MDL-30431 mod_wiki: clarified the logic around editing and deleting wiki comments...
authorAndrew Davis <andrew@moodle.com>
Mon, 30 Jun 2014 02:36:10 +0000 (10:36 +0800)
committerAndrew Davis <andrew@moodle.com>
Sun, 13 Jul 2014 23:49:23 +0000 (07:49 +0800)
mod/wiki/pagelib.php
mod/wiki/tests/behat/wiki_comments.feature [new file with mode: 0644]

index 51d09f6..1bf9c96 100644 (file)
@@ -662,21 +662,30 @@ class page_wiki_comments extends page_wiki {
 
             $t->data = array($row1, $row2);
 
 
             $t->data = array($row1, $row2);
 
-            $actionicons = false;
+            $canedit = $candelete = false;
+            if ((has_capability('mod/wiki:editcomment', $this->modcontext)) and ($USER->id == $user->id)) {
+                $candelete = $canedit = true;
+            }
             if ((has_capability('mod/wiki:managecomment', $this->modcontext))) {
             if ((has_capability('mod/wiki:managecomment', $this->modcontext))) {
+                $candelete = true;
+            }
+
+            $editicon = $deleteicon = '';
+            if ($canedit) {
                 $urledit = new moodle_url('/mod/wiki/editcomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'edit'));
                 $urledit = new moodle_url('/mod/wiki/editcomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'edit'));
-                $urldelet = new moodle_url('/mod/wiki/instancecomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'delete'));
-                $actionicons = true;
-            } else if ((has_capability('mod/wiki:editcomment', $this->modcontext)) and ($USER->id == $user->id)) {
-                $urledit = new moodle_url('/mod/wiki/editcomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'edit'));
-                $urldelet = new moodle_url('/mod/wiki/instancecomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'delete'));
-                $actionicons = true;
+                $editicon = $OUTPUT->action_icon($urledit, new pix_icon('t/edit', get_string('edit'), '', array('class' => 'iconsmall')));
+            }
+            if ($candelete) {
+                $urldelete = new moodle_url('/mod/wiki/instancecomments.php', array('commentid' => $comment->id, 'pageid' => $page->id, 'action' => 'delete'));
+                $deleteicon = $OUTPUT->action_icon($urldelete,
+                                                  new pix_icon('t/delete',
+                                                               get_string('delete'),
+                                                               '',
+                                                               array('class' => 'iconsmall')));
             }
 
             }
 
-            if ($actionicons) {
-                $cell6 = new html_table_cell($OUTPUT->action_icon($urledit, new pix_icon('t/edit', get_string('edit'),
-                        '', array('class' => 'iconsmall'))) . $OUTPUT->action_icon($urldelet, new pix_icon('t/delete',
-                        get_string('delete'), '', array('class' => 'iconsmall'))));
+            if ($candelete || $canedit) {
+                $cell6 = new html_table_cell($editicon.$deleteicon);
                 $row3 = new html_table_row();
                 $row3->cells[] = $cell5;
                 $row3->cells[] = $cell6;
                 $row3 = new html_table_row();
                 $row3->cells[] = $cell5;
                 $row3->cells[] = $cell6;
@@ -2252,23 +2261,29 @@ class page_wiki_handlecomments extends page_wiki {
         global $CFG, $PAGE, $USER;
 
         if ($this->action == 'add') {
         global $CFG, $PAGE, $USER;
 
