Skip to content

Commit 343ba16

Browse files
lamezelameze
committed
MDL-56501 message: introduce new manageallmessaging capability
1 parent 4e5d96e commit 343ba16

File tree

6 files changed

+92
-8
lines changed

6 files changed

+92
-8
lines changed

admin/user/user_bulk_message.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99

1010
require_login();
1111
admin_externalpage_setup('userbulk');
12-
require_capability('moodle/site:readallmessages', context_system::instance());
12+
require_capability('moodle/site:manageallmessaging', context_system::instance());
1313

1414
$return = $CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk.php';
1515

lang/en/role.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -394,6 +394,7 @@
394394
$string['site:forcelanguage'] = 'Override course language';
395395
$string['site:import'] = 'Import other courses into a course';
396396
$string['site:maintenanceaccess'] = 'Allowed access when maintenance mode is enabled.';
397+
$string['site:manageallmessaging'] = 'Can perform all messaging actions on site';
397398
$string['site:manageblocks'] = 'Manage blocks on a page';
398399
$string['site:mnetloginfromremote'] = 'Login from a remote application via MNet';
399400
$string['site:mnetlogintoremote'] = 'Roam to a remote application via MNet';

lib/db/access.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,17 @@
7777
)
7878
),
7979

80+
'moodle/site:manageallmessaging' => array(
81+
82+
'riskbitmask' => RISK_PERSONAL,
83+
84+
'captype' => 'write',
85+
'contextlevel' => CONTEXT_SYSTEM,
86+
'archetypes' => array(
87+
'manager' => CAP_ALLOW
88+
)
89+
),
90+
8091
'moodle/site:deleteanymessage' => array(
8192

8293
'riskbitmask' => RISK_DATALOSS,

message/externallib.php

Lines changed: 59 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -214,13 +214,26 @@ public static function create_contacts_parameters() {
214214
* @since Moodle 2.5
215215
*/
216216
public static function create_contacts($userids, $userid = 0) {
217-
global $CFG;
217+
global $CFG, $USER;
218218

219219
// Check if messaging is enabled.
220220
if (empty($CFG->messaging)) {
221221
throw new moodle_exception('disabled', 'message');
222222
}
223223

224+
if (empty($userid)) {
225+
$userid = $USER->id;
226+
}
227+
228+
// Validate context.
229+
$context = context_system::instance();
230+
self::validate_context($context);
231+
232+
$capability = 'moodle/site:manageallmessaging';
233+
if (($USER->id != $userid) && !has_capability($capability, $context)) {
234+
throw new required_capability_exception($context, $capability, 'nopermissions', '');
235+
}
236+
224237
$params = array('userids' => $userids, 'userid' => $userid);
225238
$params = self::validate_parameters(self::create_contacts_parameters(), $params);
226239

@@ -276,13 +289,26 @@ public static function delete_contacts_parameters() {
276289
* @since Moodle 2.5
277290
*/
278291
public static function delete_contacts($userids, $userid = 0) {
279-
global $CFG;
292+
global $CFG, $USER;
280293

281294
// Check if messaging is enabled.
282295
if (empty($CFG->messaging)) {
283296
throw new moodle_exception('disabled', 'message');
284297
}
285298

299+
if (empty($userid)) {
300+
$userid = $USER->id;
301+
}
302+
303+
// Validate context.
304+
$context = context_system::instance();
305+
self::validate_context($context);
306+
307+
$capability = 'moodle/site:manageallmessaging';
308+
if (($USER->id != $userid) && !has_capability($capability, $context)) {
309+
throw new required_capability_exception($context, $capability, 'nopermissions', '');
310+
}
311+
286312
$params = array('userids' => $userids, 'userid' => $userid);
287313
$params = self::validate_parameters(self::delete_contacts_parameters(), $params);
288314

@@ -331,13 +357,26 @@ public static function block_contacts_parameters() {
331357
* @since Moodle 2.5
332358
*/
333359
public static function block_contacts($userids, $userid = 0) {
334-
global $CFG;
360+
global $CFG, $USER;
335361

336362
// Check if messaging is enabled.
337363
if (empty($CFG->messaging)) {
338364
throw new moodle_exception('disabled', 'message');
339365
}
340366

