MDL-49545 backup: Restore does not respect some capabilities
authorRyan Wyllie <ryan@moodle.com>
Thu, 15 Oct 2015 02:23:50 +0000 (02:23 +0000)
committerRyan Wyllie <ryan@moodle.com>
Thu, 15 Oct 2015 02:45:27 +0000 (02:45 +0000)
Thanks to Daniel Neis for the original patch that formed the
basis of these changes.

backup/util/checks/restore_check.class.php

index 7b455f9..dd71293 100644 (file)
@@ -169,13 +169,39 @@ abstract class restore_check {
             }
         }
 
-        // Ensure the user has the rolldates capability. If not we want to lock this
-        // settings so that they cannot change it.
-        $hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid);
-        if ($type == backup::TYPE_1COURSE && !$hasrolldatescap) {
-            $datesetting = $restore_controller->get_plan()->get_setting('course_startdate');
-            if ($datesetting) {
-                $datesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
+        if ($type == backup::TYPE_1COURSE) {
+            // Ensure the user has the rolldates capability. If not we want to lock this
+            // settings so that they cannot change it.
+            $hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid);
+            if (!$hasrolldatescap) {
+                $datesetting = $restore_controller->get_plan()->get_setting('course_startdate');
+                if ($datesetting) {
+                    $datesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
+                }
+            }
+
+            // Ensure the user has the changefullname capability. If not we want to lock
+            // the setting so that they cannot change it.
+            $haschangefullnamecap = has_capability('moodle/course:changefullname', $coursectx, $userid);
+            if (!$haschangefullnamecap) {
+                $fullnamesetting = $restore_controller->get_plan()->get_setting('course_fullname');
+                $fullnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
+            }
+
+            // Ensure the user has the changeshortname capability. If not we want to lock
+            // the setting so that they cannot change it.
+            $haschangeshortnamecap = has_capability('moodle/course:changeshortname', $coursectx, $userid);
+            if (!$haschangeshortnamecap) {
+                $shortnamesetting = $restore_controller->get_plan()->get_setting('course_shortname');
+                $shortnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
+            }
+
+            // Ensure the user has the update capability. If not we want to lock
+            // the overwrite setting so that they cannot change it.
+            $hasupdatecap = has_capability('moodle/course:update', $coursectx, $userid);
+            if (!$hasupdatecap) {
+                $overwritesetting = $restore_controller->get_plan()->get_setting('overwrite_conf');
+                $overwritesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
             }
         }