1<?php 2// This file is part of Moodle - http://moodle.org/ 3// 4// Moodle is free software: you can redistribute it and/or modify 5// it under the terms of the GNU General Public License as published by 6// the Free Software Foundation, either version 3 of the License, or 7// (at your option) any later version. 8// 9// Moodle is distributed in the hope that it will be useful, 10// but WITHOUT ANY WARRANTY; without even the implied warranty of 11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12// GNU General Public License for more details. 13// 14// You should have received a copy of the GNU General Public License 15// along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Unit tests for user/lib.php. 19 * 20 * @package core_user 21 * @category phpunit 22 * @copyright 2013 Rajesh Taneja <rajesh@moodle.com> 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26defined('MOODLE_INTERNAL') || die(); 27 28global $CFG; 29require_once($CFG->dirroot.'/user/lib.php'); 30 31/** 32 * Unit tests for user lib api. 33 * 34 * @package core_user 35 * @category phpunit 36 * @copyright 2013 Rajesh Taneja <rajesh@moodle.com> 37 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 38 */ 39class core_userliblib_testcase extends advanced_testcase { 40 /** 41 * Test user_get_user_details_courses 42 */ 43 public function test_user_get_user_details_courses() { 44 global $DB; 45 46 $this->resetAfterTest(); 47 48 // Create user and modify user profile. 49 $user1 = $this->getDataGenerator()->create_user(); 50 $user2 = $this->getDataGenerator()->create_user(); 51 $user3 = $this->getDataGenerator()->create_user(); 52 53 $course1 = $this->getDataGenerator()->create_course(); 54 $coursecontext = context_course::instance($course1->id); 55 $teacherrole = $DB->get_record('role', array('shortname' => 'teacher')); 56 $this->getDataGenerator()->enrol_user($user1->id, $course1->id); 57 $this->getDataGenerator()->enrol_user($user2->id, $course1->id); 58 role_assign($teacherrole->id, $user1->id, $coursecontext->id); 59 role_assign($teacherrole->id, $user2->id, $coursecontext->id); 60 61 accesslib_clear_all_caches_for_unit_testing(); 62 63 // Get user2 details as a user with super system capabilities. 64 $result = user_get_user_details_courses($user2); 65 $this->assertEquals($user2->id, $result['id']); 66 $this->assertEquals(fullname($user2), $result['fullname']); 67 $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); 68 69 $this->setUser($user1); 70 // Get user2 details as a user who can only see this user in a course. 71 $result = user_get_user_details_courses($user2); 72 $this->assertEquals($user2->id, $result['id']); 73 $this->assertEquals(fullname($user2), $result['fullname']); 74 $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); 75 76 // Get user2 details as a user who doesn't share any course with user2. 77 $this->setUser($user3); 78 $result = user_get_user_details_courses($user2); 79 $this->assertNull($result); 80 } 81 82 /** 83 * Verify return when course groupmode set to 'no groups'. 84 */ 85 public function test_user_get_user_details_courses_groupmode_nogroups() { 86 $this->resetAfterTest(); 87 88 // Enrol 2 users into a course with groupmode set to 'no groups'. 89 // Profiles should be visible. 90 $user1 = $this->getDataGenerator()->create_user(); 91 $user2 = $this->getDataGenerator()->create_user(); 92 $course = $this->getDataGenerator()->create_course((object) ['groupmode' => 0]); 93 $this->getDataGenerator()->enrol_user($user1->id, $course->id); 94 $this->getDataGenerator()->enrol_user($user2->id, $course->id); 95 96 $this->setUser($user1); 97 $userdetails = user_get_user_details_courses($user2); 98 $this->assertInternalType('array', $userdetails); 99 $this->assertEquals($user2->id, $userdetails['id']); 100 } 101 102 /** 103 * Verify return when course groupmode set to 'separate groups'. 104 */ 105 public function test_user_get_user_details_courses_groupmode_separate() { 106 $this->resetAfterTest(); 107 108 // Enrol 2 users into a course with groupmode set to 'separate groups'. 109 // The users are not in any groups, so profiles should be hidden (same as if they were in separate groups). 