Skip to content

Commit

Permalink
MDL-69331 core_contentbank: Hide disabled H5P content-types
Browse files Browse the repository at this point in the history 
If a H5P content-type is disabled:
- The content bank won't display existing contents having it as a
main library.
- The content bank won't allow to create new contents using it.
  • Loading branch information
@sarjona
sarjona committed Apr 15, 2021
1 parent dbfd4ae commit 39fa45e
Show file tree
Hide file tree
Showing 18 changed files with 565 additions and 87 deletions.
37 changes: 28 additions & 9 deletions contentbank/classes/form/upload_files.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,16 +151,35 @@ public function process_dynamic_submission() {
if (!empty($files)) {
$file = reset($files);
$cb = new \core_contentbank\contentbank();
if ($this->get_data()->id) {
$content = $cb->get_content_from_id($this->get_data()->id);
$contenttype = $content->get_content_type_instance();
$content = $contenttype->replace_content($file, $content);
} else {
$content = $cb->create_content_from_file($this->get_context_for_dynamic_submission(), $USER->id, $file);
try {
if ($this->get_data()->id) {
$content = $cb->get_content_from_id($this->get_data()->id);
$contenttype = $content->get_content_type_instance();
$content = $contenttype->replace_content($file, $content);
} else {
$content = $cb->create_content_from_file($this->get_context_for_dynamic_submission(), $USER->id, $file);
}
$params = ['id' => $content->get_id(), 'contextid' => $this->get_context_for_dynamic_submission()->id];
$url = new \moodle_url('/contentbank/view.php', $params);
} catch (\Exception $e) {
// Redirect to the right page (depending on if content is new or existing) and display an error.
if ($this->get_data()->id) {
$content = $cb->get_content_from_id($this->get_data()->id);
$params = [
'id' => $content->get_id(),
'contextid' => $this->get_context_for_dynamic_submission()->id,
'errormsg' => 'notvalidpackage',
];
$url = new \moodle_url('/contentbank/view.php', $params);
} else {
$url = new \moodle_url('/contentbank/index.php', [
'contextid' => $this->get_context_for_dynamic_submission()->id,
'errormsg' => 'notvalidpackage'],
);
}
}
$params = ['id' => $content->get_id(), 'contextid' => $this->get_context_for_dynamic_submission()->id];
$viewurl = new \moodle_url('/contentbank/view.php', $params);
return ['returnurl' => $viewurl->out(false)];

return ['returnurl' => $url->out(false)];
}

return null;
Expand Down
58 changes: 55 additions & 3 deletions contentbank/contenttype/h5p/classes/content.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,6 @@

namespace contenttype_h5p;

use stdClass;
use html_writer;

/**
* H5P Content manager class
*
Expand All @@ -36,4 +33,59 @@
*/
class content extends \core_contentbank\content {

/**
* Returns user has access permission for the content itself.
* If the H5P content-type library is disabled, the user won't have access to it.
*
* @return bool True if content could be accessed. False otherwise.
*/
public function is_view_allowed(): bool {
// Force H5P content to be deployed.
$fileurl = $this->get_file_url();
// Skip capability check when creating the H5P content (because it has been created by trusted users).
$h5pplayer = new \core_h5p\player($fileurl, new \stdClass(), true, '', true);
// Flush error messages.
$h5pplayer->get_messages();

// Check if the H5P entry has been created and if the main library is enabled.
$file = $this->get_file();
if (!empty($file)) {
$h5p = \core_h5p\api::get_content_from_pathnamehash($file->get_pathnamehash());
if (empty($h5p)) {
// If there is no H5P entry for this content, it won't be displayed unless the user has the manageanycontent
// capability. Reasons for contents without a proper H5P entry in DB:
// - Invalid H5P package (it won't be never deployed).
// - Disabled content-type library (it can't be deployed so there is no way to know the mainlibraryid).
$context = \context::instance_by_id($this->content->contextid);
if (!has_capability('moodle/contentbank:manageanycontent', $context)) {
return false;
}
} else if (!\core_h5p\api::is_library_enabled((object) ['id' => $h5p->mainlibraryid])) {
// If the main library is disabled, it won't be displayed.
return false;
}
}

