coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backup/util/checks/backup_check.class.php
+236
View File
@@ -0,0 +1,236 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* @package moodlecore
* @subpackage backup-factories
* @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Non instantiable helper class providing different backup checks
*
* This class contains various static methods available in order to easily
* perform a bunch of backup architecture tests
*
* TODO: Finish phpdocs
*/
abstract class backup_check {
public static function check_format_and_type($format, $type) {
global $CFG;
$file = $CFG->dirroot . '/backup/' . $format . '/backup_plan_builder.class.php';
if (! file_exists($file)) {
throw new backup_controller_exception('backup_check_unsupported_format', $format);
}
require_once($file);
if (!in_array($type, backup_plan_builder::supported_backup_types())) {
throw new backup_controller_exception('backup_check_unsupported_type', $type);
}
require_once($CFG->dirroot . '/backup/moodle2/backup_plan_builder.class.php');
}
public static function check_id($type, $id) {
global $DB;
switch ($type) {
case backup::TYPE_1ACTIVITY:
// id must exist in course_modules table
if (! $DB->record_exists('course_modules', array('id' => $id))) {
throw new backup_controller_exception('backup_check_module_not_exists', $id);
}
break;
case backup::TYPE_1SECTION:
// id must exist in course_sections table
if (! $DB->record_exists('course_sections', array('id' => $id))) {
throw new backup_controller_exception('backup_check_section_not_exists', $id);
}
break;
case backup::TYPE_1COURSE:
// id must exist in course table
if (! $DB->record_exists('course', array('id' => $id))) {
throw new backup_controller_exception('backup_check_course_not_exists', $id);
}
break;
default:
throw new backup_controller_exception('backup_check_incorrect_type', $type);
}
return true;
}
public static function check_user($userid) {
global $DB;
// userid must exist in user table
if (! $DB->record_exists('user', array('id' => $userid))) {
throw new backup_controller_exception('backup_check_user_not_exists', $userid);
}
return true;
}
public static function check_security($backup_controller, $apply) {
global $DB;
if (! $backup_controller instanceof backup_controller) {
throw new backup_controller_exception('backup_check_security_requires_backup_controller');
}
$backup_controller->log('checking plan security', backup::LOG_INFO);
// Some handy vars
$type = $backup_controller->get_type();
$mode = $backup_controller->get_mode();
$courseid = $backup_controller->get_courseid();
$coursectx= context_course::instance($courseid);
$userid = $backup_controller->get_userid();
$id = $backup_controller->get_id(); // courseid / sectionid / cmid
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course backup, not current $USER at all!!
// First of all, decide which caps/contexts are we going to check
// for common backups (general, automated...) based exclusively
// in the type (course, section, activity). And store them into
// one capability => context array structure
$typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
$DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
$typecapstocheck['moodle/backup:backupcourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
$DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
$typecapstocheck['moodle/backup:backupsection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
$modulectx = context_module::instance($id);
$typecapstocheck['moodle/backup:backupactivity'] = $modulectx;
break;
default :
throw new backup_controller_exception('backup_unknown_backup_type', $type);
}
// Now, if backup mode is hub or import, check userid has permissions for those modes
// other modes will perform common checks only (backupxxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_IMPORT:
if (!has_capability('moodle/backup:backuptargetimport', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/backup:backuptargetimport';
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
break;
// Common backup (general, automated...), let's check all the $typecapstocheck
// capability => context pairs
default:
foreach ($typecapstocheck as $capability => $context) {
if (!has_capability($capability, $context, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = $capability;
throw new backup_controller_exception('backup_user_missing_capability', $a);
}
}
}
// Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
// else throwing exception
$userssetting = $backup_controller->get_plan()->get_setting('users');
$prevvalue = $userssetting->get_value();
$prevstatus = $userssetting->get_status();
$hasusercap = has_capability('moodle/backup:userinfo', $coursectx, $userid);
// If setting is enabled but user lacks permission
if (!$hasusercap) { // If user has not the capability
// Now analyse if we are allowed to apply changes or must stop with exception
if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception
$a = new stdclass();
$a->setting = 'users';
$a->value = $prevvalue;
$a->capability = 'moodle/backup:userinfo';
throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
} else { // Can apply changes
// If it is already false, we don't want to try and set it again, because if it is
// already locked, and exception will occur. The side benifit is if it is true and locked
// we will get an exception...
