source: moodle/trunk/fuentes/backup/util/checks/restore_check.class.php @ 1331

Last change on this file since 1331 was 1331, checked in by jrpelegrina, 3 years ago

Updated to moodle 3.0.3

File size: 9.9 KB
Line 
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * @package    moodlecore
20 * @subpackage backup-factories
21 * @copyright  2010 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
22 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25/**
26 * Non instantiable helper class providing different restore checks
27 *
28 * This class contains various static methods available in order to easily
29 * perform a bunch of restore architecture tests
30 *
31 * TODO: Finish phpdocs
32 */
33abstract class restore_check {
34
35    public static function check_courseid($courseid) {
36        global $DB;
37        // id must exist in course table
38        if (! $DB->record_exists('course', array('id' => $courseid))) {
39            throw new restore_controller_exception('restore_check_course_not_exists', $courseid);
40        }
41        return true;
42    }
43
44    public static function check_user($userid) {
45        global $DB;
46        // userid must exist in user table
47        if (! $DB->record_exists('user', array('id' => $userid))) {
48            throw new restore_controller_exception('restore_check_user_not_exists', $userid);
49        }
50        return true;
51    }
52
53    public static function check_security($restore_controller, $apply) {
54        global $DB;
55
56        if (! $restore_controller instanceof restore_controller) {
57            throw new restore_controller_exception('restore_check_security_requires_restore_controller');
58        }
59        $restore_controller->log('checking plan security', backup::LOG_INFO);
60
61        // Some handy vars
62        $type     = $restore_controller->get_type();
63        $mode     = $restore_controller->get_mode();
64        $courseid = $restore_controller->get_courseid();
65        $coursectx= context_course::instance($courseid);
66        $userid   = $restore_controller->get_userid();
67
68        // Note: all the checks along the function MUST be performed for $userid, that
69        // is the user who "requested" the course restore, not current $USER at all!!
70
71        // First of all, decide which caps/contexts are we going to check
72        // for common backups (general, automated...) based exclusively
73        // in the type (course, section, activity). And store them into
74        // one capability => context array structure
75        $typecapstocheck = array();
76        switch ($type) {
77            case backup::TYPE_1COURSE :
78                $typecapstocheck['moodle/restore:restorecourse'] = $coursectx;
79                break;
80            case backup::TYPE_1SECTION :
81                $typecapstocheck['moodle/restore:restoresection'] = $coursectx;
82                break;
83            case backup::TYPE_1ACTIVITY :
84                $typecapstocheck['moodle/restore:restoreactivity'] = $coursectx;
85                break;
86            default :
87                throw new restore_controller_exception('restore_unknown_restore_type', $type);
88        }
89
90        // Now, if restore mode is hub or import, check userid has permissions for those modes
91        // other modes will perform common checks only (restorexxxx capabilities in $typecapstocheck)
92        switch ($mode) {
93            case backup::MODE_HUB:
94                if (!has_capability('moodle/restore:restoretargethub', $coursectx, $userid)) {
95                    $a = new stdclass();
96                    $a->userid = $userid;
97                    $a->courseid = $courseid;
98                    $a->capability = 'moodle/restore:restoretargethub';
99                    throw new restore_controller_exception('restore_user_missing_capability', $a);
100                }
101                break;
102            case backup::MODE_IMPORT:
103                if (!has_capability('moodle/restore:restoretargetimport', $coursectx, $userid)) {
104                    $a = new stdclass();
105                    $a->userid = $userid;
106                    $a->courseid = $courseid;
107                    $a->capability = 'moodle/restore:restoretargetimport';
108                    throw new restore_controller_exception('restore_user_missing_capability', $a);
109                }
110                break;
111            // Common backup (general, automated...), let's check all the $typecapstocheck
112            // capability => context pairs
113            default:
114                foreach ($typecapstocheck as $capability => $context) {
115                    if (!has_capability($capability, $context, $userid)) {
116                        $a = new stdclass();
117                        $a->userid = $userid;
118                        $a->courseid = $courseid;
119                        $a->capability = $capability;
120                        throw new restore_controller_exception('restore_user_missing_capability', $a);
