Permalink
Browse files

MDL-28488 backup - make backup and import capabilities independent

Before this change, in order to perform one course import it was
necessary to have both the backupcourse and the backuptargetimport
capabilities. After agreement now each one will control its own
backup mode. Same applies for restore.
  • Loading branch information...
stronk7 committed Sep 9, 2011
1 parent 4f65f98 commit f850a316f7657bf090b5f10957ad9cf97214dc8d
Showing with 44 additions and 48 deletions.
  1. +22 −24 backup/util/checks/backup_check.class.php
  2. +22 −24 backup/util/checks/restore_check.class.php
@@ -102,45 +102,31 @@ public static function check_security($backup_controller, $apply) {
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course backup, not current $USER at all!!
- // First of all, check the main backup[course|section|activity] principal caps
- // Lacking the corresponding one makes this to break with exception always
+ // First of all, decide which caps/contexts are we going to check
+ // for common backups (general, automated...) based exclusively
+ // in the type (course, section, activity). And store them into
+ // one capability => context array structure
+ $typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
$DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
- if (!has_capability('moodle/backup:backupcourse', $coursectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->courseid = $courseid;
- $a->capability = 'moodle/backup:backupcourse';
- throw new backup_controller_exception('backup_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/backup:backupcourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
$DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
- if (!has_capability('moodle/backup:backupsection', $coursectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->courseid = $courseid;
- $a->capability = 'moodle/backup:backupsection';
- throw new backup_controller_exception('backup_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/backup:backupsection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
$modulectx = get_context_instance(CONTEXT_MODULE, $id);
- if (!has_capability('moodle/backup:backupactivity', $modulectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->cmid = $id;
- $a->capability = 'moodle/backup:backupactivity';
- throw new backup_controller_exception('backup_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/backup:backupactivity'] = $modulectx;
break;
default :
- print_error('unknownbackuptype');
+ throw new backup_controller_exception('backup_unknown_backup_type', $type);
}
// Now, if backup mode is hub or import, check userid has permissions for those modes
+ // other modes will perform common checks only (backupxxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_HUB:
if (!has_capability('moodle/backup:backuptargethub', $coursectx, $userid)) {
@@ -160,6 +146,18 @@ public static function check_security($backup_controller, $apply) {
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
break;
+ // Common backup (general, automated...), let's check all the $typecapstocheck
+ // capability => context pairs
+ default:
+ foreach ($typecapstocheck as $capability => $context) {
+ if (!has_capability($capability, $context, $userid)) {
+ $a = new stdclass();
+ $a->userid = $userid;
+ $a->courseid = $courseid;
+ $a->capability = $capability;
+ throw new backup_controller_exception('backup_user_missing_capability', $a);
+ }
+ }
}
// Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
@@ -68,41 +68,27 @@ public static function check_security($restore_controller, $apply) {
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course restore, not current $USER at all!!
- // First of all, check the main restore[course|section|activity] principal caps
- // Lacking the corresponding one makes this to break with exception always
+ // First of all, decide which caps/contexts are we going to check
+ // for common backups (general, automated...) based exclusively
+ // in the type (course, section, activity). And store them into
+ // one capability => context array structure
+ $typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
- if (!has_capability('moodle/restore:restorecourse', $coursectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->courseid = $courseid;
- $a->capability = 'moodle/restore:restorecourse';
- throw new restore_controller_exception('restore_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/restore:restorecourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
- if (!has_capability('moodle/restore:restoresection', $coursectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->courseid = $courseid;
- $a->capability = 'moodle/restore:restoresection';
- throw new restore_controller_exception('restore_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/restore:restoresection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
- if (!has_capability('moodle/restore:restoreactivity', $coursectx, $userid)) {
- $a = new stdclass();
- $a->userid = $userid;
- $a->courseid = $courseid;
- $a->capability = 'moodle/restore:restoreactivity';
- throw new restore_controller_exception('restore_user_missing_capability', $a);
- }
+ $typecapstocheck['moodle/restore:restoreactivity'] = $coursectx;
break;
default :
- print_error('unknownrestoretype');
+ throw new restore_controller_exception('restore_unknown_restore_type', $type);
}
// Now, if restore mode is hub or import, check userid has permissions for those modes
+ // other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_HUB:
if (!has_capability('moodle/restore:restoretargethub', $coursectx, $userid)) {
@@ -122,6 +108,18 @@ public static function check_security($restore_controller, $apply) {
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
break;
+ // Common backup (general, automated...), let's check all the $typecapstocheck
+ // capability => context pairs
+ default:
+ foreach ($typecapstocheck as $capability => $context) {
+ if (!has_capability($capability, $context, $userid)) {
+ $a = new stdclass();
+ $a->userid = $userid;
+ $a->courseid = $courseid;
+ $a->capability = $capability;
+ throw new restore_controller_exception('restore_user_missing_capability', $a);
+ }
+ }
}
// Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed,

0 comments on commit f850a31

Please sign in to comment.