Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
- Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/backup/util/checks/ -> backup_check.class.php (source)
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * @package moodlecore 20 * @subpackage backup-factories 21 * @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com} 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 /** 26 * Non instantiable helper class providing different backup checks 27 * 28 * This class contains various static methods available in order to easily 29 * perform a bunch of backup architecture tests 30 * 31 * TODO: Finish phpdocs 32 */ 33 abstract class backup_check { 34 35 public static function check_format_and_type($format, $type) { 36 global $CFG; 37 38 $file = $CFG->dirroot . '/backup/' . $format . '/backup_plan_builder.class.php'; 39 if (! file_exists($file)) { 40 throw new backup_controller_exception('backup_check_unsupported_format', $format); 41 } 42 require_once($file); 43 if (!in_array($type, backup_plan_builder::supported_backup_types())) { 44 throw new backup_controller_exception('backup_check_unsupported_type', $type); 45 } 46 47 require_once($CFG->dirroot . '/backup/moodle2/backup_plan_builder.class.php'); 48 } 49 50 public static function check_id($type, $id) { 51 global $DB; 52 switch ($type) { 53 case backup::TYPE_1ACTIVITY: 54 // id must exist in course_modules table 55 if (! $DB->record_exists('course_modules', array('id' => $id))) { 56 throw new backup_controller_exception('backup_check_module_not_exists', $id); 57 } 58 break; 59 case backup::TYPE_1SECTION: 60 // id must exist in course_sections table 61 if (! $DB->record_exists('course_sections', array('id' => $id))) { 62 throw new backup_controller_exception('backup_check_section_not_exists', $id); 63 } 64 break; 65 case backup::TYPE_1COURSE: 66 // id must exist in course table 67 if (! $DB->record_exists('course', array('id' => $id))) { 68 throw new backup_controller_exception('backup_check_course_not_exists', $id); 69 } 70 break; 71 default: 72 throw new backup_controller_exception('backup_check_incorrect_type', $type); 73 } 74 return true; 75 } 76 77 public static function check_user($userid) { 78 global $DB; 79 // userid must exist in user table 80 if (! $DB->record_exists('user', array('id' => $userid))) { 81 throw new backup_controller_exception('backup_check_user_not_exists', $userid); 82 } 83 return true; 84 } 85 86 public static function check_security($backup_controller, $apply) { 87 global $DB; 88 89 if (! $backup_controller instanceof backup_controller) { 90 throw new backup_controller_exception('backup_check_security_requires_backup_controller'); 91 } 92 $backup_controller->log('checking plan security', backup::LOG_INFO); 93 94 // Some handy vars 95 $type = $backup_controller->get_type(); 96 $mode = $backup_controller->get_mode(); 97 $courseid = $backup_controller->get_courseid(); 98 $coursectx= context_course::instance($courseid); 99 $userid = $backup_controller->get_userid(); 100 $id = $backup_controller->get_id(); // courseid / sectionid / cmid 101 102 // Note: all the checks along the function MUST be performed for $userid, that 103 // is the user who "requested" the course backup, not current $USER at all!! 104 105 // First of all, decide which caps/contexts are we going to check 106 // for common backups (general, automated...) based exclusively 107 // in the type (course, section, activity). And store them into 108 // one capability => context array structure 109 $typecapstocheck = array(); 110 switch ($type) { 111 case backup::TYPE_1COURSE : 112 $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists 113 $typecapstocheck['moodle/backup:backupcourse'] = $coursectx; 114 break; 115 case backup::TYPE_1SECTION : 116 $DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists 117 $typecapstocheck['moodle/backup:backupsection'] = $coursectx; 118 break; 119 case backup::TYPE_1ACTIVITY : 120 get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists 121 $modulectx = context_module::instance($id); 122 $typecapstocheck['moodle/backup:backupactivity'] = $modulectx; 123 break; 124 default : 125 throw new backup_controller_exception('backup_unknown_backup_type', $type); 126 } 127 128 // Now, if backup mode is hub or import, check userid has permissions for those modes 129 // other modes will perform common checks only (backupxxxx capabilities in $typecapstocheck) 