ucfopen#1198 Now checking if a widget is publishable by a user instea…

…d of if a widget instance is publishable by a user. Changed tests to match.

fuel/app/classes/materia/api/v1.php

@@ -71,13 +71,15 @@ static public function widget_instance_delete($inst_id)
 	/**
 	 * @return bool, true if the current user can publish the given widget instance, false otherwise.
 	 */
-	static public function publish_verify($inst_id)
+	static public function publish_verify($widget_id)
 	{
-		if ( ! Util_Validator::is_valid_hash($inst_id)) return Msg::invalid_input($inst_id);
 		if (\Service_User::verify_session() !== true) return Msg::no_login();
-		if ( ! static::has_perms_to_inst($inst_id, [Perm::FULL])) return Msg::no_perm();
-		if ( ! ($inst = Widget_Instance_Manager::get($inst_id))) return false;
-		return $inst->publishable_by(\Model_User::find_current_id());
+		if ( ! Util_Validator::is_pos_int($widget_id)) return Msg::invalid_input($widget_id);
+
+		$widget = new Widget();
+		if ( $widget->get($widget_id) == false) return Msg::invalid_input('Invalid widget type');
+
+		return $widget->publishable_by(\Model_User::find_current_id());
 	}
 
 	static private function has_perms_to_inst($inst_id, $perms)
@@ -137,7 +139,7 @@ static public function widget_instance_new($widget_id=null, $name=null, $qset=nu
 			'guest_access'    => $is_student,
 			'attempts'        => -1
 		]);
-		if ( ! $is_draft && ! $inst->publishable_by(\Model_User::find_current_id()) ) return new Msg(Msg::ERROR, 'Widget can not be published by student!');
+		if ( ! $is_draft && ! $widget->publishable_by(\Model_User::find_current_id()) ) return new Msg(Msg::ERROR, 'Widget can not be published by student!');
 
 		if ( ! empty($qset->data)) $inst->qset->data = $qset->data;
 		if ( ! empty($qset->version)) $inst->qset->version = $qset->version;
@@ -177,7 +179,7 @@ static public function widget_instance_update($inst_id=null, $name=null, $qset=n
 		$inst = Widget_Instance_Manager::get($inst_id, true);
 		if ( ! $inst) return new Msg(Msg::ERROR, 'Widget instance could not be found.');
 		if ( $is_draft && ! $inst->widget->is_editable) return new Msg(Msg::ERROR, 'Non-editable widgets can not be saved as drafts!');
-		if ( ! $is_draft && ! $inst->publishable_by(\Model_User::find_current_id())) return new Msg(Msg::ERROR, 'Widgets can not be published by student!');
+		if ( ! $is_draft && ! $inst->widget->publishable_by(\Model_User::find_current_id())) return new Msg(Msg::ERROR, 'Widgets can not be published by student!');
 
 		// student made widgets are locked forever
 		if ($inst->is_student_made)

fuel/app/classes/materia/widget.php

@@ -273,6 +273,17 @@ public function get_playdata_exporter_methods(?string $script_path = null)
 		return $this->exporter_methods;
 	}
 
+	/**
+	 * Checks if user can publish widget.
+	 *
+	 * @return bool Whether or not the current user can publish the widget
+	 */
+	public function publishable_by($user_id)
+	{
+		if ( ! $this->restrict_publish) return true;
+		return ! Perm_Manager::is_student($user_id);
+	}
+
 	// filter out items in an array that aren't callable
 	public static function reduce_array_to_functions(array $array): array
 	{

fuel/app/classes/materia/widget/instance.php

@@ -251,7 +251,7 @@ public function db_store()
 	{
 		// check for requirements
 		if ( ! $this->user_id > 0) return false;
-		if ( ! $this->is_draft && ! $this->publishable_by(\Model_User::find_current_id())) return false;
+		if ( ! $this->is_draft && ! $this->widget->publishable_by(\Model_User::find_current_id())) return false;
 
