Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Merge branch 'MDL-52811_prevent_forcelang' of git://github.com/davosm…
- Loading branch information
|
@@ -592,6 +592,23 @@ public function prepare() { |
|
|
$coursedata['enddate'] = strtotime($coursedata['enddate']); |
|
|
} |
|
|
|
|
|
// If lang is specified, check the user is allowed to set that field. |
|
|
if (!empty($coursedata['lang'])) { |
|
|
if ($exists) { |
|
|
$courseid = $DB->get_field('course', 'id', ['shortname' => $this->shortname]); |
|
|
if (!has_capability('moodle/course:setforcedlanguage', context_course::instance($courseid))) { |
|
|
$this->error('cannotforcelang', new lang_string('cannotforcelang', 'tool_uploadcourse')); |
|
|
return false; |
|
|
} |
|
|
} else { |
|
|
$catcontext = context_coursecat::instance($coursedata['category']); |
|
|
if (!guess_if_creator_will_have_course_capability('moodle/course:setforcedlanguage', $catcontext)) { |
|
|
$this->error('cannotforcelang', new lang_string('cannotforcelang', 'tool_uploadcourse')); |
|
|
return false; |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
// Ultimate check mode vs. existence. |
|
|
switch ($mode) { |
|
|
case tool_uploadcourse_processor::MODE_CREATE_NEW: |
|
|
|
@@ -30,6 +30,7 @@ |
|
|
$string['allowresets_help'] = 'Whether the reset field is accepted or not.'; |
|
|
$string['cachedef_helper'] = 'Helper caching'; |
|
|
$string['cannotdeletecoursenotexist'] = 'Cannot delete a course that does not exist'; |
|
|
$string['cannotforcelang'] = 'No permission to force language for this course'; |
|
|
$string['cannotgenerateshortnameupdatemode'] = 'Cannot generate a shortname when updates are allowed'; |
|
|
$string['cannotreadbackupfile'] = 'Cannot read the backup file'; |
|
|
$string['cannotrenamecoursenotexist'] = 'Cannot rename a course that does not exist'; |
|
|
|
@@ -266,6 +266,8 @@ public function test_data_saved() { |
|
|
global $DB; |
|
|
$this->resetAfterTest(true); |
|
|
|
|
|
$this->setAdminUser(); // To avoid warnings related to 'moodle/course:setforcedlanguage' capability check. |
|
|
|
|
|
// Create. |
|
|
$mode = tool_uploadcourse_processor::MODE_CREATE_NEW; |
|
|
$updatemode = tool_uploadcourse_processor::UPDATE_NOTHING; |
|
|
|
@@ -1827,6 +1827,7 @@ public function process_course($data) { |
|
|
// When restoring to a new course we can set all the things except for the ID number. |
|
|
$canchangeidnumber = $isnewcourse || has_capability('moodle/course:changeidnumber', $context, $userid); |
|
|
$canchangesummary = $isnewcourse || has_capability('moodle/course:changesummary', $context, $userid); |
|
|
$canforcelanguage = has_capability('moodle/course:setforcedlanguage', $context, $userid); |
|
|
|
|
|
$data = (object)$data; |
|
|
$data->id = $this->get_courseid(); |
|
@@ -1851,6 +1852,11 @@ public function process_course($data) { |
|
|
unset($data->summaryformat); |
|
|
} |
|
|
|
|
|
// Unset lang if user can't change it. |
|
|
if (!$canforcelanguage) { |
|
|
unset($data->lang); |
|
|
} |
|
|
|
|
|
// Only allow the idnumber to be set if the user has permission and the idnumber is not already in use by |
|
|
// another course on this site. |
|
|
if (!empty($data->idnumber) && $canchangeidnumber && $this->task->is_samesite() |
|
@@ -1889,7 +1895,7 @@ public function process_course($data) { |
|
|
$data->completionnotify = 0; |
|
|
} |
|
|
$languages = get_string_manager()->get_list_of_translations(); // Get languages for quick search |
|
|
if (!array_key_exists($data->lang, $languages)) { |
|
|
if (isset($data->lang) && !array_key_exists($data->lang, $languages)) { |
|
|
$data->lang = ''; |
|
|
} |
|
|
|
|
|
|
@@ -205,8 +205,11 @@ function definition() { |
|
|
$languages=array(); |
|
|
$languages[''] = get_string('forceno'); |
|
|
$languages += get_string_manager()->get_list_of_translations(); |
|
|
$mform->addElement('select', 'lang', get_string('forcelanguage'), $languages); |
|
|
