Merge branch 'MDL-63974-master' of https://github.com/snake/moodle
authorJun Pataleta <jun@moodle.com>
Thu, 15 Nov 2018 03:22:16 +0000 (11:22 +0800)
committerJun Pataleta <jun@moodle.com>
Thu, 15 Nov 2018 03:22:16 +0000 (11:22 +0800)
1  2 
message/externallib.php

diff --combined message/externallib.php
@@@ -274,17 -274,17 +274,17 @@@ class core_message_external extends ext
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = array('userids' => $userids, 'userid' => $userid);
 +        $params = self::validate_parameters(self::create_contacts_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = array('userids' => $userids, 'userid' => $userid);
 -        $params = self::validate_parameters(self::create_contacts_parameters(), $params);
 -
          $warnings = array();
          foreach ($params['userids'] as $id) {
 -            if (!message_add_contact($id, 0, $userid)) {
 +            if (!message_add_contact($id, 0, $params['userid'])) {
                  $warnings[] = array(
                      'item' => 'user',
                      'itemid' => $id,
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = array('userids' => $userids, 'userid' => $userid);
 +        $params = self::validate_parameters(self::delete_contacts_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = array('userids' => $userids, 'userid' => $userid);
 -        $params = self::validate_parameters(self::delete_contacts_parameters(), $params);
 -
          foreach ($params['userids'] as $id) {
 -            \core_message\api::remove_contact($userid, $id);
 +            \core_message\api::remove_contact($params['userid'], $id);
          }
  
          return null;
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = ['userid' => $userid, 'blockeduserid' => $blockeduserid];
 +        $params = self::validate_parameters(self::block_user_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = ['userid' => $userid, 'blockeduserid' => $blockeduserid];
 -        $params = self::validate_parameters(self::block_user_parameters(), $params);
 -
          if (!\core_message\api::is_blocked($params['userid'], $params['blockeduserid'])) {
              \core_message\api::block_user($params['userid'], $params['blockeduserid']);
          }
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = ['userid' => $userid, 'unblockeduserid' => $unblockeduserid];
 +        $params = self::validate_parameters(self::unblock_user_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = ['userid' => $userid, 'unblockeduserid' => $unblockeduserid];
 -        $params = self::validate_parameters(self::unblock_user_parameters(), $params);
 -
          \core_message\api::unblock_user($params['userid'], $params['unblockeduserid']);
  
          return [];
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = array('userids' => $userids, 'userid' => $userid);
 +        $params = self::validate_parameters(self::block_contacts_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = array('userids' => $userids, 'userid' => $userid);
 -        $params = self::validate_parameters(self::block_contacts_parameters(), $params);
 -
          $warnings = array();
          foreach ($params['userids'] as $id) {
 -            if (!message_block_contact($id, $userid)) {
 +            if (!message_block_contact($id, $params['userid'])) {
                  $warnings[] = array(
                      'item' => 'user',
                      'itemid' => $id,
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = array('userids' => $userids, 'userid' => $userid);
 +        $params = self::validate_parameters(self::unblock_contacts_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = array('userids' => $userids, 'userid' => $userid);
 -        $params = self::validate_parameters(self::unblock_contacts_parameters(), $params);
 -
          foreach ($params['userids'] as $id) {
 -            message_unblock_contact($id, $userid);
 +            message_unblock_contact($id, $params['userid']);
          }
  
          return null;
          $context = context_system::instance();
          self::validate_context($context);
  
 -        $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 -            throw new required_capability_exception($context, $capability, 'nopermissions', '');
 -        }
 -
          $params = [
              'userid' => $userid,
              'limitfrom' => $limitfrom,
          ];
          $params = self::validate_parameters(self::get_contact_requests_parameters(), $params);
  
 +        $capability = 'moodle/site:manageallmessaging';
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
 +            throw new required_capability_exception($context, $capability, 'nopermissions', '');
 +        }
 +
          return \core_message\api::get_contact_requests($params['userid'], $params['limitfrom'], $params['limitnum']);
      }
  
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = [
 +            'userid' => $userid,
 +            'conversationid' => $conversationid,
 +            'includecontactrequests' => $includecontactrequests,
 +            'limitfrom' => $limitfrom,
 +            'limitnum' => $limitnum
 +        ];
 +        $params = self::validate_parameters(self::get_conversation_members_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
          // The user needs to be a part of the conversation before querying who the members are.
 -        if (!\core_message\api::is_user_in_conversation($userid, $conversationid)) {
 +        if (!\core_message\api::is_user_in_conversation($params['userid'], $params['conversationid'])) {
              throw new moodle_exception('You are not a member of this conversation.');
          }
  