 		$is_new = ! Util_Validator::is_valid_hash($this->id);
 
@@ -441,17 +441,6 @@ public function viewable_by($user_id)
 		return Perm_Manager::user_has_any_perm_to($user_id, $this->id, Perm::INSTANCE, [Perm::VISIBLE, Perm::FULL]);
 	}
 
-	/**
-	 * Checks if user can publish widget.
-	 *
-	 * @return bool Whether or not the current user can publish the widget
-	 */
-	public function publishable_by($user_id)
-	{
-		if ( ! $this->widget->restrict_publish) return true;
-		return ! Perm_Manager::is_student($user_id);
-	}
-
 	/**
 	 * Determine if a widget is playable
 	 * @return Array List of boolean values corresponding to: open, closed, opens, closes, will_open, will_close, always_open, and has_attempts

fuel/app/tests/api/v1.php

@@ -550,40 +550,21 @@ public function test_publish_verify()
 		//make sure we get an instance of a widget that restricts publish rights
 		$widget = $this->make_disposable_widget('RestrictPublish', true);
 
-		//get the author user's id for later
-		$author = $this->_as_author();
-
-		$this->_as_student();
-		$question = 'test';
-		$answer = 'test';
-		$qset = $this->create_new_qset($question, $answer);
-
-		$instance = Api_V1::widget_instance_new($widget->id, 'test', $qset, true);
-
-		//give author user access to the widget instance
-		$accessObj = new stdClass();
-		$accessObj->perms = [Perm::FULL => true];
-		$accessObj->expiration = null;
-		$accessObj->user_id = $author->id;
-		Api_V1::permissions_set(Perm::INSTANCE, $instance->id, [$accessObj]);
-
 		// ======= AS NO ONE ========
 		\Auth::logout();
-		$output = Api_V1::publish_verify($instance->id);
+		$output = Api_V1::publish_verify($widget->id);
 		$this->assertInstanceOf('\Materia\Msg', $output);
 		$this->assertEquals('Invalid Login', $output->title);
 
 		// ======= STUDENT ========
 		$this->_as_student();
-		$output = Api_V1::publish_verify($instance->id);
+		$output = Api_V1::publish_verify($widget->id);
 		$this->assertFalse($output);
 
 		// ======= AUTHOR ========
 		$this->_as_author();
-		$output = Api_V1::publish_verify($instance->id);
+		$output = Api_V1::publish_verify($widget->id);
 		$this->assertTrue($output);
-
-		Api_V1::widget_instance_delete($instance->id);
 	}
 
 	public function test_session_play_create()

fuel/app/tests/widgets/instance.php

@@ -63,20 +63,4 @@ public function test_duplicate_creates_new_id()
 		// make sure the new instance is different from the current demo
 		$this->assertNotEquals($inst_id, $duplicate->id);
 	}
-
-	public function test_publishable_by()
-	{
-		$widget = $this->make_disposable_widget('RestrictPublish', true);
-
-		$inst = new Widget_Instance(['widget' => $widget]);
-		$inst->db_get($widget->meta_data['demo'], false);
-
-		$student = $this->_as_student();
-		$output = $inst->publishable_by($student->id);
-		$this->assertFalse($output);
-
-		$author = $this->_as_author();
-		$output = $inst->publishable_by($author->id);
-		$this->assertTrue($output);
-	}
 }

fuel/app/tests/widgets/widget.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * @group App
+ * @group Widget
+ * @group Materia
+ */
+
+class Test_Widget extends \Basetest
+{
+	public function test_publishable_by()
+	{
+		$widget = $this->make_disposable_widget('RestrictPublish', true);
+
+		$student = $this->_as_student();
+		$output = $widget->publishable_by($student->id);
+		$this->assertFalse($output);
+
+		$author = $this->_as_author();
+		$output = $widget->publishable_by($author->id);
+		$this->assertTrue($output);
+	}
+}