search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'MDL-80426-main-2' of https://github.com/rezaies/moodle
[moodle.git] / user / tests / userselector_test.php
blob78b8f261955b92cccfc07160873f30a0b8861ca4
1 <?php
2 // This file is part of Moodle - https://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 namespace core_user;
18
19 use testable_user_selector;
20
21 defined('MOODLE_INTERNAL') || die();
22
23 global $CFG;
24 require_once($CFG->dirroot.'/user/selector/lib.php');
25 require_once($CFG->dirroot.'/user/tests/fixtures/testable_user_selector.php');
26
27 /**
28 * Tests for the implementation of {@link user_selector_base} class.
29 *
30 * @package core_user
31 * @category test
32 * @copyright 2018 David Mudrák <david@moodle.com>
33 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
34 */
35 class userselector_test extends \advanced_testcase {
36
37 /**
38 * Setup the environment for the tests.
39 */
40 protected function setup_hidden_siteidentity() {
41 global $CFG, $DB;
42
43 $CFG->showuseridentity = 'idnumber,country,city';
44 $CFG->hiddenuserfields = 'country,city';
45
46 $env = new \stdClass();
47
48 $env->student = $this->getDataGenerator()->create_user();
49 $env->teacher = $this->getDataGenerator()->create_user();
50 $env->manager = $this->getDataGenerator()->create_user();
51
52 $env->course = $this->getDataGenerator()->create_course();
53 $env->coursecontext = \context_course::instance($env->course->id);
54
55 $env->teacherrole = $DB->get_record('role', array('shortname' => 'teacher'));
56 $env->studentrole = $DB->get_record('role', array('shortname' => 'student'));
57 $env->managerrole = $DB->get_record('role', array('shortname' => 'manager'));
58
59 role_assign($env->studentrole->id, $env->student->id, $env->coursecontext->id);
60 role_assign($env->teacherrole->id, $env->teacher->id, $env->coursecontext->id);
61 role_assign($env->managerrole->id, $env->manager->id, SYSCONTEXTID);
62
63 return $env;
64 }
65
66 /**
67 * No identity fields are not shown to student user (no permission to view identity fields).
68 */
69 public function test_hidden_siteidentity_fields_no_access() {
70 $this->resetAfterTest();
71 $env = $this->setup_hidden_siteidentity();
72 $this->setUser($env->student);
73
74 $selector = new testable_user_selector('test');
75
76 foreach ($selector->find_users('') as $found) {
77 foreach ($found as $user) {
78 $this->assertObjectNotHasProperty('idnumber', $user);
79 $this->assertObjectNotHasProperty('country', $user);
80 $this->assertObjectNotHasProperty('city', $user);
81 }
82 }
83 }
84
85 /**
86 * Teacher can see students' identity fields only within the course.
87 */
88 public function test_hidden_siteidentity_fields_course_only_access() {
89 $this->resetAfterTest();
90 $env = $this->setup_hidden_siteidentity();
91 $this->setUser($env->teacher);
92
93 $systemselector = new testable_user_selector('test');
94 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
95
96 foreach ($systemselector->find_users('') as $found) {
97 foreach ($found as $user) {
98 $this->assertObjectNotHasProperty('idnumber', $user);
99 $this->assertObjectNotHasProperty('country', $user);
100 $this->assertObjectNotHasProperty('city', $user);
101 }
102 }
103
104 foreach ($courseselector->find_users('') as $found) {
105 foreach ($found as $user) {
106 $this->assertObjectHasProperty('idnumber', $user);
107 $this->assertObjectHasProperty('country', $user);
108 $this->assertObjectHasProperty('city', $user);
109 }
110 }
111 }
112
113 /**
114 * Teacher can be prevented from seeing students' identity fields even within the course.
115 */
116 public function test_hidden_siteidentity_fields_course_prevented_access() {
117 $this->resetAfterTest();
118 $env = $this->setup_hidden_siteidentity();
119 $this->setUser($env->teacher);
120
121 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->teacherrole->id, $env->coursecontext->id);
122
123 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
124
125 foreach ($courseselector->find_users('') as $found) {
126 foreach ($found as $user) {
127 $this->assertObjectHasProperty('idnumber', $user);
128 $this->assertObjectNotHasProperty('country', $user);
129 $this->assertObjectNotHasProperty('city', $user);
130 }
131 }
132 }
133
134 /**
135 * Manager can see students' identity fields anywhere.
