Merge branch 'MDL-49821-master-master' of git://github.com/jleyva/moodle
authorEloy Lafuente (stronk7) <stronk7@moodle.org>
Wed, 30 Sep 2015 23:26:58 +0000 (01:26 +0200)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Wed, 30 Sep 2015 23:26:58 +0000 (01:26 +0200)
completion/classes/external.php
grade/report/user/externallib.php
group/externallib.php
lib/classes/user.php
lib/tests/user_test.php
message/externallib.php
mod/scorm/classes/external.php
notes/externallib.php
user/externallib.php

index dcbad6b..c32b0b1 100644 (file)
@@ -152,7 +152,8 @@ class core_completion_external extends external_api {
         $params = self::validate_parameters(self::get_activities_completion_status_parameters(), $arrayparams);
 
         $course = get_course($params['courseid']);
-        $user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
+        $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
         $context = context_course::instance($course->id);
         self::validate_context($context);
@@ -270,7 +271,9 @@ class core_completion_external extends external_api {
         $params = self::validate_parameters(self::get_course_completion_status_parameters(), $arrayparams);
 
         $course = get_course($params['courseid']);
-        $user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
+        $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+        core_user::require_active_user($user);
+
         $context = context_course::instance($course->id);
         self::validate_context($context);
 
index 3b9c9d7..40c5bb9 100644 (file)
@@ -92,6 +92,7 @@ class gradereport_user_external extends external_api {
             require_capability('moodle/grade:viewall', $context);
         } else {
             $user = core_user::get_user($userid, '*', MUST_EXIST);
+            core_user::require_active_user($user);
         }
 
         $access = false;
@@ -301,13 +302,7 @@ class gradereport_user_external extends external_api {
             $userid = $USER->id;
         } else {
             $user = core_user::get_user($userid, '*', MUST_EXIST);
-            if ($user->deleted) {
-                throw new moodle_exception('userdeleted');
-            }
-            if (isguestuser($user)) {
-                // Can not view profile of guest - thre is nothing to see there.
-                throw new moodle_exception('invaliduserid');
-            }
+            core_user::require_active_user($user);
         }
 
         $access = false;
index 6034fc7..d7a5a07 100644 (file)
@@ -1224,7 +1224,8 @@ class core_group_external extends external_api {
 
         // Validate course and user. get_course throws an exception if the course does not exists.
         $course = get_course($courseid);
-        $user = core_user::get_user($userid, 'id', MUST_EXIST);
+        $user = core_user::get_user($userid, '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
         // Security checks.
         $context = context_course::instance($course->id);
@@ -1348,13 +1349,8 @@ class core_group_external extends external_api {
             $userid = $USER->id;
         }
 
-        $user = core_user::get_user($userid, 'id, deleted', MUST_EXIST);
-        if ($user->deleted) {
-            throw new moodle_exception('userdeleted');
-        }
-        if (isguestuser($user)) {
-            throw new moodle_exception('invaliduserid');
-        }
+        $user = core_user::get_user($userid, '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
          // Check if we have permissions for retrieve the information.
         if ($user->id != $USER->id) {
index bad53f5..4a0860f 100644 (file)
@@ -238,4 +238,40 @@ class core_user {
             return true;
         }
     }
+
+    /**
+     * Check if the given user is an active user in the site.
+     *
+     * @param  stdClass  $user         user object
+     * @param  boolean $checksuspended whether to check if the user has the account suspended
+     * @param  boolean $checknologin   whether to check if the user uses the nologin auth method
+     * @throws moodle_exception
+     * @since  Moodle 3.0
+     */
+    public static function require_active_user($user, $checksuspended = false, $checknologin = false) {
+
+        if (!self::is_real_user($user->id)) {
+            throw new moodle_exception('invaliduser', 'error');
+        }
+
+        if ($user->deleted) {
+            throw new moodle_exception('userdeleted');
+        }
+
+        if (empty($user->confirmed)) {
+            throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username);
+        }
+
+        if (isguestuser($user)) {
+            throw new moodle_exception('guestsarenotallowed', 'error');
+        }
+
+        if ($checksuspended and $user->suspended) {
+            throw new moodle_exception('suspended', 'auth');
+        }
+
+        if ($checknologin and $user->auth == 'nologin') {
+            throw new moodle_exception('suspended', 'auth');
+        }
+    }
 }
index 1a8acde..4f0f268 100644 (file)
@@ -116,4 +116,72 @@ class core_user_testcase extends advanced_testcase {
         // Assert that a user not in the db return false.
         $this->assertFalse(core_user::get_user_by_username('janedoe'));
     }
+
+    /**
+     * Test require_active_user
+     */
+    public function test_require_active_user() {
+        global $DB;
+
+        // Create a default user for the test.
+        $userexpected = $this->getDataGenerator()->create_user();
+
+        // Simple case, all good.
+        core_user::require_active_user($userexpected, true, true);
+
+        // Set user not confirmed.
+        $DB->set_field('user', 'confirmed', 0, array('id' => $userexpected->id));
+        try {
+            core_user::require_active_user($userexpected);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('usernotconfirmed', $e->errorcode);
+        }
+        $DB->set_field('user', 'confirmed', 1, array('id' => $userexpected->id));
+
+        // Set nologin auth method.
+        $DB->set_field('user', 'auth', 'nologin', array('id' => $userexpected->id));
+        try {
+            core_user::require_active_user($userexpected, false, true);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('suspended', $e->errorcode);
+        }
+        // Check no exceptions are thrown if we don't specify to check suspended.
+        core_user::require_active_user($userexpected);
+        $DB->set_field('user', 'auth', 'manual', array('id' => $userexpected->id));
+
+        // Set user suspended.
+        $DB->set_field('user', 'suspended', 1, array('id' => $userexpected->id));
+        try {
+            core_user::require_active_user($userexpected, true);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('suspended', $e->errorcode);
+        }
+        // Check no exceptions are thrown if we don't specify to check suspended.
+        core_user::require_active_user($userexpected);
+
+        // Delete user.
+        delete_user($userexpected);
+        try {
+            core_user::require_active_user($userexpected);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('userdeleted', $e->errorcode);
+        }
+
+        // Use a not real user.
+        $noreplyuser = core_user::get_noreply_user();
+        try {
+            core_user::require_active_user($noreplyuser, true);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('invaliduser', $e->errorcode);
+        }
+
+        // Get the guest user.
+        $guestuser = $DB->get_record('user', array('username' => 'guest'));
+        try {
+            core_user::require_active_user($guestuser, true);
+        } catch (moodle_exception $e) {
+            $this->assertEquals('guestsarenotallowed', $e->errorcode);
+        }
+
+    }
 }
index 77b4d30..7614bfa 100644 (file)
@@ -885,7 +885,8 @@ class core_message_external extends external_api {
             throw new moodle_exception('disabled', 'message');
         }
 
