| blob | 77455b4343270ebad3be89ec482c1290a20b339f |
1 @core @core_user
2 Feature: Custom profile fields should be visible and editable by those with the correct permissions.
4 Background:
5 Given the following "users" exist:
6 | username | firstname | lastname | email |
7 | userwithinformation | userwithinformation | 1 | userwithinformation@example.com |
8 And the following "courses" exist:
9 | fullname | shortname | category | groupmode |
10 | Course 1 | C1 | 0 | 1 |
11 And the following "course enrolments" exist:
12 | user | course | role |
13 | userwithinformation | C1 | student |
15 And the following config values are set as admin:
16 | registerauth | email |
18 And I log in as "admin"
19 And I navigate to "Users > Accounts > User profile fields" in site administration
20 And I click on "Create a new profile field" "link"
21 And I click on "Text input" "link"
22 And I set the following fields to these values:
23 | Short name | notvisible_field |
24 | Name | notvisible_field |
25 | Display on signup page? | Yes |
26 | Who is this field visible to? | Not visible |
27 And I click on "Save changes" "button"
29 And I click on "Create a new profile field" "link"
30 And I click on "Text input" "link"
31 And I set the following fields to these values:
32 | Short name | uservisible_field |
33 | Name | uservisible_field |
34 | Display on signup page? | Yes |
35 | Who is this field visible to? | Visible to user |
36 And I click on "Save changes" "button"
38 And I click on "Create a new profile field" "link"
39 And I click on "Text input" "link"
40 And I set the following fields to these values:
41 | Short name | everyonevisible_field |
42 | Name | everyonevisible_field |
43 | Display on signup page? | No |
44 | Who is this field visible to? | Visible to everyone |
45 And I click on "Save changes" "button"
47 And I click on "Create a new profile field" "link"
48 And I click on "Text input" "link"
49 And I set the following fields to these values:
50 | Short name | teachervisible_field |
51 | Name | teachervisible_field |
52 | Display on signup page? | Yes |
53 | Who is this field visible to? | Visible to user, teachers and admins |
54 And I click on "Save changes" "button"
56 And I navigate to "Users > Accounts > Browse list of users" in site administration
57 And I click on ".icon[title=Edit]" "css_element" in the "userwithinformation@example.com" "table_row"
58 And I expand all fieldsets
59 And I set the field "notvisible_field" to "notvisible_field_information"
60 And I set the field "uservisible_field" to "uservisible_field_information"
61 And I set the field "everyonevisible_field" to "everyonevisible_field_information"
62 And I set the field "teachervisible_field" to "teachervisible_field_information"
63 And I click on "Update profile" "button"
64 And I log out
66 @javascript
67 Scenario: Visible custom profile fields can be part of the sign up form for anonymous users.
68 Given I am on site homepage
69 And I follow "Log in"
70 When I click on "Create new account" "link"
71 And I expand all fieldsets
72 Then I should not see "notvisible_field"
73 And I should see "uservisible_field"
74 And I should not see "everyonevisible_field"
75 And I should see "teachervisible_field"
77 @javascript
78 Scenario: Visible custom profile fields can be part of the sign up form for guest users.
79 Given I log in as "guest"
80 And I am on site homepage
81 And I follow "Log in"
82 When I click on "Create new account" "link"
83 And I expand all fieldsets
84 Then I should not see "notvisible_field"
85 And I should see "uservisible_field"
86 And I should not see "everyonevisible_field"
87 And I should see "teachervisible_field"
89 @javascript
90 Scenario: User with moodle/user:update but without moodle/user:viewalldetails or moodle/site:viewuseridentity can only update visible profile fields.