         if ($this->action == 'add') {
-            if (has_capability('mod/wiki:editcomment', $this->modcontext)) {
-                $this->add_comment($this->content, $this->commentid);
-            }
+            require_capability('mod/wiki:editcomment', $this->modcontext);
+            $this->add_comment($this->content, $this->commentid);
         } else if ($this->action == 'edit') {
         } else if ($this->action == 'edit') {
+            require_capability('mod/wiki:editcomment', $this->modcontext);
+
             $comment = wiki_get_comment($this->commentid);
             $comment = wiki_get_comment($this->commentid);
-            $edit = has_capability('mod/wiki:editcomment', $this->modcontext);
             $owner = ($comment->userid == $USER->id);
             $owner = ($comment->userid == $USER->id);
-            if ($owner && $edit) {
+
+            if ($owner) {
                 $this->add_comment($this->content, $this->commentid);
             }
         } else if ($this->action == 'delete') {
             $comment = wiki_get_comment($this->commentid);
                 $this->add_comment($this->content, $this->commentid);
             }
         } else if ($this->action == 'delete') {
             $comment = wiki_get_comment($this->commentid);
+
             $manage = has_capability('mod/wiki:managecomment', $this->modcontext);
             $manage = has_capability('mod/wiki:managecomment', $this->modcontext);
+            $edit = has_capability('mod/wiki:editcomment', $this->modcontext);
             $owner = ($comment->userid == $USER->id);
             $owner = ($comment->userid == $USER->id);
-            if ($owner || $manage) {
+
+            if ($manage || ($owner && $edit)) {
                 $this->delete_comment($this->commentid);
                 redirect($CFG->wwwroot . '/mod/wiki/comments.php?pageid=' . $this->page->id, get_string('deletecomment', 'wiki'), 2);
                 $this->delete_comment($this->commentid);
                 redirect($CFG->wwwroot . '/mod/wiki/comments.php?pageid=' . $this->page->id, get_string('deletecomment', 'wiki'), 2);
+            } else {
+                print_error('nopermissiontoeditcomment');
             }
         }
 
             }
         }
 
diff --git a/mod/wiki/tests/behat/wiki_comments.feature b/mod/wiki/tests/behat/wiki_comments.feature
new file mode 100644 (file)
index 0000000..5f507ff
--- /dev/null
@@ -0,0 +1,75 @@
+@mod @mod_wiki
+Feature: Users can comment on wiki pages
+  In order to discuss wiki pages
+  As a user
+  I need to be able to comment on wiki pages as well as editing and deleting comments
+
+  Background:
+    Given the following "users" exist:
+      | username | firstname | lastname | email |
+      | teacher1 | Teacher | 1 | teacher1@asd.com |
+      | student1 | Student | 1 | student1@asd.com |
+      | student2 | Student | 2 | student2@asd.com |
+    And the following "courses" exist:
+      | fullname | shortname | category |
+      | Course 1 | C1 | 0 |
+    And the following "course enrolments" exist:
+      | user | course | role |
+      | teacher1 | C1 | editingteacher |
+      | student1 | C1 | student |
+      | student2 | C1 | student |
+    And I log in as "teacher1"
+    And I follow "Course 1"
+    And I turn editing mode on
+    And I add a "Wiki" to section "1" and I fill the form with:
+      | Wiki name | Test wiki name |
+      | Description | Test wiki description |
+      | First page name | First page |
+      | Wiki mode | Collaborative wiki |
+    And I follow "Test wiki name"
+    And I press "Create page"
+    And I set the following fields to these values:
+      | HTML format | First edition |
+    And I press "Save"
+    And I log out
+    And I log in as "student1"
+    And I follow "Course 1"
+    And I follow "Test wiki name"
+    And I follow "Comments"
+    And I follow "Add comment"
+    And I set the following fields to these values:
+      | Comment | student 1 original comment |
+    And I press "Save"
+
+  @javascript
+  Scenario: Student can edit and delete their own comment
+    When I click on ".r0 img[title='Edit']" "css_element"
+    And I set the following fields to these values:
+      | Comment | student 1 updated comment |
+    And I press "Save"
+    Then I should see "student 1 updated comment"
+    And ".r0 img[title='Edit']" "css_element" should exist
+    And ".r0 img[title='Delete']" "css_element" should exist
+    And I click on ".r0 img[title='Delete']" "css_element"
+    And I press "Yes"
+    And I should not see "student 1 updated comment"
+
+  @javascript
+  Scenario: Student cannot edit another student's comment
+    When I log out
+    And I log in as "student2"
+    And I follow "Course 1"
+    And I follow "Test wiki name"
+    And I follow "Comments"
+    Then ".r0 img[title='Edit']" "css_element" should not exist
+    Then ".r0 img[title='Delete']" "css_element" should not exist
+    
+  @javascript
+  Scenario: Teacher can delete a student comment
+    When I log out
+    And I log in as "teacher1"
+    And I follow "Course 1"
+    And I follow "Test wiki name"
+    And I follow "Comments"
+    Then ".r0 img[title='Edit']" "css_element" should not exist
+    Then ".r0 img[title='Delete']" "css_element" should exist