2 // This file is part of Moodle - https://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 * Provides {@link core_user_selector_testcase} class.
22 * @copyright 2018 David Mudrák <david@moodle.com>
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
26 defined('MOODLE_INTERNAL') ||
die();
29 require_once($CFG->dirroot
.'/user/selector/lib.php');
30 require_once($CFG->dirroot
.'/user/tests/fixtures/testable_user_selector.php');
33 * Tests for the implementation of {@link user_selector_base} class.
35 * @copyright 2018 David Mudrák <david@moodle.com>
36 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
38 class core_user_selector_testcase
extends advanced_testcase
{
41 * Setup the environment for the tests.
43 protected function setup_hidden_siteidentity() {
46 $CFG->showuseridentity
= 'idnumber,country,city';
47 $CFG->hiddenuserfields
= 'country,city';
49 $env = new stdClass();
51 $env->student
= $this->getDataGenerator()->create_user();
52 $env->teacher
= $this->getDataGenerator()->create_user();
53 $env->manager
= $this->getDataGenerator()->create_user();
55 $env->course
= $this->getDataGenerator()->create_course();
56 $env->coursecontext
= context_course
::instance($env->course
->id
);
58 $env->teacherrole
= $DB->get_record('role', array('shortname' => 'teacher'));
59 $env->studentrole
= $DB->get_record('role', array('shortname' => 'student'));
60 $env->managerrole
= $DB->get_record('role', array('shortname' => 'manager'));
62 role_assign($env->studentrole
->id
, $env->student
->id
, $env->coursecontext
->id
);
63 role_assign($env->teacherrole
->id
, $env->teacher
->id
, $env->coursecontext
->id
);
64 role_assign($env->managerrole
->id
, $env->manager
->id
, SYSCONTEXTID
);
70 * No identity fields are not shown to student user (no permission to view identity fields).
72 public function test_hidden_siteidentity_fields_no_access() {
73 $this->resetAfterTest();
74 $env = $this->setup_hidden_siteidentity();
75 $this->setUser($env->student
);
77 $selector = new testable_user_selector('test');
79 foreach ($selector->find_users('') as $found) {
80 foreach ($found as $user) {
81 $this->assertObjectNotHasAttribute('idnumber', $user);
82 $this->assertObjectNotHasAttribute('country', $user);
83 $this->assertObjectNotHasAttribute('city', $user);
89 * Teacher can see students' identity fields only within the course.
91 public function test_hidden_siteidentity_fields_course_only_access() {
92 $this->resetAfterTest();
93 $env = $this->setup_hidden_siteidentity();
94 $this->setUser($env->teacher
);
96 $systemselector = new testable_user_selector('test');
97 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
99 foreach ($systemselector->find_users('') as $found) {
100 foreach ($found as $user) {
101 $this->assertObjectNotHasAttribute('idnumber', $user);
102 $this->assertObjectNotHasAttribute('country', $user);
103 $this->assertObjectNotHasAttribute('city', $user);
107 foreach ($courseselector->find_users('') as $found) {
108 foreach ($found as $user) {
109 $this->assertObjectHasAttribute('idnumber', $user);
110 $this->assertObjectHasAttribute('country', $user);
111 $this->assertObjectHasAttribute('city', $user);
117 * Teacher can be prevented from seeing students' identity fields even within the course.
119 public function test_hidden_siteidentity_fields_course_prevented_access() {
120 $this->resetAfterTest();
121 $env = $this->setup_hidden_siteidentity();
122 $this->setUser($env->teacher
);
124 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT
, $env->teacherrole
->id
, $env->coursecontext
->id
);
126 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
128 foreach ($courseselector->find_users('') as $found) {
129 foreach ($found as $user) {
130 $this->assertObjectHasAttribute('idnumber', $user);
131 $this->assertObjectNotHasAttribute('country', $user);
132 $this->assertObjectNotHasAttribute('city', $user);
138 * Manager can see students' identity fields anywhere.
140 public function test_hidden_siteidentity_fields_anywhere_access() {
141 $this->resetAfterTest();
142 $env = $this->setup_hidden_siteidentity();
143 $this->setUser($env->manager
);
145 $systemselector = new testable_user_selector('test');
146 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
148 foreach ($systemselector->find_users('') as $found) {
149 foreach ($found as $user) {
150 $this->assertObjectHasAttribute('idnumber', $user);
151 $this->assertObjectHasAttribute('country', $user);
152 $this->assertObjectHasAttribute('city', $user);
156 foreach ($courseselector->find_users('') as $found) {
157 foreach ($found as $user) {
158 $this->assertObjectHasAttribute('idnumber', $user);
159 $this->assertObjectHasAttribute('country', $user);
160 $this->assertObjectHasAttribute('city', $user);
166 * Manager can be prevented from seeing hidden fields outside the course.
168 public function test_hidden_siteidentity_fields_schismatic_access() {
169 $this->resetAfterTest();
170 $env = $this->setup_hidden_siteidentity();
171 $this->setUser($env->manager
);
173 // Revoke the capability to see hidden user fields outside the course.
174 // Note that inside the course, the manager can still see the hidden identifiers as this is currently
175 // controlled by a separate capability for legacy reasons. This is counter-intuitive behaviour and is
176 // likely to be fixed in MDL-51630.
177 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
179 $systemselector = new testable_user_selector('test');
180 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
182 foreach ($systemselector->find_users('') as $found) {
183 foreach ($found as $user) {
184 $this->assertObjectHasAttribute('idnumber', $user);
185 $this->assertObjectNotHasAttribute('country', $user);
186 $this->assertObjectNotHasAttribute('city', $user);
190 foreach ($courseselector->find_users('') as $found) {
191 foreach ($found as $user) {
192 $this->assertObjectHasAttribute('idnumber', $user);
193 $this->assertObjectHasAttribute('country', $user);
194 $this->assertObjectHasAttribute('city', $user);
200 * Two capabilities must be currently set to prevent manager from seeing hidden fields.
202 public function test_hidden_siteidentity_fields_hard_to_prevent_access() {
203 $this->resetAfterTest();
204 $env = $this->setup_hidden_siteidentity();
205 $this->setUser($env->manager
);
207 assign_capability('moodle/user:viewhiddendetails', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
208 assign_capability('moodle/course:viewhiddenuserfields', CAP_PREVENT
, $env->managerrole
->id
, SYSCONTEXTID
, true);
210 $systemselector = new testable_user_selector('test');
211 $courseselector = new testable_user_selector('test', ['accesscontext' => $env->coursecontext
]);
213 foreach ($systemselector->find_users('') as $found) {
214 foreach ($found as $user) {
215 $this->assertObjectHasAttribute('idnumber', $user);
216 $this->assertObjectNotHasAttribute('country', $user);
217 $this->assertObjectNotHasAttribute('city', $user);
221 foreach ($courseselector->find_users('') as $found) {
222 foreach ($found as $user) {
223 $this->assertObjectHasAttribute('idnumber', $user);
224 $this->assertObjectNotHasAttribute('country', $user);
225 $this->assertObjectNotHasAttribute('city', $user);
231 * For legacy reasons, user selectors supported ability to override $CFG->showuseridentity.
233 * However, this was found as violating the principle of respecting site privacy settings. So the feature has been
234 * dropped in Moodle 3.6.
236 public function test_hidden_siteidentity_fields_explicit_extrafields() {
237 $this->resetAfterTest();
238 $env = $this->setup_hidden_siteidentity();
239 $this->setUser($env->manager
);
241 $implicitselector = new testable_user_selector('test');
242 $explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]);
244 $this->assertDebuggingCalled();
246 foreach ($implicitselector->find_users('') as $found) {
247 foreach ($found as $user) {
248 $this->assertObjectHasAttribute('idnumber', $user);
249 $this->assertObjectHasAttribute('country', $user);
250 $this->assertObjectHasAttribute('city', $user);
251 $this->assertObjectNotHasAttribute('email', $user);
252 $this->assertObjectNotHasAttribute('department', $user);
256 foreach ($explicitselector->find_users('') as $found) {
257 foreach ($found as $user) {
258 $this->assertObjectHasAttribute('idnumber', $user);
259 $this->assertObjectHasAttribute('country', $user);
260 $this->assertObjectHasAttribute('city', $user);
261 $this->assertObjectNotHasAttribute('email', $user);
262 $this->assertObjectNotHasAttribute('department', $user);
