MDL-22141 implement security checks. sensible settings applied and locked

2025-08-04 08:26:37 +02:00 · 2010-05-02 22:02:02 +00:00 · 2010-05-02 22:02:02 +00:00 · c0772270d7
commit c0772270d7
parent 6a471fe007
1 changed files with 90 additions and 0 deletions
--- a/backup/util/checks/backup_check.class.php
+++ b/backup/util/checks/backup_check.class.php
@ -84,10 +84,100 @@ abstract class backup_check {
    }

    public static function check_security($backup_controller, $apply) {
+        global $DB;
+
        if (! $backup_controller instanceof backup_controller) {
            throw new backup_controller_exception('backup_check_security_requires_backup_controller');
        }
        $backup_controller->log('checking plan security', backup::LOG_INFO);
+
+        // Some handy vars
+        $type     = $backup_controller->get_type();
+        $mode     = $backup_controller->get_mode();
+        $courseid = $backup_controller->get_courseid();
+        $coursectx= get_context_instance(CONTEXT_COURSE, $courseid);
+        $userid   = $backup_controller->get_userid();
+        $id       = $backup_controller->get_id(); // courseid / sectionid / cmid
+
+        // Note: all the checks along the function MUST be performed for $userid, that
+        // is the user who "requested" the course backup, not current $USER at all!!
+
+        // First of all, check the main backup[course|section|activity] principal caps
+        // Lacking the corresponding one makes this to break with exception always
+        switch ($type) {
+            case backup::TYPE_1COURSE :
+                $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
+                require_capability('moodle/backup:backupcourse', $coursectx, $userid);
+                break;
+            case backup::TYPE_1SECTION :
+                $DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
+                require_capability('moodle/backup:backupsection', $coursectx, $userid);
+                break;
+            case backup::TYPE_1ACTIVITY :
+                get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
+                $modulectx = get_context_instance(CONTEXT_MODULE, $id);
+                require_capability('moodle/backup:backupactivity', $modulectx, $userid);
+                break;
+            default :
+                print_error('unknownbackuptype');
+        }
+
+        // Now, if backup mode is hub or import, check userid has permissions for those modes
+        switch ($mode) {
+            case backup::MODE_HUB:
+                require_capability('moodle/backup:backuptargethub', $coursectx, $userid);
+                break;
+            case backup::MODE_IMPORT:
+                require_capability('moodle/backup:backuptargetimport', $coursectx, $userid);
+                break;
+        }
+
+        // Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
+        // else throwing exception
+        $userssetting = $backup_controller->get_plan()->get_setting('users');
+        $prevvalue    = $userssetting->get_value();
+        $prevstatus   = $userssetting->get_status();
+        $hasusercap   = has_capability('moodle/backup:userinfo', $coursectx, $userid);
+
+        // If setting is enabled but user lacks permission
+        if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
+            // Now analyse if we are allowed to apply changes or must stop with exception
+            if (!$apply) { // Cannot apply changes, throw exception
+                $a = new stdclass();
+                $a->setting = 'users';
+                $a->value = $prevvalue;
+                $a->capability = 'moodle/backup:userinfo';
+                throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
+
+            } else { // Can apply changes
+                $userssetting->set_value(false);                              // Set the value to false
+                $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
+            }
+        }
+
+        // Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed,
+        // else throwing exception
+        $anonsetting = $backup_controller->get_plan()->get_setting('anonymize');
+        $prevvalue   = $userssetting->get_value();
+        $prevstatus  = $userssetting->get_status();
+        $hasanoncap  = has_capability('moodle/backup:anonymise', $coursectx, $userid);
+
+        // If setting is enabled but user lacks permission
+        if (!$hasanoncap && $prevvalue) { // If user has not the capability and setting is enabled
+            // Now analyse if we are allowed to apply changes or must stop with exception
+            if (!$apply) { // Cannot apply changes, throw exception
+                $a = new stdclass();
+                $a->setting = 'anonymize';
+                $a->value = $prevvalue;
+                $a->capability = 'moodle/backup:anonymise';
+                throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
+
+            } else { // Can apply changes
+                $anonsetting->set_value(false);                              // Set the value to false
+                $anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
+            }
+        }
+
        return true;
    }
 }