121                    }
122                }
123        }
124
125        // Now, enforce 'moodle/restore:userinfo' to 'users' setting, applying changes if allowed,
126        // else throwing exception
127        $userssetting = $restore_controller->get_plan()->get_setting('users');
128        $prevvalue    = $userssetting->get_value();
129        $prevstatus   = $userssetting->get_status();
130        $hasusercap   = has_capability('moodle/restore:userinfo', $coursectx, $userid);
131
132        // If setting is enabled but user lacks permission
133        if (!$hasusercap && $prevvalue) { // If user has not the capability and setting is enabled
134            // Now analyse if we are allowed to apply changes or must stop with exception
135            if (!$apply) { // Cannot apply changes, throw exception
136                $a = new stdclass();
137                $a->setting = 'users';
138                $a->value = $prevvalue;
139                $a->capability = 'moodle/restore:userinfo';
140                throw new restore_controller_exception('restore_setting_value_wrong_for_capability', $a);
141
142            } else { // Can apply changes
143                $userssetting->set_value(false);                              // Set the value to false
144                $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
145            }
146        }
147
148        // Now, if mode is HUB or IMPORT, and still we are including users in restore, turn them off
149        // Defaults processing should have handled this, but we need to be 100% sure
150        if ($mode == backup::MODE_IMPORT || $mode == backup::MODE_HUB) {
151            $userssetting = $restore_controller->get_plan()->get_setting('users');
152            if ($userssetting->get_value()) {
153                $userssetting->set_value(false);                              // Set the value to false
154                $userssetting->set_status(base_setting::LOCKED_BY_PERMISSION);// Set the status to locked by perm
155            }
156        }
157
158        // Check the user has the ability to configure the restore. If not then we need
159        // to lock all settings by permission so that no changes can be made. This does
160        // not apply to the import facility, where all the activities (picked on backup)
161        // are restored automatically without restore UI
162        if ($mode != backup::MODE_IMPORT) {
163            $hasconfigcap = has_capability('moodle/restore:configure', $coursectx, $userid);
164            if (!$hasconfigcap) {
165                $settings = $restore_controller->get_plan()->get_settings();
166                foreach ($settings as $setting) {
167                    $setting->set_status(base_setting::LOCKED_BY_PERMISSION);
168                }
169            }
170        }
171
172        if ($type == backup::TYPE_1COURSE) {
173            // Ensure the user has the rolldates capability. If not we want to lock this
174            // settings so that they cannot change it.
175            $hasrolldatescap = has_capability('moodle/restore:rolldates', $coursectx, $userid);
176            if (!$hasrolldatescap) {
177                $datesetting = $restore_controller->get_plan()->get_setting('course_startdate');
178                if ($datesetting) {
179                    $datesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
180                }
181            }
182
183            // Ensure the user has the changefullname capability. If not we want to lock
184            // the setting so that they cannot change it.
185            $haschangefullnamecap = has_capability('moodle/course:changefullname', $coursectx, $userid);
186            if (!$haschangefullnamecap) {
187                $fullnamesetting = $restore_controller->get_plan()->get_setting('course_fullname');
188                $fullnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
189            }
190
191            // Ensure the user has the changeshortname capability. If not we want to lock
192            // the setting so that they cannot change it.
193            $haschangeshortnamecap = has_capability('moodle/course:changeshortname', $coursectx, $userid);
194            if (!$haschangeshortnamecap) {
195                $shortnamesetting = $restore_controller->get_plan()->get_setting('course_shortname');
196                $shortnamesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
197            }
198
199            // Ensure the user has the update capability. If not we want to lock
200            // the overwrite setting so that they cannot change it.
201            $hasupdatecap = has_capability('moodle/course:update', $coursectx, $userid);
202            if (!$hasupdatecap) {
203                $overwritesetting = $restore_controller->get_plan()->get_setting('overwrite_conf');
204                $overwritesetting->set_status(base_setting::LOCKED_BY_PERMISSION);
205            }
206        }
207
208        return true;
209    }
210}
Note: See TracBrowser for help on using the repository browser.