We used to display capabilities like "Manage any calendar entries",
"Delete evidence", "Manage competency frameworks", "View hidden courses"
and others as "Missing capabilities" for the mobile app service tokens.
This gave dangerous impression that the app will not work for students
without these capabilities granted. There are known cases of admins who
started to grant all these caps to the Authenticated user role because
they were afraid the app would not work for them.
The problem here is that the official mobile app service includes some
functions that have these capabilities declared as required. But they
are not really required to use the app. Either the app makes its own
clever checks of capabilities before calling the functions, or sometimes
the capabilities are not even correctly declared.
It is safer for everybody to display this information for custom
services only where the risk of the falsely missing caps is lower and
the information is more accurate.
Also, the help text has been improved so it does not suggest that these
capabilities must be always added. We do not know why the service has
them declared. In some cases, a service has capabilities declared just
because it makes use of them in the if-then fashion.
Additionally, the patch also displays the service short name because it
is actually needed to know.
The patch adds ability to filter the list of token by the token value,
the user and the service. Also the button to create a new token is made
more prominent and easier to spot.
No need to have a dedicated admin_setting_managewebservicetokens admin
setting subclass, and yet do not use almost any of its features. So the
patch merges the list and the forms handling into a single external
page.
Similarly, it feels like overkill to have a renderer method for a
simple confirmation widget - especially given that the URLs were
hard-coded in it. So that one was dropped.
The patch improves the display of the missing capabilities on the Manage
tokens page and the Select authorised users page. The list of
capabilities is rendered in a collapsible area and does not occupy too
much space by default.
Additionally on the later page, the patch improves the display of the
list of existing authorised users so that it respects the configured
identity fields.
The previous implementation falsely reported all implicit capabilities
inherited from the authenticated user archetype. That caused a lot of
capabilities reported as missing, even if they were correctly granted.
This new implementation uses a different logic. Instead of seeking for
explicitly assigned capabilities, it searches for capabilities that are
not assigned to any of the user's role across the system.
Please refer to the inline documentation. This should be still used for
informative reports only, not for actual permissions evaluation. The
context has been ignored here, as well as all the overrides etc. This
patch just makes it a lesser evil.
The purpose of this external function is to provide data for
asynchronous user selectors and similar widgets. It allows to search
users matching the given query in their name or other available identity
fields.
I suppose the original reasoning was that the web services protocols are
pluggable and that plugins can provide external function. But those are
not good reasons to put the whole Web services section under plugins.
Web services are not a plugin type and they always felt very
counter-intuitive there.
From the server administrtaion perspective, web services are similar to
scheduled tasks and therefore, they should live in the same section.
Using the external method for updating posts, the check for empty
subject/message content wasn't correct (disallowed the string '0'),
in addition to being impossible to set a posts message format
property to FORMAT_MOODLE (integer 0).
Modifies the 'string time to timestamp' behat trasformation to use
userdate() instead of date(). The userdate() method is generally used
throught Moodle for constructing formatted date strings and this change
will provide more consistency and prevent any potential behat failures.
Therefore, if the date format is defined in the given trasformation, it
has to be strftime compatible. Example:
'I should see "##tomorrow noon##%A, %d %B %Y, %I:%M %p##"'
Apart from adding new unit tests for covering new IMS OBv2.1 issuer,
some extra tests have been added to test existing issuers and confirm
they are still working as expected after the changes.
IMS OBv2.1 services have a registration endpoint to get client id
and secret.
This patch adds and implements the "register" method for the IMS
Open Badges Connect discovery system, to get the proper client id
and secret values.
In order to make easier to create and maintain new OAuth2 services,
a couple of classes have been added:
- discovery\* contains methods related to the discovery system. Until
now, only OpenID Connect was supported by Moodle so all the code was
centralised in api.php.
With this patch, as IMS OBv2.1 has a different discovery system, a new
abstract class (base_definition) has been added to be called and let
every discovery system (OpenID Connect, IMS Badge Connect...)
implement their own methods.