110 $user1 = $this->getDataGenerator()->create_user(); 111 $user2 = $this->getDataGenerator()->create_user(); 112 $course = $this->getDataGenerator()->create_course((object) ['groupmode' => 1]); 113 $this->getDataGenerator()->enrol_user($user1->id, $course->id); 114 $this->getDataGenerator()->enrol_user($user2->id, $course->id); 115 116 $this->setUser($user1); 117 $this->assertNull(user_get_user_details_courses($user2)); 118 } 119 120 /** 121 * Verify return when course groupmode set to 'visible groups'. 122 */ 123 public function test_user_get_user_details_courses_groupmode_visible() { 124 $this->resetAfterTest(); 125 126 // Enrol 2 users into a course with groupmode set to 'visible groups'. 127 // The users are not in any groups, and profiles should be visible because of the groupmode. 128 $user1 = $this->getDataGenerator()->create_user(); 129 $user2 = $this->getDataGenerator()->create_user(); 130 $course = $this->getDataGenerator()->create_course((object) ['groupmode' => 2]); 131 $this->getDataGenerator()->enrol_user($user1->id, $course->id); 132 $this->getDataGenerator()->enrol_user($user2->id, $course->id); 133 134 $this->setUser($user1); 135 $userdetails = user_get_user_details_courses($user2); 136 $this->assertInternalType('array', $userdetails); 137 $this->assertEquals($user2->id, $userdetails['id']); 138 } 139 140 /** 141 * Test user_update_user. 142 */ 143 public function test_user_update_user() { 144 global $DB; 145 146 $this->resetAfterTest(); 147 148 // Create user and modify user profile. 149 $user = $this->getDataGenerator()->create_user(); 150 $user->firstname = 'Test'; 151 $user->password = 'M00dLe@T'; 152 153 // Update user and capture event. 154 $sink = $this->redirectEvents(); 155 user_update_user($user); 156 $events = $sink->get_events(); 157 $sink->close(); 158 $event = array_pop($events); 159 160 // Test updated value. 161 $dbuser = $DB->get_record('user', array('id' => $user->id)); 162 $this->assertSame($user->firstname, $dbuser->firstname); 163 $this->assertNotSame('M00dLe@T', $dbuser->password); 164 165 // Test event. 166 $this->assertInstanceOf('\core\event\user_updated', $event); 167 $this->assertSame($user->id, $event->objectid); 168 $this->assertSame('user_updated', $event->get_legacy_eventname()); 169 $this->assertEventLegacyData($dbuser, $event); 170 $this->assertEquals(context_user::instance($user->id), $event->get_context()); 171 $expectedlogdata = array(SITEID, 'user', 'update', 'view.php?id='.$user->id, ''); 172 $this->assertEventLegacyLogData($expectedlogdata, $event); 173 174 // Update user with no password update. 175 $password = $user->password = hash_internal_user_password('M00dLe@T'); 176 user_update_user($user, false); 177 $dbuser = $DB->get_record('user', array('id' => $user->id)); 178 $this->assertSame($password, $dbuser->password); 179 180 // Verify event is not triggred by user_update_user when needed. 181 $sink = $this->redirectEvents(); 182 user_update_user($user, false, false); 183 $events = $sink->get_events(); 184 $sink->close(); 185 $this->assertCount(0, $events); 186 187 // With password, there should be 1 event. 188 $sink = $this->redirectEvents(); 189 user_update_user($user, true, false); 190 $events = $sink->get_events(); 191 $sink->close(); 192 $this->assertCount(1, $events); 193 $event = array_pop($events); 194 $this->assertInstanceOf('\core\event\user_password_updated', $event); 195 196 // Test user data validation. 197 $user->username = 'johndoe123'; 198 $user->auth = 'shibolth'; 199 $user->country = 'WW'; 200 $user->lang = 'xy'; 201 $user->theme = 'somewrongthemename'; 202 $user->timezone = '30.5'; 203 $user->url = 'wwww.somewrong@#$url.com.aus'; 204 $debugmessages = $this->getDebuggingMessages(); 205 user_update_user($user, true, false); 206 $this->assertDebuggingCalledCount(6, $debugmessages); 207 208 // Now, with valid user data. 209 $user->username = 'johndoe321'; 210 $user->auth = 'shibboleth'; 211 $user->country = 'AU'; 212 $user->lang = 'en'; 213 $user->theme = 'classic'; 214 $user->timezone = 'Australia/Perth'; 215 $user->url = 'www.moodle.org'; 216 user_update_user($user, true, false); 217 $this->assertDebuggingNotCalled(); 218 } 219 220 /** 221 * Test create_users. 