web service MDL-12886 check that a user is a course participant befor…

…e to add it to a group
Mrmoodle · Mar 13, 2009 · 0d4723e · 0d4723e
1 parent fe4126c
commit 0d4723e
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 13 deletions.
diff --git a/course/lib.php b/course/lib.php
@@ -3565,4 +3565,41 @@ function update_course($data) {
     return false;
 }
 
+/**
+ * Return all course participant for a given course
+ * @global object $DB
+ * @param integer $courseid
+ * @return array of user
+ */
+function get_course_participants ($courseid) {
+    global $DB;
+    $users = get_users_by_capability(
+                        get_context_instance(CONTEXT_COURSE, $courseid),
+                        'moodle/course:view');
+    return $users;
+}
+
+
+/**
+ * Return true if the user is a participant for a given course
+ * @global object $DB
+ * @param integer $userid
+ * @param integer $courseid
+ * @return boolean
+ */
+function is_course_participant ($userid, $courseid) {
+    global $DB;
+    $users = get_users_by_capability(
+                        get_context_instance(CONTEXT_COURSE, $courseid),
+                        'moodle/course:view','u.id');
+
+    foreach($users as $user) {
+        if ($user->id == $userid) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 ?>
diff --git a/group/external.php b/group/external.php
@@ -106,11 +106,22 @@ static function tmp_delete_groups($params){
     /**
      * Return all internal members for a group id (do not return remotely registered user)
      * @param array|struct $params
-     * @subparam integer $params:member->groupid
+     * @subparam integer $params:groupid
      * @return array $return
      * $subparam string $return:username
      */
     static function tmp_get_groupmembers($params){
+        if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) {
+            $members = array();
+            foreach ($params as $groupid) {
+                $groupmembers = groups_get_members($groupid);
+                $members[] = array("groupid" => $groupid, "members" => $groupmembers);
+            }
+            return $members;
+        }
+        else {
+            throw new moodle_exception('wscouldnotgetgroupnopermission');
+        }
     }
 
      /**
@@ -127,6 +138,10 @@ static function tmp_add_groupmembers($params){
             foreach($params as $member) {
                 $groupid = clean_param($member['groupid'], PARAM_INTEGER);
                 $userid = clean_param($member['userid'], PARAM_INTEGER);
+
+                //check that the user is participant of the course
+
+
                 if (!groups_add_member($groupid, $userid)) {
                     $addmembersuccessfull = false;
                 }
@@ -147,7 +162,7 @@ static function tmp_add_groupmembers($params){
      */
     static function tmp_delete_groupmembers($params){
         if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_SYSTEM))) {
-             $addmembersuccessfull = true;
+            $addmembersuccessfull = true;
             foreach($params as $member) {
                 $groupid = clean_param($member['groupid'], PARAM_INTEGER);
                 $userid = clean_param($member['userid'], PARAM_INTEGER);

diff --git a/group/lib.php b/group/lib.php
@@ -27,10 +27,16 @@ function groups_add_member($groupid, $userid) {
         throw new moodle_exception('useriddoesntexist');
     }
 
-    if (!groups_group_exists($groupid)) {
+    $group = $DB->get_record('groups', array('id'=>$groupid));
+    if (empty($group)) {
         throw new moodle_exception('cannotaddmembergroupiddoesntexist');
     }
 
+    //check if the user a participant of the group course
+    if (!is_course_participant ($userid, $group->courseid)) {
+        throw new moodle_exception('userisnotaparticipant');
+    }
+
     if (groups_is_member($groupid, $userid)) {
         return true;
     }

diff --git a/group/simpletest/testexternal.php b/group/simpletest/testexternal.php
@@ -48,8 +48,11 @@ class group_external_test extends UnitTestCase {
     var $userid2;
     var $userid3;
     var $userid4;
+    var $userid5;
     var $course;
     var $categoryid;
+    var $roleid;
+    var $context;
 
     function setUp() {
         global $DB;
@@ -87,7 +90,7 @@ function setUp() {
         $user->password = 'mockuserfortestingY_password';
         $this->userid2 = tmp_create_user($user);
 
-         //create some more test users (not add yet to any group)
+        //create some more test users (not add yet to any group)
         $user = new stdClass();
         $user->username = 'mockuserfortestingZ';
         $user->firstname = 'mockuserfortestingZ_firstname';
@@ -103,6 +106,26 @@ function setUp() {
         $user->password = 'mockuserfortestingZ2_password';
         $this->userid4 = tmp_create_user($user);
 