if ($prevvalue) {
$userssetting->set_value(false); // Set the value to false
}
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
}
}
// Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed,
// else throwing exception
$anonsetting = $backup_controller->get_plan()->get_setting('anonymize');
$prevvalue = $anonsetting->get_value();
$prevstatus = $anonsetting->get_status();
$hasanoncap = has_capability('moodle/backup:anonymise', $coursectx, $userid);
// If setting is enabled but user lacks permission
if (!$hasanoncap) { // If user has not the capability
// Now analyse if we are allowed to apply changes or must stop with exception
if (!$apply && $prevvalue) { // Cannot apply changes and the value is set, throw exception
$a = new stdclass();
$a->setting = 'anonymize';
$a->value = $prevvalue;
$a->capability = 'moodle/backup:anonymise';
throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
} else { // Can apply changes
if ($prevvalue) { // If we try and set it back to false and it has already been locked, error will occur
$anonsetting->set_value(false); // Set the value to false
}
$anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
}
}
// Now, if mode is HUB or IMPORT, and still we are including users in backup, turn them off
// Defaults processing should have handled this, but we need to be 100% sure
if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) {
$userssetting = $backup_controller->get_plan()->get_setting('users');
if ($userssetting->get_value()) {
$userssetting->set_value(false); // Set the value to false
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
}
}
// Check the user has the ability to configure the backup. If not then we need
// to lock all settings by permission so that no changes can be made. This does
// not apply to the import facility, where the activities must be always enabled
// to be able to pick them
if ($mode != backup::MODE_IMPORT) {
$hasconfigcap = has_capability('moodle/backup:configure', $coursectx, $userid);
if (!$hasconfigcap) {
$settings = $backup_controller->get_plan()->get_settings();
foreach ($settings as $setting) {
if ($setting->get_name() == 'filename') {
continue;
}
$setting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
}
}
return true;
}
}
backup/util/checks/restore_check.class.php
+223
View File
@@ -0,0 +1,223 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* @package moodlecore
* @subpackage backup-factories
* @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Non instantiable helper class providing different restore checks
*
* This class contains various static methods available in order to easily
* perform a bunch of restore architecture tests
*
* TODO: Finish phpdocs
*/
abstract class restore_check {
public static function check_courseid($courseid) {
global $DB;
// id must exist in course table
if (! $DB->record_exists('course', array('id' => $courseid))) {
throw new restore_controller_exception('restore_check_course_not_exists', $courseid);
}
return true;
}
public static function check_user($userid) {
global $DB;
// userid must exist in user table
if (! $DB->record_exists('user', array('id' => $userid))) {
throw new restore_controller_exception('restore_check_user_not_exists', $userid);
}
return true;
}
public static function check_security($restore_controller, $apply) {
global $DB;
if (! $restore_controller instanceof restore_controller) {
throw new restore_controller_exception('restore_check_security_requires_restore_controller');
}
$restore_controller->log('checking plan security', backup::LOG_INFO);
// Some handy vars
$type = $restore_controller->get_type();
$mode = $restore_controller->get_mode();
$courseid = $restore_controller->get_courseid();
$coursectx= context_course::instance($courseid);
$userid = $restore_controller->get_userid();
// Note: all the checks along the function MUST be performed for $userid, that
// is the user who "requested" the course restore, not current $USER at all!!