222 */ 223 public function test_create_users() { 224 global $DB; 225 226 $this->resetAfterTest(); 227 228 $user = array( 229 'username' => 'usernametest1', 230 'password' => 'Moodle2012!', 231 'idnumber' => 'idnumbertest1', 232 'firstname' => 'First Name User Test 1', 233 'lastname' => 'Last Name User Test 1', 234 'middlename' => 'Middle Name User Test 1', 235 'lastnamephonetic' => '最後のお名前のテスト一号', 236 'firstnamephonetic' => 'お名前のテスト一号', 237 'alternatename' => 'Alternate Name User Test 1', 238 'email' => 'usertest1@example.com', 239 'description' => 'This is a description for user 1', 240 'city' => 'Perth', 241 'country' => 'AU' 242 ); 243 244 // Create user and capture event. 245 $sink = $this->redirectEvents(); 246 $user['id'] = user_create_user($user); 247 $events = $sink->get_events(); 248 $sink->close(); 249 $event = array_pop($events); 250 251 // Test user info in DB. 252 $dbuser = $DB->get_record('user', array('id' => $user['id'])); 253 $this->assertEquals($dbuser->username, $user['username']); 254 $this->assertEquals($dbuser->idnumber, $user['idnumber']); 255 $this->assertEquals($dbuser->firstname, $user['firstname']); 256 $this->assertEquals($dbuser->lastname, $user['lastname']); 257 $this->assertEquals($dbuser->email, $user['email']); 258 $this->assertEquals($dbuser->description, $user['description']); 259 $this->assertEquals($dbuser->city, $user['city']); 260 $this->assertEquals($dbuser->country, $user['country']); 261 262 // Test event. 263 $this->assertInstanceOf('\core\event\user_created', $event); 264 $this->assertEquals($user['id'], $event->objectid); 265 $this->assertEquals('user_created', $event->get_legacy_eventname()); 266 $this->assertEquals(context_user::instance($user['id']), $event->get_context()); 267 $this->assertEventLegacyData($dbuser, $event); 268 $expectedlogdata = array(SITEID, 'user', 'add', '/view.php?id='.$event->objectid, fullname($dbuser)); 269 $this->assertEventLegacyLogData($expectedlogdata, $event); 270 271 // Verify event is not triggred by user_create_user when needed. 272 $user = array('username' => 'usernametest2'); // Create another user. 273 $sink = $this->redirectEvents(); 274 user_create_user($user, true, false); 275 $events = $sink->get_events(); 276 $sink->close(); 277 $this->assertCount(0, $events); 278 279 // Test user data validation, first some invalid data. 280 $user['username'] = 'johndoe123'; 281 $user['auth'] = 'shibolth'; 282 $user['country'] = 'WW'; 283 $user['lang'] = 'xy'; 284 $user['theme'] = 'somewrongthemename'; 285 $user['timezone'] = '-30.5'; 286 $user['url'] = 'wwww.somewrong@#$url.com.aus'; 287 $debugmessages = $this->getDebuggingMessages(); 288 $user['id'] = user_create_user($user, true, false); 289 $this->assertDebuggingCalledCount(6, $debugmessages); 290 $dbuser = $DB->get_record('user', array('id' => $user['id'])); 291 $this->assertEquals($dbuser->country, 0); 292 $this->assertEquals($dbuser->lang, 'en'); 293 $this->assertEquals($dbuser->timezone, ''); 294 295 // Now, with valid user data. 296 $user['username'] = 'johndoe321'; 297 $user['auth'] = 'shibboleth'; 298 $user['country'] = 'AU'; 299 $user['lang'] = 'en'; 300 $user['theme'] = 'classic'; 301 $user['timezone'] = 'Australia/Perth'; 302 $user['url'] = 'www.moodle.org'; 303 user_create_user($user, true, false); 304 $this->assertDebuggingNotCalled(); 305 } 306 307 /** 308 * Test that {@link user_create_user()} throws exception when invalid username is provided. 309 * 310 * @dataProvider data_create_user_invalid_username 311 * @param string $username Invalid username 312 * @param string $expectmessage Expected exception message 313 */ 314 public function test_create_user_invalid_username($username, $expectmessage) { 315 global $CFG; 316 317 $this->resetAfterTest(); 318 $CFG->extendedusernamechars = false; 319 320 $user = [ 321 'username' => $username, 322 ]; 323 324 $this->expectException('moodle_exception'); 325 $this->expectExceptionMessage($expectmessage); 326 327 user_create_user($user); 328 } 329 330 /** 331 * Data provider for {@link self::test_create_user_invalid_username()}. 332 * 333 * @return array 334 */ 335 public function data_create_user_invalid_username() { 336 return [ 337 'empty_string' => [ 338 '', 339 'The username cannot be blank', 340 ], 341 'only_whitespace' => [ 342 "\t\t \t\n ", 343 'The username cannot be blank', 344 ], 345 'lower_case' => [ 346 'Mudrd8mz', 347 'The username must be in lower case', 348 ], 349 'extended_chars' => [ 350 'dmudrák', 351 'The given username contains invalid characters', 352 ], 353 ]; 354 } 355 356 /** 357 * Test function user_count_login_failures(). 