return parent::is_view_allowed();
}

/**
* Import a file as a valid content.
* Before importing the file, this method will check if the file is a valid H5P package. If it's not valid, it will thrown
* an exception.
*
* @throws \file_exception If file operations fail
* @param \stored_file $file File to store in the content file area.
* @return \stored_file|null the stored content file or null if the file is discarted.
*/
public function import_file(\stored_file $file): ?\stored_file {
// The H5P content can be only deployed if the author of the .h5p file can update libraries or if all the
// content-type libraries exist, to avoid users without the h5p:updatelibraries capability upload malicious content.
$onlyupdatelibs = !\core_h5p\helper::can_update_library($file);

if (!\core_h5p\api::is_valid_package($file, $onlyupdatelibs)) {
throw new \file_exception('invalidpackage');
}
return parent::import_file($file);
}
}
35 changes: 19 additions & 16 deletions contentbank/contenttype/h5p/classes/contenttype.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,22 +148,25 @@ public function get_contenttype_types(): array {
$types = [];
$h5pfilestorage = new file_storage();
foreach ($h5pcontenttypes as $h5pcontenttype) {
$library = [
'name' => $h5pcontenttype->machine_name,
'majorVersion' => $h5pcontenttype->major_version,
'minorVersion' => $h5pcontenttype->minor_version,
];
$key = H5PCore::libraryToString($library);
$type = new stdClass();
$type->key = $key;
$type->typename = $h5pcontenttype->title;
$type->typeeditorparams = 'library=' . $key;
$type->typeicon = $h5pfilestorage->get_icon_url(
$h5pcontenttype->id,
$h5pcontenttype->machine_name,
$h5pcontenttype->major_version,
$h5pcontenttype->minor_version);
$types[] = $type;
if ($h5pcontenttype->enabled) {
// Only enabled content-types will be displayed.
$library = [
'name' => $h5pcontenttype->machine_name,
'majorVersion' => $h5pcontenttype->major_version,
'minorVersion' => $h5pcontenttype->minor_version,
];
$key = H5PCore::libraryToString($library);
$type = new stdClass();
$type->key = $key;
$type->typename = $h5pcontenttype->title;
$type->typeeditorparams = 'library=' . $key;
$type->typeicon = $h5pfilestorage->get_icon_url(
$h5pcontenttype->id,
$h5pcontenttype->machine_name,
$h5pcontenttype->major_version,
$h5pcontenttype->minor_version);
$types[] = $type;
}
}

return $types;
Expand Down
101 changes: 101 additions & 0 deletions contentbank/contenttype/h5p/tests/behat/disable_contenttypes.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
@core @core_contentbank @core_h5p @contenttype_h5p @_file_upload @javascript
Feature: Disable H5P content-types from the content bank
In order to disable H5P content-types
As an admin
I need to be able to check they are not displayed in the content bank

Background:
Given the following "users" exist:
| username | firstname | lastname | email |
| teacher1 | Teacher | 1 | teacher1@example.com |
And the following "courses" exist:
| fullname | shortname | category |
| Course 1 | C1 | 0 |
And the following "course enrolments" exist:
| user | course | role |
| teacher1 | C1 | editingteacher |
And the following "contentbank contents" exist:
| contextlevel | reference | contenttype | user | contentname | filepath |
| Course | C1 | contenttype_h5p | admin | filltheblanks | /h5p/tests/fixtures/filltheblanks.h5p |
| Course | C1 | contenttype_h5p | admin | accordion | /h5p/tests/fixtures/ipsums.h5p |
| Course | C1 | contenttype_h5p | admin | invalidh5p | /h5p/tests/fixtures/h5ptest.zip |
And I log in as "admin"
And I am on "Course 1" course homepage with editing mode on
And I add the "Navigation" block if not present
And I log out

