Merge branch 'LAE_2201_STABLE' into LAE_2201_PACKAGE

.github/workflows/push.yml

@@ -14,7 +14,7 @@ env:
 
 jobs:
   Grunt:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
 
     steps:
       - name: Checking out code
@@ -55,11 +55,11 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-18.04
+          - os: ubuntu-20.04
             php: 7.3
             extensions:
             db: mysqli
-          - os: ubuntu-18.04
+          - os: ubuntu-20.04
             php: 8.0
             db: pgsql
             extensions: xmlrpc-beta
@@ -112,4 +112,5 @@ jobs:
       - name: Running PHPUnit tests
         env:
           dbtype: ${{ matrix.db }}
-        run: vendor/bin/phpunit -v
+          phpunit_options: ${{ secrets.phpunit_options }}
+        run: vendor/bin/phpunit $phpunit_options

.travis.yml

@@ -40,7 +40,7 @@ jobs:
         - php: 7.3
           env: DB=none     TASK=CITEST
         - php: 7.3
-          env: DB=none     TASK=GRUNT    NVM_VERSION='lts/carbon'
+          env: DB=none     TASK=GRUNT    NVM_VERSION='lts/gallium'
 
         - if: env(MOODLE_DATABASE) = "pgsql" OR env(MOODLE_DATABASE) = "all" OR env(MOODLE_DATABASE) IS NOT present
           php: 7.3
@@ -56,7 +56,7 @@ jobs:
           env: DB=none     TASK=CITEST
         - if: env(MOODLE_PHP) = "all"
           php: 8.0
-          env: DB=none     TASK=GRUNT    NVM_VERSION='lts/carbon'
+          env: DB=none     TASK=GRUNT    NVM_VERSION='lts/gallium'
 
         - if: env(MOODLE_PHP) = "all" AND (env(MOODLE_DATABASE) = "pgsql" OR env(MOODLE_DATABASE) = "all" OR env(MOODLE_DATABASE) IS NOT present)
           php: 8.0

LAE_readme.md

@@ -1,4 +1,4 @@
-# [Moodle Liberal Arts Edition v4.0.1-LAE22.0.0]
+# [Moodle Liberal Arts Edition v4.0.2-LAE22.0.1]
 
 Welcome to the Moodle Liberal Arts Edition. The goal of the LAE is to provide a coherent package for modules, patches, and code developed (or improved) by the Collaborative Liberal Arts Moodle Project (CLAMP).
 
@@ -16,7 +16,7 @@ https://www.clamp-it.org/collaboration-and-development-tools/
 
 ## Contents
 
-Moodle 4.0.1+LAE22.0.0 consists of the core Moodle 4.0.1 release plus a number of CLAMP-developed features and bug fixes.
+Moodle 4.0.2+LAE22.0.1 consists of the core Moodle 4.0.2 release plus a number of CLAMP-developed features and bug fixes.
 
 The following core features are included:
 
@@ -62,10 +62,10 @@ You can get the LAE in two ways:
 * Download the tar and zip packages from the CLAMP web site: <http://www.clamp-it.org/code/>
 * Download the current release branch from the CLAMP code repository:
 
-    git clone https://github.com/CLAMP-IT/moodle v4.0.1-LAE22.0.0
-    git checkout -b v4.0.1-LAE22.0.0
+    git clone https://github.com/CLAMP-IT/moodle v4.0.2-LAE22.0.1
+    git checkout -b v4.0.2-LAE22.0.1
 
-By default this is the "Package" version which includes the contributed modules. If you just want the core version of the LAE checkout the v4.0.1-LAE22.0.0-base tag instead.
+By default this is the "Package" version which includes the contributed modules. If you just want the core version of the LAE checkout the v4.0.2-LAE22.0.1-base tag instead.
 
