[moodle.git] / backup / util / checks / backup_check.class.php

<?php

// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * @package    moodlecore
 * @subpackage backup-factories
 * @copyright  2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

/**
 * Non instantiable helper class providing different backup checks
 *
 * This class contains various static methods available in order to easily
 * perform a bunch of backup architecture tests
 *
 * TODO: Finish phpdocs
 */
abstract class backup_check {

    public static function check_format_and_type($format, $type) {
        global $CFG;

        $file = $CFG->dirroot . '/backup/' . $format . '/backup_plan_builder.class.php';
        if (! file_exists($file)) {
            throw new backup_controller_exception('backup_check_unsupported_format', $format);
        }
        require_once($file);
        if (!in_array($type, backup_plan_builder::supported_backup_types())) {
            throw new backup_controller_exception('backup_check_unsupported_type', $type);
        }

        require_once($CFG->dirroot . '/backup/moodle2/backup_plan_builder.class.php');
    }

    public static function check_id($type, $id) {
        global $DB;
        switch ($type) {
            case backup::TYPE_1ACTIVITY:
                // id must exist in course_modules table
                if (! $DB->record_exists('course_modules', array('id' => $id))) {
                    throw new backup_controller_exception('backup_check_module_not_exists', $id);
                }
                break;
            case backup::TYPE_1SECTION:
                // id must exist in course_sections table
                if (! $DB->record_exists('course_sections', array('id' => $id))) {
                    throw new backup_controller_exception('backup_check_section_not_exists', $id);
                }
                break;
            case backup::TYPE_1COURSE:
                // id must exist in course table
                if (! $DB->record_exists('course', array('id' => $id))) {
                    throw new backup_controller_exception('backup_check_course_not_exists', $id);
                }
                break;
            default:
                throw new backup_controller_exception('backup_check_incorrect_type', $type);
        }
        return true;
    }

    public static function check_user($userid) {
        global $DB;
        // userid must exist in user table
        if (! $DB->record_exists('user', array('id' => $userid))) {
            throw new backup_controller_exception('backup_check_user_not_exists', $userid);
        }
        return true;
    }

    public static function check_security($backup_controller, $apply) {
        global $DB;

        if (! $backup_controller instanceof backup_controller) {
            throw new backup_controller_exception('backup_check_security_requires_backup_controller');
        }
        $backup_controller->log('checking plan security', backup::LOG_INFO);

        // Some handy vars
        $type     = $backup_controller->get_type();
        $mode     = $backup_controller->get_mode();
        $courseid = $backup_controller->get_courseid();
        $coursectx= get_context_instance(CONTEXT_COURSE, $courseid);
        $userid   = $backup_controller->get_userid();
        $id       = $backup_controller->get_id(); // courseid / sectionid / cmid

        // Note: all the checks along the function MUST be performed for $userid, that
        // is the user who "requested" the course backup, not current $USER at all!!

        // First of all, check the main backup[course|section|activity] principal caps
        // Lacking the corresponding one makes this to break with exception always
        switch ($type) {
            case backup::TYPE_1COURSE :
                $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
                require_capability('moodle/backup:backupcourse', $coursectx, $userid);
                break;
            case backup::TYPE_1SECTION :
                $DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
                require_capability('moodle/backup:backupsection', $coursectx, $userid);
                break;
            case backup::TYPE_1ACTIVITY :
                get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
                $modulectx = get_context_instance(CONTEXT_MODULE, $id);
                require_capability('moodle/backup:backupactivity', $modulectx, $userid);
                break;
            default :
                print_error('unknownbackuptype');
        }

        // Now, if backup mode is hub or import, check userid has permissions for those modes
        switch ($mode) {
            case backup::MODE_HUB:
                require_capability('moodle/backup:backuptargethub', $coursectx, $userid);
                break;
            case backup::MODE_IMPORT:
                require_capability('moodle/backup:backuptargetimport', $coursectx, $userid);
                break;
        }

        // Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
        // else throwing exception
        $userssetting = $backup_controller->get_plan()->get_setting('users');
        $prevvalue    = $userssetting->get_value();
        $prevstatus   = $userssetting->get_status();
        $hasusercap   = has_capability('moodle/backup:userinfo', $coursectx, $userid);

