MDL-52017 enrol_self: always check password before re-enabling
authorMark Nelson <markn@moodle.com>
Wed, 2 Dec 2015 10:22:02 +0000 (18:22 +0800)
committerMark Nelson <markn@moodle.com>
Thu, 3 Dec 2015 11:26:22 +0000 (19:26 +0800)
enrol/self/edit_form.php
enrol/self/lib.php

index b035bd3..6c65c6f 100644 (file)
@@ -163,15 +163,17 @@ class enrol_self_edit_form extends moodleform {
         $checkpassword = false;
 
         if ($instance->id) {
-            if ($data['status'] == ENROL_INSTANCE_ENABLED) {
-                if ($instance->password !== $data['password']) {
-                    $checkpassword = true;
-                }
+            // Check the password if we are enabling the plugin again.
+            if (($instance->status == ENROL_INSTANCE_DISABLED) && ($data['status'] == ENROL_INSTANCE_ENABLED)) {
+                $checkpassword = true;
             }
-        } else {
-            if ($data['status'] == ENROL_INSTANCE_ENABLED) {
+
+            // Check the password if the instance is enabled and the password has changed.
+            if (($data['status'] == ENROL_INSTANCE_ENABLED) && ($instance->password !== $data['password'])) {
                 $checkpassword = true;
             }
+        } else {
+            $checkpassword = true;
         }
 
         if ($checkpassword) {
@@ -179,8 +181,8 @@ class enrol_self_edit_form extends moodleform {
             $policy  = $plugin->get_config('usepasswordpolicy');
             if ($require and trim($data['password']) === '') {
                 $errors['password'] = get_string('required');
-            } else if ($policy) {
-                $errmsg = '';//prevent eclipse warning
+            } else if (!empty($data['password'] && $policy)) {
+                $errmsg = '';
                 if (!check_password_policy($data['password'], $errmsg)) {
                     $errors['password'] = $errmsg;
                 }
index 7ad82ef..fef3f6f 100644 (file)
@@ -685,6 +685,27 @@ class enrol_self_plugin extends enrol_plugin {
      */
     public function can_hide_show_instance($instance) {
         $context = context_course::instance($instance->courseid);
-        return has_capability('enrol/self:config', $context);
+
+        if (!has_capability('enrol/self:config', $context)) {
+            return false;
+        }
+
+        // If the instance is currently disabled, before it can be enabled,
+        // we must check whether the password meets the password policies.
+        if ($instance->status == ENROL_INSTANCE_DISABLED) {
+            if ($this->get_config('requirepassword')) {
+                if (empty($instance->password)) {
+                    return false;
+                }
+            }
+            // Only check the password if it is set.
+            if (!empty($instance->password) && $this->get_config('usepasswordpolicy')) {
+                if (!check_password_policy($instance->password, $errmsg)) {
+                    return false;
+                }
+            }
+        }
+
+        return true;
     }
 }