Scenario: Teachers cannot view disabled or invalid content-types
Given I log in as "teacher1"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I should see "accordion"
And I should see "filltheblanks"
And I should not see "invalidh5p"
And I log out
And I log in as "admin"
And I navigate to "H5P > Manage H5P content types" in site administration
And I click on "Disable" "link" in the "Accordion" "table_row"
And I log out
When I log in as "teacher1"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
Then I should not see "accordion"
And I should see "filltheblanks"
And I should not see "invalidh5p"

Scenario: Admins cannot view disabled content-types
Given I log in as "admin"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I should see "accordion"
And I should see "filltheblanks"
And I should see "invalidh5p"
And I navigate to "H5P > Manage H5P content types" in site administration
And I click on "Disable" "link" in the "Accordion" "table_row"
When I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
Then I should not see "accordion"
And I should see "filltheblanks"
And I should see "invalidh5p"

Scenario: Teachers cannot create disabled content-types
Given I log in as "teacher1"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I click on "[data-action=Add-content]" "css_element"
And I should see "Accordion"
And I should see "Fill in the Blanks"
And I log out
And I log in as "admin"
And I navigate to "H5P > Manage H5P content types" in site administration
And I click on "Disable" "link" in the "Accordion" "table_row"
And I log out
When I log in as "teacher1"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I click on "[data-action=Add-content]" "css_element"
Then I should not see "Accordion"
And I should see "Fill in the Blanks"

Scenario: Admins cannot create disabled content-types
Given I log in as "admin"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I click on "[data-action=Add-content]" "css_element"
And I should see "Accordion"
And I should see "Fill in the Blanks"
And I navigate to "H5P > Manage H5P content types" in site administration
And I click on "Disable" "link" in the "Accordion" "table_row"
When I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I click on "[data-action=Add-content]" "css_element"
Then I should not see "Accordion"
And I should see "Fill in the Blanks"
23 changes: 14 additions & 9 deletions contentbank/contenttype/h5p/tests/behat/teacher_upload_content.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ Feature: H5P file upload to content bank for non admins
And I click on "Content bank" "link"
Then I should see "filltheblanks.h5p"

Scenario: Teachers can not upload and deployed content types when libraries are not installed
Scenario: Teachers can not upload and deploy content types when libraries are not installed
Given I log out
And I log in as "admin"
And I navigate to "H5P > Manage H5P content types" in site administration
Expand All @@ -89,14 +89,14 @@ Feature: H5P file upload to content bank for non admins
And I click on "filltheblanks.h5p" "link"
And I click on "Select this file" "button"
And I click on "Save changes" "button"
And I switch to "h5p-player" class iframe
Then I should not see "Of which countries"
And I should see "missing-required-library"
And I switch to the main frame
Then I should see "Sorry, this file is not valid."
And I should not see "filltheblanks.h5p"
And I log out
And I log in as "admin"
And I navigate to "H5P > Manage H5P content types" in site administration
And I should not see "Fill in the Blanks"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I should not see "filltheblanks.h5p"

Scenario: Teachers can not see existing contents when libraries are not installed
Given I log out
Expand Down Expand Up @@ -138,8 +138,13 @@ Feature: H5P file upload to content bank for non admins
Given I am on "Course 1" course homepage
When I expand "Site pages" node
And I click on "Content bank" "link"
Then I should not see "filltheblanks.h5p"
And I log out
And I log in as "admin"
And I am on "Course 1" course homepage
And I expand "Site pages" node
And I click on "Content bank" "link"
And I should see "filltheblanks.h5p"
And I click on "filltheblanks.h5p" "link"
And I switch to "h5p-player" class iframe
Then I should not see "Of which countries"
Then I should see "missing-required-library"
And I should see "missing-required-library"
Loading

0 comments on commit 39fa45e

Please sign in to comment.