        // If setting is enabled but user lacks permission
        if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
            // Now analyse if we are allowed to apply changes or must stop with exception
            if (!$apply) { // Cannot apply changes, throw exception
                $a = new stdclass();
                $a->setting = 'users';
                $a->value = $prevvalue;
                $a->capability = 'moodle/backup:userinfo';
                throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);

            } else { // Can apply changes
                $userssetting->set_value(false);                              // Set the value to false
                $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
            }
        }

        // Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed,
        // else throwing exception
        $anonsetting = $backup_controller->get_plan()->get_setting('anonymize');
        $prevvalue   = $userssetting->get_value();
        $prevstatus  = $userssetting->get_status();
        $hasanoncap  = has_capability('moodle/backup:anonymise', $coursectx, $userid);

        // If setting is enabled but user lacks permission
        if (!$hasanoncap && $prevvalue) { // If user has not the capability and setting is enabled
            // Now analyse if we are allowed to apply changes or must stop with exception
            if (!$apply) { // Cannot apply changes, throw exception
                $a = new stdclass();
                $a->setting = 'anonymize';
                $a->value = $prevvalue;
                $a->capability = 'moodle/backup:anonymise';
                throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);

            } else { // Can apply changes
                $anonsetting->set_value(false);                              // Set the value to false
                $anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
            }
        }