- service\* . Instead of keep adding methods to the api, the service
namespace has been created to store all the standard issuer services.
An interface (issuer_interface) has been created and all the services
should implement it.
This patch creates the "IMS OBv2.1" and "Custom" services and moves
the methods for "Google" service because it uses the OpenID connect
discovery system.
I've gone over a few of the mofified files (those
which were showing warnings and errors to CiBoT. Some of them
have been fixed completely, while others only have fixed
for the lines belonging to this issue (lib/tests/moodlelib_test.php)
for example.
This applies the "whitelist" => "include" changes to all the core
phpunit_coverage_info occurrences, so core won't emit any deprecation
warning (see previous commit).
At the same time, modified a bunch of comments in coverage files
to be more readable/understandable.
Following the changes in the schema, from "whitelists" to "includes",
we are deprecating these two properties from phpunit_coverage_info:
- whitelistfolders => includelistfolders
- whitelistfiles => includelistfiles
They will continue working over the deprecation period but the init/util
scripts will throw some warnings about them being deprecated for 3.11 and
the way to replace them.
Standard 2y deprecation applies with final removed to happen @ MDL-71067
Basically switch to 2-space indenting and small tweaks to comments,
so both the main phpunit.xml file and also the individual components
ones, all them based in the dist one will be consistent.
This performs all the changes needed in the util generator to
produce XML files compliant with the new schema (see previous
commit for description of changes).
- All the occurrences in code of filter => coverage.
- All the occurrences in code of whitelist => include.
- Apply all the changes to comply with the new schema.
- Remove processUncoveredFilesFromWhitelist attribute, useless (false
is its default value, and now have another name).
- Move from 4-spaces indented XML to 2-spaces indented.
- Small linefeed tweaks to generate better-looking XML.
PHPUnit 9 comes with various changes in the XML
configuration file, namely:
- the old "filter" section has been renamed to "coverage".
- "whitelist" has been renamed to "include"
- "exclude" is not a child of "include" anymore, but of "coverage".
- "include" cannot have configuration attributes anymore, only
"coverage" can"
Visually it means that the old section (invented example):
```
<filter>
<whitelist attributes_may_go_here="xx">
<directory suffix=".php">classes</directory>
<directory suffix=".php">externallib.php</directory>
<exclude>
<directory suffix="_test.php">.</directory>
</exclude>
</whitelist>
</filter>
```
Now looks like:
```
<coverage attributes_may_go_here="xx">
<include>
<directory suffix=".php">classes</directory>
<directory suffix=".php">externallib.php</directory>
</include>
<exclude>
<directory suffix="_test.php">.</directory>
</exclude>
</filter>
```
So, switching to the new xsd so we can validate the remaining changes.
The current ->setMethods() has been silently (won't emit any
warning) in PHPUnit 9. And will stop working (current plans)
in PHPUnit 10.
Basically the now deprecated method has been split into:
- onlyMethods(): To point to existing methods in the mocked artifact.
- addMethods(): To point to non existing (yet) methods in the mocked
artifact.
In practice that means that all our current setMethods() calls can be
converted to onlyMethods() (existing) and done. The addMethods() is
mostly useful on development phases, not final testing.
Finally note that <null> isn't accepted anymore as parameter to
double all the methods. Instead empty array [] must be used.
Link: https://github.com/sebastianbergmann/phpunit/issues/3770
The methods assertContains() and assertNotContains() now perform
strict (type and value) comparison, pretty much like assertSame()
does.
A couple of new assertContainsEquals() and assertNotContainsEquals()
methods have been created to provide old (non-strict) behavior, pretty
much like assertEquals() do.
Apart from replacing the calls needing a relaxed comparison to those
new methods, there are also a couple of alternative, about how to
fix this, depending of every case:
- If the test is making any array_values() conversion, then it's better
to remove that conversion and use assertArrayHasKey(), that is not
strict.
- Sometimes if may be also possible to, simply, cast the expectation
to the exact type coming in the array. I've not applied this technique
to any of the cases in core.
Link: https://github.com/sebastianbergmann/phpunit/issues/3426
