MDL-67748 admin: Do not show missing capabilities for mobile app service

We used to display capabilities like "Manage any calendar entries", "Delete evidence", "Manage competency frameworks", "View hidden courses" and others as "Missing capabilities" for the mobile app service tokens. This gave dangerous impression that the app will not work for students without these capabilities granted. There are known cases of admins who started to grant all these caps to the Authenticated user role because they were afraid the app would not work for them. The problem here is that the official mobile app service includes some functions that have these capabilities declared as required. But they are not really required to use the app. Either the app makes its own clever checks of capabilities before calling the functions, or sometimes the capabilities are not even correctly declared. It is safer for everybody to display this information for custom services only where the risk of the falsely missing caps is lower and the information is more accurate. Also, the help text has been improved so it does not suggest that these capabilities must be always added. We do not know why the service has them declared. In some cases, a service has capabilities declared just because it makes use of them in the if-then fashion. Additionally, the patch also displays the service short name because it is actually needed to know.
2025-04-15 13:33:52 +02:00 · 2020-04-24 19:20:54 +02:00 · 2020-04-24 19:20:54 +02:00 · b0fd376db3
commit b0fd376db3
parent 6ea3588d82
2 changed files with 15 additions and 4 deletions
--- a/lang/en/webservice.php
+++ b/lang/en/webservice.php
@ -118,7 +118,7 @@ $string['loginrequired'] = 'Restricted to logged-in users';
 $string['manageprotocols'] = 'Manage protocols';
 $string['managetokens'] = 'Manage tokens';
 $string['missingcaps'] = 'Missing capabilities';
-$string['missingcaps_help'] = 'List of required capabilities for the service which the selected user does not have. Missing capabilities must be added to the user\'s role in order to use the service.';
+$string['missingcaps_help'] = 'List of capabilities declared by the service which the user does not have. Some service functionality may not be available without these capabilities.';
 $string['missingpassword'] = 'Missing password';
 $string['missingrequiredcapability'] = 'The capability {$a} is required.';
 $string['missingusername'] = 'Missing username';
--- a/webservice/classes/token_table.php
+++ b/webservice/classes/token_table.php
@ -84,7 +84,7 @@ class token_table extends \table_sql {
        $headers[] = get_string('user');
        $columns[] = 'fullname';
        $headers[] = get_string('service', 'webservice');
-        $columns[] = 'name';
+        $columns[] = 'servicename';
        $headers[] = get_string('iprestriction', 'webservice');
        $columns[] = 'iprestriction';
        $headers[] = get_string('validuntil', 'webservice');
@ -165,7 +165,8 @@ class token_table extends \table_sql {
        $webservicemanager = new \webservice();
        $usermissingcaps = $webservicemanager->get_missing_capabilities_by_users([['id' => $data->userid]], $data->serviceid);

-        if (!is_siteadmin($data->userid) && array_key_exists($data->userid, $usermissingcaps)) {
+        if ($data->serviceshortname <> MOODLE_OFFICIAL_MOBILE_SERVICE && !is_siteadmin($data->userid)
+                && array_key_exists($data->userid, $usermissingcaps)) {
            $count = \html_writer::span(count($usermissingcaps[$data->userid]), 'badge badge-danger');
            $links = array_map(function($capname) {
                return get_capability_docs_link((object)['name' => $capname]) . \html_writer::div($capname, 'text-muted');
@ -216,6 +217,16 @@ class token_table extends \table_sql {
        return \html_writer::link($creatorprofileurl, fullname((object)$user, $this->hasviewfullnames));
    }

+    /**
+     * Format the service name column.
+     *
+     * @param \stdClass $data
+     * @return string
+     */
+    public function col_servicename($data) {
+        return \html_writer::div(s($data->servicename)) . \html_writer::div(s($data->serviceshortname), 'small text-muted');
+    }
+
    /**
     * This function is used for the extra user fields.
     *
@ -259,7 +270,7 @@ class token_table extends \table_sql {

        $selectfields = "SELECT t.id, t.token, t.iprestriction, t.validuntil, t.creatorid,
                                u.id AS userid, $usernamefields,
-                                s.id AS serviceid, s.name,
+                                s.id AS serviceid, s.name AS servicename, s.shortname AS serviceshortname,
                                $creatorfields ";

        $selectcount = "SELECT COUNT(t.id) ";