MDL-74643 core_user: New admin setting for site support availability

This allows admins to configure whether contact site support is available to everyone, authenticated users, or nobody. The behat testing checks linked and direct access for each setting, as well as adding testing that the support page override works as expected.
phreaknerd · Oct 31, 2022 · e3b3ba9 · e3b3ba9
1 parent ddc9a30
commit e3b3ba9
Show file tree

Hide file tree

Showing 9 changed files with 175 additions and 2 deletions.
diff --git a/admin/settings/server.php b/admin/settings/server.php
@@ -61,6 +61,16 @@
     $temp->add($setting);
     $temp->add(new admin_setting_configtext('supportpage', new lang_string('supportpage', 'admin'),
         new lang_string('configsupportpage', 'admin'), '', PARAM_URL));
+    $temp->add(new admin_setting_configselect('supportavailability', new lang_string('supportavailability', 'admin'),
+        new lang_string('configsupportavailability', 'admin'), CONTACT_SUPPORT_AUTHENTICATED,
+        [
+            CONTACT_SUPPORT_ANYONE => new lang_string('availabletoanyone', 'admin'),
+            CONTACT_SUPPORT_AUTHENTICATED => new lang_string('availabletoauthenticated', 'admin'),
+            CONTACT_SUPPORT_DISABLED => new lang_string('disabled', 'admin'),
+        ]
+    ));
+
+
     $ADMIN->add('server', $temp);
 
     // Session handling.

diff --git a/admin/upgrade.txt b/admin/upgrade.txt
@@ -1,5 +1,12 @@
 This files describes API changes in /admin/*.
 
+=== 4.1 ===
+
+* A new admin setting supportavailability allows admins to configure who the "contact site support" feature is available to
+  (everyone, authenticated users, or nobody).
+  -For new sites and those upgrading from 3.11.x or older, the default will be "Limited to authenticated users".
+  -For sites upgrading from 4.0.x, the default will be "available to anyone visiting the site", to main consistent behaviour through the upgrade.
+
 === 4.0.1 ===
 
 * A new callback xxx_pre_enable_plugin_actions has been added in admin/modules.php. Plugins can use this callback to

diff --git a/lang/en/admin.php b/lang/en/admin.php
@@ -82,6 +82,8 @@
 $string['autologinguests'] = 'Auto-login guests';
 $string['searchareas'] = 'Search areas';
 $string['availableto'] = 'Available to';
+$string['availabletoanyone'] = 'Available to anyone visiting the site';
+$string['availabletoauthenticated'] = 'Limited to authenticated users';
 $string['backgroundcolour'] = 'Transparent colour';
 $string['backups'] = 'Backups';
 $string['backup_shortname'] = 'Use course name in backup filename';
@@ -378,6 +380,7 @@
 $string['configstatsuserthreshold'] = 'This setting specifies the minimum number of enrolled users for a course to be included in statistics calculations.';
 $string['configstrictformsrequired'] = 'If enabled, users are prevented from entering a space or line break only in required fields in forms.';
 $string['configstripalltitletags'] = 'Uncheck this setting to allow HTML tags in activity and resource names.';
+$string['configsupportavailability'] = 'Determines who has access to contact site support from the footer.';
 $string['configsupportemail'] = 'If SMTP is configured on this site and a support page is not set, this email address will receive messages submitted through the support form. If sending fails, the email address will be displayed to logged-in users.';
 $string['configsupportname'] = 'The name of the person or other entity providing support via the support form or support page.';
 $string['configsupportpage'] = 'A link to this page will be provided for users to contact the site support. If the field is left blank then a link to a support form will be provided instead.';
@@ -1291,6 +1294,7 @@
 $string['supportcontact'] = 'Support contact';
 $string['supportemail'] = 'Support email';
 $string['supportemailsubject'] = 'Site support request - {$a}';
+$string['supportavailability'] = 'Support availability';
 $string['supportname'] = 'Support name';
 $string['supportpage'] = 'Support page';
 $string['suspenduser'] = 'Suspend user account';

diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
@@ -2992,5 +2992,18 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2022101400.05);
     }
 
