Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 39 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  namespace core_comment;
  18  
  19  use comment;
  20  use comment_exception;
  21  use core_comment_external;
  22  
  23  /**
  24   * Tests for comments when the context is frozen.
  25   *
  26   * @package    core_comment
  27   * @copyright  2019 University of Nottingham
  28   * @author     Neill Magill <neill.magill@nottingham.ac.uk>
  29   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  30   */
  31  class context_freeze_test extends \advanced_testcase {
  32      /**
  33       * Creates a comment by a student.
  34       *
  35       * Returns:
  36       * - The comment object
  37       * - The sudent that wrote the comment
  38       * - The arguments used to create the comment
  39       *
  40       * @param \stdClass $course Moodle course from the datagenerator
  41       * @return array
  42       */
  43      protected function create_student_comment_and_freeze_course($course): array {
  44          set_config('contextlocking', 1);
  45  
  46          $context = \context_course::instance($course->id);
  47          $student = $this->getDataGenerator()->create_and_enrol($course, 'student');
  48  
  49          $args = new \stdClass;
  50          $args->context = $context;
  51          $args->course = $course;
  52          $args->area = 'page_comments';
  53          $args->itemid = 0;
  54          $args->component = 'block_comments';
  55          $args->linktext = get_string('showcomments');
  56          $args->notoggle = true;
  57          $args->autostart = true;
  58          $args->displaycancel = false;
  59  
  60          // Create a comment by the student.
  61          $this->setUser($student);
  62          $comment = new comment($args);
  63          $newcomment = $comment->add('New comment');
  64  
  65          // Freeze the context.
  66          $this->setAdminUser();
  67          $context->set_locked(true);
  68  
  69          return [$newcomment, $student, $args];
  70      }
  71  
  72      /**
  73       * Test that a student cannot delete their own comments in frozen contexts via the external service.
  74       */
  75      public function test_delete_student_external() {
  76          global $CFG;
  77          require_once($CFG->dirroot . '/comment/lib.php');
  78  
  79          $this->resetAfterTest();
  80  
  81          $course = $this->getDataGenerator()->create_course();
  82  
  83          list($newcomment, $student, $args) = $this->create_student_comment_and_freeze_course($course);
  84  
  85          // Check that a student cannot delete their own comment.
  86          $this->setUser($student);
  87          $studentcomment = new comment($args);
  88          $this->assertFalse($studentcomment->can_delete($newcomment->id));
  89          $this->assertFalse($studentcomment->can_post());
  90          $this->expectException(comment_exception::class);
  91          $this->expectExceptionMessage(get_string('nopermissiontodelentry', 'error'));
  92          core_comment_external::delete_comments([$newcomment->id]);
  93      }
  94  
  95      /**
  96       * Test that a student cannot delete their own comments in frozen contexts.
  97       */
  98      public function test_delete_student() {
  99          global $CFG;
 100          require_once($CFG->dirroot . '/comment/lib.php');
 101  
 102          $this->resetAfterTest();
 103  
 104          $course = $this->getDataGenerator()->create_course();
 105  
 106          list($newcomment, $student, $args) = $this->create_student_comment_and_freeze_course($course);
 107  
 108          // Check that a student cannot delete their own comment.
 109          $this->setUser($student);
 110          $studentcomment = new comment($args);
 111          $this->assertFalse($studentcomment->can_delete($newcomment->id));
 112          $this->assertFalse($studentcomment->can_post());
 113          $this->expectException(comment_exception::class);
 114          $this->expectExceptionMessage(get_string('nopermissiontocomment', 'error'));
 115          $studentcomment->delete($newcomment->id);
 116      }
 117  
 118      /**
 119       * Test that an admin cannot delete comments in frozen contexts via the external service.
 120       */
 121      public function test_delete_admin_external() {
 122          global $CFG;
 123          require_once($CFG->dirroot . '/comment/lib.php');
 124  
 125          $this->resetAfterTest();
 126  
 127          $course = $this->getDataGenerator()->create_course();
 128  
 129          list($newcomment, $student, $args) = $this->create_student_comment_and_freeze_course($course);
 130  
 131          // Check that the admin user cannot delete the comment.
 132          $admincomment = new comment($args);
 133          $this->assertFalse($admincomment->can_delete($newcomment->id));
 134          $this->assertFalse($admincomment->can_post());
 135          $this->expectException(comment_exception::class);
 136          $this->expectExceptionMessage(get_string('nopermissiontodelentry', 'error'));
 137          core_comment_external::delete_comments([$newcomment->id]);
 138      }
 139  
 140      /**
 141       * Test that an admin cannot delete comments in frozen contexts.
 142       */
 143      public function test_delete_admin() {
 144          global $CFG;
 145          require_once($CFG->dirroot . '/comment/lib.php');
 146  
 147          $this->resetAfterTest();
 148  
 149          $course = $this->getDataGenerator()->create_course();
 150  
 151          list($newcomment, $student, $args) = $this->create_student_comment_and_freeze_course($course);
 152  
 153          // Check that the admin user cannot delete the comment.
 154          $admincomment = new comment($args);
 155          $this->assertFalse($admincomment->can_delete($newcomment->id));
 156          $this->assertFalse($admincomment->can_post());
 157          $this->expectException(comment_exception::class);
 158          $this->expectExceptionMessage(get_string('nopermissiontocomment', 'error'));
 159          $admincomment->delete($newcomment->id);
 160      }
 161  }