MDL-63381 backup: Have an option to import permissions

Add options to use permission settings for import / restore
moodle · Apr 13, 2021 · c12ef07 · c12ef07
1 parent 89cab88
commit c12ef07
Show file tree

Hide file tree

Showing 15 changed files with 393 additions and 11 deletions.
diff --git a/admin/settings/courses.php b/admin/settings/courses.php
@@ -343,6 +343,11 @@
 
     // Import defaults section.
     $temp->add(new admin_setting_heading('importsettings', new lang_string('importsettings', 'backup'), ''));
+    $temp->add(new admin_setting_configcheckbox_with_lock(
+            'backup/backup_import_permissions',
+            new lang_string('generalpermissions', 'backup'),
+            new lang_string('configgeneralpermissions', 'backup'),
+            array('value' => 0, 'locked' => 0)));
     $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_activities', new lang_string('generalactivities','backup'), new lang_string('configgeneralactivities','backup'), array('value'=>1, 'locked'=>0)));
     $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_blocks', new lang_string('generalblocks','backup'), new lang_string('configgeneralblocks','backup'), array('value'=>1, 'locked'=>0)));
     $temp->add(new admin_setting_configcheckbox_with_lock('backup/backup_import_filters', new lang_string('generalfilters','backup'), new lang_string('configgeneralfilters','backup'), array('value'=>1, 'locked'=>0)));
@@ -517,6 +522,9 @@
     $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_role_assignments',
         new lang_string('generalroleassignments', 'backup'),
         new lang_string('configrestoreroleassignments', 'backup'), array('value' => 1, 'locked' => 0)));
+    $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_permissions',
+        new lang_string('generalpermissions', 'backup'),
+        new lang_string('configrestorepermissions', 'backup'), array('value' => 1, 'locked' => 0)));
     $temp->add(new admin_setting_configcheckbox_with_lock('restore/restore_general_activities',
         new lang_string('generalactivities', 'backup'),
         new lang_string('configrestoreactivities', 'backup'), array('value' => 1, 'locked' => 0)));

diff --git a/backup/moodle2/backup_root_task.class.php b/backup/moodle2/backup_root_task.class.php
@@ -99,6 +99,13 @@ protected function define_settings() {
         $this->add_setting($roleassignments);
         $users->add_dependency($roleassignments);
 
+        // Define permission.
+        if ($this->plan->get_mode() == backup::MODE_IMPORT) {
+            $permissions = new backup_permissions_setting('permissions', base_setting::IS_BOOLEAN, false);
+            $permissions->set_ui(new backup_setting_ui_checkbox($permissions, get_string('rootsettingpermissions', 'backup')));
+            $this->add_setting($permissions);
+        }
+
         // Define activities
         $activities = new backup_activities_setting('activities', base_setting::IS_BOOLEAN, true);
         $activities->set_ui(new backup_setting_ui_checkbox($activities, get_string('rootsettingactivities', 'backup')));

diff --git a/backup/moodle2/backup_settingslib.php b/backup/moodle2/backup_settingslib.php
@@ -65,6 +65,12 @@ public function set_ui_filename($label, $value, array $options = null) {
  */
 class backup_users_setting extends backup_generic_setting {}
 
+/**
+ * root setting to control if backup will include permission information by roles
+ */
+class backup_permissions_setting extends backup_generic_setting {
+}
+
 /**
  * root setting to control if backup will include group information depends on @backup_users_setting
  *

diff --git a/backup/moodle2/restore_root_task.class.php b/backup/moodle2/restore_root_task.class.php
@@ -146,6 +146,19 @@ protected function define_settings() {
         $this->add_setting($roleassignments);
         $users->add_dependency($roleassignments);
 
+        // Define permissions.
+        $defaultvalue = false;                      // Safer default.
+        $changeable = false;
+        // Enable when available, or key doesn't exist (backward compatibility).
+        if (!array_key_exists('permissions', $rootsettings) || !empty($rootsettings['permissions'])) {
+            $defaultvalue = true;
+            $changeable = true;
+        }
+        $permissions = new restore_permissions_setting('permissions', base_setting::IS_BOOLEAN, $defaultvalue);
+        $permissions->set_ui(new backup_setting_ui_checkbox($permissions, get_string('rootsettingpermissions', 'backup')));
+        $permissions->get_ui()->set_changeable($changeable);
+        $this->add_setting($permissions);
+
         // Define activitites
         $defaultvalue = false;                      // Safer default
         $changeable = false;

diff --git a/backup/moodle2/restore_settingslib.php b/backup/moodle2/restore_settingslib.php
@@ -43,6 +43,12 @@ class restore_generic_setting extends root_backup_setting {}
  */
 class restore_users_setting extends restore_generic_setting {}
 