// First of all, decide which caps/contexts are we going to check
// for common backups (general, automated...) based exclusively
// in the type (course, section, activity). And store them into
// one capability => context array structure
$typecapstocheck = array();
switch ($type) {
case backup::TYPE_1COURSE :
$typecapstocheck['moodle/restore:restorecourse'] = $coursectx;
break;
case backup::TYPE_1SECTION :
$typecapstocheck['moodle/restore:restoresection'] = $coursectx;
break;
case backup::TYPE_1ACTIVITY :
$typecapstocheck['moodle/restore:restoreactivity'] = $coursectx;
break;
default :
throw new restore_controller_exception('restore_unknown_restore_type', $type);
}
// Now, if restore mode is hub or import, check userid has permissions for those modes
// other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck)
switch ($mode) {
case backup::MODE_IMPORT:
if (!has_capability('moodle/restore:restoretargetimport', $coursectx, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = 'moodle/restore:restoretargetimport';
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
break;
// Common backup (general, automated...), let's check all the $typecapstocheck
// capability => context pairs
default:
foreach ($typecapstocheck as $capability => $context) {
if (!has_capability($capability, $context, $userid)) {
$a = new stdclass();
$a->userid = $userid;
$a->courseid = $courseid;
$a->capability = $capability;
throw new restore_controller_exception('restore_user_missing_capability', $a);
}
}
}
// Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed,
// else throwing exception
$userssetting = $restore_controller->get_plan()->get_setting('users');
$prevvalue = $userssetting->get_value();
$prevstatus = $userssetting->get_status();
$hasusercap = has_capability('moodle/restore:userinfo', $coursectx, $userid);
// If setting is enabled but user lacks permission
if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
// Now analyse if we are allowed to apply changes or must stop with exception
if (!$apply) { // Cannot apply changes, throw exception
$a = new stdclass();
$a->setting = 'users';
$a->value = $prevvalue;
$a->capability = 'moodle/restore:userinfo';
throw new restore_controller_exception('restore_setting_value_wrong_for_capability', $a);
} else { // Can apply changes
$userssetting->set_value(false); // Set the value to false
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
}
}
// Now, if mode is HUB or IMPORT, and still we are including users in restore, turn them off
// Defaults processing should have handled this, but we need to be 100% sure
if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) {
$userssetting = $restore_controller->get_plan()->get_setting('users');
if ($userssetting->get_value()) {
$userssetting->set_value(false); // Set the value to false
$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
}
}
// Check the user has the ability to configure the restore. If not then we need
// to lock all settings by permission so that no changes can be made. This does
// not apply to the import facility, where all the activities (picked on backup)
// are restored automatically without restore UI
if ($mode != backup::MODE_IMPORT) {
$hasconfigcap = has_capability('moodle/restore:configure', $coursectx, $userid);
if (!$hasconfigcap) {
$settings = $restore_controller->get_plan()->get_settings();
foreach ($settings as $setting) {
$setting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
}
}
if ($type == backup::TYPE_1COURSE) {
// Ensure the user has the rolldates capability. If not we want to lock this
// settings so that they cannot change it.
$hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid);
if (!$hasrolldatescap) {
$startdatesetting = $restore_controller->get_plan()->get_setting('course_startdate');
if ($startdatesetting) {
$startdatesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
$startdatesetting->set_value(false);
$startdatesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
}
// Ensure the user has the changefullname capability. If not we want to lock
// the setting so that they cannot change it.
$haschangefullnamecap = has_capability('moodle/course:changefullname', $coursectx, $userid);
if (!$haschangefullnamecap) {
$fullnamesetting = $restore_controller->get_plan()->get_setting('course_fullname');
$fullnamesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
$fullnamesetting->set_value(false);
$fullnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
// Ensure the user has the changeshortname capability. If not we want to lock
// the setting so that they cannot change it.
$haschangeshortnamecap = has_capability('moodle/course:changeshortname', $coursectx, $userid);
if (!$haschangeshortnamecap) {
$shortnamesetting = $restore_controller->get_plan()->get_setting('course_shortname');
$shortnamesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
$shortnamesetting->set_value(false);
$shortnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
// Ensure the user has the update capability. If not we want to lock
// the overwrite setting so that they cannot change it.
$hasupdatecap = has_capability('moodle/course:update', $coursectx, $userid);
if (!$hasupdatecap) {
$overwritesetting = $restore_controller->get_plan()->get_setting('overwrite_conf');
$overwritesetting->set_status(base_setting::NOT_LOCKED); // Permission lock overrides config lock.
$overwritesetting->set_value(false);
$overwritesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
// Ensure the user has the capability to manage enrolment methods. If not we want to unset and lock
// the setting so that they cannot change it.