 CLAMP maintains two branches for each major version:
 

admin/cli/scheduled_task.php

@@ -69,11 +69,11 @@
     die;
 }
 
-if ($options['showdebugging']) {
+if ($options['showdebugging'] || !empty($CFG->showcrondebugging)) {
     set_debugging(DEBUG_DEVELOPER, true);
 }
 
-if ($options['showsql']) {
+if ($options['showsql'] || !empty($CFG->showcronsql)) {
     $DB->set_debug(true);
 }
 if ($options['list']) {

admin/roles/tests/preset_test.php

@@ -14,19 +14,19 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
+namespace core_role;
+
+use core_role_preset;
+
 /**
  * Role XML presets test case.
  *
  * @package   core_role
- * @category  phpunit
+ * @category  test
  * @copyright 2013 Petr Skoda {@link http://skodak.org}
  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-
-defined('MOODLE_INTERNAL') || die();
-
-
-class core_role_preset_testcase extends advanced_testcase {
+class preset_test extends \advanced_testcase {
     public function test_xml() {
         global $DB;
 
@@ -61,7 +61,7 @@ public function test_xml() {
                    FROM {role_capabilities}
                   WHERE contextid = :syscontext AND roleid = :roleid
                ORDER BY capability ASC",
-                array('syscontext'=>context_system::instance()->id, 'roleid'=>$role->id));
+                array('syscontext' => \context_system::instance()->id, 'roleid' => $role->id));
 
             foreach ($capabilities as $cap) {
                 $this->assertEquals($cap->permission, $info['permissions'][$cap->capability]);

admin/settings/plugins.php

@@ -527,7 +527,10 @@
         $plugin->load_settings($ADMIN, 'plagiarism', $hassiteconfig);
     }
 }
-$ADMIN->add('reports', new admin_externalpage('comments', new lang_string('comments'), $CFG->wwwroot.'/comment/', 'moodle/site:viewreports'));
+
+// Comments report, note this page is really just a means to delete comments so check that.
+$ADMIN->add('reports', new admin_externalpage('comments', new lang_string('comments'), $CFG->wwwroot . '/comment/index.php',
+    'moodle/comment:delete'));
 
 // Course reports settings
 if ($hassiteconfig) {

admin/settings/users.php

@@ -240,7 +240,8 @@ function() {
                         if ($field->param2 > 255 || $field->datatype != 'text') {
                             continue;
                         }
-                        $fields['profile_field_' . $field->shortname] = $field->name . ' *';
+                        $fields['profile_field_' . $field->shortname] = format_string($field->name, true,
+                            ['context' => context_system::instance()]) . ' *';
                     }
 
                     return $fields;

admin/tool/behat/tests/behat/manipulate_forms.feature

@@ -20,9 +20,10 @@ Feature: Forms manipulation
     Given the following "courses" exist:
       | fullname | shortname | category |
       | Course 1 | C1 | 0 |
-    And I log in as "admin"
-    And I am on "Course 1" course homepage with editing mode on
-    And I add a "Quiz" to section "1"
+    And the following "activities" exist:
+      | activity | course | section | name     |
+      | quiz     | C1     | 1       | Quiz 1   |
+    And I am on the "Quiz 1" "quiz activity editing" page logged in as admin
     When I expand all fieldsets
     Then I should see "Close the quiz"
     And I should see "Group mode"

admin/tool/dataprivacy/classes/api.php

@@ -786,6 +786,18 @@ public static function require_can_create_data_request_for_user($user, $requeste
         return true;
     }
 
+    /**
+     * Check if user has permission to create data download request for themselves
+     *
+     * @param int|null $userid
+     * @return bool
+     */
+    public static function can_create_data_download_request_for_self(int $userid = null): bool {
+        global $USER;
+        $userid = $userid ?: $USER->id;
+        return has_capability('tool/dataprivacy:downloadownrequest', \context_user::instance($userid), $userid);
+    }
+
     /**
      * Check if user has permisson to create data deletion request for themselves.
      *
@@ -847,7 +859,7 @@ public static function can_download_data_request_for_user($userid, $requesterid,
 
         $usercontext = \context_user::instance($userid);
         // If it's your own and you have the right capability, you can download it.
-        if ($userid == $downloaderid && has_capability('tool/dataprivacy:downloadownrequest', $usercontext, $downloaderid)) {
+        if ($userid == $downloaderid && self::can_create_data_download_request_for_self($downloaderid)) {
             return true;
         }
         // If you can download anyone's in that context, you can download it.

