Skip to content

Commit

Permalink
MDL-56501 message: introduce new manageallmessaging capability
Browse files Browse the repository at this point in the history
  • Loading branch information
@lameze
lameze committed Oct 31, 2016
1 parent 4e5d96e commit 343ba16
Show file tree
Hide file tree
Showing 6 changed files with 92 additions and 8 deletions.
2 changes: 1 addition & 1 deletion admin/user/user_bulk_message.php
View file
Expand Up @@ -9,7 +9,7 @@

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/site:readallmessages', context_system::instance());
require_capability('moodle/site:manageallmessaging', context_system::instance());

$return = $CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk.php';

Expand Down
1 change: 1 addition & 0 deletions lang/en/role.php
View file
Expand Up @@ -394,6 +394,7 @@
$string['site:forcelanguage'] = 'Override course language';
$string['site:import'] = 'Import other courses into a course';
$string['site:maintenanceaccess'] = 'Allowed access when maintenance mode is enabled.';
$string['site:manageallmessaging'] = 'Can perform all messaging actions on site';
$string['site:manageblocks'] = 'Manage blocks on a page';
$string['site:mnetloginfromremote'] = 'Login from a remote application via MNet';
$string['site:mnetlogintoremote'] = 'Roam to a remote application via MNet';
Expand Down
11 changes: 11 additions & 0 deletions lib/db/access.php
View file
Expand Up @@ -77,6 +77,17 @@
)
),

'moodle/site:manageallmessaging' => array(

'riskbitmask' => RISK_PERSONAL,

'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'archetypes' => array(
'manager' => CAP_ALLOW
)
),

'moodle/site:deleteanymessage' => array(

'riskbitmask' => RISK_DATALOSS,
Expand Down
65 changes: 59 additions & 6 deletions message/externallib.php
View file
Expand Up @@ -214,13 +214,26 @@ public static function create_contacts_parameters() {
* @since Moodle 2.5
*/
public static function create_contacts($userids, $userid = 0) {
global $CFG;
global $CFG, $USER;

// Check if messaging is enabled.
if (empty($CFG->messaging)) {
throw new moodle_exception('disabled', 'message');
}

if (empty($userid)) {
$userid = $USER->id;
}

// Validate context.
$context = context_system::instance();
self::validate_context($context);

$capability = 'moodle/site:manageallmessaging';
if (($USER->id != $userid) && !has_capability($capability, $context)) {
throw new required_capability_exception($context, $capability, 'nopermissions', '');
}

$params = array('userids' => $userids, 'userid' => $userid);
$params = self::validate_parameters(self::create_contacts_parameters(), $params);

Expand Down Expand Up @@ -276,13 +289,26 @@ public static function delete_contacts_parameters() {
* @since Moodle 2.5
*/
public static function delete_contacts($userids, $userid = 0) {
global $CFG;
global $CFG, $USER;

// Check if messaging is enabled.
if (empty($CFG->messaging)) {
throw new moodle_exception('disabled', 'message');
}

if (empty($userid)) {
$userid = $USER->id;
}

// Validate context.
$context = context_system::instance();
self::validate_context($context);

$capability = 'moodle/site:manageallmessaging';
if (($USER->id != $userid) && !has_capability($capability, $context)) {
throw new required_capability_exception($context, $capability, 'nopermissions', '');
}

$params = array('userids' => $userids, 'userid' => $userid);
$params = self::validate_parameters(self::delete_contacts_parameters(), $params);

Expand Down Expand Up @@ -331,13 +357,26 @@ public static function block_contacts_parameters() {
* @since Moodle 2.5
*/
public static function block_contacts($userids, $userid = 0) {
global $CFG;
global $CFG, $USER;

// Check if messaging is enabled.
if (empty($CFG->messaging)) {
throw new moodle_exception('disabled', 'message');
}

if (empty($userid)) {
$userid = $USER->id;
}

// Validate context.
$context = context_system::instance();
self::validate_context($context);

