Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
- Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/user/tests/ -> userselector_test.php (source)
Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403]
1 <?php 2 // This file is part of Moodle - https://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Provides {@link core_user_selector_testcase} class. 19 * 20 * @package core_user 21 * @category test 22 * @copyright 2018 David Mudrák <david@moodle.com> 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26 defined('MOODLE_INTERNAL') || die(); 27 28 global $CFG; 29 require_once($CFG->dirroot.'/user/selector/lib.php'); 30 require_once($CFG->dirroot.'/user/tests/fixtures/testable_user_selector.php'); 31 32 /** 33 * Tests for the implementation of {@link user_selector_base} class. 34 * 35 * @copyright 2018 David Mudrák <david@moodle.com> 36 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 37 */ 38 class core_user_selector_testcase extends advanced_testcase { 39 40 /** 41 * Setup the environment for the tests. 42 */ 43 protected function setup_hidden_siteidentity() { 44 global $CFG, $DB; 45 46 $CFG->showuseridentity = 'idnumber,country,city'; 47 $CFG->hiddenuserfields = 'country,city'; 48 49 $env = new stdClass(); 50 51 $env->student = $this->getDataGenerator()->create_user(); 52 $env->teacher = $this->getDataGenerator()->create_user(); 53 $env->manager = $this->getDataGenerator()->create_user(); 54 55 $env->course = $this->getDataGenerator()->create_course(); 56 $env->coursecontext = context_course::instance($env->course->id); 57 58 $env->teacherrole = $DB->get_record('role', array('shortname' => 'teacher')); 59 $env->studentrole = $DB->get_record('role', array('shortname' => 'student')); 60 $env->managerrole = $DB->get_record('role', array('shortname' => 'manager')); 61 62 role_assign($env->studentrole->id, $env->student->id, $env->coursecontext->id); 63 role_assign($env->teacherrole->id, $env->teacher->id, $env->coursecontext->id); 64 role_assign($env->managerrole->id, $env->manager->id, SYSCONTEXTID); 65 66 return $env; 67 } 68 69 /** 70 * No identity fields are not shown to student user (no permission to view identity fields). 71 */ 72 public function test_hidden_siteidentity_fields_no_access() { 73 $this->resetAfterTest(); 74 $env = $this->setup_hidden_siteidentity(); 75 $this->setUser($env->student); 76 77 $selector = new testable_user_selector('test'); 78 79 foreach ($selector->find_users('') as $found) { 80 foreach ($found as $user) { 81 $this->assertObjectNotHasAttribute('idnumber', $user); 82 $this->assertObjectNotHasAttribute('country', $user); 83 $this->assertObjectNotHasAttribute('city', $user); 84 } 85 } 86 } 87 88 /** 89 * Teacher can see students' identity fields only within the course. 90 */ 91 public function test_hidden_siteidentity_fields_course_only_access() { 92 $this->resetAfterTest(); 93 $env = $this->setup_hidden_siteidentity(); 94 $this->setUser($env->teacher); 95 96 $systemselector = new testable_user_selector('test'); 97 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]); 98 99 foreach ($systemselector->find_users('') as $found) { 100 foreach ($found as $user) { 101 $this->assertObjectNotHasAttribute('idnumber', $user); 102 $this->assertObjectNotHasAttribute('country', $user); 103 $this->assertObjectNotHasAttribute('city', $user); 104 } 105 } 106 107 foreach ($courseselector->find_users('') as $found) { 108 foreach ($found as $user) { 109 $this->assertObjectHasAttribute('idnumber', $user); 110 $this->assertObjectHasAttribute('country', $user); 111 $this->assertObjectHasAttribute('city', $user); 112 } 113 } 114 } 115 116 /** 117 * Teacher can be prevented from seeing students' identity fields even within the course. 118 */ 119 public function test_hidden_siteidentity_fields_course_prevented_access() { 120 $this->resetAfterTest(); 121 $env = $this->setup_hidden_siteidentity(); 122 $this->setUser($env->teacher); 123 124 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->teacherrole->id, $env->coursecontext->id); 125 126 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]); 127 128 foreach ($courseselector->find_users('') as $found) { 129 foreach ($found as $user) { 130 $this->assertObjectHasAttribute('idnumber', $user); 131 $this->assertObjectNotHasAttribute('country', $user); 132 $this->assertObjectNotHasAttribute('city', $user); 133 } 134 } 135 } 136 137 /** 138 * Manager can see students' identity fields anywhere. 