moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-59172 user: user_can_view_profile() now checks viewalldetails cap

Browse source
This commit is contained in:
Jake Dallimore 2017-08-01 14:53:33 +08:00
parent 8146b1f06d
commit 4d068a6708
4 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/upgrade.txt
View file

@ -41,6 +41,7 @@ information provided here is intended especially for developers.
* New optional parameter 'closeSuggestionsOnSelect' for the enhance() function for form-autocomplete. Setting this to true will * New optional parameter 'closeSuggestionsOnSelect' for the enhance() function for form-autocomplete. Setting this to true will
close the suggestions popup immediately after an option has been selected. If not specified, it defaults to true for single-select close the suggestions popup immediately after an option has been selected. If not specified, it defaults to true for single-select
elements and false for multiple-select elements. elements and false for multiple-select elements.
* user_can_view_profile() now also checks the moodle/user:viewalldetails capability.
=== 3.3.1 === === 3.3.1 ===

3
mod/forum/user.php
View file

@ -135,8 +135,7 @@ if (empty($result->posts)) {
// In either case we need to decide whether we can show personal information // In either case we need to decide whether we can show personal information
// about the requested user to the current user so we will execute some checks // about the requested user to the current user so we will execute some checks
// TODO - Remove extra cap check once MDL-59172 is resolved. $canviewuser = user_can_view_profile($user, null, $usercontext);
$canviewuser = user_can_view_profile($user, null, $usercontext) || has_capability('moodle/user:viewalldetails', $usercontext);
// Prepare the page title // Prepare the page title
$pagetitle = get_string('noposts', 'mod_forum'); $pagetitle = get_string('noposts', 'mod_forum');

2
user/lib.php
View file

@ -1143,7 +1143,7 @@ function user_can_view_profile($user, $course = null, $usercontext = null) {
$usercontext = context_user::instance($user->id); $usercontext = context_user::instance($user->id);
} }
// Number 3. // Number 3.
if (has_capability('moodle/user:viewdetails', $usercontext)) { if (has_capability('moodle/user:viewdetails', $usercontext) || has_capability('moodle/user:viewalldetails', $usercontext)) {
return true; return true;
} }

9
user/tests/userlib_test.php
View file

@ -576,6 +576,15 @@ class core_userliblib_testcase extends advanced_testcase {
$this->setUser($user5); $this->setUser($user5);
$this->assertTrue(user_can_view_profile($user4)); $this->assertTrue(user_can_view_profile($user4));
// Test the user:viewalldetails cap check using the course creator role which, by default, can't see student profiles.
$this->setUser($user7);
$this->assertFalse(user_can_view_profile($user4));
assign_capability('moodle/user:viewalldetails', CAP_ALLOW, $coursecreatorrole->id, context_system::instance()->id, true);
reload_all_capabilities();
$this->assertTrue(user_can_view_profile($user4));
unassign_capability('moodle/user:viewalldetails', $coursecreatorrole->id, $coursecontext->id);
reload_all_capabilities();
$CFG->coursecontact = null; $CFG->coursecontact = null;
// Visitor (Not a guest user, userid=0). // Visitor (Not a guest user, userid=0).