Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
integration
prechecker
Commits
fada0691
Commit
fada0691
authored
Apr 28, 2016
by
Frederic Massart
Committed by
Andrew Nicols
May 06, 2016
Browse files
MDL-53954 user: Prevent locked profile fields from being edited
parent
7873e36f
Changes
3
Hide whitespace changes
Inline
Side-by-side
user/edit_form.php
View file @
fada0691
...
...
@@ -133,6 +133,7 @@ class user_edit_form extends moodleform {
$fields
=
get_user_fieldnames
();
$authplugin
=
get_auth_plugin
(
$user
->
auth
);
$customfields
=
$authplugin
->
get_custom_user_profile_fields
();
$customfieldsdata
=
profile_user_record
(
$userid
,
false
);
$fields
=
array_merge
(
$fields
,
$customfields
);
foreach
(
$fields
as
$field
)
{
if
(
$field
===
'description'
)
{
...
...
@@ -144,7 +145,15 @@ class user_edit_form extends moodleform {
if
(
!
$mform
->
elementExists
(
$formfield
))
{
continue
;
}
$value
=
$mform
->
getElement
(
$formfield
)
->
exportValue
(
$mform
->
getElementValue
(
$formfield
))
?:
''
;
// Get the original value for the field.
if
(
in_array
(
$field
,
$customfields
))
{
$key
=
str_replace
(
'profile_field_'
,
''
,
$field
);
$value
=
isset
(
$customfieldsdata
->
{
$key
})
?
$customfieldsdata
->
{
$key
}
:
''
;
}
else
{
$value
=
$user
->
{
$field
};
}
$configvariable
=
'field_lock_'
.
$field
;
if
(
isset
(
$authplugin
->
config
->
{
$configvariable
}))
{
if
(
$authplugin
->
config
->
{
$configvariable
}
===
'locked'
)
{
...
...
user/profile/lib.php
View file @
fada0691
...
...
@@ -551,9 +551,10 @@ function profile_signup_fields($mform) {
/**
* Returns an object with the custom profile fields set for the given user
* @param integer $userid
* @param bool $onlyinuserobject True if you only want the ones in $USER.
* @return stdClass
*/
function
profile_user_record
(
$userid
)
{
function
profile_user_record
(
$userid
,
$onlyinuserobject
=
true
)
{
global
$CFG
,
$DB
;
$usercustomfields
=
new
stdClass
();
...
...
@@ -563,7 +564,7 @@ function profile_user_record($userid) {
require_once
(
$CFG
->
dirroot
.
'/user/profile/field/'
.
$field
->
datatype
.
'/field.class.php'
);
$newfield
=
'profile_field_'
.
$field
->
datatype
;
$formfield
=
new
$newfield
(
$field
->
id
,
$userid
);
if
(
$formfield
->
is_user_object_data
())
{
if
(
!
$onlyinuserobject
||
$formfield
->
is_user_object_data
())
{
$usercustomfields
->
{
$field
->
shortname
}
=
$formfield
->
data
;
}
}
...
...
user/tests/profilelib_test.php
View file @
fada0691
...
...
@@ -62,6 +62,9 @@ class core_user_profilelib_testcase extends advanced_testcase {
// Check that profile_user_record returns same (no) fields.
$this
->
assertObjectNotHasAttribute
(
'frogdesc'
,
profile_user_record
(
$user
->
id
));
// Check that profile_user_record returns all the fields when requested.
$this
->
assertObjectHasAttribute
(
'frogdesc'
,
profile_user_record
(
$user
->
id
,
false
));
// Add another custom field, this time of normal text type.
$id2
=
$DB
->
insert_record
(
'user_info_field'
,
array
(
'shortname'
=>
'frogname'
,
'name'
=>
'Name of frog'
,
'categoryid'
=>
1
,
...
...
@@ -77,6 +80,9 @@ class core_user_profilelib_testcase extends advanced_testcase {
// Check profile_user_record returns same field.
$this
->
assertObjectHasAttribute
(
'frogname'
,
profile_user_record
(
$user
->
id
));
// Check that profile_user_record returns all the fields when requested.
$this
->
assertObjectHasAttribute
(
'frogname'
,
profile_user_record
(
$user
->
id
,
false
));
}
/**
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment