|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
00001 <?php 00002 00003 // This file is part of Moodle - http://moodle.org/ 00004 // 00005 // Moodle is free software: you can redistribute it and/or modify 00006 // it under the terms of the GNU General Public License as published by 00007 // the Free Software Foundation, either version 3 of the License, or 00008 // (at your option) any later version. 00009 // 00010 // Moodle is distributed in the hope that it will be useful, 00011 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 // GNU General Public License for more details. 00014 // 00015 // You should have received a copy of the GNU General Public License 00016 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 00017 00033 abstract class restore_check { 00034 00035 public static function check_courseid($courseid) { 00036 global $DB; 00037 // id must exist in course table 00038 if (! $DB->record_exists('course', array('id' => $courseid))) { 00039 throw new restore_controller_exception('restore_check_course_not_exists', $courseid); 00040 } 00041 return true; 00042 } 00043 00044 public static function check_user($userid) { 00045 global $DB; 00046 // userid must exist in user table 00047 if (! $DB->record_exists('user', array('id' => $userid))) { 00048 throw new restore_controller_exception('restore_check_user_not_exists', $userid); 00049 } 00050 return true; 00051 } 00052 00053 public static function check_security($restore_controller, $apply) { 00054 global $DB; 00055 00056 if (! $restore_controller instanceof restore_controller) { 00057 throw new restore_controller_exception('restore_check_security_requires_restore_controller'); 00058 } 00059 $restore_controller->log('checking plan security', backup::LOG_INFO); 00060 00061 // Some handy vars 00062 $type = $restore_controller->get_type(); 00063 $mode = $restore_controller->get_mode(); 00064 $courseid = $restore_controller->get_courseid(); 00065 $coursectx= get_context_instance(CONTEXT_COURSE, $courseid); 00066 $userid = $restore_controller->get_userid(); 00067 00068 // Note: all the checks along the function MUST be performed for $userid, that 00069 // is the user who "requested" the course restore, not current $USER at all!! 00070 00071 // First of all, decide which caps/contexts are we going to check 00072 // for common backups (general, automated...) based exclusively 00073 // in the type (course, section, activity). And store them into 00074 // one capability => context array structure 00075 $typecapstocheck = array(); 00076 switch ($type) { 00077 case backup::TYPE_1COURSE : 00078 $typecapstocheck['moodle/restore:restorecourse'] = $coursectx; 00079 break; 00080 case backup::TYPE_1SECTION : 00081 $typecapstocheck['moodle/restore:restoresection'] = $coursectx; 00082 break; 00083 case backup::TYPE_1ACTIVITY : 00084 $typecapstocheck['moodle/restore:restoreactivity'] = $coursectx; 00085 break; 00086 default : 00087 throw new restore_controller_exception('restore_unknown_restore_type', $type); 00088 } 00089 00090 // Now, if restore mode is hub or import, check userid has permissions for those modes 00091 // other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck) 00092 switch ($mode) { 00093 case backup::MODE_HUB: 00094 if (!has_capability('moodle/restore:restoretargethub', $coursectx, $userid)) { 00095 $a = new stdclass(); 00096 $a->userid = $userid; 00097 $a->courseid = $courseid; 00098 $a->capability = 'moodle/restore:restoretargethub'; 00099 throw new restore_controller_exception('restore_user_missing_capability', $a); 00100 } 00101 break; 00102 case backup::MODE_IMPORT: 00103 if (!has_capability('moodle/restore:restoretargetimport', $coursectx, $userid)) { 00104 $a = new stdclass(); 00105 $a->userid = $userid; 00106 $a->courseid = $courseid; 00107 $a->capability = 'moodle/restore:restoretargetimport'; 00108 throw new restore_controller_exception('restore_user_missing_capability', $a); 00109 } 00110 break; 00111 // Common backup (general, automated...), let's check all the $typecapstocheck 00112 // capability => context pairs 00113 default: 00114 foreach ($typecapstocheck as $capability => $context) { 00115 if (!has_capability($capability, $context, $userid)) { 00116 $a = new stdclass(); 00117 $a->userid = $userid; 00118 $a->courseid = $courseid; 00119 $a->capability = $capability; 00120 throw new restore_controller_exception('restore_user_missing_capability', $a); 00121 } 00122 } 00123 } 00124 00125 // Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed, 00126 // else throwing exception 00127 $userssetting = $restore_controller->get_plan()->get_setting('users'); 00128 $prevvalue = $userssetting->get_value(); 00129 $prevstatus = $userssetting->get_status(); 00130 $hasusercap = has_capability('moodle/restore:userinfo', $coursectx, $userid); 00131 00132 // If setting is enabled but user lacks permission 00133 if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled 00134 // Now analyse if we are allowed to apply changes or must stop with exception 00135 if (!$apply) { // Cannot apply changes, throw exception 00136 $a = new stdclass(); 00137 $a->setting = 'users'; 00138 $a->value = $prevvalue; 00139 $a->capability = 'moodle/restore:userinfo'; 00140 throw new restore_controller_exception('restore_setting_value_wrong_for_capability', $a); 00141 00142 } else { // Can apply changes 00143 $userssetting->set_value(false); // Set the value to false 00144 $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm 00145 } 00146 } 00147 00148 // Now, if mode is HUB or IMPORT, and still we are including users in restore, turn them off 00149 // Defaults processing should have handled this, but we need to be 100% sure 00150 if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) { 00151 $userssetting = $restore_controller->get_plan()->get_setting('users'); 00152 if ($userssetting->get_value()) { 00153 $userssetting->set_value(false); // Set the value to false 00154 $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm 00155 } 00156 } 00157 00158 // Check the user has the ability to configure the restore. If not then we need 00159 // to lock all settings by permission so that no changes can be made. This does 00160 // not apply to the import facility, where all the activities (picked on backup) 00161 // are restored automatically without restore UI 00162 if ($mode != backup::MODE_IMPORT) { 00163 $hasconfigcap = has_capability('moodle/restore:configure', $coursectx, $userid); 00164 if (!$hasconfigcap) { 00165 $settings = $restore_controller->get_plan()->get_settings(); 00166 foreach ($settings as $setting) { 00167 $setting->set_status(base_setting::LOCKED_BY_PERMISSION); 00168 } 00169 } 00170 } 00171 00172 // Ensure the user has the rolldates capability. If not we want to lock this 00173 // settings so that they cannot change it. 00174 $hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid); 00175 if ($type == backup::TYPE_1COURSE && !$hasrolldatescap) { 00176 $datesetting = $restore_controller->get_plan()->get_setting('course_startdate'); 00177 if ($datesetting) { 00178 $datesetting->set_status(base_setting::LOCKED_BY_PERMISSION); 00179 } 00180 } 00181 00182 return true; 00183 } 00184 }
1.7.6.1 