+    if ($oldversion < 2022102800.01) {
+        // For sites with "contact site support" already available (4.0.x), maintain existing functionality.
+        if ($oldversion >= 2022041900.00) {
+            set_config('supportavailability', CONTACT_SUPPORT_ANYONE);
+        } else {
+            // Sites which did not previously have the "contact site support" feature default to it requiring authentication.
+            set_config('supportavailability', CONTACT_SUPPORT_AUTHENTICATED);
+        }
+
+        // Main savepoint reached.
+        upgrade_main_savepoint(true, 2022102800.01);
+    }
+
     return true;
 }
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -563,6 +563,21 @@
  */
 define('EMAIL_VIA_NO_REPLY_ONLY', 2);
 
+/**
+ * Contact site support form/link disabled.
+ */
+define('CONTACT_SUPPORT_DISABLED', 0);
+
+/**
+ * Contact site support form/link only available to authenticated users.
+ */
+define('CONTACT_SUPPORT_AUTHENTICATED', 1);
+
+/**
+ * Contact site support form/link available to anyone visiting the site.
+ */
+define('CONTACT_SUPPORT_ANYONE', 2);
+
 // PARAMETER HANDLING.
 
 /**

diff --git a/lib/outputrenderers.php b/lib/outputrenderers.php
@@ -4195,6 +4195,14 @@ public function page_doc_link($text = null) {
     public function supportemail(array $customattribs = []): string {
         global $CFG;
 
+        // Do not provide a link to contact site support if it is unavailable to this user. This would be where the site has
+        // disabled support, or limited it to authenticated users and the current user is a guest or not logged in.
+        if (!isset($CFG->supportavailability) ||
+                $CFG->supportavailability == CONTACT_SUPPORT_DISABLED ||
+                ($CFG->supportavailability == CONTACT_SUPPORT_AUTHENTICATED && (!isloggedin() || isguestuser()))) {
+            return '';
+        }
+
         $label = get_string('contactsitesupport', 'admin');
         $icon = $this->pix_icon('t/email', '');
         $content = $icon . $label;

diff --git a/user/contactsitesupport.php b/user/contactsitesupport.php
@@ -24,6 +24,16 @@
 require_once('../config.php');
 require_once($CFG->dirroot . '/user/lib.php');
 
+$user = isloggedin() && !isguestuser() ? $USER : null;
+
+// If not allowed to view this page, redirect to the homepage. This would be where the site has
+// disabled support, or limited it to authenticated users and the current user is a guest or not logged in.
+if (!isset($CFG->supportavailability) ||
+        $CFG->supportavailability == CONTACT_SUPPORT_DISABLED ||
+        ($CFG->supportavailability == CONTACT_SUPPORT_AUTHENTICATED && is_null($user))) {
+    redirect($CFG->wwwroot);
+}
+
 if (!empty($CFG->supportpage)) {
     redirect($CFG->supportpage);
 }
@@ -34,7 +44,6 @@
 $PAGE->set_heading(get_string('contactsitesupport', 'admin'));
 $PAGE->set_pagelayout('standard');
 
-$user = isloggedin() && !isguestuser() ? $USER : null;
 $renderer = $PAGE->get_renderer('user');
 
 $form = new \core_user\form\contactsitesupport_form(null, $user);

