mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 14:27:22 +01:00
Code Issues Projects Releases Wiki Activity
moodle/user/tests/userselector_test.php
David Mudrák afa3e0ff32 MDL-59847 core: Stop supporting custom identity fields in user selectors 
The user_selector classes supported custom list of extra identity
fields. But they should obey the configured user policy and respect the
privacy setting made by site administrators. So the list of user
identifiers should never be hard-coded, but the setting
$CFG->showuseridentity should be always respected.
2018-08-02 10:22:07 +08:00

267 lines
11 KiB
PHP
Raw Blame History

<?php
// This file is part of Moodle - https://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Provides {@link core_user_selector_testcase} class.
*
* @package core_user
* @category test
* @copyright 2018 David Mudrák <david@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot.'/user/selector/lib.php');
require_once($CFG->dirroot.'/user/tests/fixtures/testable_user_selector.php');
/**
* Tests for the implementation of {@link user_selector_base} class.
*
* @copyright 2018 David Mudrák <david@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class core_user_selector_testcase extends advanced_testcase {
/**
* Setup the environment for the tests.
*/
protected function setup_hidden_siteidentity() {
global $CFG, $DB;
$CFG->showuseridentity = 'idnumber,country,city';
$CFG->hiddenuserfields = 'country,city';
$env = new stdClass();
$env->student = $this->getDataGenerator()->create_user();
$env->teacher = $this->getDataGenerator()->create_user();
$env->manager = $this->getDataGenerator()->create_user();
$env->course = $this->getDataGenerator()->create_course();
$env->coursecontext = context_course::instance($env->course->id);
$env->teacherrole = $DB->get_record('role', array('shortname' => 'teacher'));
$env->studentrole = $DB->get_record('role', array('shortname' => 'student'));
$env->managerrole = $DB->get_record('role', array('shortname' => 'manager'));
role_assign($env->studentrole->id, $env->student->id, $env->coursecontext->id);
role_assign($env->teacherrole->id, $env->teacher->id, $env->coursecontext->id);
role_assign($env->managerrole->id, $env->manager->id, SYSCONTEXTID);
return $env;
}
/**
* No identity fields are not shown to student user (no permission to view identity fields).
*/
public function test_hidden_siteidentity_fields_no_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->student);
$selector = new testable_user_selector('test');
foreach ($selector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectNotHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
}
/**
* Teacher can see students' identity fields only within the course.
*/
public function test_hidden_siteidentity_fields_course_only_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->teacher);
$systemselector = new testable_user_selector('test');
$courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
foreach ($systemselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectNotHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
foreach ($courseselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
}
}
}
/**
* Teacher can be prevented from seeing students' identity fields even within the course.
*/
public function test_hidden_siteidentity_fields_course_prevented_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->teacher);
assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->teacherrole->id, $env->coursecontext->id);
$courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
foreach ($courseselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
}
/**
* Manager can see students' identity fields anywhere.
*/
public function test_hidden_siteidentity_fields_anywhere_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->manager);
$systemselector = new testable_user_selector('test');
$courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
foreach ($systemselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
}
}
foreach ($courseselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
}
}
}
/**
* Manager can be prevented from seeing hidden fields outside the course.
*/
public function test_hidden_siteidentity_fields_schismatic_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->manager);
// Revoke the capability to see hidden user fields outside the course.
// Note that inside the course, the manager can still see the hidden identifiers as this is currently
// controlled by a separate capability for legacy reasons. This is counter-intuitive behaviour and is
// likely to be fixed in MDL-51630.
assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
$systemselector = new testable_user_selector('test');
$courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
foreach ($systemselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
foreach ($courseselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
}
}
}
/**
* Two capabilities must be currently set to prevent manager from seeing hidden fields.
*/
public function test_hidden_siteidentity_fields_hard_to_prevent_access() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->manager);
assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
$systemselector = new testable_user_selector('test');
$courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
foreach ($systemselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
foreach ($courseselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectNotHasAttribute('country', $user);
$this->assertObjectNotHasAttribute('city', $user);
}
}
}
/**
* For legacy reasons, user selectors supported ability to override $CFG->showuseridentity.
*
* However, this was found as violating the principle of respecting site privacy settings. So the feature has been
* dropped in Moodle 3.6.
*/
public function test_hidden_siteidentity_fields_explicit_extrafields() {
$this->resetAfterTest();
$env = $this->setup_hidden_siteidentity();
$this->setUser($env->manager);
$implicitselector = new testable_user_selector('test');
$explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]);
$this->assertDebuggingCalled();
foreach ($implicitselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
$this->assertObjectNotHasAttribute('email', $user);
$this->assertObjectNotHasAttribute('department', $user);
}
}
foreach ($explicitselector->find_users('') as $found) {
foreach ($found as $user) {
$this->assertObjectHasAttribute('idnumber', $user);
$this->assertObjectHasAttribute('country', $user);
$this->assertObjectHasAttribute('city', $user);
$this->assertObjectNotHasAttribute('email', $user);
$this->assertObjectNotHasAttribute('department', $user);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink