Proyectos de Subversion Moodle

Rev

Rev 1 | Mostrar el archivo completo | | | Autoría | Ultima modificación | Ver Log |

Rev 1 Rev 11
Línea 24... Línea 24...
24 
 
 24 
 
Línea 25... Línea 25...
25 
namespace core_h5p;
 25 
namespace core_h5p;
26 
 
 26 
 
- 
 
 27 
use context_system;
Línea 27... Línea 28...
27 
use context_system;
 28 
use core_h5p\local\library\autoloader;
Línea 28... Línea 29...
28 
use core_h5p\local\library\autoloader;
 29 
use core_user;
29 
 
 30 
 
Línea 174... Línea 175...
174 
        return $config;
 175 
        return $config;
175 
    }
 176 
    }
Línea 176... Línea 177...
176 
 
 177 
 
177 
    /**
 178 
    /**
178 
     * Checks if the author of the .h5p file is "trustable". If the file hasn't been uploaded by a user with the
 179 
     * Checks if the author of the .h5p file is "trustable". If the file hasn't been uploaded by a user with the
- 
 
 180 
     * required capability, the content won't be deployed, unless the user has been deleted, in this
179 
     * required capability, the content won't be deployed.
 181 
     * case we check the capability against current user.
180 
     *
 182 
     *
181 
     * @param  stored_file $file The .h5p file to be deployed
 183 
     * @param  stored_file $file The .h5p file to be deployed
182 
     * @return bool Returns true if the file can be deployed, false otherwise.
 184 
     * @return bool Returns true if the file can be deployed, false otherwise.
183 
     */
 185 
     */
184 
    public static function can_deploy_package(\stored_file $file): bool {
 186 
    public static function can_deploy_package(\stored_file $file): bool {
- 
 
 187 
        $userid = $file->get_userid();
185 
        if (null === $file->get_userid()) {
 188 
        if (null === $userid) {
186 
            // If there is no userid, it is owned by the system.
 189 
            // If there is no userid, it is owned by the system.
187 
            return true;
 190 
            return true;
Línea 188... Línea 191...
188 
        }
 191 
        }
- 
 
 192 
 
189 
 
 193 
        $context = \context::instance_by_id($file->get_contextid());
190 
        $context = \context::instance_by_id($file->get_contextid());
 194 
        $fileuser = core_user::get_user($userid);
191 
        if (has_capability('moodle/h5p:deploy', $context, $file->get_userid())) {
 195 
        if (empty($fileuser) || $fileuser->deleted) {
192 
            return true;
 - 
 
193 
        }
 196 
            $userid = null;
194 
 
 197 
        }
Línea 195... Línea 198...
195 
        return false;
 198 
        return has_capability('moodle/h5p:deploy', $context, $userid);
196 
    }
 199 
    }
197 
 
 200 
 
198 
    /**
 201 
    /**
- 
 
 202 
     * Checks if the content-type libraries can be upgraded.
199 
     * Checks if the content-type libraries can be upgraded.
 203 
     * The H5P content-type libraries can only be upgraded if the author of the .h5p file can manage content-types or if all the
200 
     * The H5P content-type libraries can only be upgraded if the author of the .h5p file can manage content-types or if all the
 204 
     * content-types exist, to avoid users without the required capability to upload malicious content. If user has been deleted
201 
     * content-types exist, to avoid users without the required capability to upload malicious content.
 205 
     * we check against current user.
202 
     *
 206 
     *
203 
     * @param  stored_file $file The .h5p file to be deployed
 207 
     * @param  stored_file $file The .h5p file to be deployed
204 
     * @return bool Returns true if the content-type libraries can be created/updated, false otherwise.
 208 
     * @return bool Returns true if the content-type libraries can be created/updated, false otherwise.
- 
 
 209 
     */
205 
     */
 210 
    public static function can_update_library(\stored_file $file): bool {
206 
    public static function can_update_library(\stored_file $file): bool {
 211 
        $userid = $file->get_userid();
207 
        if (null === $file->get_userid()) {
 212 
        if (null === $userid) {
208 
            // If there is no userid, it is owned by the system.
 - 
 
209 
            return true;
 213 
            // If there is no userid, it is owned by the system.
210 
        }
 214 
            return true;
- 
 
 215 
        }
211 
 
 216 
        // Check if the owner of the .h5p file has the capability to manage content-types.
212 
        // Check if the owner of the .h5p file has the capability to manage content-types.
 217 
        $context = \context::instance_by_id($file->get_contextid());
213 
        $context = \context::instance_by_id($file->get_contextid());
 218 
        $fileuser = core_user::get_user($userid);
Línea 214... Línea 219...
214 
        if (has_capability('moodle/h5p:updatelibraries', $context, $file->get_userid())) {
 219 
        if (empty($fileuser) || $fileuser->deleted) {
215 
            return true;
 220 
            $userid = null;
Línea 216... Línea 221...
216 
        }
 221 
        }
217 
 
 222 
 
218 
        return false;
 223 
        return has_capability('moodle/h5p:updatelibraries', $context, $userid);