$capability = 'moodle/site:manageallmessaging';
if (($USER->id != $userid) && !has_capability($capability, $context)) {
throw new required_capability_exception($context, $capability, 'nopermissions', '');
}

$params = array('userids' => $userids, 'userid' => $userid);
$params = self::validate_parameters(self::block_contacts_parameters(), $params);

Expand Down Expand Up @@ -393,13 +432,26 @@ public static function unblock_contacts_parameters() {
* @since Moodle 2.5
*/
public static function unblock_contacts($userids, $userid = 0) {
global $CFG;
global $CFG, $USER;

// Check if messaging is enabled.
if (empty($CFG->messaging)) {
throw new moodle_exception('disabled', 'message');
}

if (empty($userid)) {
$userid = $USER->id;
}

// Validate context.
$context = context_system::instance();
self::validate_context($context);

$capability = 'moodle/site:manageallmessaging';
if (($USER->id != $userid) && !has_capability($capability, $context)) {
throw new required_capability_exception($context, $capability, 'nopermissions', '');
}

$params = array('userids' => $userids, 'userid' => $userid);
$params = self::validate_parameters(self::unblock_contacts_parameters(), $params);

Expand Down Expand Up @@ -1679,8 +1731,9 @@ public static function get_blocked_users($userid) {
core_user::require_active_user($user);

// Check if we have permissions for retrieve the information.
if ($userid != $USER->id and !has_capability('moodle/site:readallmessages', $context)) {
throw new moodle_exception('accessdenied', 'admin');
$capability = 'moodle/site:manageallmessaging';
if (($USER->id != $userid) && !has_capability($capability, $context)) {
throw new required_capability_exception($context, $capability, 'nopermissions', '');
}

// Now, we can get safely all the blocked users.
Expand Down
19 changes: 19 additions & 0 deletions message/tests/externallib_test.php
View file
Expand Up @@ -161,6 +161,11 @@ public function test_create_contacts() {
$return = array_pop($return);
$this->assertEquals($return['warningcode'], 'contactnotcreated');
$this->assertEquals($return['itemid'], 99999);

// Try to add a contact to another user, should throw an exception.
// All assertions must be added before this point.
$this->expectException('required_capability_exception');
core_message_external::create_contacts(array($user2->id), $user3->id);
}

/**
Expand Down Expand Up @@ -198,6 +203,11 @@ public function test_delete_contacts() {
// Removing mixed valid and invalid data.
$return = core_message_external::delete_contacts(array($user6->id, 99999));
$this->assertNull($return);

// Try to delete a contact of another user contact list, should throw an exception.
// All assertions must be added before this point.
$this->expectException('required_capability_exception');
core_message_external::delete_contacts(array($user2->id), $user3->id);
}

/**
Expand Down Expand Up @@ -244,6 +254,11 @@ public function test_block_contacts() {
$return = array_pop($return);
$this->assertEquals($return['warningcode'], 'contactnotblocked');
$this->assertEquals($return['itemid'], 99999);

// Try to block a contact of another user contact list, should throw an exception.
// All assertions must be added before this point.
$this->expectException('required_capability_exception');
core_message_external::block_contacts(array($user2->id), $user3->id);
}

/**
Expand Down Expand Up @@ -282,6 +297,10 @@ public function test_unblock_contacts() {
$return = core_message_external::unblock_contacts(array($user6->id, 99999));
$this->assertNull($return);

// Try to unblock a contact of another user contact list, should throw an exception.
// All assertions must be added before this point.
$this->expectException('required_capability_exception');
core_message_external::unblock_contacts(array($user2->id), $user3->id);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion version.php
View file
Expand Up @@ -29,7 +29,7 @@

defined('MOODLE_INTERNAL') || die();

$version = 2016102700.00; // YYYYMMDD = weekly release date of this DEV branch.
$version = 2016102700.01; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.

Expand Down

0 comments on commit 343ba16

Please sign in to comment.