136 */
137 public function test_hidden_siteidentity_fields_anywhere_access() {
138 $this->resetAfterTest();
139 $env = $this->setup_hidden_siteidentity();
140 $this->setUser($env->manager);
141
142 $systemselector = new testable_user_selector('test');
143 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
144
145 foreach ($systemselector->find_users('') as $found) {
146 foreach ($found as $user) {
147 $this->assertObjectHasProperty('idnumber', $user);
148 $this->assertObjectHasProperty('country', $user);
149 $this->assertObjectHasProperty('city', $user);
150 }
151 }
152
153 foreach ($courseselector->find_users('') as $found) {
154 foreach ($found as $user) {
155 $this->assertObjectHasProperty('idnumber', $user);
156 $this->assertObjectHasProperty('country', $user);
157 $this->assertObjectHasProperty('city', $user);
158 }
159 }
160 }
161
162 /**
163 * Manager can be prevented from seeing hidden fields outside the course.
164 */
165 public function test_hidden_siteidentity_fields_schismatic_access() {
166 $this->resetAfterTest();
167 $env = $this->setup_hidden_siteidentity();
168 $this->setUser($env->manager);
169
170 // Revoke the capability to see hidden user fields outside the course.
171 // Note that inside the course, the manager can still see the hidden identifiers as this is currently
172 // controlled by a separate capability for legacy reasons. This is counter-intuitive behaviour and is
173 // likely to be fixed in MDL-51630.
174 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
175
176 $systemselector = new testable_user_selector('test');
177 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
178
179 foreach ($systemselector->find_users('') as $found) {
180 foreach ($found as $user) {
181 $this->assertObjectHasProperty('idnumber', $user);
182 $this->assertObjectNotHasProperty('country', $user);
183 $this->assertObjectNotHasProperty('city', $user);
184 }
185 }
186
187 foreach ($courseselector->find_users('') as $found) {
188 foreach ($found as $user) {
189 $this->assertObjectHasProperty('idnumber', $user);
190 $this->assertObjectHasProperty('country', $user);
191 $this->assertObjectHasProperty('city', $user);
192 }
193 }
194 }
195
196 /**
197 * Two capabilities must be currently set to prevent manager from seeing hidden fields.
198 */
199 public function test_hidden_siteidentity_fields_hard_to_prevent_access() {
200 $this->resetAfterTest();
201 $env = $this->setup_hidden_siteidentity();
202 $this->setUser($env->manager);
203
204 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
205 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT, $env->managerrole->id, SYSCONTEXTID, true);
206
207 $systemselector = new testable_user_selector('test');
208 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext]);
209
210 foreach ($systemselector->find_users('') as $found) {
211 foreach ($found as $user) {
212 $this->assertObjectHasProperty('idnumber', $user);
213 $this->assertObjectNotHasProperty('country', $user);
214 $this->assertObjectNotHasProperty('city', $user);
215 }
216 }
217
218 foreach ($courseselector->find_users('') as $found) {
219 foreach ($found as $user) {
220 $this->assertObjectHasProperty('idnumber', $user);
221 $this->assertObjectNotHasProperty('country', $user);
222 $this->assertObjectNotHasProperty('city', $user);
223 }
224 }
225 }
226
227 /**
228 * For legacy reasons, user selectors supported ability to override $CFG->showuseridentity.
229 *
230 * However, this was found as violating the principle of respecting site privacy settings. So the feature has been
231 * dropped in Moodle 3.6.
232 */
233 public function test_hidden_siteidentity_fields_explicit_extrafields() {
234 $this->resetAfterTest();
235 $env = $this->setup_hidden_siteidentity();
236 $this->setUser($env->manager);
237
238 $implicitselector = new testable_user_selector('test');
239 $explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]);
240
241 $this->assertDebuggingCalled();
242
243 foreach ($implicitselector->find_users('') as $found) {
244 foreach ($found as $user) {
245 $this->assertObjectHasProperty('idnumber', $user);
246 $this->assertObjectHasProperty('country', $user);
247 $this->assertObjectHasProperty('city', $user);
248 $this->assertObjectNotHasProperty('email', $user);
249 $this->assertObjectNotHasProperty('department', $user);
250 }
251 }
252
253 foreach ($explicitselector->find_users('') as $found) {
254 foreach ($found as $user) {
255 $this->assertObjectHasProperty('idnumber', $user);
256 $this->assertObjectHasProperty('country', $user);
257 $this->assertObjectHasProperty('city', $user);
258 $this->assertObjectNotHasProperty('email', $user);
259 $this->assertObjectNotHasProperty('department', $user);
260 }
261 }
262 }
263 }
Read-only mirror of the Moodle CVS