Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * H5P Content manager class
  19   *
  20   * @package    contenttype_h5p
  21   * @copyright  2020 Amaia Anabitarte <amaia@moodle.com>
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace contenttype_h5p;
  26  
  27  /**
  28   * H5P Content manager class
  29   *
  30   * @package    contenttype_h5p
  31   * @copyright  2020 Amaia Anabitarte <amaia@moodle.com>
  32   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  33   */
  34  class content extends \core_contentbank\content {
  35  
  36      /**
  37       * Returns user has access permission for the content itself.
  38       * If the H5P content-type library is disabled, the user won't have access to it.
  39       *
  40       * @return bool     True if content could be accessed. False otherwise.
  41       */
  42      public function is_view_allowed(): bool {
  43          // Force H5P content to be deployed.
  44          $fileurl = $this->get_file_url();
  45          if (empty($fileurl)) {
  46              // This should never happen because H5P contents should have always a file. However, this extra-checked has been added
  47              // to avoid the contentbank stop working if, for any unkonwn/weird reason, the file doesn't exist.
  48              return false;
  49          }
  50  
  51          // Skip capability check when creating the H5P content (because it has been created by trusted users).
  52          $h5pplayer = new \core_h5p\player($fileurl, new \stdClass(), true, '', true);
  53          // Flush error messages.
  54          $h5pplayer->get_messages();
  55  
  56          // Check if the H5P entry has been created and if the main library is enabled.
  57          $file = $this->get_file();
  58          if (!empty($file)) {
  59              $h5p = \core_h5p\api::get_content_from_pathnamehash($file->get_pathnamehash());
  60              if (empty($h5p)) {
  61                  // If there is no H5P entry for this content, it won't be displayed unless the user has the manageanycontent
  62                  // capability. Reasons for contents without a proper H5P entry in DB:
  63                  // - Invalid H5P package (it won't be never deployed).
  64                  // - Disabled content-type library (it can't be deployed so there is no way to know the mainlibraryid).
  65                  $context = \context::instance_by_id($this->content->contextid);
  66                  if (!has_capability('moodle/contentbank:manageanycontent', $context)) {
  67                      return false;
  68                  }
  69              } else if (!\core_h5p\api::is_library_enabled((object) ['id' => $h5p->mainlibraryid])) {
  70                  // If the main library is disabled, it won't be displayed.
  71                  return false;
  72              }
  73          }
  74  
  75          return parent::is_view_allowed();
  76      }
  77  
  78      /**
  79       * Import a file as a valid content.
  80       * Before importing the file, this method will check if the file is a valid H5P package. If it's not valid, it will thrown
  81       * an exception.
  82       *
  83       * @throws \file_exception If file operations fail
  84       * @param \stored_file $file File to store in the content file area.
  85       * @return \stored_file|null the stored content file or null if the file is discarted.
  86       */
  87      public function import_file(\stored_file $file): ?\stored_file {
  88          // The H5P content can be only deployed if the author of the .h5p file can update libraries or if all the
  89          // content-type libraries exist, to avoid users without the h5p:updatelibraries capability upload malicious content.
  90          $onlyupdatelibs = !\core_h5p\helper::can_update_library($file);
  91  
  92          if (!\core_h5p\api::is_valid_package($file, $onlyupdatelibs)) {
  93              throw new \file_exception('invalidpackage');
  94          }
  95          return parent::import_file($file);
  96      }
  97  }