diff --git a/user/tests/behat/contact_site_support.feature b/user/tests/behat/contact_site_support.feature
@@ -0,0 +1,107 @@
+@core @core_user
+Feature: Contact site support method and availability can be customised
+  In order to effectively support people using my Moodle site
+  As an admin
+  I need to be able to configure the site support method and who has access to it
+
+  Background:
+    Given the following "users" exist:
+      | username | firstname | lastname | email             |
+      | user1    | User      | One      | user1@example.com |
+
+  Scenario: Contact site support can be made available to all site visitors
+    Given the following config values are set as admin:
+      | supportavailability | 2 |
+    # Confirm unauthenticated visitor has access to the contact form.
+    When I am on site homepage
+    Then I should see "Contact site support" in the "page-footer" "region"
+    And I click on "Contact site support" "link" in the "page-footer" "region"
+    And I should see "Contact site support" in the "page-header" "region"
+    # Confirm someone logged in as guest has access to the contact form.
+    And I log in as "guest"
+    And I should see "Contact site support" in the "page-footer" "region"
+    And I click on "Contact site support" "link" in the "page-footer" "region"
+    And I should see "Contact site support" in the "page-header" "region"
+    And I log out
+    # Confirm logged in user has access to the contact form.
+    And I log in as "user1"
+    And I should see "Contact site support" in the "page-footer" "region"
+    And I click on "Contact site support" "link" in the "page-footer" "region"
+    And I should see "Contact site support" in the "page-header" "region"
+
+  Scenario: Contact site support can be limited to authenticated users
+    Given the following config values are set as admin:
+      | supportavailability | 1 |
+    # Confirm unauthenticated visitor cannot see the option or directly access the page.
+    When I am on site homepage
+    Then I should not see "Contact site support" in the "page-footer" "region"
+    And I am on the "user > Contact Site Support" page
+    And I should see "Acceptance test site" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
+    # Confirm someone logged in as guest cannot see the option or directly access the page.
+    And I log in as "guest"
+    And I should not see "Contact site support" in the "page-footer" "region"
+    And I am on the "user > Contact Site Support" page
+    And I should see "Acceptance test site" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
+    And I log out
+    # Confirm logged in user has access to the contact form.
+    And I log in as "user1"
+    And I should see "Contact site support" in the "page-footer" "region"
+    And I click on "Contact site support" "link" in the "page-footer" "region"
+    And I should see "Contact site support" in the "page-header" "region"
+
+  Scenario: Contact site support can be disabled
+    Given the following config values are set as admin:
+      | supportavailability | 0    |
+      | defaulthomepage     | home |
+    # Confirm unauthenticated visitor cannot see the option.
+    When I am on site homepage
+    Then I should not see "Contact site support" in the "page-footer" "region"
+    # Confirm someone logged in as guest cannot see the option.
+    And I log in as "guest"
+    And I should not see "Contact site support" in the "page-footer" "region"
+    And I log out
+    # Confirm logged in user cannot see the option.
+    And I log in as "user1"
+    And I should not see "Contact site support" in the "page-footer" "region"
+    And I log out
+    # Confirm admin cannot see the option.
+    And I log in as "admin"
+    And I should not see "Contact site support" in the "page-footer" "region"
+    # Confirm visiting the contact form directly without permission redirects to the homepage.
+    And I am on the "user > Contact Site Support" page
+    And I should see "Acceptance test site" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
+
+  @javascript
+  Scenario: Contact site support link opens a custom support page URL if set
+    Given the following config values are set as admin:
+      | supportavailability | 1                |
+      | supportpage         | user/profile.php |
+    When I log in as "user1"
+    And I am on site homepage
+    And I click on "Contact site support" "link" in the "page-footer" "region"
+    And I switch to the browser tab opened by the app
+    Then I should see "User One" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
+    And I close the browser tab opened by the app
+
+  Scenario: Visiting the contact site support page directly will redirect to the custom support page if set
+    Given the following config values are set as admin:
+      | supportavailability | 2           |
+      | supportpage         | profile.php |
+    When I log in as "user1"
+    And I am on the "user > Contact Site Support" page
+    Then I should see "User One" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
+
+  Scenario: Visiting the contact site support page still redirects to homepage if access to support is disabled
+    Given the following config values are set as admin:
+      | supportavailability | 0           |
+      | supportpage         | profile.php |
+      | defaulthomepage     | home        |
+    When I log in as "user1"
+    And I am on the "user > Contact Site Support" page
+    Then I should see "Acceptance test site" in the "page-header" "region"
+    And I should not see "Contact site support" in the "page-header" "region"
diff --git a/version.php b/version.php
@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2022102800.00;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2022102800.01;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.
 $release  = '4.1dev+ (Build: 20221028)'; // Human-friendly version name