 -        $params = [
 -            'userid' => $userid,
 -            'conversationid' => $conversationid,
 -            'includecontactrequests' => $includecontactrequests,
 -            'limitfrom' => $limitfrom,
 -            'limitnum' => $limitnum
 -        ];
 -        self::validate_parameters(self::get_conversation_members_parameters(), $params);
  
 -        return \core_message\api::get_conversation_members($userid, $conversationid, $includecontactrequests,
 -            $limitfrom, $limitnum);
 +        return \core_message\api::get_conversation_members($params['userid'], $params['conversationid'], $params['includecontactrequests'],
 +            $params['limitfrom'], $params['limitnum']);
      }
  
      /**
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 +        $params = self::validate_parameters(self::create_contact_request_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $userid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['userid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 -        $params = self::validate_parameters(self::create_contact_request_parameters(), $params);
 -
          if (!\core_message\api::can_create_contact($params['userid'], $params['requesteduserid'])) {
              $warning[] = [
                  'item' => 'user',
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 +        $params = self::validate_parameters(self::confirm_contact_request_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $requesteduserid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['requesteduserid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 -        $params = self::validate_parameters(self::confirm_contact_request_parameters(), $params);
 -
          \core_message\api::confirm_contact_request($params['userid'], $params['requesteduserid']);
  
          return [];
          $context = context_system::instance();
          self::validate_context($context);
  
 +        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 +        $params = self::validate_parameters(self::decline_contact_request_parameters(), $params);
 +
          $capability = 'moodle/site:manageallmessaging';
 -        if (($USER->id != $requesteduserid) && !has_capability($capability, $context)) {
 +        if (($USER->id != $params['requesteduserid']) && !has_capability($capability, $context)) {
              throw new required_capability_exception($context, $capability, 'nopermissions', '');
          }
  
 -        $params = ['userid' => $userid, 'requesteduserid' => $requesteduserid];
 -        $params = self::validate_parameters(self::decline_contact_request_parameters(), $params);
 -
          \core_message\api::decline_contact_request($params['userid'], $params['requesteduserid']);
  
          return [];
              'limitfrom' => $limitfrom,
              'limitnum' => $limitnum
          );
 -        self::validate_parameters(self::data_for_messagearea_search_users_in_course_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_search_users_in_course_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $users = \core_message\api::search_users_in_course($userid, $courseid, $search, $limitfrom, $limitnum);
 +        $users = \core_message\api::search_users_in_course(
 +            $params['userid'],
 +            $params['courseid'],
 +            $params['search'],
 +            $params['limitfrom'],
 +            $params['limitnum']
 +        );
          $results = new \core_message\output\messagearea\user_search_results($users);
  
          $renderer = $PAGE->get_renderer('core_message');
              'search' => $search,
              'limitnum' => $limitnum
          );
 -        self::validate_parameters(self::data_for_messagearea_search_users_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_search_users_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        list($contacts, $courses, $noncontacts) = \core_message\api::search_users($userid, $search, $limitnum);
 +        list($contacts, $courses, $noncontacts) = \core_message\api::search_users(
 +            $params['userid'],
 +            $params['search'],
 +            $params['limitnum']
 +        );
 +
          $search = new \core_message\output\messagearea\user_search_results($contacts, $courses, $noncontacts);
  
          $renderer = $PAGE->get_renderer('core_message');
       * @since 3.6
       */
      public static function message_search_users($userid, $search, $limitfrom = 0, $limitnum = 0) {
-         global $CFG, $USER;
-         // Check if messaging is enabled.
-         if (empty($CFG->messaging)) {
-             throw new moodle_exception('disabled', 'message');
-         }
+         global $USER;
  
          $systemcontext = context_system::instance();
  
              'limitnum' => $limitnum
  
          );
 -        self::validate_parameters(self::data_for_messagearea_search_messages_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_search_messages_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $messages = \core_message\api::search_messages($userid, $search, $limitfrom, $limitnum);
 +        $messages = \core_message\api::search_messages(
 +            $params['userid'],
 +            $params['search'],
 +            $params['limitfrom'],
 +            $params['limitnum']
 +        );
          $results = new \core_message\output\messagearea\message_search_results($messages);
  
