_base {
return has_capability('moodle/user:viewalldetails', $context);
}
default:
// PROFILE_VISIBLE_NONE, so let's check capabilities at system level.
if ($this->userid > 0) {
$context = context_system::instance();
}
return has_capability('moodle/user:viewalldetails', $context);
}
}
@ -499,6 +505,12 @@ class profile_field_base {
return true;
}
// Checking for mentors have capability to edit user's profile.
$usercontext = context_user::instance($this->userid);
if ($this->userid != $USER->id && has_capability('moodle/user:editprofile', $usercontext, $USER->id)) {
return true;
}
return false;
}

38
user/tests/behat/custom_profile_fields.feature
View File

@ -241,3 +241,41 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should not see "notvisible_field_information"
And I should not see "Edit profile"
@javascript
Scenario: User with parent permissions on other user context can view and edit all profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| Parent | parent | parent | |
And the following "users" exist:
| username | firstname | lastname | email |
| parent | Parent | user | parent@example.com |
And the following "role assigns" exist:
| user | role | contextlevel | reference |
| parent | parent | User | userwithinformation |
And the following "permission overrides" exist:
| capability | permission | role | contextlevel | reference |
| moodle/user:viewalldetails | Allow | parent | User | userwithinformation |
| moodle/user:viewdetails | Allow | parent | User | userwithinformation |
| moodle/user:editprofile | Allow | parent | User | userwithinformation |
Given I log in as "admin"
And I am on site homepage
And I navigate to "Turn editing on" in current page administration
And I add the "Mentees" block
And I log out
And I log in as "parent"
And I am on site homepage
When I follow "userwithinformation"
Then I should see "everyonevisible_field"
And I should see "everyonevisible_field_information"
And I should see "uservisible_field"
And I should see "uservisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"
And I follow "Edit profile"
And the following fields match these values:
| everyonevisible_field | everyonevisible_field_information |
| uservisible_field | uservisible_field_information |
| teachervisible_field | teachervisible_field_information |