Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
   1  <?php
   2  
   3  // This file is part of Moodle - http://moodle.org/
   4  //
   5  // Moodle is free software: you can redistribute it and/or modify
   6  // it under the terms of the GNU General Public License as published by
   7  // the Free Software Foundation, either version 3 of the License, or
   8  // (at your option) any later version.
   9  //
  10  // Moodle is distributed in the hope that it will be useful,
  11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  // GNU General Public License for more details.
  14  //
  15  // You should have received a copy of the GNU General Public License
  16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17  
  18  /**
  19   * @package    moodlecore
  20   * @subpackage backup-factories
  21   * @copyright  2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  /**
  26   * Non instantiable helper class providing different backup checks
  27   *
  28   * This class contains various static methods available in order to easily
  29   * perform a bunch of backup architecture tests
  30   *
  31   * TODO: Finish phpdocs
  32   */
  33  abstract class backup_check {
  34  
  35      public static function check_format_and_type($format, $type) {
  36          global $CFG;
  37  
  38          $file = $CFG->dirroot . '/backup/' . $format . '/backup_plan_builder.class.php';
  39          if (! file_exists($file)) {
  40              throw new backup_controller_exception('backup_check_unsupported_format', $format);
  41          }
  42          require_once($file);
  43          if (!in_array($type, backup_plan_builder::supported_backup_types())) {
  44              throw new backup_controller_exception('backup_check_unsupported_type', $type);
  45          }
  46  
  47          require_once($CFG->dirroot . '/backup/moodle2/backup_plan_builder.class.php');
  48      }
  49  
  50      public static function check_id($type, $id) {
  51          global $DB;
  52          switch ($type) {
  53              case backup::TYPE_1ACTIVITY:
  54                  // id must exist in course_modules table
  55                  if (! $DB->record_exists('course_modules', array('id' => $id))) {
  56                      throw new backup_controller_exception('backup_check_module_not_exists', $id);
  57                  }
  58                  break;
  59              case backup::TYPE_1SECTION:
  60                  // id must exist in course_sections table
  61                  if (! $DB->record_exists('course_sections', array('id' => $id))) {
  62                      throw new backup_controller_exception('backup_check_section_not_exists', $id);
  63                  }
  64                  break;
  65              case backup::TYPE_1COURSE:
  66                  // id must exist in course table
  67                  if (! $DB->record_exists('course', array('id' => $id))) {
  68                      throw new backup_controller_exception('backup_check_course_not_exists', $id);
  69                  }
  70                  break;
  71              default:
  72                  throw new backup_controller_exception('backup_check_incorrect_type', $type);
  73          }
  74          return true;
  75      }
  76  
  77      public static function check_user($userid) {
  78          global $DB;
  79          // userid must exist in user table
  80          if (! $DB->record_exists('user', array('id' => $userid))) {
  81              throw new backup_controller_exception('backup_check_user_not_exists', $userid);
  82          }
  83          return true;
  84      }
  85  
  86      public static function check_security($backup_controller, $apply) {
  87          global $DB;
  88  
  89          if (! $backup_controller instanceof backup_controller) {
  90              throw new backup_controller_exception('backup_check_security_requires_backup_controller');
  91          }
  92          $backup_controller->log('checking plan security', backup::LOG_INFO);
  93  
  94          // Some handy vars
  95          $type     = $backup_controller->get_type();
  96          $mode     = $backup_controller->get_mode();
  97          $courseid = $backup_controller->get_courseid();
  98          $coursectx= context_course::instance($courseid);
  99          $userid   = $backup_controller->get_userid();
 100          $id       = $backup_controller->get_id(); // courseid / sectionid / cmid
 101  
 102          // Note: all the checks along the function MUST be performed for $userid, that
 103          // is the user who "requested" the course backup, not current $USER at all!!
