Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'w36_MDL-35145_m23_guestdelete' of git://github.com/skod…

…ak/moodle into MOODLE_23_STABLE
  • Loading branch information...
commit e815aa8e043a66aa5e2a9317ea377beb27d6535b 2 parents e78698c + 45f9c2d
Eloy Lafuente (stronk7) stronk7 authored
Showing with 92 additions and 2 deletions.
  1. +32 −2 lib/moodlelib.php
  2. +60 −0 lib/tests/moodlelib_test.php
34 lib/moodlelib.php
View
@@ -3915,15 +3915,45 @@ function truncate_userinfo($info) {
* Any plugin that needs to purge user data should register the 'user_deleted' event.
*
* @param stdClass $user full user object before delete
- * @return boolean always true
+ * @return boolean success
+ * @throws coding_exception if invalid $user parameter detected
*/
-function delete_user($user) {
+function delete_user(stdClass $user) {
global $CFG, $DB;
require_once($CFG->libdir.'/grouplib.php');
require_once($CFG->libdir.'/gradelib.php');
require_once($CFG->dirroot.'/message/lib.php');
require_once($CFG->dirroot.'/tag/lib.php');
+ // Make sure nobody sends bogus record type as parameter.
+ if (!property_exists($user, 'id') or !property_exists($user, 'username')) {
+ throw new coding_exception('Invalid $user parameter in delete_user() detected');
+ }
+
+ // Better not trust the parameter and fetch the latest info,
+ // this will be very expensive anyway.
+ if (!$user = $DB->get_record('user', array('id'=>$user->id))) {
+ debugging('Attempt to delete unknown user account.');
+ return false;
+ }
+
+ // There must be always exactly one guest record,
+ // originally the guest account was identified by username only,
+ // now we use $CFG->siteguest for performance reasons.
+ if ($user->username === 'guest' or isguestuser($user)) {
+ debugging('Guest user account can not be deleted.');
+ return false;
+ }
+
+ // Admin can be theoretically from different auth plugin,
+ // but we want to prevent deletion of internal accoutns only,
+ // if anything goes wrong ppl may force somebody to be admin via
+ // config.php setting $CFG->siteadmins.
+ if ($user->auth === 'manual' and is_siteadmin($user)) {
+ debugging('Local administrator accounts can not be deleted.');
+ return false;
+ }
+
// delete all grades - backup is kept in grade_grades_history table
grade_user_delete($user->id);
60 lib/tests/moodlelib_test.php
View
@@ -1910,4 +1910,64 @@ public function test_format_float() {
$this->assertEquals('5.43000', format_float(5.43, 5, false));
$this->assertEquals('5.43', format_float(5.43, 5, false, true));
}
+
+ /**
+ * Test deleting of users.
+ */
+ public function test_delete_user() {
+ global $DB, $CFG;
+
+ $this->resetAfterTest();
+
+ $guest = $DB->get_record('user', array('id'=>$CFG->siteguest), '*', MUST_EXIST);
+ $admin = $DB->get_record('user', array('id'=>$CFG->siteadmins), '*', MUST_EXIST);
+ $this->assertEquals(0, $DB->count_records('user', array('deleted'=>1)));
+
+ $user = $this->getDataGenerator()->create_user(array('idnumber'=>'abc'));
+ $user2 = $this->getDataGenerator()->create_user(array('idnumber'=>'xyz'));
+
+ $result = delete_user($user);
+ $this->assertTrue($result);
+ $deluser = $DB->get_record('user', array('id'=>$user->id), '*', MUST_EXIST);
+ $this->assertEquals(1, $deluser->deleted);
+ $this->assertEquals(0, $deluser->picture);
+ $this->assertSame('', $deluser->idnumber);
+ $this->assertSame(md5($user->username), $deluser->email);
+ $this->assertRegExp('/^'.preg_quote($user->email, '/').'\.\d*$/', $deluser->username);
+
+ $this->assertEquals(1, $DB->count_records('user', array('deleted'=>1)));
+
+ // Try invalid params.
+
+ $record = new stdClass();
+ $record->grrr = 1;
+ try {
+ delete_user($record);
+ $this->fail('Expecting exception for invalid delete_user() $user parameter');
+ } catch (coding_exception $e) {
+ $this->assertTrue(true);
+ }
+ $record->id = 1;
+ try {
+ delete_user($record);
+ $this->fail('Expecting exception for invalid delete_user() $user parameter');
+ } catch (coding_exception $e) {
+ $this->assertTrue(true);
+ }
+
+ $CFG->debug = DEBUG_MINIMAL; // Prevent standard debug warnings.
+
+ $record = new stdClass();
+ $record->id = 666;
+ $record->username = 'xx';
+ $this->assertFalse($DB->record_exists('user', array('id'=>666))); // Any non-existent id is ok.
+ $result = delete_user($record);
+ $this->assertFalse($result);
+
+ $result = delete_user($guest);
+ $this->assertFalse($result);
+
+ $result = delete_user($admin);
+ $this->assertFalse($result);
+ }
}
Please sign in to comment.
Something went wrong with that request. Please try again.