130 switch ($mode) { 131 case backup::MODE_IMPORT: 132 if (!has_capability('moodle/backup:backuptargetimport', $coursectx, $userid)) { 133 $a = new stdclass(); 134 $a->userid = $userid; 135 $a->courseid = $courseid; 136 $a->capability = 'moodle/backup:backuptargetimport'; 137 throw new backup_controller_exception('backup_user_missing_capability', $a); 138 } 139 break; 140 // Common backup (general, automated...), let's check all the $typecapstocheck 141 // capability => context pairs 142 default: 143 foreach ($typecapstocheck as $capability => $context) { 144 if (!has_capability($capability, $context, $userid)) { 145 $a = new stdclass(); 146 $a->userid = $userid; 147 $a->courseid = $courseid; 148 $a->capability = $capability; 149 throw new backup_controller_exception('backup_user_missing_capability', $a); 150 } 151 } 152 } 153 154 // Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed, 155 // else throwing exception 156 $userssetting = $backup_controller->get_plan()->get_setting('users'); 157 $prevvalue = $userssetting->get_value(); 158 $prevstatus = $userssetting->get_status(); 159 $hasusercap = has_capability('moodle/backup:userinfo', $coursectx, $userid); 160 161 // If setting is enabled but user lacks permission 162 if (!$hasusercap) { // If user has not the capability 163 // Now analyse if we are allowed to apply changes or must stop with exception 164 if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception 165 $a = new stdclass(); 166 $a->setting = 'users'; 167 $a->value = $prevvalue; 168 $a->capability = 'moodle/backup:userinfo'; 169 throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a); 170 171 } else { // Can apply changes 172 // If it is already false, we don't want to try and set it again, because if it is 173 // already locked, and exception will occur. The side benifit is if it is true and locked 174 // we will get an exception... 175 if ($prevvalue) { 176 $userssetting->set_value(false); // Set the value to false 177 } 178 $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm 179 } 180 } 181 182 // Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed, 183 // else throwing exception 184 $anonsetting = $backup_controller->get_plan()->get_setting('anonymize'); 185 $prevvalue = $anonsetting->get_value(); 186 $prevstatus = $anonsetting->get_status(); 187 $hasanoncap = has_capability('moodle/backup:anonymise', $coursectx, $userid); 188 189 // If setting is enabled but user lacks permission 190 if (!$hasanoncap) { // If user has not the capability 191 // Now analyse if we are allowed to apply changes or must stop with exception 192 if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception 193 $a = new stdclass(); 194 $a->setting = 'anonymize'; 195 $a->value = $prevvalue; 196 $a->capability = 'moodle/backup:anonymise'; 197 throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a); 198 199 } else { // Can apply changes 200 if ($prevvalue) { // If we try and set it back to false and it has already been locked, error will occur 201 $anonsetting->set_value(false); // Set the value to false 202 } 203 $anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm 204 } 205 } 206 207 // Now, if mode is HUB or IMPORT, and still we are including users in backup, turn them off 208 // Defaults processing should have handled this, but we need to be 100% sure 209 if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) { 210 $userssetting = $backup_controller->get_plan()->get_setting('users'); 211 if ($userssetting->get_value()) { 212 $userssetting->set_value(false); // Set the value to false 213 $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm 214 } 215 } 216 217 // Check the user has the ability to configure the backup. If not then we need 218 // to lock all settings by permission so that no changes can be made. This does 219 // not apply to the import facility, where the activities must be always enabled 220 // to be able to pick them 221 if ($mode != backup::MODE_IMPORT) { 222 $hasconfigcap = has_capability('moodle/backup:configure', $coursectx, $userid); 223 if (!$hasconfigcap) { 224 $settings = $backup_controller->get_plan()->get_settings(); 225 foreach ($settings as $setting) { 226 if ($setting->get_name() == 'filename') { 227 continue; 228 } 229 $setting->set_status(base_setting::LOCKED_BY_PERMISSION); 230 } 231 } 232 } 233 234 return true; 235 } 236 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