+/**
+ * root setting to control if restore will create override permission information by roles
+ */
+class restore_permissions_setting extends restore_generic_setting {
+}
+
 /**
  * root setting to control if restore will create groups/grouping information. Depends on @restore_users_setting
  *

diff --git a/backup/moodle2/restore_stepslib.php b/backup/moodle2/restore_stepslib.php
@@ -2058,7 +2058,9 @@ protected function define_structure() {
         if ($this->get_setting_value('role_assignments')) {
             $paths[] = new restore_path_element('assignment', '/roles/role_assignments/assignment');
         }
-        $paths[] = new restore_path_element('override', '/roles/role_overrides/override');
+        if ($this->get_setting_value('permissions')) {
+            $paths[] = new restore_path_element('override', '/roles/role_overrides/override');
+        }
 
         return $paths;
     }

diff --git a/backup/tests/backup_restore_base_testcase.php b/backup/tests/backup_restore_base_testcase.php
@@ -0,0 +1,123 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Backup restore base tests.
+ *
+ * @package   core_backup
+ * @copyright Tomo Tsuyuki <tomotsuyuki@catalyst-au.net>
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+global $CFG;
+require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php');
+require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php');
+
+/**
+ * Basic testcase class for backup / restore functionality.
+ */
+abstract class core_backup_backup_restore_base_testcase extends advanced_testcase {
+
+    /**
+     * Setup test data.
+     */
+    protected function setUp(): void {
+        $this->resetAfterTest();
+        $this->setAdminUser();
+    }
+
+    /**
+     * Backup the course by general mode.
+     *
+     * @param  stdClass $course Course for backup.
+     * @return string Hash string ID from the backup.
+     * @throws coding_exception
+     * @throws moodle_exception
+     */
+    protected function perform_backup($course): string {
+        global $CFG, $USER;
+
+        $coursecontext = context_course::instance($course->id);
+
+        // Start backup process.
+        $bc = new backup_controller(backup::TYPE_1COURSE, $course->id, backup::FORMAT_MOODLE,
+                backup::INTERACTIVE_NO, backup::MODE_GENERAL, $USER->id);
+        $bc->execute_plan();
+        $backupid = $bc->get_backupid();
+        $bc->destroy();
+
+        // Get the backup file.
+        $fs = get_file_storage();
+        $files = $fs->get_area_files($coursecontext->id, 'backup', 'course', false, 'id ASC');
+        $backupfile = reset($files);
+
+        // Extract backup file.
+        $path = $CFG->tempdir . DIRECTORY_SEPARATOR . "backup" . DIRECTORY_SEPARATOR . $backupid;
+
+        $fp = get_file_packer('application/vnd.moodle.backup');
+        $fp->extract_to_pathname($backupfile, $path);
+
+        return $backupid;
+    }
+
+    /**
+     * Restore from backupid to course.
+     *
+     * @param  string   $backupid Hash string ID from backup.
+     * @param  stdClass $course Course which is restored for.
+     * @throws restore_controller_exception
+     */
+    protected function perform_restore($backupid, $course): void {
+        global $USER;
+
+        // Set up restore.
+        $rc = new restore_controller($backupid, $course->id,
+                backup::INTERACTIVE_NO, backup::MODE_GENERAL, $USER->id, backup::TARGET_EXISTING_ADDING);
+        // Execute restore.
+        $rc->execute_precheck();
+        $rc->execute_plan();
+        $rc->destroy();
+    }
+
+    /**
+     * Import course from course1 to course2.
+     *
+     * @param stdClass $course1 Course to be backuped up.
+     * @param stdClass $course2 Course to be restored.
+     * @throws restore_controller_exception
+     */
+    protected function perform_import($course1, $course2): void {
+        global $USER;
+
+        // Start backup process.
+        $bc = new backup_controller(backup::TYPE_1COURSE, $course1->id, backup::FORMAT_MOODLE,
+                backup::INTERACTIVE_NO, backup::MODE_IMPORT, $USER->id);
+        $backupid = $bc->get_backupid();
+        $bc->execute_plan();
+        $bc->destroy();
+
+        // Set up restore.
+        $rc = new restore_controller($backupid, $course2->id,
+                backup::INTERACTIVE_NO, backup::MODE_SAMESITE, $USER->id, backup::TARGET_EXISTING_ADDING);
+        // Execute restore.
+        $rc->execute_precheck();
+        $rc->execute_plan();
+        $rc->destroy();
+    }
+
+}
diff --git a/backup/tests/backup_restore_permission_test.php b/backup/tests/backup_restore_permission_test.php
@@ -0,0 +1,156 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Backup restore permission tests.
+ *
+ * @package   core_backup
+ * @copyright Tomo Tsuyuki <tomotsuyuki@catalyst-au.net>
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+global $CFG;
+require_once('backup_restore_base_testcase.php');
+require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php');
+require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php');
+
+/**
+ * Testcase class for permission backup / restore functionality.
+ */
+class core_backup_backup_restore_permission_testcase extends core_backup_backup_restore_base_testcase {
+
+    /** @var stdClass A test course which is restored/imported from. */
+    protected $course1;
+
+    /** @var stdClass A test course which is restored/imported to. */
+    protected $course2;
+
+    /** @var stdClass A user for using in this test. */
+    protected $user;