139 */ 140 public function test_hidden_siteidentity_fields_anywhere_access() { 141 $this->resetAfterTest(); 142 $env = $this->setup_hidden_siteidentity(); 143 $this->setUser($env->manager); 144 145 $systemselector = new testable_user_selector('test'); 146 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]); 147 148 foreach ($systemselector->find_users('') as $found) { 149 foreach ($found as $user) { 150 $this->assertObjectHasAttribute('idnumber', $user); 151 $this->assertObjectHasAttribute('country', $user); 152 $this->assertObjectHasAttribute('city', $user); 153 } 154 } 155 156 foreach ($courseselector->find_users('') as $found) { 157 foreach ($found as $user) { 158 $this->assertObjectHasAttribute('idnumber', $user); 159 $this->assertObjectHasAttribute('country', $user); 160 $this->assertObjectHasAttribute('city', $user); 161 } 162 } 163 } 164 165 /** 166 * Manager can be prevented from seeing hidden fields outside the course. 167 */ 168 public function test_hidden_siteidentity_fields_schismatic_access() { 169 $this->resetAfterTest(); 170 $env = $this->setup_hidden_siteidentity(); 171 $this->setUser($env->manager); 172 173 // Revoke the capability to see hidden user fields outside the course. 174 // Note that inside the course, the manager can still see the hidden identifiers as this is currently 175 // controlled by a separate capability for legacy reasons. This is counter-intuitive behaviour and is 176 // likely to be fixed in MDL-51630. 177 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true); 178 179 $systemselector = new testable_user_selector('test'); 180 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]); 181 182 foreach ($systemselector->find_users('') as $found) { 183 foreach ($found as $user) { 184 $this->assertObjectHasAttribute('idnumber', $user); 185 $this->assertObjectNotHasAttribute('country', $user); 186 $this->assertObjectNotHasAttribute('city', $user); 187 } 188 } 189 190 foreach ($courseselector->find_users('') as $found) { 191 foreach ($found as $user) { 192 $this->assertObjectHasAttribute('idnumber', $user); 193 $this->assertObjectHasAttribute('country', $user); 194 $this->assertObjectHasAttribute('city', $user); 195 } 196 } 197 } 198 199 /** 200 * Two capabilities must be currently set to prevent manager from seeing hidden fields. 201 */ 202 public function test_hidden_siteidentity_fields_hard_to_prevent_access() { 203 $this->resetAfterTest(); 204 $env = $this->setup_hidden_siteidentity(); 205 $this->setUser($env->manager); 206 207 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true); 208 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true); 209 210 $systemselector = new testable_user_selector('test'); 211 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]); 212 213 foreach ($systemselector->find_users('') as $found) { 214 foreach ($found as $user) { 215 $this->assertObjectHasAttribute('idnumber', $user); 216 $this->assertObjectNotHasAttribute('country', $user); 217 $this->assertObjectNotHasAttribute('city', $user); 218 } 219 } 220 221 foreach ($courseselector->find_users('') as $found) { 222 foreach ($found as $user) { 223 $this->assertObjectHasAttribute('idnumber', $user); 224 $this->assertObjectNotHasAttribute('country', $user); 225 $this->assertObjectNotHasAttribute('city', $user); 226 } 227 } 228 } 229 230 /** 231 * For legacy reasons, user selectors supported ability to override $CFG->showuseridentity. 232 * 233 * However, this was found as violating the principle of respecting site privacy settings. So the feature has been 234 * dropped in Moodle 3.6. 235 */ 236 public function test_hidden_siteidentity_fields_explicit_extrafields() { 237 $this->resetAfterTest(); 238 $env = $this->setup_hidden_siteidentity(); 239 $this->setUser($env->manager); 240 241 $implicitselector = new testable_user_selector('test'); 242 $explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]); 243 244 $this->assertDebuggingCalled(); 245 246 foreach ($implicitselector->find_users('') as $found) { 247 foreach ($found as $user) { 248 $this->assertObjectHasAttribute('idnumber', $user); 249 $this->assertObjectHasAttribute('country', $user); 250 $this->assertObjectHasAttribute('city', $user); 251 $this->assertObjectNotHasAttribute('email', $user); 252 $this->assertObjectNotHasAttribute('department', $user); 253 } 254 } 255 256 foreach ($explicitselector->find_users('') as $found) { 257 foreach ($found as $user) { 258 $this->assertObjectHasAttribute('idnumber', $user); 259 $this->assertObjectHasAttribute('country', $user); 260 $this->assertObjectHasAttribute('city', $user); 261 $this->assertObjectNotHasAttribute('email', $user); 262 $this->assertObjectNotHasAttribute('department', $user); 263 } 264 } 265 } 266 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