367+
if (empty($userid)) {
368+
$userid = $USER->id;
369+
}
370+
371+
// Validate context.
372+
$context = context_system::instance();
373+
self::validate_context($context);
374+
375+
$capability = 'moodle/site:manageallmessaging';
376+
if (($USER->id != $userid) && !has_capability($capability, $context)) {
377+
throw new required_capability_exception($context, $capability, 'nopermissions', '');
378+
}
379+
341380
$params = array('userids' => $userids, 'userid' => $userid);
342381
$params = self::validate_parameters(self::block_contacts_parameters(), $params);
343382

@@ -393,13 +432,26 @@ public static function unblock_contacts_parameters() {
393432
* @since Moodle 2.5
394433
*/
395434
public static function unblock_contacts($userids, $userid = 0) {
396-
global $CFG;
435+
global $CFG, $USER;
397436

398437
// Check if messaging is enabled.
399438
if (empty($CFG->messaging)) {
400439
throw new moodle_exception('disabled', 'message');
401440
}
402441

442+
if (empty($userid)) {
443+
$userid = $USER->id;
444+
}
445+
446+
// Validate context.
447+
$context = context_system::instance();
448+
self::validate_context($context);
449+
450+
$capability = 'moodle/site:manageallmessaging';
451+
if (($USER->id != $userid) && !has_capability($capability, $context)) {
452+
throw new required_capability_exception($context, $capability, 'nopermissions', '');
453+
}
454+
403455
$params = array('userids' => $userids, 'userid' => $userid);
404456
$params = self::validate_parameters(self::unblock_contacts_parameters(), $params);
405457

@@ -1679,8 +1731,9 @@ public static function get_blocked_users($userid) {
16791731
core_user::require_active_user($user);
16801732

16811733
// Check if we have permissions for retrieve the information.
1682-
if ($userid != $USER->id and !has_capability('moodle/site:readallmessages', $context)) {
1683-
throw new moodle_exception('accessdenied', 'admin');
1734+
$capability = 'moodle/site:manageallmessaging';
1735+
if (($USER->id != $userid) && !has_capability($capability, $context)) {
1736+
throw new required_capability_exception($context, $capability, 'nopermissions', '');
16841737
}
16851738

16861739
// Now, we can get safely all the blocked users.

message/tests/externallib_test.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,11 @@ public function test_create_contacts() {
161161
$return = array_pop($return);
162162
$this->assertEquals($return['warningcode'], 'contactnotcreated');
163163
$this->assertEquals($return['itemid'], 99999);
164+
165+
// Try to add a contact to another user, should throw an exception.
166+
// All assertions must be added before this point.
167+
$this->expectException('required_capability_exception');
168+
core_message_external::create_contacts(array($user2->id), $user3->id);
164169
}
165170

166171
/**
@@ -198,6 +203,11 @@ public function test_delete_contacts() {
198203
// Removing mixed valid and invalid data.
199204
$return = core_message_external::delete_contacts(array($user6->id, 99999));
200205
$this->assertNull($return);
206+
207+
// Try to delete a contact of another user contact list, should throw an exception.
208+
// All assertions must be added before this point.
209+
$this->expectException('required_capability_exception');
210+
core_message_external::delete_contacts(array($user2->id), $user3->id);
201211
}
202212

203213
/**
@@ -244,6 +254,11 @@ public function test_block_contacts() {
244254
$return = array_pop($return);
245255
$this->assertEquals($return['warningcode'], 'contactnotblocked');
246256
$this->assertEquals($return['itemid'], 99999);
257+
258+
// Try to block a contact of another user contact list, should throw an exception.
259+
// All assertions must be added before this point.
260+
$this->expectException('required_capability_exception');
261+
core_message_external::block_contacts(array($user2->id), $user3->id);
247262
}
248263

249264
/**
@@ -282,6 +297,10 @@ public function test_unblock_contacts() {
282297
$return = core_message_external::unblock_contacts(array($user6->id, 99999));
283298
$this->assertNull($return);
284299

300+
// Try to unblock a contact of another user contact list, should throw an exception.
301+
// All assertions must be added before this point.
302+
$this->expectException('required_capability_exception');
303+
core_message_external::unblock_contacts(array($user2->id), $user3->id);
285304
}
286305

287306
/**

version.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929

3030
defined('MOODLE_INTERNAL') || die();
3131

32-
$version = 2016102700.00; // YYYYMMDD = weekly release date of this DEV branch.
32+
$version = 2016102700.01; // YYYYMMDD = weekly release date of this DEV branch.
3333
// RR = release increments - 00 in DEV branches.
3434
// .XX = incremental changes.
3535

0 commit comments

Comments
 (0)