358 */ 359 public function test_user_count_login_failures() { 360 $this->resetAfterTest(); 361 $user = $this->getDataGenerator()->create_user(); 362 $this->assertEquals(0, get_user_preferences('login_failed_count_since_success', 0, $user)); 363 for ($i = 0; $i < 10; $i++) { 364 login_attempt_failed($user); 365 } 366 $this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user)); 367 $count = user_count_login_failures($user); // Reset count. 368 $this->assertEquals(10, $count); 369 $this->assertEquals(0, get_user_preferences('login_failed_count_since_success', 0, $user)); 370 371 for ($i = 0; $i < 10; $i++) { 372 login_attempt_failed($user); 373 } 374 $this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user)); 375 $count = user_count_login_failures($user, false); // Do not reset count. 376 $this->assertEquals(10, $count); 377 $this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user)); 378 } 379 380 /** 381 * Test function user_add_password_history(). 382 */ 383 public function test_user_add_password_history() { 384 global $DB; 385 386 $this->resetAfterTest(); 387 388 $user1 = $this->getDataGenerator()->create_user(); 389 $user2 = $this->getDataGenerator()->create_user(); 390 $user3 = $this->getDataGenerator()->create_user(); 391 $DB->delete_records('user_password_history', array()); 392 393 set_config('passwordreuselimit', 0); 394 395 user_add_password_history($user1->id, 'pokus'); 396 $this->assertEquals(0, $DB->count_records('user_password_history')); 397 398 // Test adding and discarding of old. 399 400 set_config('passwordreuselimit', 3); 401 402 user_add_password_history($user1->id, 'pokus'); 403 $this->assertEquals(1, $DB->count_records('user_password_history')); 404 $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id))); 405 406 user_add_password_history($user1->id, 'pokus2'); 407 user_add_password_history($user1->id, 'pokus3'); 408 user_add_password_history($user1->id, 'pokus4'); 409 $this->assertEquals(3, $DB->count_records('user_password_history')); 410 $this->assertEquals(3, $DB->count_records('user_password_history', array('userid' => $user1->id))); 411 412 user_add_password_history($user2->id, 'pokus1'); 413 $this->assertEquals(4, $DB->count_records('user_password_history')); 414 $this->assertEquals(3, $DB->count_records('user_password_history', array('userid' => $user1->id))); 415 $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user2->id))); 416 417 user_add_password_history($user2->id, 'pokus2'); 418 user_add_password_history($user2->id, 'pokus3'); 419 $this->assertEquals(3, $DB->count_records('user_password_history', array('userid' => $user2->id))); 420 421 $ids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 422 user_add_password_history($user2->id, 'pokus4'); 423 $this->assertEquals(3, $DB->count_records('user_password_history', array('userid' => $user2->id))); 424 $newids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 425 426 $removed = array_shift($ids); 427 $added = array_pop($newids); 428 $this->assertSame($ids, $newids); 429 $this->assertGreaterThan($removed, $added); 430 431 // Test disabling prevents changes. 432 433 set_config('passwordreuselimit', 0); 434 435 $this->assertEquals(6, $DB->count_records('user_password_history')); 436 437 $ids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 438 user_add_password_history($user2->id, 'pokus5'); 439 user_add_password_history($user3->id, 'pokus1'); 440 $newids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 441 $this->assertSame($ids, $newids); 442 $this->assertEquals(6, $DB->count_records('user_password_history')); 443 444 set_config('passwordreuselimit', -1); 445 446 $ids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 447 user_add_password_history($user2->id, 'pokus6'); 448 user_add_password_history($user3->id, 'pokus6'); 449 $newids = array_keys($DB->get_records('user_password_history', array('userid' => $user2->id), 'timecreated ASC, id ASC')); 450 $this->assertSame($ids, $newids); 451 $this->assertEquals(6, $DB->count_records('user_password_history')); 452 } 453 454 /** 455 * Test function user_add_password_history(). 