admin/tool/dataprivacy/createdatarequest.php

@@ -96,6 +96,11 @@
             throw new moodle_exception('nopermissions', 'error', '',
                 get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy'));
         }
+    } else if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT) {
+        if ($data->userid == $USER->id && !\tool_dataprivacy\api::can_create_data_download_request_for_self()) {
+            throw new moodle_exception('nopermissions', 'error', '',
+                get_string('errorcannotrequestexportforself', 'tool_dataprivacy'));
+        }
     }
 
     \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments);

admin/tool/dataprivacy/createdatarequest_form.php

@@ -97,10 +97,11 @@ public function definition() {
         $mform->setType('userid', PARAM_INT);
 
         // Subject access request type.
-        $options = [
-            api::DATAREQUEST_TYPE_EXPORT => get_string('requesttypeexport', 'tool_dataprivacy'),
-            api::DATAREQUEST_TYPE_DELETE => get_string('requesttypedelete', 'tool_dataprivacy')
-        ];
+        $options = [];
+        if ($this->manage || api::can_create_data_download_request_for_self()) {
+            $options[api::DATAREQUEST_TYPE_EXPORT] = get_string('requesttypeexport', 'tool_dataprivacy');
+        }
+        $options[api::DATAREQUEST_TYPE_DELETE] = get_string('requesttypedelete', 'tool_dataprivacy');
 
         $mform->addElement('select', 'type', get_string('requesttype', 'tool_dataprivacy'), $options);
         $mform->addHelpButton('type', 'requesttype', 'tool_dataprivacy');
@@ -174,7 +175,7 @@ public function extra_validation($data, $files, array &$errors) {
             $errors['type'] = get_string('errorrequestalreadyexists', 'tool_dataprivacy');
         }
 
-        // Check if current user can create data deletion request.
+        // Check if current user can create data requests.
         if ($data->type == api::DATAREQUEST_TYPE_DELETE) {
             if ($userid == $USER->id) {
                 if (!api::can_create_data_deletion_request_for_self()) {
@@ -184,6 +185,10 @@ public function extra_validation($data, $files, array &$errors) {
                 && !api::can_create_data_deletion_request_for_children($userid)) {
                 $errors['type'] = get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy');
             }
+        } else if ($data->type == api::DATAREQUEST_TYPE_EXPORT) {
+            if ($userid == $USER->id && !api::can_create_data_download_request_for_self()) {
+                $errors['type'] = get_string('errorcannotrequestexportforself', 'tool_dataprivacy');
+            }
         }
 
         return $errors;

admin/tool/dataprivacy/lang/en/tool_dataprivacy.php

@@ -135,6 +135,7 @@
 $string['emailsalutation'] = 'Dear {$a},';
 $string['errorcannotrequestdeleteforself'] = 'You don\'t have permission to create deletion request for yourself.';
 $string['errorcannotrequestdeleteforother'] = 'You don\'t have permission to create deletion request for this user.';
+$string['errorcannotrequestexportforself'] = 'You don\'t have permission to create export request for yourself.';
 $string['errorcontactdpodisabled'] = 'The option to contact the privacy officer is disabled.';
 $string['errorinvalidrequestcomments'] = 'The comments field may contain plain text only.';
 $string['errorinvalidrequestcreationmethod'] = 'Invalid request creation method!';

admin/tool/dataprivacy/lib.php

@@ -68,8 +68,9 @@ function tool_dataprivacy_myprofile_navigation(tree $tree, $user, $iscurrentuser
 
