| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
// This file is part of Moodle - http://moodle.org/
|
|
|
4 |
//
|
|
|
5 |
// Moodle is free software: you can redistribute it and/or modify
|
|
|
6 |
// it under the terms of the GNU General Public License as published by
|
|
|
7 |
// the Free Software Foundation, either version 3 of the License, or
|
|
|
8 |
// (at your option) any later version.
|
|
|
9 |
//
|
|
|
10 |
// Moodle is distributed in the hope that it will be useful,
|
|
|
11 |
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
12 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
13 |
// GNU General Public License for more details.
|
|
|
14 |
//
|
|
|
15 |
// You should have received a copy of the GNU General Public License
|
|
|
16 |
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
17 |
|
|
|
18 |
/**
|
|
|
19 |
* @package moodlecore
|
|
|
20 |
* @subpackage backup-factories
|
|
|
21 |
* @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
|
|
|
22 |
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
23 |
*/
|
|
|
24 |
|
|
|
25 |
/**
|
|
|
26 |
* Non instantiable helper class providing different restore checks
|
|
|
27 |
*
|
|
|
28 |
* This class contains various static methods available in order to easily
|
|
|
29 |
* perform a bunch of restore architecture tests
|
|
|
30 |
*
|
|
|
31 |
* TODO: Finish phpdocs
|
|
|
32 |
*/
|
|
|
33 |
abstract class restore_check {
|
|
|
34 |
|
|
|
35 |
public static function check_courseid($courseid) {
|
|
|
36 |
global $DB;
|
|
|
37 |
// id must exist in course table
|
|
|
38 |
if (! $DB->record_exists('course', array('id' => $courseid))) {
|
|
|
39 |
throw new restore_controller_exception('restore_check_course_not_exists', $courseid);
|
|
|
40 |
}
|
|
|
41 |
return true;
|
|
|
42 |
}
|
|
|
43 |
|
|
|
44 |
public static function check_user($userid) {
|
|
|
45 |
global $DB;
|
|
|
46 |
// userid must exist in user table
|
|
|
47 |
if (! $DB->record_exists('user', array('id' => $userid))) {
|
|
|
48 |
throw new restore_controller_exception('restore_check_user_not_exists', $userid);
|
|
|
49 |
}
|
|
|
50 |
return true;
|
|
|
51 |
}
|
|
|
52 |
|
|
|
53 |
public static function check_security($restore_controller, $apply) {
|
|
|
54 |
global $DB;
|
|
|
55 |
|
|
|
56 |
if (! $restore_controller instanceof restore_controller) {
|
|
|
57 |
throw new restore_controller_exception('restore_check_security_requires_restore_controller');
|
|
|
58 |
}
|
|
|
59 |
$restore_controller->log('checking plan security', backup::LOG_INFO);
|
|
|
60 |
|
|
|
61 |
// Some handy vars
|
|
|
62 |
$type = $restore_controller->get_type();
|
|
|
63 |
$mode = $restore_controller->get_mode();
|
|
|
64 |
$courseid = $restore_controller->get_courseid();
|
|
|
65 |
$coursectx= context_course::instance($courseid);
|
|
|
66 |
$userid = $restore_controller->get_userid();
|
|
|
67 |
|
|
|
68 |
// Note: all the checks along the function MUST be performed for $userid, that
|
|
|
69 |
// is the user who "requested" the course restore, not current $USER at all!!