456 */ 457 public function test_user_is_previously_used_password() { 458 global $DB; 459 460 $this->resetAfterTest(); 461 462 $user1 = $this->getDataGenerator()->create_user(); 463 $user2 = $this->getDataGenerator()->create_user(); 464 $DB->delete_records('user_password_history', array()); 465 466 set_config('passwordreuselimit', 0); 467 468 user_add_password_history($user1->id, 'pokus'); 469 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus')); 470 471 set_config('passwordreuselimit', 3); 472 473 user_add_password_history($user2->id, 'pokus1'); 474 user_add_password_history($user2->id, 'pokus2'); 475 476 user_add_password_history($user1->id, 'pokus1'); 477 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus1')); 478 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus2')); 479 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus3')); 480 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus4')); 481 482 user_add_password_history($user1->id, 'pokus2'); 483 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus1')); 484 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus2')); 485 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus3')); 486 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus4')); 487 488 user_add_password_history($user1->id, 'pokus3'); 489 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus1')); 490 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus2')); 491 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus3')); 492 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus4')); 493 494 user_add_password_history($user1->id, 'pokus4'); 495 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus1')); 496 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus2')); 497 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus3')); 498 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus4')); 499 500 set_config('passwordreuselimit', 2); 501 502 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus1')); 503 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus2')); 504 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus3')); 505 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus4')); 506 507 set_config('passwordreuselimit', 3); 508 509 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus1')); 510 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus2')); 511 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus3')); 512 $this->assertTrue(user_is_previously_used_password($user1->id, 'pokus4')); 513 514 set_config('passwordreuselimit', 0); 515 516 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus1')); 517 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus2')); 518 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus3')); 519 $this->assertFalse(user_is_previously_used_password($user1->id, 'pokus4')); 520 } 521 522 /** 523 * Test that password history is deleted together with user. 524 */ 525 public function test_delete_of_hashes_on_user_delete() { 526 global $DB; 527 528 $this->resetAfterTest(); 529 530 $user1 = $this->getDataGenerator()->create_user(); 531 $user2 = $this->getDataGenerator()->create_user(); 532 $DB->delete_records('user_password_history', array()); 533 534 set_config('passwordreuselimit', 3); 535 536 user_add_password_history($user1->id, 'pokus'); 537 user_add_password_history($user2->id, 'pokus1'); 538 user_add_password_history($user2->id, 'pokus2'); 539 540 $this->assertEquals(3, $DB->count_records('user_password_history')); 541 $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id))); 542 $this->assertEquals(2, $DB->count_records('user_password_history', array('userid' => $user2->id))); 543 544 delete_user($user2); 545 $this->assertEquals(1, $DB->count_records('user_password_history')); 546 $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id))); 547 $this->assertEquals(0, $DB->count_records('user_password_history', array('userid' => $user2->id))); 548 } 549 550 /** 551 * Test user_list_view function 552 */ 553 public function test_user_list_view() { 554 555 $this->resetAfterTest(); 556 557 // Course without sections. 