MDL-66376 webservice: Return user private access key for fetching files

moodle · Aug 29, 2019 · cd43240 · cd43240
1 parent 0dca957
commit cd43240
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/webservice/externallib.php b/webservice/externallib.php
@@ -207,6 +207,9 @@ public static function get_site_info($serviceshortnames = array()) {
             $siteinfo['usercalendartype'] = $USER->calendartype;
         }
 
+        // User key, to avoid using the WS token for fetching assets.
+        $siteinfo['userprivateaccesskey'] = get_user_key('core_files', $USER->id);
+
         // Current theme.
         $siteinfo['theme'] = clean_param($PAGE->theme->name, PARAM_THEME);  // We always clean to avoid problem with old sites.
 
@@ -272,6 +275,8 @@ public static function get_site_info_returns() {
                 'userhomepage' => new external_value(PARAM_INT,
                                                         'the default home page for the user: 0 for the site home, 1 for dashboard',
                                                         VALUE_OPTIONAL),
+                'userprivateaccesskey'  => new external_value(PARAM_ALPHANUM, 'Private user access key for fetching files.',
+                    VALUE_OPTIONAL),
                 'siteid'  => new external_value(PARAM_INT, 'Site course ID', VALUE_OPTIONAL),
                 'sitecalendartype'  => new external_value(PARAM_PLUGIN, 'Calendar type set in the site.', VALUE_OPTIONAL),
                 'usercalendartype'  => new external_value(PARAM_PLUGIN, 'Calendar typed used by the user.', VALUE_OPTIONAL),

diff --git a/webservice/tests/externallib_test.php b/webservice/tests/externallib_test.php
@@ -122,6 +122,8 @@ public function test_get_site_info() {
         // covered below for admin user. This test is for user not allowed to ignore limits.
         $this->assertEquals(get_max_upload_file_size($maxbytes), $siteinfo['usermaxuploadfilesize']);
         $this->assertEquals(true, $siteinfo['usercanmanageownfiles']);
+        $userkey = get_user_key('core_files', $USER->id);
+        $this->assertEquals($userkey, $siteinfo['userprivateaccesskey']);
 
         $this->assertEquals(HOMEPAGE_MY, $siteinfo['userhomepage']);
         $this->assertEquals($CFG->calendartype, $siteinfo['sitecalendartype']);

diff --git a/webservice/upgrade.txt b/webservice/upgrade.txt
@@ -9,6 +9,9 @@ This information is intended for authors of webservices, not people writing webs
   is passed and the web service call does not require the user to be logged in we will attempt to use GET for the
   request. This allows for things like proxy caching on URLs. The cache key must be changed if we do not want to
   retrieve what has been cached and want to perform the request again.
+* External function core_webservice_external::get_site_info() now returns the user private access key "userprivateaccesskey".
+  This key could be used for fetching files via the tokenpluginfile.php script instead webservice/pluginfile.php to avoid
+  multiple GET requests that include the WS token as a visible parameter.
 
 === 3.7 ===