|
|
|
70 |
|
|
|
71 |
// First of all, decide which caps/contexts are we going to check
|
|
|
72 |
// for common backups (general, automated...) based exclusively
|
|
|
73 |
// in the type (course, section, activity). And store them into
|
|
|
74 |
// one capability => context array structure
|
|
|
75 |
$typecapstocheck = array();
|
|
|
76 |
switch ($type) {
|
|
|
77 |
case backup::TYPE_1COURSE :
|
|
|
78 |
$typecapstocheck['moodle/restore:restorecourse'] = $coursectx;
|
|
|
79 |
break;
|
|
|
80 |
case backup::TYPE_1SECTION :
|
|
|
81 |
$typecapstocheck['moodle/restore:restoresection'] = $coursectx;
|
|
|
82 |
break;
|
|
|
83 |
case backup::TYPE_1ACTIVITY :
|
|
|
84 |
$typecapstocheck['moodle/restore:restoreactivity'] = $coursectx;
|
|
|
85 |
break;
|
|
|
86 |
default :
|
|
|
87 |
throw new restore_controller_exception('restore_unknown_restore_type', $type);
|
|
|
88 |
}
|
|
|
89 |
|
|
|
90 |
// Now, if restore mode is hub or import, check userid has permissions for those modes
|
|
|
91 |
// other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck)
|
|
|
92 |
switch ($mode) {
|
|
|
93 |
case backup::MODE_IMPORT:
|
|
|
94 |
if (!has_capability('moodle/restore:restoretargetimport', $coursectx, $userid)) {
|
|
|
95 |
$a = new stdclass();
|
|
|
96 |
$a->userid = $userid;
|
|
|
97 |
$a->courseid = $courseid;
|
|
|
98 |
$a->capability = 'moodle/restore:restoretargetimport';
|
|
|
99 |
throw new restore_controller_exception('restore_user_missing_capability', $a);
|
|
|
100 |
}
|
|
|
101 |
break;
|
|
|
102 |
// Common backup (general, automated...), let's check all the $typecapstocheck
|
|
|
103 |
// capability => context pairs
|
|
|
104 |
default:
|
|
|
105 |
foreach ($typecapstocheck as $capability => $context) {
|
|
|
106 |
if (!has_capability($capability, $context, $userid)) {
|
|
|
107 |
$a = new stdclass();
|
|
|
108 |
$a->userid = $userid;
|
|
|
109 |
$a->courseid = $courseid;
|
|
|
110 |
$a->capability = $capability;
|
|
|
111 |
throw new restore_controller_exception('restore_user_missing_capability', $a);
|
|
|
112 |
}
|
|
|
113 |
}
|
|
|
114 |
}
|
|
|
115 |
|
|
|
116 |
// Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed,
|
|
|
117 |
// else throwing exception
|
|
|
118 |
$userssetting = $restore_controller->get_plan()->get_setting('users');
|
|
|
119 |
$prevvalue = $userssetting->get_value();
|
|
|
120 |
$prevstatus = $userssetting->get_status();
|
|
|
121 |
$hasusercap = has_capability('moodle/restore:userinfo', $coursectx, $userid);
|
|
|
122 |
|
|
|
123 |
// If setting is enabled but user lacks permission
|
|
|
124 |
if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
|
|
|
125 |
// Now analyse if we are allowed to apply changes or must stop with exception
|
|
|
126 |
if (!$apply) { // Cannot apply changes, throw exception
|
|
|
127 |
$a = new stdclass();
|
|
|
128 |
$a->setting = 'users';
|
|
|
129 |
$a->value = $prevvalue;
|
|
|
130 |
$a->capability = 'moodle/restore:userinfo';
|
|
|
131 |
throw new restore_controller_exception('restore_setting_value_wrong_for_capability', $a);
|
|
|
132 |
|
|
|
133 |
} else { // Can apply changes
|
|
|
134 |
$userssetting->set_value(false); // Set the value to false
|
|
|
135 |
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
|
|
|
136 |
}
|
|
|
137 |
}
|
|
|
138 |
|
|
|
139 |
// Now, if mode is HUB or IMPORT, and still we are including users in restore, turn them off
|
|
|
140 |
// Defaults processing should have handled this, but we need to be 100% sure
|
|
|
141 |
if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) {
|
|
|
142 |
$userssetting = $restore_controller->get_plan()->get_setting('users');
|
|
|
143 |
if ($userssetting->get_value()) {
|
|
|
144 |
$userssetting->set_value(false); // Set the value to false
|
|
|
145 |
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
|
|
|
146 |
}
|
|
|
147 |
}
|
|
|
148 |
|
|
|
149 |
// Check the user has the ability to configure the restore. If not then we need
|
|
|
150 |
// to lock all settings by permission so that no changes can be made. This does
|
|
|
151 |
// not apply to the import facility, where all the activities (picked on backup)
|
|
|
152 |
// are restored automatically without restore UI
|
|
|
153 |
if ($mode != backup::MODE_IMPORT) {
|
|
|
154 |
$hasconfigcap = has_capability('moodle/restore:configure', $coursectx, $userid);
|
|
|
155 |
if (!$hasconfigcap) {
|
|
|
156 |
$settings = $restore_controller->get_plan()->get_settings();
|
|
|
157 |
foreach ($settings as $setting) {
|
|
|
158 |
$setting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
159 |
}
|
|
|
160 |
}
|
|
|
161 |
}
|
|
|
162 |
|
|
|
163 |
if ($type == backup::TYPE_1COURSE) {
|
|
|
164 |
// Ensure the user has the rolldates capability. If not we want to lock this
|
|
|
165 |
// settings so that they cannot change it.
|
|
|
166 |
$hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid);
|
|
|
167 |
if (!$hasrolldatescap) {
|
|
|
168 |
$startdatesetting = $restore_controller->get_plan()->get_setting('course_startdate');
|
|
|
169 |
if ($startdatesetting) {
|
|
|
170 |
$startdatesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
|
|
|
171 |
$startdatesetting->set_value(false);
|
|
|
172 |
$startdatesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
173 |
}
|
|
|
174 |
}
|
|
|
175 |
|
|
|
176 |
// Ensure the user has the changefullname capability. If not we want to lock
|
|
|
177 |
// the setting so that they cannot change it.
|
|
|
178 |
$haschangefullnamecap = has_capability('moodle/course:changefullname', $coursectx, $userid);
|
|
|
179 |
if (!$haschangefullnamecap) {
|
|
|
180 |
$fullnamesetting = $restore_controller->get_plan()->get_setting('course_fullname');
|
|
|
181 |
$fullnamesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
|
|
|
182 |
$fullnamesetting->set_value(false);
|
|
|
183 |
$fullnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
184 |
}
|
|
|
185 |
|
|
|
186 |
// Ensure the user has the changeshortname capability. If not we want to lock
|
|
|
187 |
// the setting so that they cannot change it.
|
|
|
188 |
$haschangeshortnamecap = has_capability('moodle/course:changeshortname', $coursectx, $userid);
|
|
|
189 |
if (!$haschangeshortnamecap) {
|
|
|
190 |
$shortnamesetting = $restore_controller->get_plan()->get_setting('course_shortname');
|
|
|
191 |
$shortnamesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
|
|
|
192 |
$shortnamesetting->set_value(false);
|
|
|
193 |
$shortnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
194 |
}
|
|
|
195 |
|
|
|
196 |
// Ensure the user has the update capability. If not we want to lock
|
|
|
197 |
// the overwrite setting so that they cannot change it.
|
|
|
198 |
$hasupdatecap = has_capability('moodle/course:update', $coursectx, $userid);
|
|
|
199 |
if (!$hasupdatecap) {
|
|
|
200 |
$overwritesetting = $restore_controller->get_plan()->get_setting('overwrite_conf');
|
|
|
201 |
$overwritesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
|
|
|
202 |
$overwritesetting->set_value(false);
|
|
|
203 |
$overwritesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
204 |
}
|
|
|
205 |
|
|
|
206 |
// Ensure the user has the capability to manage enrolment methods. If not we want to unset and lock
|
|
|
207 |
// the setting so that they cannot change it.
|
|
|
208 |
$hasmanageenrolcap = has_capability('moodle/course:enrolconfig', $coursectx, $userid);
|
|
|
209 |
if (!$hasmanageenrolcap) {
|
|
|
210 |
if ($restore_controller->get_plan()->setting_exists('enrolments')) {
|
|
|
211 |
$enrolsetting = $restore_controller->get_plan()->get_setting('enrolments');
|
|
|
212 |
if ($enrolsetting->get_value() != backup::ENROL_NEVER) {
|
|
|
213 |
$enrolsetting->set_status(base_setting::NOT_LOCKED); // In case it was locked earlier.
|
|
|
214 |
$enrolsetting->set_value(backup::ENROL_NEVER);
|
|
|
215 |
}
|
|
|
216 |
$enrolsetting->set_status(base_setting::LOCKED_BY_PERMISSION);
|
|
|
217 |
}
|
|
|
218 |
}
|
|
|
219 |
}
|
|
|
220 |
|
|
|
221 |
return true;
|
|
|
222 |
}
|
|
|
223 |
}
|