mirror of
https://github.com/moodle/moodle.git
synced 2025-01-17 21:49:15 +01:00
Merge branch 'MDL-49821-master-master' of git://github.com/jleyva/moodle
This commit is contained in:
Eloy Lafuente (stronk7)
commit
c75b891ba7
@ -152,7 +152,8 @@ class core_completion_external extends external_api {
|
||||
$params = self::validate_parameters(self::get_activities_completion_status_parameters(), $arrayparams);
|
||||
|
||||
$course = get_course($params['courseid']);
|
||||
$user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
$context = context_course::instance($course->id);
|
||||
self::validate_context($context);
|
||||
@ -270,7 +271,9 @@ class core_completion_external extends external_api {
|
||||
$params = self::validate_parameters(self::get_course_completion_status_parameters(), $arrayparams);
|
||||
|
||||
$course = get_course($params['courseid']);
|
||||
$user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
$context = context_course::instance($course->id);
|
||||
self::validate_context($context);
|
||||
|
||||
|
||||
@ -92,6 +92,7 @@ class gradereport_user_external extends external_api {
|
||||
require_capability('moodle/grade:viewall', $context);
|
||||
} else {
|
||||
$user = core_user::get_user($userid, '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
}
|
||||
|
||||
$access = false;
|
||||
@ -301,13 +302,7 @@ class gradereport_user_external extends external_api {
|
||||
$userid = $USER->id;
|
||||
} else {
|
||||
$user = core_user::get_user($userid, '*', MUST_EXIST);
|
||||
if ($user->deleted) {
|
||||
throw new moodle_exception('userdeleted');
|
||||
}
|
||||
if (isguestuser($user)) {
|
||||
// Can not view profile of guest - thre is nothing to see there.
|
||||
throw new moodle_exception('invaliduserid');
|
||||
}
|
||||
core_user::require_active_user($user);
|
||||
}
|
||||
|
||||
$access = false;
|
||||
|
||||
@ -1224,7 +1224,8 @@ class core_group_external extends external_api {
|
||||
|
||||
// Validate course and user. get_course throws an exception if the course does not exists.
|
||||
$course = get_course($courseid);
|
||||
$user = core_user::get_user($userid, 'id', MUST_EXIST);
|
||||
$user = core_user::get_user($userid, '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
// Security checks.
|
||||
$context = context_course::instance($course->id);
|
||||
@ -1348,13 +1349,8 @@ class core_group_external extends external_api {
|
||||
$userid = $USER->id;
|
||||
}
|
||||
|
||||
$user = core_user::get_user($userid, 'id, deleted', MUST_EXIST);
|
||||
if ($user->deleted) {
|
||||
throw new moodle_exception('userdeleted');
|
||||
}
|
||||
if (isguestuser($user)) {
|
||||
throw new moodle_exception('invaliduserid');
|
||||
}
|
||||
$user = core_user::get_user($userid, '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
// Check if we have permissions for retrieve the information.
|
||||
if ($user->id != $USER->id) {
|
||||
|
||||
@ -238,4 +238,40 @@ class core_user {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the given user is an active user in the site.
|
||||
*
|
||||
* @param stdClass $user user object
|
||||
* @param boolean $checksuspended whether to check if the user has the account suspended
|
||||
* @param boolean $checknologin whether to check if the user uses the nologin auth method
|
||||
* @throws moodle_exception
|
||||
* @since Moodle 3.0
|
||||
*/
|
||||
public static function require_active_user($user, $checksuspended = false, $checknologin = false) {
|
||||
|
||||
if (!self::is_real_user($user->id)) {
|
||||
throw new moodle_exception('invaliduser', 'error');
|
||||
}
|
||||
|
||||
if ($user->deleted) {
|
||||
throw new moodle_exception('userdeleted');
|
||||
}
|
||||
|
||||
if (empty($user->confirmed)) {
|
||||
throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username);
|
||||
}
|
||||
|
||||
if (isguestuser($user)) {
|
||||
throw new moodle_exception('guestsarenotallowed', 'error');
|
||||
}
|
||||
|
||||
if ($checksuspended and $user->suspended) {
|
||||
throw new moodle_exception('suspended', 'auth');
|
||||
}
|
||||
|
||||
if ($checknologin and $user->auth == 'nologin') {
|
||||
throw new moodle_exception('suspended', 'auth');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -116,4 +116,72 @@ class core_user_testcase extends advanced_testcase {
|
||||
// Assert that a user not in the db return false.
|
||||
$this->assertFalse(core_user::get_user_by_username('janedoe'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test require_active_user
|
||||
*/
|
||||
public function test_require_active_user() {
|
||||
global $DB;
|
||||
|
||||
// Create a default user for the test.
|
||||
$userexpected = $this->getDataGenerator()->create_user();
|
||||
|
||||
// Simple case, all good.
|
||||
core_user::require_active_user($userexpected, true, true);
|
||||
|
||||
// Set user not confirmed.
|
||||
$DB->set_field('user', 'confirmed', 0, array('id' => $userexpected->id));
|
||||
try {
|
||||
core_user::require_active_user($userexpected);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('usernotconfirmed', $e->errorcode);
|
||||
}
|
||||
$DB->set_field('user', 'confirmed', 1, array('id' => $userexpected->id));
|
||||
|
||||
// Set nologin auth method.
|
||||
$DB->set_field('user', 'auth', 'nologin', array('id' => $userexpected->id));
|
||||
try {
|
||||
core_user::require_active_user($userexpected, false, true);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('suspended', $e->errorcode);
|
||||
}
|
||||
// Check no exceptions are thrown if we don't specify to check suspended.