558 $course = $this->getDataGenerator()->create_course(); 559 $context = context_course::instance($course->id); 560 561 $this->setAdminUser(); 562 563 // Redirect events to the sink, so we can recover them later. 564 $sink = $this->redirectEvents(); 565 566 user_list_view($course, $context); 567 $events = $sink->get_events(); 568 $this->assertCount(1, $events); 569 $event = reset($events); 570 571 // Check the event details are correct. 572 $this->assertInstanceOf('\core\event\user_list_viewed', $event); 573 $this->assertEquals($context, $event->get_context()); 574 $this->assertEquals($course->shortname, $event->other['courseshortname']); 575 $this->assertEquals($course->fullname, $event->other['coursefullname']); 576 577 } 578 579 /** 580 * Test setting the user menu avatar size. 581 */ 582 public function test_user_menu_custom_avatar_size() { 583 global $PAGE; 584 $this->resetAfterTest(true); 585 586 $testsize = 100; 587 588 $PAGE->set_url('/'); 589 $user = $this->getDataGenerator()->create_user(); 590 $opts = user_get_user_navigation_info($user, $PAGE, array('avatarsize' => $testsize)); 591 $avatarhtml = $opts->metadata['useravatar']; 592 593 $matches = []; 594 preg_match('/(?:.*width=")(\d*)(?:" height=")(\d*)(?:".*\/>)/', $avatarhtml, $matches); 595 $this->assertCount(3, $matches); 596 597 $this->assertEquals(intval($matches[1]), $testsize); 598 $this->assertEquals(intval($matches[2]), $testsize); 599 } 600 601 /** 602 * Test user_can_view_profile 603 */ 604 public function test_user_can_view_profile() { 605 global $DB, $CFG; 606 607 $this->resetAfterTest(); 608 609 // Create five users. 610 $user1 = $this->getDataGenerator()->create_user(); 611 $user2 = $this->getDataGenerator()->create_user(); 612 $user3 = $this->getDataGenerator()->create_user(); 613 $user4 = $this->getDataGenerator()->create_user(); 614 $user5 = $this->getDataGenerator()->create_user(); 615 $user6 = $this->getDataGenerator()->create_user(array('deleted' => 1)); 616 $user7 = $this->getDataGenerator()->create_user(); 617 $user8 = $this->getDataGenerator()->create_user(); 618 $user8->id = 0; // Visitor. 619 620 $studentrole = $DB->get_record('role', array('shortname' => 'student')); 621 // Add the course creator role to the course contact and assign a user to that role. 622 $CFG->coursecontact = '2'; 623 $coursecreatorrole = $DB->get_record('role', array('shortname' => 'coursecreator')); 624 $this->getDataGenerator()->role_assign($coursecreatorrole->id, $user7->id); 625 626 // Create two courses. 627 $course1 = $this->getDataGenerator()->create_course(); 628 $course2 = $this->getDataGenerator()->create_course(); 629 $coursecontext = context_course::instance($course2->id); 630 // Prepare another course with separate groups and groupmodeforce set to true. 631 $record = new stdClass(); 632 $record->groupmode = 1; 633 $record->groupmodeforce = 1; 634 $course3 = $this->getDataGenerator()->create_course($record); 635 // Enrol users 1 and 2 in first course. 636 $this->getDataGenerator()->enrol_user($user1->id, $course1->id); 637 $this->getDataGenerator()->enrol_user($user2->id, $course1->id); 638 // Enrol users 2 and 3 in second course. 639 $this->getDataGenerator()->enrol_user($user2->id, $course2->id); 640 $this->getDataGenerator()->enrol_user($user3->id, $course2->id); 641 // Enrol users 1, 4, and 5 into course 3. 642 $this->getDataGenerator()->enrol_user($user1->id, $course3->id); 643 $this->getDataGenerator()->enrol_user($user4->id, $course3->id); 644 $this->getDataGenerator()->enrol_user($user5->id, $course3->id); 645 646 // User 3 should not be able to see user 1, either by passing their own course (course 2) or user 1's course (course 1). 647 $this->setUser($user3); 648 $this->assertFalse(user_can_view_profile($user1, $course2)); 649 $this->assertFalse(user_can_view_profile($user1, $course1)); 650 651 // Remove capability moodle/user:viewdetails in course 2. 652 assign_capability('moodle/user:viewdetails', CAP_PROHIBIT, $studentrole->id, $coursecontext); 653 // Set current user to user 1. 654 $this->setUser($user1); 655 // User 1 can see User 1's profile. 656 $this->assertTrue(user_can_view_profile($user1)); 657 658 $tempcfg = $CFG->forceloginforprofiles; 659 $CFG->forceloginforprofiles = 0; 660 // Not forced to log in to view profiles, should be able to see all profiles besides user 6. 