          $renderer = $PAGE->get_renderer('core_message');
              'type' => $type,
              'favourites' => $favourites
          );
 -        self::validate_parameters(self::get_conversations_parameters(), $params);
 +        $params = self::validate_parameters(self::get_conversations_parameters(), $params);
  
          $systemcontext = context_system::instance();
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $conversations = \core_message\api::get_conversations($userid, $limitfrom, $limitnum, $type, $favourites);
 +        $conversations = \core_message\api::get_conversations(
 +            $params['userid'],
 +            $params['limitfrom'],
 +            $params['limitnum'],
 +            $params['type'],
 +            $params['favourites']
 +        );
 +
          return (object) ['conversations' => $conversations];
      }
  
              'limitfrom' => $limitfrom,
              'limitnum' => $limitnum
          );
 -        self::validate_parameters(self::data_for_messagearea_conversations_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_conversations_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $conversations = \core_message\api::get_conversations($userid, $limitfrom, $limitnum);
 +        $conversations = \core_message\api::get_conversations($params['userid'], $params['limitfrom'], $params['limitnum']);
  
          // Format the conversations in the legacy style, as the get_conversations method has since been changed.
          $conversations = \core_message\helper::get_conversations_legacy_formatter($conversations);
              'limitfrom' => $limitfrom,
              'limitnum' => $limitnum
          );
 -        self::validate_parameters(self::data_for_messagearea_contacts_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_contacts_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $contacts = \core_message\api::get_contacts($userid, $limitfrom, $limitnum);
 +        $contacts = \core_message\api::get_contacts($params['userid'], $params['limitfrom'], $params['limitnum']);
          $contacts = new \core_message\output\messagearea\contacts(null, $contacts);
  
          $renderer = $PAGE->get_renderer('core_message');
              'newest' => $newest,
              'timefrom' => $timefrom,
          );
 -        self::validate_parameters(self::data_for_messagearea_messages_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_messages_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $currentuserid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['currentuserid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        if ($newest) {
 +        if ($params['newest']) {
              $sort = 'timecreated DESC';
          } else {
              $sort = 'timecreated ASC';
          // case those messages will be lost.
          //
          // Instead we ignore the current time in the result set to ensure that second is allowed to finish.
 -        if (!empty($timefrom)) {
 +        if (!empty($params['timefrom'])) {
              $timeto = time() - 1;
          } else {
              $timeto = 0;
          }
  
          // No requesting messages from the current time, as stated above.
 -        if ($timefrom == time()) {
 +        if ($params['timefrom'] == time()) {
              $messages = [];
          } else {
 -            $messages = \core_message\api::get_messages($currentuserid, $otheruserid, $limitfrom,
 -                                                        $limitnum, $sort, $timefrom, $timeto);
 +            $messages = \core_message\api::get_messages($params['currentuserid'], $params['otheruserid'], $params['limitfrom'],
 +                                                        $params['limitnum'], $sort, $params['timefrom'], $timeto);
          }
  
 -        $messages = new \core_message\output\messagearea\messages($currentuserid, $otheruserid, $messages);
 +        $messages = new \core_message\output\messagearea\messages($params['currentuserid'], $params['otheruserid'], $messages);
  
          $renderer = $PAGE->get_renderer('core_message');
          return $messages->export_for_template($renderer);
              'newest' => $newest,
              'timefrom' => $timefrom,
          );
 -        self::validate_parameters(self::get_conversation_messages_parameters(), $params);
 +        $params = self::validate_parameters(self::get_conversation_messages_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $currentuserid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['currentuserid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
          // case those messages will be lost.
          //
          // Instead we ignore the current time in the result set to ensure that second is allowed to finish.
 -        $timeto = empty($timefrom) ? 0 : time() - 1;
 +        $timeto = empty($params['timefrom']) ? 0 : time() - 1;
  
