2 // This file is part of Moodle - https://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
19 use testable_user_selector
;
21 defined('MOODLE_INTERNAL') ||
die();
24 require_once($CFG->dirroot
.'/user/selector/lib.php');
25 require_once($CFG->dirroot
.'/user/tests/fixtures/testable_user_selector.php');
28 * Tests for the implementation of {@link user_selector_base} class.
32 * @copyright 2018 David Mudrák <david@moodle.com>
33 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
35 class userselector_test
extends \advanced_testcase
{
38 * Setup the environment for the tests.
40 protected function setup_hidden_siteidentity() {
43 $CFG->showuseridentity
= 'idnumber,country,city';
44 $CFG->hiddenuserfields
= 'country,city';
46 $env = new \
stdClass();
48 $env->student
= $this->getDataGenerator()->create_user();
49 $env->teacher
= $this->getDataGenerator()->create_user();
50 $env->manager
= $this->getDataGenerator()->create_user();
52 $env->course
= $this->getDataGenerator()->create_course();
53 $env->coursecontext
= \context_course
::instance($env->course
->id
);
55 $env->teacherrole
= $DB->get_record('role', array('shortname' => 'teacher'));
56 $env->studentrole
= $DB->get_record('role', array('shortname' => 'student'));
57 $env->managerrole
= $DB->get_record('role', array('shortname' => 'manager'));
59 role_assign($env->studentrole
->id
, $env->student
->id
, $env->coursecontext
->id
);
60 role_assign($env->teacherrole
->id
, $env->teacher
->id
, $env->coursecontext
->id
);
61 role_assign($env->managerrole
->id
, $env->manager
->id
, SYSCONTEXTID
);
67 * No identity fields are not shown to student user (no permission to view identity fields).
69 public function test_hidden_siteidentity_fields_no_access() {
70 $this->resetAfterTest();
71 $env = $this->setup_hidden_siteidentity();
72 $this->setUser($env->student
);
74 $selector = new testable_user_selector('test');
76 foreach ($selector->find_users('') as $found) {
77 foreach ($found as $user) {
78 $this->assertObjectNotHasProperty('idnumber', $user);
79 $this->assertObjectNotHasProperty('country', $user);
80 $this->assertObjectNotHasProperty('city', $user);
86 * Teacher can see students' identity fields only within the course.
88 public function test_hidden_siteidentity_fields_course_only_access() {
89 $this->resetAfterTest();
90 $env = $this->setup_hidden_siteidentity();
91 $this->setUser($env->teacher
);
93 $systemselector = new testable_user_selector('test');
94 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
96 foreach ($systemselector->find_users('') as $found) {
97 foreach ($found as $user) {
98 $this->assertObjectNotHasProperty('idnumber', $user);
99 $this->assertObjectNotHasProperty('country', $user);
100 $this->assertObjectNotHasProperty('city', $user);
104 foreach ($courseselector->find_users('') as $found) {
105 foreach ($found as $user) {
106 $this->assertObjectHasProperty('idnumber', $user);
107 $this->assertObjectHasProperty('country', $user);
108 $this->assertObjectHasProperty('city', $user);
114 * Teacher can be prevented from seeing students' identity fields even within the course.
116 public function test_hidden_siteidentity_fields_course_prevented_access() {
117 $this->resetAfterTest();
118 $env = $this->setup_hidden_siteidentity();
119 $this->setUser($env->teacher
);
121 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT
, $env->teacherrole
->id
, $env->coursecontext
->id
);
123 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
125 foreach ($courseselector->find_users('') as $found) {
126 foreach ($found as $user) {
127 $this->assertObjectHasProperty('idnumber', $user);
128 $this->assertObjectNotHasProperty('country', $user);
129 $this->assertObjectNotHasProperty('city', $user);
135 * Manager can see students' identity fields anywhere.
