MDL-59847 core: Stop supporting custom identity fields in user selectors
authorDavid Mudrák <david@moodle.com>
Tue, 17 Jul 2018 17:07:22 +0000 (19:07 +0200)
committerJake Dallimore <jake@moodle.com>
Thu, 2 Aug 2018 02:22:07 +0000 (10:22 +0800)
The user_selector classes supported custom list of extra identity
fields. But they should obey the configured user policy and respect the
privacy setting made by site administrators. So the list of user
identifiers should never be hard-coded, but the setting
$CFG->showuseridentity should be always respected.

lib/upgrade.txt
user/selector/lib.php
user/tests/userselector_test.php

index f2e8d0b..83ae4a1 100644 (file)
@@ -22,6 +22,10 @@ information provided here is intended especially for developers.
     - I set the field "<field_string>" to multiline
     - I follow "<link_string>"" in the open menu
 * Removed the lib/password_compat/lib/password.php file.
+* The user_selector classes do not support custom list of extra identity fields any more. They obey the configured user
+  policy and respect the privacy setting made by site administrators. The list of user identifiers should never be
+  hard-coded. Instead, the setting $CFG->showuseridentity should be always respected, which has always been the default
+  behaviour (MDL-59847).
 
 === 3.5 ===
 
index 82782c4..34a553a 100644 (file)
@@ -105,35 +105,16 @@ abstract class user_selector_base {
             $this->accesscontext = context_system::instance();
         }
 
-        // Populate the list of additional user identifiers to display.
+        // Check if some legacy code tries to override $CFG->showuseridentity.
         if (isset($options['extrafields'])) {
-            $this->extrafields = $options['extrafields'];
-        } else if (!empty($CFG->showuseridentity) &&
-                has_capability('moodle/site:viewuseridentity', $this->accesscontext)) {
-            $this->extrafields = explode(',', $CFG->showuseridentity);
-        } else {
-            $this->extrafields = array();
+            debugging('The user_selector classes do not support custom list of extra identity fields any more. '.
+                'Instead, the user identity fields defined by the site administrator will be used to respect '.
+                'the configured privacy setting.', DEBUG_DEVELOPER);
+            unset($options['extrafields']);
         }
 
-        // Filter out hidden identifiers if the user can't see them.
-        $hiddenfields = array_filter(explode(',', $CFG->hiddenuserfields));
-        $hiddenidentifiers = array_intersect($this->extrafields, $hiddenfields);
-
-        if ($hiddenidentifiers) {
-            if ($this->accesscontext->get_course_context(false)) {
-                // We are somewhere inside a course.
-                $canviewhiddenuserfields = has_capability('moodle/course:viewhiddenuserfields', $this->accesscontext);
-
-            } else {
-                // We are not inside a course.
-                $canviewhiddenuserfields = has_capability('moodle/user:viewhiddendetails', $this->accesscontext);
-            }
-
-            if (!$canviewhiddenuserfields) {
-                // Remove hidden identifiers from the list.
-                $this->extrafields = array_diff($this->extrafields, $hiddenidentifiers);
-            }
-        }
+        // Populate the list of additional user identifiers to display.
+        $this->extrafields = get_extra_user_fields($this->accesscontext);
 
         if (isset($options['exclude']) && is_array($options['exclude'])) {
             $this->exclude = $options['exclude'];
index ae7ed6c..fcb39b1 100644 (file)
@@ -241,6 +241,8 @@ class core_user_selector_testcase extends advanced_testcase {
         $implicitselector = new testable_user_selector('test');
         $explicitselector = new testable_user_selector('test', ['extrafields' => ['email', 'department']]);
 
+        $this->assertDebuggingCalled();
+
         foreach ($implicitselector->find_users('') as $found) {
             foreach ($found as $user) {
                 $this->assertObjectHasAttribute('idnumber', $user);
@@ -253,11 +255,11 @@ class core_user_selector_testcase extends advanced_testcase {
 
         foreach ($explicitselector->find_users('') as $found) {
             foreach ($found as $user) {
-                $this->assertObjectNotHasAttribute('idnumber', $user);
-                $this->assertObjectNotHasAttribute('country', $user);
-                $this->assertObjectNotHasAttribute('city', $user);
-                $this->assertObjectHasAttribute('email', $user);
-                $this->assertObjectHasAttribute('department', $user);
+                $this->assertObjectHasAttribute('idnumber', $user);
+                $this->assertObjectHasAttribute('country', $user);
+                $this->assertObjectHasAttribute('city', $user);
+                $this->assertObjectNotHasAttribute('email', $user);
+                $this->assertObjectNotHasAttribute('department', $user);
             }
         }
     }