 104  
 105          // First of all, decide which caps/contexts are we going to check
 106          // for common backups (general, automated...) based exclusively
 107          // in the type (course, section, activity). And store them into
 108          // one capability => context array structure
 109          $typecapstocheck = array();
 110          switch ($type) {
 111              case backup::TYPE_1COURSE :
 112                  $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
 113                  $typecapstocheck['moodle/backup:backupcourse'] = $coursectx;
 114                  break;
 115              case backup::TYPE_1SECTION :
 116                  $DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
 117                  $typecapstocheck['moodle/backup:backupsection'] = $coursectx;
 118                  break;
 119              case backup::TYPE_1ACTIVITY :
 120                  get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
 121                  $modulectx = context_module::instance($id);
 122                  $typecapstocheck['moodle/backup:backupactivity'] = $modulectx;
 123                  break;
 124              default :
 125                  throw new backup_controller_exception('backup_unknown_backup_type', $type);
 126          }
 127  
 128          // Now, if backup mode is hub or import, check userid has permissions for those modes
 129          // other modes will perform common checks only (backupxxxx capabilities in $typecapstocheck)
 130          switch ($mode) {
 131              case backup::MODE_IMPORT:
 132                  if (!has_capability('moodle/backup:backuptargetimport', $coursectx, $userid)) {
 133                      $a = new stdclass();
 134                      $a->userid = $userid;
 135                      $a->courseid = $courseid;
 136                      $a->capability = 'moodle/backup:backuptargetimport';
 137                      throw new backup_controller_exception('backup_user_missing_capability', $a);
 138                  }
 139                  break;
 140              // Common backup (general, automated...), let's check all the $typecapstocheck
 141              // capability => context pairs
 142              default:
 143                  foreach ($typecapstocheck as $capability => $context) {
 144                      if (!has_capability($capability, $context, $userid)) {
 145                          $a = new stdclass();
 146                          $a->userid = $userid;
 147                          $a->courseid = $courseid;
 148                          $a->capability = $capability;
 149                          throw new backup_controller_exception('backup_user_missing_capability', $a);
 150                      }
 151                  }
 152          }
 153  
 154          // Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
 155          // else throwing exception
 156          $userssetting = $backup_controller->get_plan()->get_setting('users');
 157          $prevvalue    = $userssetting->get_value();
 158          $prevstatus   = $userssetting->get_status();
 159          $hasusercap   = has_capability('moodle/backup:userinfo', $coursectx, $userid);
 160  
 161          // If setting is enabled but user lacks permission
 162          if (!$hasusercap) { // If user has not the capability
 163              // Now analyse if we are allowed to apply changes or must stop with exception
 164              if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception
 165                  $a = new stdclass();
 166                  $a->setting = 'users';
 167                  $a->value = $prevvalue;
 168                  $a->capability = 'moodle/backup:userinfo';
 169                  throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
 170  
 171              } else { // Can apply changes
 172                  // If it is already false, we don't want to try and set it again, because if it is
 173                  // already locked, and exception will occur. The side benifit is if it is true and locked
 174                  // we will get an exception...
 175                  if ($prevvalue) {
 176                      $userssetting->set_value(false);                              // Set the value to false
 177                  }
 178                  $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
 179              }
 180          }
 181  
 182          // Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed,
 183          // else throwing exception
 184          $anonsetting = $backup_controller->get_plan()->get_setting('anonymize');
 185          $prevvalue   = $anonsetting->get_value();
 186          $prevstatus  = $anonsetting->get_status();
 187          $hasanoncap  = has_capability('moodle/backup:anonymise', $coursectx, $userid);
 188  
 189          // If setting is enabled but user lacks permission
 190          if (!$hasanoncap) { // If user has not the capability
 191              // Now analyse if we are allowed to apply changes or must stop with exception
 192              if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception
 193                  $a = new stdclass();
 194                  $a->setting = 'anonymize';
 195                  $a->value = $prevvalue;
 196                  $a->capability = 'moodle/backup:anonymise';
 197                  throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
 198  
 199              } else { // Can apply changes
 200                  if ($prevvalue) { // If we try and set it back to false and it has already been locked, error will occur
 201                      $anonsetting->set_value(false);                              // Set the value to false
 202                  }
 203                  $anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
 204              }
 205          }
 206  
 207          // Now, if mode is HUB or IMPORT, and still we are including users in backup, turn them off
 208          // Defaults processing should have handled this, but we need to be 100% sure
 209          if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) {
 210              $userssetting = $backup_controller->get_plan()->get_setting('users');
 211              if ($userssetting->get_value()) {
 212                  $userssetting->set_value(false);                              // Set the value to false
 213                  $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
 214              }
 215          }
 216  
 217          // Check the user has the ability to configure the backup. If not then we need
 218          // to lock all settings by permission so that no changes can be made. This does
 219          // not apply to the import facility, where the activities must be always enabled
 220          // to be able to pick them
 221          if ($mode != backup::MODE_IMPORT) {
 222              $hasconfigcap = has_capability('moodle/backup:configure', $coursectx, $userid);
 223              if (!$hasconfigcap) {
 224                  $settings = $backup_controller->get_plan()->get_settings();
 225                  foreach ($settings as $setting) {
 226                      if ($setting->get_name() == 'filename') {
 227                          continue;
 228                      }
 229                      $setting->set_status(base_setting::LOCKED_BY_PERMISSION);
 230                  }
 231              }
 232          }
 233  
 234          return true;
 235      }
 236  }