$hasmanageenrolcap = has_capability('moodle/course:enrolconfig', $coursectx, $userid);
if (!$hasmanageenrolcap) {
if ($restore_controller->get_plan()->setting_exists('enrolments')) {
$enrolsetting = $restore_controller->get_plan()->get_setting('enrolments');
if ($enrolsetting->get_value() != backup::ENROL_NEVER) {
$enrolsetting->set_status(base_setting::NOT_LOCKED); // In case it was locked earlier.
$enrolsetting->set_value(backup::ENROL_NEVER);
}
$enrolsetting->set_status(base_setting::LOCKED_BY_PERMISSION);
}
}
}
return true;
}
}
backup/util/checks/tests/checks_test.php
+141
View File
@@ -0,0 +1,141 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core_backup;
use backup;
use backup_check;
use backup_controller;
use backup_controller_exception;
defined('MOODLE_INTERNAL') || die();
// Include all the needed stuff
global $CFG;
require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php');
/**
* Check tests (all).
*
* @package core_backup
* @category test
* @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class checks_test extends \advanced_testcase {
protected $moduleid; // course_modules id used for testing
protected $sectionid; // course_sections id used for testing
protected $courseid; // course id used for testing
protected $userid; // user record id
protected function setUp(): void {
global $DB, $CFG;
parent::setUp();
$this->resetAfterTest(true);
$course = $this->getDataGenerator()->create_course(array(), array('createsections' => true));
$page = $this->getDataGenerator()->create_module('page', array('course'=>$course->id), array('section'=>3));
$coursemodule = $DB->get_record('course_modules', array('id'=>$page->cmid));
$this->moduleid = $coursemodule->id;
$this->sectionid = $coursemodule->section;
$this->courseid = $coursemodule->course;
$this->userid = 2; // admin
$CFG->backup_error_log_logger_level = backup::LOG_NONE;
$CFG->backup_output_indented_logger_level = backup::LOG_NONE;
$CFG->backup_file_logger_level = backup::LOG_NONE;
$CFG->backup_database_logger_level = backup::LOG_NONE;
unset($CFG->backup_file_logger_extra);
$CFG->backup_file_logger_level_extra = backup::LOG_NONE;
}
/*
* test backup_check class
*/
public function test_backup_check(): void {
// Check against existing course module/section course or fail
$this->assertTrue(backup_check::check_id(backup::TYPE_1ACTIVITY, $this->moduleid));
$this->assertTrue(backup_check::check_id(backup::TYPE_1SECTION, $this->sectionid));
$this->assertTrue(backup_check::check_id(backup::TYPE_1COURSE, $this->courseid));
$this->assertTrue(backup_check::check_user($this->userid));
// Check against non-existing course module/section/course (0)
try {
backup_check::check_id(backup::TYPE_1ACTIVITY, 0);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\Exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_module_not_exists');
}
try {
backup_check::check_id(backup::TYPE_1SECTION, 0);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_section_not_exists');
}
try {
backup_check::check_id(backup::TYPE_1COURSE, 0);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\Exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_course_not_exists');
}
// Try wrong type
try {
backup_check::check_id(12345678,0);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\Exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_incorrect_type');
}
// Test non-existing user
$userid = 0;
try {
backup_check::check_user($userid);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\Exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_user_not_exists');
}
// Security check tests
// Try to pass wrong controller
try {
backup_check::check_security(new \stdClass(), true);
$this->assertTrue(false, 'backup_controller_exception expected');
} catch (\Exception $e) {
$this->assertTrue($e instanceof backup_controller_exception);
$this->assertEquals($e->errorcode, 'backup_check_security_requires_backup_controller');
}
// Pass correct controller, check must return true in any case with $apply enabled
// and $bc must continue being mock_backup_controller
$bc = new backup_controller(backup::TYPE_1ACTIVITY, $this->moduleid, backup::FORMAT_MOODLE,
backup::INTERACTIVE_NO, backup::MODE_GENERAL, $this->userid);
$this->assertTrue(backup_check::check_security($bc, true));
$this->assertTrue($bc instanceof backup_controller);
$bc->destroy();
}
}