-        $user = core_user::get_user($userid, 'id', MUST_EXIST);
+        $user = core_user::get_user($userid, '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
         // Check if we have permissions for retrieve the information.
         if ($userid != $USER->id and !has_capability('moodle/site:readallmessages', $context)) {
index ef13478..2457ac3 100644 (file)
@@ -147,18 +147,18 @@ class mod_scorm_external extends external_api {
         $context = context_module::instance($cm->id);
         self::validate_context($context);
 
-        // Validate the user obtaining the context, it will fail if the user doesn't exists or have been deleted.
-        context_user::instance($params['userid']);
+        $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
         // Extra checks so only users with permissions can view other users attempts.
-        if ($USER->id != $params['userid']) {
+        if ($USER->id != $user->id) {
             require_capability('mod/scorm:viewreport', $context);
         }
 
         // If the SCORM is not open this function will throw exceptions.
         scorm_require_available($scorm);
 
-        $attemptscount = scorm_get_attempt_count($params['userid'], $scorm, false, $params['ignoremissingcompletion']);
+        $attemptscount = scorm_get_attempt_count($user->id, $scorm, false, $params['ignoremissingcompletion']);
 
         $result = array();
         $result['attemptscount'] = $attemptscount;
@@ -536,21 +536,21 @@ class mod_scorm_external extends external_api {
         $context = context_module::instance($cm->id);
         self::validate_context($context);
 
-        // Validate the user obtaining the context, it will fail if the user doesn't exists or have been deleted.
-        context_user::instance($params['userid']);
+        $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+        core_user::require_active_user($user);
 
         // Extra checks so only users with permissions can view other users attempts.
-        if ($USER->id != $params['userid']) {
+        if ($USER->id != $user->id) {
             require_capability('mod/scorm:viewreport', $context);
         }
 
         scorm_require_available($scorm, true, $context);
 
         if (empty($params['attempt'])) {
-            $params['attempt'] = scorm_get_last_attempt($scorm->id, $params['userid']);
+            $params['attempt'] = scorm_get_last_attempt($scorm->id, $user->id);
         }
 
-        if ($scormtracks = scorm_get_tracks($sco->id, $params['userid'], $params['attempt'])) {
+        if ($scormtracks = scorm_get_tracks($sco->id, $user->id, $params['attempt'])) {
             foreach ($scormtracks as $element => $value) {
                 $tracks[] = array(
                     'element' => $element,
index 8f23cae..944b2fb 100644 (file)
@@ -526,7 +526,8 @@ class core_notes_external extends external_api {
         }
         $user = null;
         if (!empty($params['userid'])) {
-            $user = core_user::get_user($params['userid'], 'id', MUST_EXIST);
+            $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+            core_user::require_active_user($user);
         }
 
         $course = get_course($params['courseid']);
@@ -680,15 +681,8 @@ class core_notes_external extends external_api {
         require_capability('moodle/notes:view', $context);
 
         if (!empty($params['userid'])) {
-            $user = core_user::get_user($params['userid'], 'id, deleted', MUST_EXIST);
-
-            if ($user->deleted) {
-                throw new moodle_exception('userdeleted');
-            }
-
-            if (isguestuser($user)) {
-                throw new moodle_exception('invaliduserid');
-            }
+            $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
+            core_user::require_active_user($user);
 
             if ($course->id != SITEID and !can_access_course($course, $user, '', true)) {
                 throw new moodle_exception('notenrolledprofile');
index dbb384c..e31f488 100644 (file)
@@ -1389,14 +1389,7 @@ class core_user_external extends external_api {
 
         $course = get_course($params['courseid']);
         $user = core_user::get_user($params['userid'], '*', MUST_EXIST);
-
-        if ($user->deleted) {
-            throw new moodle_exception('userdeleted');
-        }
-        if (isguestuser($user)) {
-            // Can not view profile of guest - thre is nothing to see there.
-            throw new moodle_exception('invaliduserid');
-        }
+        core_user::require_active_user($user);
 
         if ($course->id == SITEID) {
             $coursecontext = context_system::instance();;