91 Given the following "roles" exist:
92 | name | shortname | description | archetype |
93 | Update Users | updateusers | updateusers | |
94 And the following "permission overrides" exist:
95 | capability | permission | role | contextlevel | reference |
96 | moodle/user:update | Allow | updateusers | System | |
97 | moodle/site:viewuseridentity | Prohibit | updateusers | System | |
98 And the following "users" exist:
99 | username | firstname | lastname | email |
100 | user_updateusers | updateusers | 1 | updateusers@example.com |
101 And the following "role assigns" exist:
102 | user | role | contextlevel | reference |
103 | user_updateusers | updateusers | System | |
104 And the following "course enrolments" exist:
105 | user | course | role |
106 | user_updateusers | C1 | editingteacher |
107 And I log in as "user_updateusers"
108 And I am on "Course 1" course homepage
109 And I navigate to course participants
110 And I follow "userwithinformation 1"
112 Then I should see "everyonevisible_field"
113 And I should see "everyonevisible_field_information"
114 And I should not see "uservisible_field"
115 And I should not see "uservisible_field_information"
116 And I should not see "notvisible_field"
117 And I should not see "notvisible_field_information"
118 And I should not see "teachervisible_field"
119 And I should not see "teachervisible_field_information"
120 And I follow "Edit profile"
121 And the following fields match these values:
122 | everyonevisible_field | everyonevisible_field_information |
123 And I should not see "uservisible_field"
124 And I should not see "notvisible_field"
125 And I should not see "teachervisible_field"
127 @javascript
128 Scenario: User with moodle/user:viewalldetails and moodle/site:viewuseridentity but without moodle/user:update can view all profile fields.
129 Given the following "roles" exist:
130 | name | shortname | description | archetype |
131 | View All Details | viewalldetails | viewalldetails | |
132 And the following "permission overrides" exist:
133 | capability | permission | role | contextlevel | reference |
134 | moodle/user:viewalldetails | Allow | viewalldetails | System | |
135 And the following "users" exist:
136 | username | firstname | lastname | email |
137 | user_viewalldetails | viewalldetails | 1 | viewalldetails@example.com |
138 And the following "role assigns" exist:
139 | user | role | contextlevel | reference |
140 | user_viewalldetails | viewalldetails | System | |
141 And the following "course enrolments" exist:
142 | user | course | role |
143 | user_viewalldetails | C1 | editingteacher |
144 And I log in as "user_viewalldetails"
145 And I am on "Course 1" course homepage
146 And I navigate to course participants
147 And I follow "userwithinformation 1"
149 Then I should see "everyonevisible_field"
150 And I should see "everyonevisible_field_information"
151 And I should see "uservisible_field"
152 And I should see "uservisible_field_information"
153 And I should see "notvisible_field"
154 And I should see "notvisible_field_information"
155 And I should see "teachervisible_field"
156 And I should see "teachervisible_field_information"
157 And I should not see "Edit profile"
159 @javascript
160 Scenario: User with moodle/user:viewalldetails and moodle/user:update and moodle/site:viewuseridentity capabilities can view and edit all profile fields.
161 Given the following "roles" exist:
162 | name | shortname | description | archetype |
163 | View All Details and Update Users | viewalldetailsandupdateusers | viewalldetailsandupdateusers | |
164 And the following "permission overrides" exist:
165 | capability | permission | role | contextlevel | reference |
166 | moodle/user:viewalldetails | Allow | viewalldetailsandupdateusers | System | |
167 | moodle/user:update | Allow | viewalldetailsandupdateusers | System | |
168 And the following "users" exist:
169 | username | firstname | lastname | email |
170 | user_viewalldetailsandupdateusers | viewalldetailsandupdateusers | 1 | viewalldetailsandupdateusers@example.com |
171 And the following "role assigns" exist:
172 | user | role | contextlevel | reference |
173 | user_viewalldetailsandupdateusers | viewalldetailsandupdateusers | System | |