+        //create a user, don't add it to a role or group
+        $user = new stdClass();
+        $user->username = 'mockuserfortestingZ23';
+        $user->firstname = 'mockuserfortestingZ23_firstname';
+        $user->lastname = 'mockuserfortestingZ23_lastname';
+        $user->email = '[email protected]';
+        $user->password = 'mockuserfortestingZ23_password';
+        $this->userid5 = tmp_create_user($user);
+
+        //we're creating a new test role with viewcourse capabilyt
+        $this->context = $DB->get_record('context',array('contextlevel' => 50, 'instanceid' => $this->course->id));
+        $this->roleid = create_role('testrole', 'testrole', 'testrole');
+        assign_capability('moodle/course:view', CAP_ALLOW, $this->roleid, $this->context->id);
+
+        //assign the students to this role
+        role_assign($this->roleid, $this->userid1, null, $this->context->id);
+        role_assign($this->roleid, $this->userid2, null, $this->context->id);
+        role_assign($this->roleid, $this->userid3, null, $this->context->id);
+        role_assign($this->roleid, $this->userid4, null, $this->context->id);
+
         /// create a group with these two students
         $this->group = new stdClass();
         $this->group->courseid = $this->course->id;
@@ -143,6 +166,13 @@ function tearDown() {
         delete_user($user);
         $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ2', 'mnethostid'=>1));
         delete_user($user);
+
+        //delete the user without group
+        $user = $DB->get_record('user', array('username'=>'mockuserfortestingZ23', 'mnethostid'=>1));
+        delete_user($user);
+
+        //delete role
+        delete_role($this->roleid);
     }
 
     function testTmp_create_groups() {
@@ -198,33 +228,49 @@ function testTmp_add_group_members() {
         $result = group_external::tmp_add_groupmembers($params);
     }
 
-     function testTmp_add_group_members2() {
+    function testTmp_add_group_members2() {
         //the group id doesn't exist
         $params = array(array("groupid" => 6465465, "userid" => $this->userid3), array("groupid" => $this->group->id, "userid" => $this->userid4));
         $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist'));
         $result = group_external::tmp_add_groupmembers($params);
-     }
+    }
 
-     function testTmp_delete_group_members() {
+    function testTmp_add_group_members3() {
+        //the user is not a participant  
+        $params = array(array("groupid" => $this->group->id, "userid" => $this->userid5));
+        $this->expectException(new moodle_exception('userisnotaparticipant'));
+        $result = group_external::tmp_add_groupmembers($params);
+       
+    }
+
+    function testTmp_get_groupmembers() {
+        $params = array($this->group->id, $this->group2->id);
+        $groups = group_external::tmp_get_groupmembers($params);
+        $this->assertEqual(sizeof($groups), 2);
+        $this->assertEqual(sizeof($groups[0]['members']), 2);
+        $this->assertEqual(sizeof($groups[1]['members']), 1);      
+    }
+
+    function testTmp_delete_group_members() {
         //One of the userid doesn't exist
         $params = array(array("groupid" => $this->group->id, "userid" => 654685), array("groupid" => $this->group->id, "userid" => $this->userid2));
         $this->expectException(new moodle_exception('useriddoesntexist'));
         $result = group_external::tmp_delete_groupmembers($params);
-     }
+    }
 
-      function testTmp_delete_group_members2() {
-         //the group id doesn't exist
+    function testTmp_delete_group_members2() {
+        //the group id doesn't exist
         $params = array(array("groupid" => 6465465, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2));
         $this->expectException(new moodle_exception('cannotaddmembergroupiddoesntexist'));
         $result = group_external::tmp_delete_groupmembers($params);
-     }
+    }
 
-     function testTmp_delete_group_members3() {
+    function testTmp_delete_group_members3() {
         //delete members from group
         $params = array(array("groupid" => $this->group->id, "userid" => $this->userid1), array("groupid" => $this->group->id, "userid" => $this->userid2));
         $result = group_external::tmp_delete_groupmembers($params);
         $this->assertEqual($result, true);
-     }
+    }
 
     function testTmp_delete_groups() {
         $params = array($this->group->id, $this->group2->id);

diff --git a/lang/en_utf8/error.php b/lang/en_utf8/error.php
@@ -448,6 +448,7 @@
 $string['userautherror'] = 'Unknown auth plugin';
 $string['userauthunsupported'] = 'Auth plugin not supported here';
 $string['useriddoesntexist'] = 'User id doesn\'t exist';
+$string['userisnotaparticipant'] = 'The user is not a course participant';
 $string['useremailduplicate'] = 'Duplicate address';
 $string['usermustbemnet'] = 'Users in the MNET access control list must be remote MNET users';
 $string['usernotaddedadmin'] = 'Cannot delete admin accounts';