        return true;
    }
}
Commit	Line	Data
69dd0c8c EL	1	<?php
	2
	3	// This file is part of Moodle - http://moodle.org/
	4	//
	5	// Moodle is free software: you can redistribute it and/or modify
	6	// it under the terms of the GNU General Public License as published by
	7	// the Free Software Foundation, either version 3 of the License, or
	8	// (at your option) any later version.
	9	//
	10	// Moodle is distributed in the hope that it will be useful,
	11	// but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	// GNU General Public License for more details.
	14	//
	15	// You should have received a copy of the GNU General Public License
	16	// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
	17
	18	/**
	19	* @package moodlecore
	20	* @subpackage backup-factories
	21	* @copyright 2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
	22	* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
	23	*/
	24
	25	/**
	26	* Non instantiable helper class providing different backup checks
	27	*
	28	* This class contains various static methods available in order to easily
	29	* perform a bunch of backup architecture tests
	30	*
	31	* TODO: Finish phpdocs
	32	*/
	33	abstract class backup_check {
	34
	35	public static function check_format_and_type($format, $type) {
	36	global $CFG;
	37
	38	$file = $CFG->dirroot . '/backup/' . $format . '/backup_plan_builder.class.php';
	39	if (! file_exists($file)) {
	40	throw new backup_controller_exception('backup_check_unsupported_format', $format);
	41	}
	42	require_once($file);
	43	if (!in_array($type, backup_plan_builder::supported_backup_types())) {
	44	throw new backup_controller_exception('backup_check_unsupported_type', $type);
	45	}
	46
	47	require_once($CFG->dirroot . '/backup/moodle2/backup_plan_builder.class.php');
	48	}
	49
	50	public static function check_id($type, $id) {
	51	global $DB;
	52	switch ($type) {
	53	case backup::TYPE_1ACTIVITY:
	54	// id must exist in course_modules table
	55	if (! $DB->record_exists('course_modules', array('id' => $id))) {
	56	throw new backup_controller_exception('backup_check_module_not_exists', $id);
	57	}
	58	break;
	59	case backup::TYPE_1SECTION:
	60	// id must exist in course_sections table
	61	if (! $DB->record_exists('course_sections', array('id' => $id))) {
	62	throw new backup_controller_exception('backup_check_section_not_exists', $id);
	63	}
	64	break;
65	case backup::TYPE_1COURSE:
66	// id must exist in course table
67	if (! $DB->record_exists('course', array('id' => $id))) {
68	throw new backup_controller_exception('backup_check_course_not_exists', $id);
69	}
70	break;
71	default:
72	throw new backup_controller_exception('backup_check_incorrect_type', $type);
73	}
74	return true;
75	}
76
77	public static function check_user($userid) {
78	global $DB;
79	// userid must exist in user table
80	if (! $DB->record_exists('user', array('id' => $userid))) {
81	throw new backup_controller_exception('backup_check_user_not_exists', $userid);
82	}
83	return true;
84	}
85
86	public static function check_security($backup_controller, $apply) {
c0772270 EL	87	global $DB;
c0772270 EL	88
69dd0c8c EL	89	if (! $backup_controller instanceof backup_controller) {
	90	throw new backup_controller_exception('backup_check_security_requires_backup_controller');
	91	}
	92	$backup_controller->log('checking plan security', backup::LOG_INFO);
c0772270 EL	93
	94	// Some handy vars
	95	$type = $backup_controller->get_type();
	96	$mode = $backup_controller->get_mode();
	97	$courseid = $backup_controller->get_courseid();
	98	$coursectx= get_context_instance(CONTEXT_COURSE, $courseid);
	99	$userid = $backup_controller->get_userid();
	100	$id = $backup_controller->get_id(); // courseid / sectionid / cmid
	101
	102	// Note: all the checks along the function MUST be performed for $userid, that
	103	// is the user who "requested" the course backup, not current $USER at all!!
	104
	105	// First of all, check the main backup[course\|section\|activity] principal caps
	106	// Lacking the corresponding one makes this to break with exception always
	107	switch ($type) {
	108	case backup::TYPE_1COURSE :
	109	$DB->get_record('course', array('id' => $id), '*', MUST_EXIST); // course exists
	110	require_capability('moodle/backup:backupcourse', $coursectx, $userid);
	111	break;
	112	case backup::TYPE_1SECTION :
	113	$DB->get_record('course_sections', array('course' => $courseid, 'id' => $id), '*', MUST_EXIST); // sec exists
	114	require_capability('moodle/backup:backupsection', $coursectx, $userid);
	115	break;
	116	case backup::TYPE_1ACTIVITY :
	117	get_coursemodule_from_id(null, $id, $courseid, false, MUST_EXIST); // cm exists
	118	$modulectx = get_context_instance(CONTEXT_MODULE, $id);
	119	require_capability('moodle/backup:backupactivity', $modulectx, $userid);
	120	break;
	121	default :
	122	print_error('unknownbackuptype');
	123	}
	124
	125	// Now, if backup mode is hub or import, check userid has permissions for those modes
	126	switch ($mode) {
	127	case backup::MODE_HUB:
	128	require_capability('moodle/backup:backuptargethub', $coursectx, $userid);
	129	break;
	130	case backup::MODE_IMPORT:
	131	require_capability('moodle/backup:backuptargetimport', $coursectx, $userid);
	132	break;
	133	}
	134
	135	// Now, enforce 'moodle/backup:userinfo' to 'users' setting, applying changes if allowed,
	136	// else throwing exception
	137	$userssetting = $backup_controller->get_plan()->get_setting('users');
	138	$prevvalue = $userssetting->get_value();
	139	$prevstatus = $userssetting->get_status();
	140	$hasusercap = has_capability('moodle/backup:userinfo', $coursectx, $userid);
	141
	142	// If setting is enabled but user lacks permission
	143	if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
	144	// Now analyse if we are allowed to apply changes or must stop with exception
	145	if (!$apply) { // Cannot apply changes, throw exception
	146	$a = new stdclass();
	147	$a->setting = 'users';
	148	$a->value = $prevvalue;
	149	$a->capability = 'moodle/backup:userinfo';
	150	throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
	151
	152	} else { // Can apply changes
	153	$userssetting->set_value(false); // Set the value to false
	154	$userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
	155	}
	156	}
157
158	// Now, enforce 'moodle/backup:anonymise' to 'anonymise' setting, applying changes if allowed,
159	// else throwing exception
160	$anonsetting = $backup_controller->get_plan()->get_setting('anonymize');
161	$prevvalue = $userssetting->get_value();
162	$prevstatus = $userssetting->get_status();
163	$hasanoncap = has_capability('moodle/backup:anonymise', $coursectx, $userid);
164
165	// If setting is enabled but user lacks permission
166	if (!$hasanoncap && $prevvalue) { // If user has not the capability and setting is enabled
167	// Now analyse if we are allowed to apply changes or must stop with exception
168	if (!$apply) { // Cannot apply changes, throw exception
169	$a = new stdclass();
170	$a->setting = 'anonymize';
171	$a->value = $prevvalue;
172	$a->capability = 'moodle/backup:anonymise';
173	throw new backup_controller_exception('backup_setting_value_wrong_for_capability', $a);
174
175	} else { // Can apply changes
176	$anonsetting->set_value(false); // Set the value to false
177	$anonsetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
178	}
179	}
180
69dd0c8c EL	181	return true;
	182	}
	183	}