661 $users = array($user1, $user2, $user3, $user4, $user5, $user7); 662 foreach ($users as $user) { 663 $this->assertTrue(user_can_view_profile($user)); 664 } 665 // Restore setting. 666 $CFG->forceloginforprofiles = $tempcfg; 667 668 // User 1 can not see user 6 as they have been deleted. 669 $this->assertFalse(user_can_view_profile($user6)); 670 // User 1 can see User 7 as they are a course contact. 671 $this->assertTrue(user_can_view_profile($user7)); 672 // User 1 is in a course with user 2 and has the right capability - return true. 673 $this->assertTrue(user_can_view_profile($user2)); 674 // User 1 is not in a course with user 3 - return false. 675 $this->assertFalse(user_can_view_profile($user3)); 676 677 // Set current user to user 2. 678 $this->setUser($user2); 679 // User 2 is in a course with user 3 but does not have the right capability - return false. 680 $this->assertFalse(user_can_view_profile($user3)); 681 682 // Set user 1 in one group and users 4 and 5 in another group. 683 $group1 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id)); 684 $group2 = $this->getDataGenerator()->create_group(array('courseid' => $course3->id)); 685 groups_add_member($group1->id, $user1->id); 686 groups_add_member($group2->id, $user4->id); 687 groups_add_member($group2->id, $user5->id); 688 $this->setUser($user1); 689 // Check that user 1 can not see user 4. 690 $this->assertFalse(user_can_view_profile($user4)); 691 // Check that user 5 can see user 4. 692 $this->setUser($user5); 693 $this->assertTrue(user_can_view_profile($user4)); 694 695 // Test the user:viewalldetails cap check using the course creator role which, by default, can't see student profiles. 696 $this->setUser($user7); 697 $this->assertFalse(user_can_view_profile($user4)); 698 assign_capability('moodle/user:viewalldetails', CAP_ALLOW, $coursecreatorrole->id, context_system::instance()->id, true); 699 reload_all_capabilities(); 700 $this->assertTrue(user_can_view_profile($user4)); 701 unassign_capability('moodle/user:viewalldetails', $coursecreatorrole->id, $coursecontext->id); 702 reload_all_capabilities(); 703 704 $CFG->coursecontact = null; 705 706 // Visitor (Not a guest user, userid=0). 707 $CFG->forceloginforprofiles = 1; 708 $this->setUser($user8); 709 $this->assertFalse(user_can_view_profile($user1)); 710 711 // Let us test with guest user. 712 $this->setGuestUser(); 713 $CFG->forceloginforprofiles = 1; 714 foreach ($users as $user) { 715 $this->assertFalse(user_can_view_profile($user)); 716 } 717 718 // Even with cap, still guests should not be allowed in. 719 $guestrole = $DB->get_records_menu('role', array('shortname' => 'guest'), 'id', 'archetype, id'); 720 assign_capability('moodle/user:viewdetails', CAP_ALLOW, $guestrole['guest'], context_system::instance()->id, true); 721 reload_all_capabilities(); 722 foreach ($users as $user) { 723 $this->assertFalse(user_can_view_profile($user)); 724 } 725 726 $CFG->forceloginforprofiles = 0; 727 foreach ($users as $user) { 728 $this->assertTrue(user_can_view_profile($user)); 729 } 730 731 // Let us test with Visitor user. 732 $this->setUser($user8); 733 $CFG->forceloginforprofiles = 1; 734 foreach ($users as $user) { 735 $this->assertFalse(user_can_view_profile($user)); 736 } 737 738 $CFG->forceloginforprofiles = 0; 739 foreach ($users as $user) { 740 $this->assertTrue(user_can_view_profile($user)); 741 } 742 743 // Testing non-shared courses where capabilities are met, using system role overrides. 744 $CFG->forceloginforprofiles = $tempcfg; 745 $course4 = $this->getDataGenerator()->create_course(); 746 $this->getDataGenerator()->enrol_user($user1->id, $course4->id); 747 748 // Assign a manager role at the system context. 749 $managerrole = $DB->get_record('role', array('shortname' => 'manager')); 750 $user9 = $this->getDataGenerator()->create_user(); 751 $this->getDataGenerator()->role_assign($managerrole->id, $user9->id); 752 753 // Make sure viewalldetails and viewdetails are overridden to 'prevent' (i.e. can be overridden at a lower context). 754 $systemcontext = context_system::instance(); 755 assign_capability('moodle/user:viewdetails', CAP_PREVENT, $managerrole->id, $systemcontext, true); 756 assign_capability('moodle/user:viewalldetails', CAP_PREVENT, $managerrole->id, $systemcontext, true); 757 758 // And override these to 'Allow' in a specific course. 