From 8fda136dc832db89ae27ad1d7887fe44607fd990 Mon Sep 17 00:00:00 2001 From: Sara Arjona Date: Thu, 24 Oct 2019 21:48:30 +0200 Subject: [PATCH] MDL-66609 core_h5p: Add capability to deploy H5P content --- h5p/classes/player.php | 17 +++++++++++++---- lang/en/h5p.php | 1 + lang/en/role.php | 1 + lib/db/access.php | 11 +++++++++++ version.php | 2 +- 5 files changed, 27 insertions(+), 5 deletions(-) diff --git a/h5p/classes/player.php b/h5p/classes/player.php index 93ecddc3e2c..5605a972481 100644 --- a/h5p/classes/player.php +++ b/h5p/classes/player.php @@ -241,10 +241,7 @@ class player { $h5p = false; } - if (!$h5p) { - // The H5P content hasn't been deployed previously. It has to be validated and stored before displaying it. - return $this->save_h5p($file, $config); - } else { + if ($h5p) { // The H5P content has been deployed previously. $displayoptions = $this->get_display_options($config); // Check if the user can set the displayoptions. @@ -253,6 +250,18 @@ class player { $this->core->h5pF->updateContentFields($h5p->id, ['displayoptions' => $displayoptions]); } return $h5p->id; + } else { + // The H5P content hasn't been deployed previously. + + // Check if the user uploading the H5P content is "trustable". If the file hasn't been uploaded by a user with this + // capability, the content won't be deployed and an error message will be displayed. + if (!has_capability('moodle/h5p:deploy', $this->context, $file->get_userid())) { + $this->core->h5pF->setErrorMessage(get_string('nopermissiontodeploy', 'core_h5p')); + return false; + } + + // Validate and store the H5P content before displaying it. + return $this->save_h5p($file, $config); } } diff --git a/lang/en/h5p.php b/lang/en/h5p.php index 5d2c8f133ac..a65724f2e55 100644 --- a/lang/en/h5p.php +++ b/lang/en/h5p.php @@ -123,6 +123,7 @@ $string['missingmbstring'] = 'The mbstring PHP extension is not loaded. H5P need $string['missinguploadpermissions'] = 'Note that the libraries may exist in the file you uploaded, but you\'re not allowed to upload new libraries. Contact the site administrator about this.'; $string['nocopyright'] = 'No copyright information available for this content.'; $string['noextension'] = 'The file you uploaded is not a valid HTML5 Package (It does not have the .h5p file extension)'; +$string['nopermissiontodeploy'] = 'This file can\'t be displayed because it has been uploaded by a user without the required capability to deploy H5P content.'; $string['nojson'] = 'The main h5p.json file is not valid'; $string['nounzip'] = 'The file you uploaded is not a valid HTML5 Package (We are unable to unzip it)'; $string['offlineDialogBody'] = 'We were unable to send information about your completion of this task. Please check your internet connection.'; diff --git a/lang/en/role.php b/lang/en/role.php index 5460e58b4c3..07d94072b47 100644 --- a/lang/en/role.php +++ b/lang/en/role.php @@ -260,6 +260,7 @@ $string['grade:unlock'] = 'Unlock grades or items'; $string['grade:view'] = 'View own grades'; $string['grade:viewall'] = 'View grades of other users'; $string['grade:viewhidden'] = 'View hidden grades for owner'; +$string['h5p:deploy'] = 'Allow to deploy H5P content'; $string['h5p:setdisplayoptions'] = 'Set the display options to an H5P content'; $string['highlightedcellsshowdefault'] = 'The permissions highlighted in the table below are the defaults for the role archetype currently selected above.'; $string['highlightedcellsshowinherit'] = 'The highlighted cells in the table below show the permission (if any) that will be inherited. Apart from the capabilities whose permission you actually want to alter, you should leave everything set to Inherit.'; diff --git a/lib/db/access.php b/lib/db/access.php index 336cce64b1d..9b7668e7c8d 100644 --- a/lib/db/access.php +++ b/lib/db/access.php @@ -2439,4 +2439,15 @@ $capabilities = array( 'editingteacher' => CAP_ALLOW, ) ), + + // Allow to deploy H5P content. + 'moodle/h5p:deploy' => array( + 'riskbitmask' => RISK_XSS, + 'captype' => 'write', + 'contextlevel' => CONTEXT_MODULE, + 'archetypes' => array( + 'manager' => CAP_ALLOW, + 'editingteacher' => CAP_ALLOW, + ) + ), ); diff --git a/version.php b/version.php index 5be1a36a072..af1762447e4 100644 --- a/version.php +++ b/version.php @@ -29,7 +29,7 @@ defined('MOODLE_INTERNAL') || die(); -$version = 2019102500.02; // YYYYMMDD = weekly release date of this DEV branch. +$version = 2019102500.03; // YYYYMMDD = weekly release date of this DEV branch. // RR = release increments - 00 in DEV branches. // .XX = incremental changes. -- 2.17.1