MDL-64958 grade_import: Ensure correct user is being fetched

* We need to ensure that we are checking the correct user account. Since email and idnumber are not unique fields, there's a chance that multiple user records will match when querying for user data using these fields. This might lead to a different user's grades being inadvertently modified during grade import. In such a case, this function needs to return a null userid.
moodle · Mar 11, 2019 · fc6d1fe · fc6d1fe
1 parent 4d3a32d
commit fc6d1fe
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/grade/import/csv/classes/load_data.php b/grade/import/csv/classes/load_data.php
@@ -221,20 +221,23 @@ protected function import_new_grade_item($header, $key, $value) {
     protected function check_user_exists($value, $userfields) {
         global $DB;
 
-        $usercheckproblem = false;
         $user = null;
+        $errorkey = false;
         // The user may use the incorrect field to match the user. This could result in an exception.
         try {
-            $user = $DB->get_record('user', array($userfields['field'] => $value));
-        } catch (Exception $e) {
-            $usercheckproblem = true;
+            // Make sure the record exists and that there's only one matching record found.
+            $user = $DB->get_record('user', array($userfields['field'] => $value), '*', MUST_EXIST);
+        } catch (dml_missing_record_exception $missingex) {
+            $errorkey = 'usermappingerror';
+        } catch (dml_multiple_records_exception $multiex) {
+            $errorkey = 'usermappingerrormultipleusersfound';
         }
         // Field may be fine, but no records were returned.
-        if (!$user || $usercheckproblem) {
+        if ($errorkey) {
             $usermappingerrorobj = new stdClass();
             $usermappingerrorobj->field = $userfields['label'];
             $usermappingerrorobj->value = $value;
-            $this->cleanup_import(get_string('usermappingerror', 'grades', $usermappingerrorobj));
+            $this->cleanup_import(get_string($errorkey, 'grades', $usermappingerrorobj));
             unset($usermappingerrorobj);
             return null;
         }

diff --git a/lang/en/grades.php b/lang/en/grades.php
@@ -834,6 +834,7 @@
 $string['userid'] = 'User ID';
 $string['useridnumberwarning'] = 'Users without an ID number are excluded from the export as they cannot be imported';
 $string['usermappingerror'] = 'User mapping error: Could not find user with {$a->field} of "{$a->value}".';
+$string['usermappingerrormultipleusersfound'] = 'User mapping error: Multiple users found with {$a->field} of "{$a->value}". Please use a more unique mapping field.';
 $string['usermappingerrorusernotfound'] = 'User mapping error. Could not find user.';
 $string['usermappingerrorcurrentgroup'] = 'User is not a member of current group.';
 $string['userpreferences'] = 'User preferences';