+
+    /** @var string Capability name for using in this test. */
+    protected $capabilityname;
+
+    /** @var context_course Context instance for course1. */
+    protected $course1context;
+
+    /** @var context_course Context instance for course2. */
+    protected $course2context;
+
+    /**
+     * Setup test data.
+     */
+    protected function setUp(): void {
+        global $DB;
+
+        parent::setUp();
+        // Create a course with some availability data set.
+        $generator = $this->getDataGenerator();
+        $this->course1 = $generator->create_course();
+        $this->course1context = context_course::instance($this->course1->id);
+        $this->course2 = $generator->create_course();
+        $this->course2context = context_course::instance($this->course2->id);
+        $this->capabilityname = 'enrol/manual:enrol';
+        $this->user = $generator->create_user();
+
+        // Set additional permission for course 1.
+        $teacherrole = $DB->get_record('role', ['shortname' => 'teacher'], '*', MUST_EXIST);
+        role_change_permission($teacherrole->id, $this->course1context, $this->capabilityname, CAP_ALLOW);
+
+        // Enrol to the courses.
+        $generator->enrol_user($this->user->id, $this->course1->id, $teacherrole->id);
+        $generator->enrol_user($this->user->id, $this->course2->id, $teacherrole->id);
+    }
+
+    /**
+     * Test having settings.
+     */
+    public function test_having_settings(): void {
+        $this->assertEquals(0, get_config('backup', 'backup_import_permissions'));
+        $this->assertEquals(1, get_config('restore', 'restore_general_permissions'));
+    }
+
+    /**
+     * Test for restore with permission.
+     */
+    public function test_backup_restore_with_permission(): void {
+
+        // Set default setting to restore with permission.
+        set_config('restore_general_permissions', 1, 'restore');
+
+        // Confirm course1 has the capability for the user.
+        $this->assertTrue(has_capability($this->capabilityname, $this->course1context, $this->user));
+
+        // Confirm course2 does not have the capability for the user.
+        $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user));
+
+        // Perform backup and restore.
+        $backupid = $this->perform_backup($this->course1);
+        $this->perform_restore($backupid, $this->course2);
+
+        // Confirm course2 has the capability for the user.
+        $this->assertTrue(has_capability($this->capabilityname, $this->course2context, $this->user));
+    }
+
+    /**
+     * Test for backup / restore without restore permission.
+     */
+    public function test_backup_restore_without_permission(): void {
+
+        // Set default setting to restore without permission.
+        set_config('restore_general_permissions', 0, 'restore');
+
+        // Perform backup and restore.
+        $backupid = $this->perform_backup($this->course1);
+        $this->perform_restore($backupid, $this->course2);
+
+        // Confirm course2 does not have the capability for the user.
+        $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user));
+    }
+
+    /**
+     * Test for import with permission.
+     */
+    public function test_backup_import_with_permission(): void {
+
+        // Set default setting to restore with permission.
+        set_config('backup_import_permissions', 1, 'backup');
+
+        // Perform import.
+        $this->perform_import($this->course1, $this->course2);
+
+        // Confirm course2 does not have the capability for the user.
+        $this->assertTrue(has_capability($this->capabilityname, $this->course2context, $this->user));
+    }
+
+    /**
+     * Test for import without permission.
+     */
+    public function test_backup_import_without_permission(): void {
+
+        // Set default setting to restore without permission.
+        set_config('backup_import_permissions', 0, 'backup');
+
+        // Perform import.
+        $this->perform_import($this->course1, $this->course2);
+
+        // Confirm course2 does not have the capability for the user.
+        $this->assertFalse(has_capability($this->capabilityname, $this->course2context, $this->user));
+    }
+
+}
diff --git a/backup/upgrade.txt b/backup/upgrade.txt
@@ -5,6 +5,10 @@ information provided here is intended especially for developers.
  * Local plugins can now hook into a backup and restore process of grade items by
    using define_grade_item_plugin_structure method (See MDL-69418).
 
+=== 3.11 ===
+ * New setting called "Include override permissions" has been implemented. The default
+   settings is OFF for import, and ON for restore.
+
 === 3.1 ===
 
 * New close() method added to loggers so they can close any open resource. Previously

diff --git a/backup/util/dbops/backup_controller_dbops.class.php b/backup/util/dbops/backup_controller_dbops.class.php
@@ -577,6 +577,7 @@ public static function apply_config_defaults(backup_controller $controller) {
                         'backup_import_blocks'             => 'blocks',
                         'backup_import_filters'            => 'filters',
                         'backup_import_calendarevents'     => 'calendarevents',
+                        'backup_import_permissions'        => 'permissions',
                         'backup_import_questionbank'       => 'questionbank',
                         'backup_import_groups'             => 'groups',
                         'backup_import_competencies'       => 'competencies',