|
||||
core_user::require_active_user($userexpected);
|
||||
$DB->set_field('user', 'auth', 'manual', array('id' => $userexpected->id));
|
||||
|
||||
// Set user suspended.
|
||||
$DB->set_field('user', 'suspended', 1, array('id' => $userexpected->id));
|
||||
try {
|
||||
core_user::require_active_user($userexpected, true);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('suspended', $e->errorcode);
|
||||
}
|
||||
// Check no exceptions are thrown if we don't specify to check suspended.
|
||||
core_user::require_active_user($userexpected);
|
||||
|
||||
// Delete user.
|
||||
delete_user($userexpected);
|
||||
try {
|
||||
core_user::require_active_user($userexpected);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('userdeleted', $e->errorcode);
|
||||
}
|
||||
|
||||
// Use a not real user.
|
||||
$noreplyuser = core_user::get_noreply_user();
|
||||
try {
|
||||
core_user::require_active_user($noreplyuser, true);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('invaliduser', $e->errorcode);
|
||||
}
|
||||
|
||||
// Get the guest user.
|
||||
$guestuser = $DB->get_record('user', array('username' => 'guest'));
|
||||
try {
|
||||
core_user::require_active_user($guestuser, true);
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('guestsarenotallowed', $e->errorcode);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -885,7 +885,8 @@ class core_message_external extends external_api {
|
||||
throw new moodle_exception('disabled', 'message');
|
||||
}
|
||||
|
||||
$user = core_user::get_user($userid, 'id', MUST_EXIST);
|
||||
$user = core_user::get_user($userid, '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
// Check if we have permissions for retrieve the information.
|
||||
if ($userid != $USER->id and !has_capability('moodle/site:readallmessages', $context)) {
|
||||
|
||||
@ -147,18 +147,18 @@ class mod_scorm_external extends external_api {
|
||||
$context = context_module::instance($cm->id);
|
||||
self::validate_context($context);
|
||||
|
||||
// Validate the user obtaining the context, it will fail if the user doesn't exists or have been deleted.
|
||||
context_user::instance($params['userid']);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
// Extra checks so only users with permissions can view other users attempts.
|
||||
if ($USER->id != $params['userid']) {
|
||||
if ($USER->id != $user->id) {
|
||||
require_capability('mod/scorm:viewreport', $context);
|
||||
}
|
||||
|
||||
// If the SCORM is not open this function will throw exceptions.
|
||||
scorm_require_available($scorm);
|
||||
|
||||
$attemptscount = scorm_get_attempt_count($params['userid'], $scorm, false, $params['ignoremissingcompletion']);
|
||||
$attemptscount = scorm_get_attempt_count($user->id, $scorm, false, $params['ignoremissingcompletion']);
|
||||
|
||||
$result = array();
|
||||
$result['attemptscount'] = $attemptscount;
|
||||
@ -536,21 +536,21 @@ class mod_scorm_external extends external_api {
|
||||
$context = context_module::instance($cm->id);
|
||||
self::validate_context($context);
|
||||
|
||||
// Validate the user obtaining the context, it will fail if the user doesn't exists or have been deleted.
|
||||
context_user::instance($params['userid']);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
// Extra checks so only users with permissions can view other users attempts.
|
||||
if ($USER->id != $params['userid']) {
|
||||
if ($USER->id != $user->id) {
|
||||
require_capability('mod/scorm:viewreport', $context);
|
||||
}
|
||||
|
||||
scorm_require_available($scorm, true, $context);
|
||||
|
||||
if (empty($params['attempt'])) {
|
||||
$params['attempt'] = scorm_get_last_attempt($scorm->id, $params['userid']);
|
||||
$params['attempt'] = scorm_get_last_attempt($scorm->id, $user->id);
|
||||
}
|
||||
|
||||
if ($scormtracks = scorm_get_tracks($sco->id, $params['userid'], $params['attempt'])) {
|
||||
if ($scormtracks = scorm_get_tracks($sco->id, $user->id, $params['attempt'])) {
|
||||
foreach ($scormtracks as $element => $value) {
|
||||
$tracks[] = array(
|
||||
'element' => $element,
|
||||
|
||||
@ -526,7 +526,8 @@ class core_notes_external extends external_api {
|
||||
}
|
||||
$user = null;
|
||||
if (!empty($params['userid'])) {
|
||||
$user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
}
|
||||
|
||||
$course = get_course($params['courseid']);
|
||||
@ -680,15 +681,8 @@ class core_notes_external extends external_api {
|
||||
require_capability('moodle/notes:view', $context);
|
||||
|
||||
if (!empty($params['userid'])) {
|
||||
$user = core_user::get_user($params['userid'], 'id, deleted', MUST_EXIST);
|
||||
|
||||
if ($user->deleted) {
|
||||
throw new moodle_exception('userdeleted');
|
||||
}
|
||||
|
||||
if (isguestuser($user)) {
|
||||
throw new moodle_exception('invaliduserid');
|
||||
}
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
core_user::require_active_user($user);
|
||||
|
||||
if ($course->id != SITEID and !can_access_course($course, $user, '', true)) {
|
||||
throw new moodle_exception('notenrolledprofile');
|
||||
|
||||
@ -1389,14 +1389,7 @@ class core_user_external extends external_api {
|
||||
|
||||
$course = get_course($params['courseid']);
|
||||
$user = core_user::get_user($params['userid'], '*', MUST_EXIST);
|
||||
|
||||
if ($user->deleted) {
|
||||
throw new moodle_exception('userdeleted');
|
||||
}
|
||||
if (isguestuser($user)) {
|
||||
// Can not view profile of guest - thre is nothing to see there.
|
||||
throw new moodle_exception('invaliduserid');
|
||||
}
|
||||
core_user::require_active_user($user);
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
$coursecontext = context_system::instance();;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user