759 $course4context = context_course::instance($course4->id); 760 assign_capability('moodle/user:viewalldetails', CAP_ALLOW, $managerrole->id, $course4context, true); 761 assign_capability('moodle/user:viewdetails', CAP_ALLOW, $managerrole->id, $course4context, true); 762 763 // The manager now shouldn't have viewdetails in the system or user context. 764 $this->setUser($user9); 765 $user1context = context_user::instance($user1->id); 766 $this->assertFalse(has_capability('moodle/user:viewdetails', $systemcontext)); 767 $this->assertFalse(has_capability('moodle/user:viewdetails', $user1context)); 768 769 // Confirm that user_can_view_profile() returns true for $user1 when called without $course param. It should find $course1. 770 $this->assertTrue(user_can_view_profile($user1)); 771 772 // Confirm this also works when restricting scope to just that course. 773 $this->assertTrue(user_can_view_profile($user1, $course4)); 774 } 775 776 /** 777 * Test user_get_user_details 778 */ 779 public function test_user_get_user_details() { 780 global $DB; 781 782 $this->resetAfterTest(); 783 784 // Create user and modify user profile. 785 $teacher = $this->getDataGenerator()->create_user(); 786 $student = $this->getDataGenerator()->create_user(); 787 $studentfullname = fullname($student); 788 789 $course1 = $this->getDataGenerator()->create_course(); 790 $coursecontext = context_course::instance($course1->id); 791 $teacherrole = $DB->get_record('role', array('shortname' => 'teacher')); 792 $studentrole = $DB->get_record('role', array('shortname' => 'student')); 793 $this->getDataGenerator()->enrol_user($teacher->id, $course1->id); 794 $this->getDataGenerator()->enrol_user($student->id, $course1->id); 795 role_assign($teacherrole->id, $teacher->id, $coursecontext->id); 796 role_assign($studentrole->id, $student->id, $coursecontext->id); 797 798 accesslib_clear_all_caches_for_unit_testing(); 799 800 // Get student details as a user with super system capabilities. 801 $result = user_get_user_details($student, $course1); 802 $this->assertEquals($student->id, $result['id']); 803 $this->assertEquals($studentfullname, $result['fullname']); 804 $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); 805 806 $this->setUser($teacher); 807 // Get student details as a user who can only see this user in a course. 808 $result = user_get_user_details($student, $course1); 809 $this->assertEquals($student->id, $result['id']); 810 $this->assertEquals($studentfullname, $result['fullname']); 811 $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); 812 813 // Get student details with required fields. 814 $result = user_get_user_details($student, $course1, array('id', 'fullname')); 815 $this->assertCount(2, $result); 816 $this->assertEquals($student->id, $result['id']); 817 $this->assertEquals($studentfullname, $result['fullname']); 818 819 // Get exception for invalid required fields. 820 $this->expectException('moodle_exception'); 821 $result = user_get_user_details($student, $course1, array('wrongrequiredfield')); 822 } 823 824 /** 825 * Regression test for MDL-57840. 826 * 827 * Ensure the fields "auth, confirmed, idnumber, lang, theme, timezone and mailformat" are present when 828 * calling user_get_user_details() function. 829 */ 830 public function test_user_get_user_details_missing_fields() { 831 global $CFG; 832 833 $this->resetAfterTest(true); 834 $this->setAdminUser(); // We need capabilities to view the data. 835 $user = self::getDataGenerator()->create_user([ 836 'auth' => 'email', 837 'confirmed' => '0', 838 'idnumber' => 'someidnumber', 839 'lang' => 'en', 840 'theme' => $CFG->theme, 841 'timezone' => '5', 842 'mailformat' => '0', 843 ]); 844 845 // Fields that should get by default. 846 $got = user_get_user_details($user); 847 self::assertSame('email', $got['auth']); 848 self::assertSame('0', $got['confirmed']); 849 self::assertSame('someidnumber', $got['idnumber']); 850 self::assertSame('en', $got['lang']); 851 self::assertSame($CFG->theme, $got['theme']); 852 self::assertSame('5', $got['timezone']); 853 self::assertSame('0', $got['mailformat']); 854 } 855} 856