$mform->setDefault('lang', $courseconfig->lang); |
|
|
if ((empty($course->id) && guess_if_creator_will_have_course_capability('moodle/course:setforcedlanguage', $categorycontext)) |
|
|
|| (!empty($course->id) && has_capability('moodle/course:setforcedlanguage', $coursecontext))) { |
|
|
$mform->addElement('select', 'lang', get_string('forcelanguage'), $languages); |
|
|
$mform->setDefault('lang', $courseconfig->lang); |
|
|
} |
|
|
|
|
|
// Multi-Calendar Support - see MDL-18375. |
|
|
$calendartypes = \core_calendar\type_factory::get_list_of_calendar_types(); |
|
|
|
@@ -713,8 +713,13 @@ public static function create_courses($courses) { |
|
|
require_capability('moodle/course:create', $context); |
|
|
|
|
|
// Make sure lang is valid |
|
|
if (array_key_exists('lang', $course) and empty($availablelangs[$course['lang']])) { |
|
|
throw new moodle_exception('errorinvalidparam', 'webservice', '', 'lang'); |
|
|
if (array_key_exists('lang', $course)) { |
|
|
if (empty($availablelangs[$course['lang']])) { |
|
|
throw new moodle_exception('errorinvalidparam', 'webservice', '', 'lang'); |
|
|
} |
|
|
if (!has_capability('moodle/course:setforcedlanguage', $context)) { |
|
|
unset($course['lang']); |
|
|
} |
|
|
} |
|
|
|
|
|
// Make sure theme is valid |
|
@@ -911,8 +916,11 @@ public static function update_courses($courses) { |
|
|
} |
|
|
|
|
|
// Make sure lang is valid. |
|
|
if (array_key_exists('lang', $course) && empty($availablelangs[$course['lang']])) { |
|
|
throw new moodle_exception('errorinvalidparam', 'webservice', '', 'lang'); |
|
|
if (array_key_exists('lang', $course) && ($oldcourse->lang != $course['lang'])) { |
|
|
require_capability('moodle/course:setforcedlanguage', $context); |
|
|
if (empty($availablelangs[$course['lang']])) { |
|
|
throw new moodle_exception('errorinvalidparam', 'webservice', '', 'lang'); |
|
|
} |
|
|
} |
|
|
|
|
|
// Make sure theme is valid. |
|
|
|
@@ -412,6 +412,7 @@ public function test_create_courses() { |
|
|
$contextid = context_system::instance()->id; |
|
|
$roleid = $this->assignUserCapability('moodle/course:create', $contextid); |
|
|
$this->assignUserCapability('moodle/course:visibility', $contextid, $roleid); |
|
|
$this->assignUserCapability('moodle/course:setforcedlanguage', $contextid, $roleid); |
|
|
|
|
|
$category = self::getDataGenerator()->create_category(); |
|
|
|
|
@@ -1129,6 +1130,7 @@ public function test_update_courses() { |
|
|
$this->assignUserCapability('moodle/course:changesummary', $contextid, $roleid); |
|
|
$this->assignUserCapability('moodle/course:visibility', $contextid, $roleid); |
|
|
$this->assignUserCapability('moodle/course:viewhiddencourses', $contextid, $roleid); |
|
|
$this->assignUserCapability('moodle/course:setforcedlanguage', $contextid, $roleid); |
|
|
|
|
|
// Create category and course. |
|
|
$category1 = self::getDataGenerator()->create_category(); |
|
|
|
@@ -164,6 +164,7 @@ |
|
|
$string['course:changesummary'] = 'Change course summary'; |
|
|
$string['course:enrolconfig'] = 'Configure enrol instances in courses'; |
|
|
$string['course:enrolreview'] = 'Review course enrolments'; |
|
|
$string['course:setforcedlanguage'] = 'Force course language'; |
|
|
$string['course:ignoreavailabilityrestrictions'] = 'Ignore availability restrictions'; |
|
|
$string['course:ignorefilesizelimits'] = 'Use files larger than any file size restrictions'; |
|
|
$string['course:isincompletionreports'] = 'Be shown on completion reports'; |
|
|
|
@@ -1062,6 +1062,16 @@ |
|
|
'clonepermissionsfrom' => 'moodle/course:update' |
|
|
), |
|
|
|
|
|
'moodle/course:setforcedlanguage' => array( |
|
|
'captype' => 'write', |
|
|
'contextlevel' => CONTEXT_COURSE, |
|
|
'archetypes' => array( |
|
|
'editingteacher' => CAP_ALLOW, |
|
|
'manager' => CAP_ALLOW |
|
|
), |
|
|
'clonepermissionsfrom' => 'moodle/course:update' |
|
|
), |
|
|
|
|
|
|
|
|
'moodle/site:viewparticipants' => array( |
|
|
|
|
|