Skip to content

Commit

Permalink
MDL-28488 backup - make backup and import capabilities independent
Browse files Browse the repository at this point in the history 
Before this change, in order to perform one course import it was
necessary to have both the backupcourse and the backuptargetimport
capabilities. After agreement now each one will control its own
backup mode. Same applies for restore.
  • Loading branch information
@stronk7
stronk7 committed Sep 9, 2011
1 parent 8645a28 commit 77c2ca6
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 48 deletions.
46 changes: 22 additions & 24 deletions backup/util/checks/backup_check.class.php
View file
Expand Up @@ -102,45 +102,31 @@ public static function check_security($backup_controller, $apply) {
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course backup, not current $USER at all!!

// First of all, check the main backup[course|section|activity] principal caps
// Lacking the corresponding one makes this to break with exception always
// First of all, decide which caps/contexts are we going to check
// for common backups (general, automated...) based exclusively
// in the type (course, section, activity). And store them into
// one capability => context array structure
$typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
$DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
if (!has_capability('moodle/backup:backupcourse', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/backup:backupcourse';
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
$typecapstocheck['moodle/backup:backupcourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
$DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
if (!has_capability('moodle/backup:backupsection', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/backup:backupsection';
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
$typecapstocheck['moodle/backup:backupsection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
$modulectx = get_context_instance(CONTEXT_MODULE, $id);
if (!has_capability('moodle/backup:backupactivity', $modulectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->cmid = $id;
$a->capability = 'moodle/backup:backupactivity';
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
$typecapstocheck['moodle/backup:backupactivity'] = $modulectx;
break;
default :
print_error('unknownbackuptype');
throw new backup_controller_exception('backup_unknown_backup_type', $type);
}

// Now, if backup mode is hub or import, check userid has permissions for those modes
// other modes will perform common checks only (backupxxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_HUB:
if (!has_capability('moodle/backup:backuptargethub', $coursectx, $userid)) {
Expand All @@ -160,6 +146,18 @@ public static function check_security($backup_controller, $apply) {
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
break;
// Common backup (general, automated...), let's check all the $typecapstocheck
// capability => context pairs
default:
foreach ($typecapstocheck as $capability => $context) {
if (!has_capability($capability, $context, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = $capability;
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
}
}

// Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
Expand Down
46 changes: 22 additions & 24 deletions backup/util/checks/restore_check.class.php
View file
Expand Up @@ -68,41 +68,27 @@ public static function check_security($restore_controller, $apply) {
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course restore, not current $USER at all!!

// First of all, check the main restore[course|section|activity] principal caps
// Lacking the corresponding one makes this to break with exception always
// First of all, decide which caps/contexts are we going to check
// for common backups (general, automated...) based exclusively
// in the type (course, section, activity). And store them into
// one capability => context array structure
$typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
if (!has_capability('moodle/restore:restorecourse', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/restore:restorecourse';
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
$typecapstocheck['moodle/restore:restorecourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
if (!has_capability('moodle/restore:restoresection', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/restore:restoresection';
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
$typecapstocheck['moodle/restore:restoresection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
if (!has_capability('moodle/restore:restoreactivity', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/restore:restoreactivity';
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
$typecapstocheck['moodle/restore:restoreactivity'] = $coursectx;
break;
default :
print_error('unknownrestoretype');
throw new restore_controller_exception('restore_unknown_restore_type', $type);
}

// Now, if restore mode is hub or import, check userid has permissions for those modes
// other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_HUB:
if (!has_capability('moodle/restore:restoretargethub', $coursectx, $userid)) {
Expand All @@ -122,6 +108,18 @@ public static function check_security($restore_controller, $apply) {
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
break;
// Common backup (general, automated...), let's check all the $typecapstocheck
// capability => context pairs
default:
foreach ($typecapstocheck as $capability => $context) {
if (!has_capability($capability, $context, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = $capability;
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
}
}

// Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed,
Expand Down

0 comments on commit 77c2ca6

Please sign in to comment.