From 0d4723ee62fb355fa4fd3d281de83d0750b28fec Mon Sep 17 00:00:00 2001 From: jerome Date: Fri, 13 Mar 2009 06:51:30 +0000 Subject: [PATCH] web service MDL-12886 check that a user is a course participant before to add it to a group --- course/lib.php | 37 +++++++++++++++++ group/external.php | 19 ++++++++- group/lib.php | 8 +++- group/simpletest/testexternal.php | 66 ++++++++++++++++++++++++++----- lang/en_utf8/error.php | 1 + 5 files changed, 118 insertions(+), 13 deletions(-) diff --git a/course/lib.php b/course/lib.php index af13091424..15babc6e46 100644 --- a/course/lib.php +++ b/course/lib.php @@ -3565,4 +3565,41 @@ function update_course($data) { return false; } +/** + * Return all course participant for a given course + * @global object $DB + * @param integer $courseid + * @return array of user + */ +function get_course_participants ($courseid) { + global $DB; + $users = get_users_by_capability( + get_context_instance(CONTEXT_COURSE, $courseid), + 'moodle/course:view'); + return $users; +} + + +/** + * Return true if the user is a participant for a given course + * @global object $DB + * @param integer $userid + * @param integer $courseid + * @return boolean + */ +function is_course_participant ($userid, $courseid) { + global $DB; + $users = get_users_by_capability( + get_context_instance(CONTEXT_COURSE, $courseid), + 'moodle/course:view','u.id'); + + foreach($users as $user) { + if ($user->id == $userid) { + return true; + } + } + + return false; +} + ?> diff --git a/group/external.php b/group/external.php index 570ca44c60..3f591980b9 100644 --- a/group/external.php +++ b/group/external.php @@ -106,11 +106,22 @@ final class group_external { /** * Return all internal members for a group id (do not return remotely registered user) * @param array|struct $params - * @subparam integer $params:member->groupid + * @subparam integer $params:groupid * @return array $return * $subparam string $return:username */ static function tmp_get_groupmembers($params){ + if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) { + $members = array(); + foreach ($params as $groupid) { + $groupmembers = groups_get_members($groupid); + $members[] = array("groupid" => $groupid, "members" => $groupmembers); + } + return $members; + } + else { + throw new moodle_exception('wscouldnotgetgroupnopermission'); + } } /** @@ -127,6 +138,10 @@ final class group_external { foreach($params as $member) { $groupid = clean_param($member['groupid'], PARAM_INTEGER); $userid = clean_param($member['userid'], PARAM_INTEGER); + + //check that the user is participant of the course + + if (!groups_add_member($groupid, $userid)) { $addmembersuccessfull = false; } @@ -147,7 +162,7 @@ final class group_external { */ static function tmp_delete_groupmembers($params){ if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) { - $addmembersuccessfull = true; + $addmembersuccessfull = true; foreach($params as $member) { $groupid = clean_param($member['groupid'], PARAM_INTEGER); $userid = clean_param($member['userid'], PARAM_INTEGER); diff --git a/group/lib.php b/group/lib.php index df320943fc..04c7dbba1a 100644 --- a/group/lib.php +++ b/group/lib.php @@ -27,10 +27,16 @@ function groups_add_member($groupid, $userid) { throw new moodle_exception('useriddoesntexist'); } - if (!groups_group_exists($groupid)) { + $group = $DB->get_record('groups', array('id'=>$groupid)); + if (empty($group)) { throw new moodle_exception('cannotaddmembergroupiddoesntexist'); } + //check if the user a participant of the group course + if (!is_course_participant ($userid, $group->courseid)) { + throw new moodle_exception('userisnotaparticipant'); + } + if (groups_is_member($groupid, $userid)) { return true; } diff --git a/group/simpletest/testexternal.php b/group/simpletest/testexternal.php index 32f0aa1686..8e4e008467 100644 --- a/group/simpletest/testexternal.php +++ b/group/simpletest/testexternal.php @@ -48,8 +48,11 @@ class group_external_test extends UnitTestCase { var $userid2; var $userid3; var $userid4; + var $userid5; var $course; var $categoryid; + var $roleid; + var $context; function setUp() { global $DB; @@ -87,7 +90,7 @@ class group_external_test extends UnitTestCase { $user->password = 'mockuserfortestingY_password'; $this->userid2 = tmp_create_user($user); - //create some more test users (not add yet to any group) + //create some more test users (not add yet to any group) $user = new stdClass(); $user->username = 'mockuserfortestingZ'; $user->firstname = 'mockuserfortestingZ_firstname'; @@ -103,6 +106,26 @@ class group_external_test extends UnitTestCase { $user->password = 'mockuserfortestingZ2_password'; $this->userid4 = tmp_create_user($user); + //create a user, don't add it to a role or group + $user = new stdClass(); + $user->username = 'mockuserfortestingZ23'; + $user->firstname = 'mockuserfortestingZ23_firstname'; + $user->lastname = 'mockuserfortestingZ23_lastname'; + $user->email = 'mockuserfortestingZ23@moodle.com'; + $user->password = 'mockuserfortestingZ23_password'; + $this->userid5 = tmp_create_user($user); + + //we're creating a new test role with viewcourse capabilyt + $this->context = $DB->get_record('context',array('contextlevel' => 50, 'instanceid' => $this->course->id)); + $this->roleid = create_role('testrole', 'testrole', 'testrole'); + assign_capability('moodle/course:view', CAP_ALLOW, $this->roleid, $this->context->id); + + //assign the students to this role + role_assign($this->roleid, $this->userid1, null, $this->context->id); + role_assign($this->roleid, $this->userid2, null, $this->context->id); + role_assign($this->roleid, $this->userid3, null, $this->context->id); + role_assign($this->roleid, $this->userid4, null, $this->context->id); + /// create a group with these two students $this->group = new stdClass(); $this->group->courseid = $this->course->id; @@ -143,6 +166,13 @@ class group_external_test extends UnitTestCase { delete_user($user); $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ2', 'mnethostid'=>1)); delete_user($user); + + //delete the user without group + $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ23', 'mnethostid'=>1)); + delete_user($user); + + //delete role + delete_role($this->roleid); } function testTmp_create_groups() { @@ -198,33 +228,49 @@ class group_external_test extends UnitTestCase { $result = group_external::tmp_add_groupmembers($params); } - function testTmp_add_group_members2() { + function testTmp_add_group_members2() { //the group id doesn't exist $params = array(array("groupid" => 6465465, "userid" => $this->userid3), array("groupid" => $this->group->id, "userid" => $this->userid4)); $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist')); $result = group_external::tmp_add_groupmembers($params); - } + } - function testTmp_delete_group_members() { + function testTmp_add_group_members3() { + //the user is not a participant + $params = array(array("groupid" => $this->group->id, "userid" => $this->userid5)); + $this->expectException(new moodle_exception('userisnotaparticipant')); + $result = group_external::tmp_add_groupmembers($params); + + } + + function testTmp_get_groupmembers() { + $params = array($this->group->id, $this->group2->id); + $groups = group_external::tmp_get_groupmembers($params); + $this->assertEqual(sizeof($groups), 2); + $this->assertEqual(sizeof($groups[0]['members']), 2); + $this->assertEqual(sizeof($groups[1]['members']), 1); + } + + function testTmp_delete_group_members() { //One of the userid doesn't exist $params = array(array("groupid" => $this->group->id, "userid" => 654685), array("groupid" => $this->group->id, "userid" => $this->userid2)); $this->expectException(new moodle_exception('useriddoesntexist')); $result = group_external::tmp_delete_groupmembers($params); - } + } - function testTmp_delete_group_members2() { - //the group id doesn't exist + function testTmp_delete_group_members2() { + //the group id doesn't exist $params = array(array("groupid" => 6465465, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2)); $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist')); $result = group_external::tmp_delete_groupmembers($params); - } + } - function testTmp_delete_group_members3() { + function testTmp_delete_group_members3() { //delete members from group $params = array(array("groupid" => $this->group->id, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2)); $result = group_external::tmp_delete_groupmembers($params); $this->assertEqual($result, true); - } + } function testTmp_delete_groups() { $params = array($this->group->id, $this->group2->id); diff --git a/lang/en_utf8/error.php b/lang/en_utf8/error.php index 78622e4a5e..fb8ac7442b 100644 --- a/lang/en_utf8/error.php +++ b/lang/en_utf8/error.php @@ -448,6 +448,7 @@ $string['urlnotdefinerss'] = 'URL not defined for RSS feed'; $string['userautherror'] = 'Unknown auth plugin'; $string['userauthunsupported'] = 'Auth plugin not supported here'; $string['useriddoesntexist'] = 'User id doesn\'t exist'; +$string['userisnotaparticipant'] = 'The user is not a course participant'; $string['useremailduplicate'] = 'Duplicate address'; $string['usermustbemnet'] = 'Users in the MNET access control list must be remote MNET users'; $string['usernotaddedadmin'] = 'Cannot delete admin accounts'; -- 2.39.5