137 public function test_hidden_siteidentity_fields_anywhere_access() {
138 $this->resetAfterTest();
139 $env = $this->setup_hidden_siteidentity();
140 $this->setUser($env->manager
);
142 $systemselector = new testable_user_selector('test');
143 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
145 foreach ($systemselector->find_users('') as $found) {
146 foreach ($found as $user) {
147 $this->assertObjectHasProperty('idnumber', $user);
148 $this->assertObjectHasProperty('country', $user);
149 $this->assertObjectHasProperty('city', $user);
153 foreach ($courseselector->find_users('') as $found) {
154 foreach ($found as $user) {
155 $this->assertObjectHasProperty('idnumber', $user);
156 $this->assertObjectHasProperty('country', $user);
157 $this->assertObjectHasProperty('city', $user);
163 * Manager can be prevented from seeing hidden fields outside the course.
165 public function test_hidden_siteidentity_fields_schismatic_access() {
166 $this->resetAfterTest();
167 $env = $this->setup_hidden_siteidentity();
168 $this->setUser($env->manager
);
170 // Revoke the capability to see hidden user fields outside the course.
171 // Note that inside the course, the manager can still see the hidden identifiers as this is currently
172 // controlled by a separate capability for legacy reasons. This is counter-intuitive behaviour and is
173 // likely to be fixed in MDL-51630.
174 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
176 $systemselector = new testable_user_selector('test');
177 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
179 foreach ($systemselector->find_users('') as $found) {
180 foreach ($found as $user) {
181 $this->assertObjectHasProperty('idnumber', $user);
182 $this->assertObjectNotHasProperty('country', $user);
183 $this->assertObjectNotHasProperty('city', $user);
187 foreach ($courseselector->find_users('') as $found) {
188 foreach ($found as $user) {
189 $this->assertObjectHasProperty('idnumber', $user);
190 $this->assertObjectHasProperty('country', $user);
191 $this->assertObjectHasProperty('city', $user);
197 * Two capabilities must be currently set to prevent manager from seeing hidden fields.
199 public function test_hidden_siteidentity_fields_hard_to_prevent_access() {
200 $this->resetAfterTest();
201 $env = $this->setup_hidden_siteidentity();
202 $this->setUser($env->manager
);
204 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
205 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
207 $systemselector = new testable_user_selector('test');
208 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
210 foreach ($systemselector->find_users('') as $found) {
211 foreach ($found as $user) {
212 $this->assertObjectHasProperty('idnumber', $user);
213 $this->assertObjectNotHasProperty('country', $user);
214 $this->assertObjectNotHasProperty('city', $user);
218 foreach ($courseselector->find_users('') as $found) {
219 foreach ($found as $user) {
220 $this->assertObjectHasProperty('idnumber', $user);
221 $this->assertObjectNotHasProperty('country', $user);
222 $this->assertObjectNotHasProperty('city', $user);
228 * For legacy reasons, user selectors supported ability to override $CFG->showuseridentity.
230 * However, this was found as violating the principle of respecting site privacy settings. So the feature has been
231 * dropped in Moodle 3.6.
233 public function test_hidden_siteidentity_fields_explicit_extrafields() {
234 $this->resetAfterTest();
235 $env = $this->setup_hidden_siteidentity();
236 $this->setUser($env->manager
);
238 $implicitselector = new testable_user_selector('test');
239 $explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]);
241 $this->assertDebuggingCalled();
243 foreach ($implicitselector->find_users('') as $found) {
244 foreach ($found as $user) {
245 $this->assertObjectHasProperty('idnumber', $user);
246 $this->assertObjectHasProperty('country', $user);
247 $this->assertObjectHasProperty('city', $user);
248 $this->assertObjectNotHasProperty('email', $user);
249 $this->assertObjectNotHasProperty('department', $user);
253 foreach ($explicitselector->find_users('') as $found) {
254 foreach ($found as $user) {
255 $this->assertObjectHasProperty('idnumber', $user);
256 $this->assertObjectHasProperty('country', $user);
257 $this->assertObjectHasProperty('city', $user);
258 $this->assertObjectNotHasProperty('email', $user);
259 $this->assertObjectNotHasProperty('department', $user);