          // No requesting messages from the current time, as stated above.
 -        if ($timefrom == time()) {
 +        if ($params['timefrom'] == time()) {
              $messages = [];
          } else {
 -            $messages = \core_message\api::get_conversation_messages($currentuserid, $convid, $limitfrom,
 -                                                        $limitnum, $sort, $timefrom, $timeto);
 +            $messages = \core_message\api::get_conversation_messages(
 +                $params['currentuserid'],
 +                $params['convid'],
 +                $params['limitfrom'],
 +                $params['limitnum'],
 +                $sort,
 +                $params['timefrom'],
 +                $timeto);
          }
  
          return $messages;
              'currentuserid' => $currentuserid,
              'otheruserid' => $otheruserid
          );
 -        self::validate_parameters(self::data_for_messagearea_get_most_recent_message_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_get_most_recent_message_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $currentuserid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['currentuserid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $message = \core_message\api::get_most_recent_message($currentuserid, $otheruserid);
 +        $message = \core_message\api::get_most_recent_message($params['currentuserid'], $params['otheruserid']);
          $message = new \core_message\output\messagearea\message($message);
  
          $renderer = $PAGE->get_renderer('core_message');
              'currentuserid' => $currentuserid,
              'otheruserid' => $otheruserid
          );
 -        self::validate_parameters(self::data_for_messagearea_get_profile_parameters(), $params);
 +        $params = self::validate_parameters(self::data_for_messagearea_get_profile_parameters(), $params);
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $currentuserid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['currentuserid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
 -        $profile = \core_message\api::get_profile($currentuserid, $otheruserid);
 +        $profile = \core_message\api::get_profile($params['currentuserid'], $params['otheruserid']);
          $profile = new \core_message\output\messagearea\profile($profile);
  
          $renderer = $PAGE->get_renderer('core_message');
          $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
          core_user::require_active_user($user);
  
 -        if (\core_message\api::can_mark_all_messages_as_read($userid, $conversationid)) {
 -            \core_message\api::mark_all_messages_as_read($userid, $conversationid);
 +        if (\core_message\api::can_mark_all_messages_as_read($params['userid'], $params['conversationid'])) {
 +            \core_message\api::mark_all_messages_as_read($params['userid'], $params['conversationid']);
          } else {
              throw new moodle_exception('accessdenied', 'admin');
          }
          $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
          core_user::require_active_user($user);
  
 -        if (!$conversationid = \core_message\api::get_conversation_between_users([$userid, $otheruserid])) {
 +        if (!$conversationid = \core_message\api::get_conversation_between_users([$params['userid'], $params['otheruserid']])) {
              return [];
          }
  
          $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
          core_user::require_active_user($user);
  
 -        foreach ($conversationids as $conversationid) {
 +        foreach ($params['conversationids'] as $conversationid) {
              if (\core_message\api::can_delete_conversation($user->id, $conversationid)) {
                  \core_message\api::delete_conversation_by_id($user->id, $conversationid);
              } else {
          $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
          core_user::require_active_user($user);
  
 -        if (\core_message\api::can_delete_message($user->id, $messageid)) {
 -            $status = \core_message\api::delete_message($user->id, $messageid);
 +        if (\core_message\api::can_delete_message($user->id, $params['messageid'])) {
 +            $status = \core_message\api::delete_message($user->id, $params['messageid']);
          } else {
              throw new moodle_exception('You do not have permission to delete this message');
          }
  
          $user = self::validate_preferences_permissions($params['userid']);
  
 -        $processor = get_message_processor($name);
 +        $processor = get_message_processor($params['name']);
          $preferences = [];
          $form = new stdClass();
  
 -        foreach ($formvalues as $formvalue) {
 +        foreach ($params['formvalues'] as $formvalue) {
              // Curly braces to ensure interpretation is consistent between
              // php 5 and php 7.
              $form->{$formvalue['name']} = $formvalue['value'];
          $processor->process_form($form, $preferences);
  
          if (!empty($preferences)) {
 -            set_user_preferences($preferences, $userid);
 +            set_user_preferences($preferences, $params['userid']);
          }
      }
  
          core_user::require_active_user($user);
          self::validate_context(context_user::instance($params['userid']));
  
 -        $processor = get_message_processor($name);
 +        $processor = get_message_processor($params['name']);
  
          $processoroutput = new \core_message\output\processor($processor, $user);
          $renderer = $PAGE->get_renderer('core_message');
          $systemcontext = context_system::instance();
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }
  
          $systemcontext = context_system::instance();
          self::validate_context($systemcontext);
  
 -        if (($USER->id != $userid) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
 +        if (($USER->id != $params['userid']) && !has_capability('moodle/site:readallmessages', $systemcontext)) {
              throw new moodle_exception('You do not have permission to perform this action.');
          }