174 And the following "course enrolments" exist:
175 | user | course | role |
176 | user_viewalldetailsandupdateusers | C1 | editingteacher |
177 And I log in as "user_viewalldetailsandupdateusers"
178 And I am on "Course 1" course homepage
179 And I navigate to course participants
180 And I follow "userwithinformation 1"
182 Then I should see "everyonevisible_field"
183 And I should see "everyonevisible_field_information"
184 And I should see "uservisible_field"
185 And I should see "uservisible_field_information"
186 And I should see "notvisible_field"
187 And I should see "notvisible_field_information"
188 And I should see "teachervisible_field"
189 And I should see "teachervisible_field_information"
190 And I follow "Edit profile"
191 And the following fields match these values:
192 | everyonevisible_field | everyonevisible_field_information |
193 | uservisible_field | uservisible_field_information |
194 | notvisible_field | notvisible_field_information |
195 | teachervisible_field | teachervisible_field_information |
197 @javascript
198 Scenario: Users can view and edit custom profile fields except those marked as not visible.
199 Given I log in as "userwithinformation"
200 And I follow "Profile" in the user menu
202 Then I should see "everyonevisible_field"
203 And I should see "everyonevisible_field_information"
204 And I should see "uservisible_field"
205 And I should see "uservisible_field_information"
206 And I should see "teachervisible_field"
207 And I should see "teachervisible_field_information"
208 And I should not see "notvisible_field"
209 And I should not see "notvisible_field_information"
211 And I click on "Edit profile" "link" in the "region-main" "region"
212 Then the following fields match these values:
213 | everyonevisible_field | everyonevisible_field_information |
214 | uservisible_field | uservisible_field_information |
215 And I should not see "notvisible_field"
216 And I should not see "notvisible_field_information"
218 @javascript
219 Scenario: Users can view but not edit custom profile fields when denied the edit own profile capability.
220 Given the following "roles" exist:
221 | name | shortname | description | archetype |
222 | Deny editownprofile | denyeditownprofile | denyeditownprofile | |
224 And the following "permission overrides" exist:
225 | capability | permission | role | contextlevel | reference |
226 | moodle/user:editownprofile | Prohibit | denyeditownprofile | System | |
227 And the following "role assigns" exist:
228 | user | role | contextlevel | reference |
229 | userwithinformation | denyeditownprofile | System | |
231 And I log in as "userwithinformation"
232 And I follow "Profile" in the user menu
234 Then I should see "everyonevisible_field"
235 And I should see "everyonevisible_field_information"
236 And I should see "uservisible_field"
237 And I should see "uservisible_field_information"
238 And I should see "teachervisible_field"
239 And I should see "teachervisible_field_information"
240 And I should not see "notvisible_field"
241 And I should not see "notvisible_field_information"
243 And I should not see "Edit profile"
245 @javascript
246 Scenario: User with parent permissions on other user context can view and edit all profile fields.
247 Given the following "roles" exist:
248 | name | shortname | description | archetype |
249 | Parent | parent | parent | |
250 And the following "users" exist:
251 | username | firstname | lastname | email |
252 | parent | Parent | user | parent@example.com |
253 And the following "role assigns" exist:
254 | user | role | contextlevel | reference |
255 | parent | parent | User | userwithinformation |
256 And the following "permission overrides" exist:
257 | capability | permission | role | contextlevel | reference |
258 | moodle/user:viewalldetails | Allow | parent | User | userwithinformation |
259 | moodle/user:viewdetails | Allow | parent | User | userwithinformation |
260 | moodle/user:editprofile | Allow | parent | User | userwithinformation |
261 Given I log in as "admin"
262 And I am on site homepage
263 And I turn editing mode on
264 And I add the "Mentees" block
265 And I log out
266 And I log in as "parent"
267 And I am on site homepage
268 When I follow "userwithinformation"
269 Then I should see "everyonevisible_field"
270 And I should see "everyonevisible_field_information"
271 And I should see "uservisible_field"
272 And I should see "uservisible_field_information"
273 And I should see "teachervisible_field"
274 And I should see "teachervisible_field_information"
275 And I should not see "notvisible_field"
276 And I should not see "notvisible_field_information"
277 And I follow "Edit profile"
278 And the following fields match these values:
279 | everyonevisible_field | everyonevisible_field_information |
280 | uservisible_field | uservisible_field_information |
281 | teachervisible_field | teachervisible_field_information |