         // Check if the user has an ongoing data export request.
         $hasexportrequest = \tool_dataprivacy\api::has_ongoing_request($user->id, \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT);
-        // Show data export link only if the user doesn't have an ongoing data export request.
-        if (!$hasexportrequest) {
+        // Show data export link only if the user doesn't have an ongoing data export request and has permission
+        // to download own data.
+        if (!$hasexportrequest && \tool_dataprivacy\api::can_create_data_download_request_for_self()) {
             $exportparams = ['type' => \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT];
             $exporturl = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', $exportparams);
             $exportnode = new core_user\output\myprofile\node('privacyandpolicies', 'requestdataexport',

admin/tool/dataprivacy/tests/api_test.php

@@ -26,6 +26,7 @@
  * API tests.
  *
  * @package    tool_dataprivacy
+ * @covers     \tool_dataprivacy\api
  * @copyright  2018 Jun Pataleta
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
@@ -2174,6 +2175,27 @@ protected function create_request_with_type_and_status(int $userid, int $type, i
         return $request;
     }
 
+    /**
+     * Test whether user can create data download request for themselves
+     */
+    public function test_can_create_data_download_request_for_self(): void {
+        global $DB;
+
+        $this->resetAfterTest();
+
+        $user = $this->getDataGenerator()->create_user();
+        $this->setUser($user);
+
+        // The default user role allows for the creation of download data requests.
+        $this->assertTrue(api::can_create_data_download_request_for_self());
+
+        // Prohibit that capability.
+        $userrole = $DB->get_field('role', 'id', ['shortname' => 'user'], MUST_EXIST);
+        assign_capability('tool/dataprivacy:downloadownrequest', CAP_PROHIBIT, $userrole, \context_user::instance($user->id));
+
+        $this->assertFalse(api::can_create_data_download_request_for_self());
+    }
+
     /**
      * Test user cannot create data deletion request for themselves if they don't have
      * "tool/dataprivacy:requestdelete" capability.

admin/tool/dataprivacy/tests/data_registry_test.php

@@ -14,17 +14,7 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
-/**
- * Unit tests for the data_registry class.
- *
- * @package    tool_dataprivacy
- * @copyright  2018 Andrew Nicols <andrew@nicols.co.uk>
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
-
-defined('MOODLE_INTERNAL') || die();
-
-use \tool_dataprivacy\data_registry;
+namespace tool_dataprivacy;
 
 /**
  * Unit tests for the data_registry class.
@@ -33,15 +23,15 @@
  * @copyright  2018 Andrew Nicols <andrew@nicols.co.uk>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class tool_dataprivacy_dataregistry_testcase extends advanced_testcase {
+class data_registry_test extends \advanced_testcase {
 
     /**
      * Ensure that the get_effective_context_value only errors if provided an inappropriate element.
      *
      * This test is not great because we only test a limited set of values. This is a fault of the underlying API.
      */
     public function test_get_effective_context_value_invalid_element() {
-        $this->expectException(coding_exception::class);
+        $this->expectException(\coding_exception::class);
         data_registry::get_effective_context_value(\context_system::instance(), 'invalid');
     }
 
@@ -51,7 +41,7 @@ public function test_get_effective_context_value_invalid_element() {
      * This test is not great because we only test a limited set of values. This is a fault of the underlying API.
      */
     public function test_get_effective_contextlevel_value_invalid_element() {
-        $this->expectException(coding_exception::class);
+        $this->expectException(\coding_exception::class);
         data_registry::get_effective_contextlevel_value(\context_system::instance(), 'invalid');
     }
 }

admin/tool/dataprivacy/tests/data_request_test.php

@@ -14,27 +14,21 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
-/**
- * Tests for the data_request persistent.
- *
- * @package    tool_dataprivacy
- * @copyright  2018 Andrew Nicols <andrew@nicols.co.uk>
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
+namespace tool_dataprivacy;
+
+use data_privacy_testcase;
 
 defined('MOODLE_INTERNAL') || die();
 require_once('data_privacy_testcase.php');
 
-use tool_dataprivacy\api;
-
 /**
  * Tests for the data_request persistent.
  *
  * @package    tool_dataprivacy
  * @copyright  2018 Andrew Nicols <andrew@nicols.co.uk>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class tool_dataprivacy_data_request_testcase extends data_privacy_testcase {
+class data_request_test extends data_privacy_testcase {
 
     /**
      * Data provider for testing is_resettable, and is_active.