Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
moodle
moodle
Commits
086d433a
Commit
086d433a
authored
Sep 09, 2020
by
Peter Dias
Committed by
Jenkins
Oct 30, 2020
Browse files
MDL-56310 restore: Confirm user has permission to change capabilities
parent
8aa5030d
Changes
1
Hide whitespace changes
Inline
Side-by-side
backup/moodle2/restore_stepslib.php
View file @
086d433a
...
@@ -2110,14 +2110,29 @@ class restore_ras_and_caps_structure_step extends restore_structure_step {
...
@@ -2110,14 +2110,29 @@ class restore_ras_and_caps_structure_step extends restore_structure_step {
$data
=
(
object
)
$data
;
$data
=
(
object
)
$data
;
// Check roleid is one of the mapped ones
// Check roleid is one of the mapped ones
$newroleid
=
$this
->
get_mappingid
(
'role'
,
$data
->
roleid
);
$newrole
=
$this
->
get_mapping
(
'role'
,
$data
->
roleid
);
$newroleid
=
$newrole
->
newitemid
??
false
;
$userid
=
$this
->
task
->
get_userid
();
// If newroleid and context are valid assign it via API (it handles dupes and so on)
// If newroleid and context are valid assign it via API (it handles dupes and so on)
if
(
$newroleid
&&
$this
->
task
->
get_contextid
())
{
if
(
$newroleid
&&
$this
->
task
->
get_contextid
())
{
if
(
!
get_capability_info
(
$data
->
capability
))
{
if
(
!
$capability
=
get_capability_info
(
$data
->
capability
))
{
$this
->
log
(
"Capability '
{
$data
->
capability
}
' was not found!"
,
backup
::
LOG_WARNING
);
$this
->
log
(
"Capability '
{
$data
->
capability
}
' was not found!"
,
backup
::
LOG_WARNING
);
}
else
{
}
else
{
// TODO: assign_capability() needs one userid param to be able to specify our restore userid.
$context
=
context
::
instance_by_id
(
$this
->
task
->
get_contextid
());
assign_capability
(
$data
->
capability
,
$data
->
permission
,
$newroleid
,
$this
->
task
->
get_contextid
());
$overrideableroles
=
get_overridable_roles
(
$context
,
ROLENAME_SHORT
);
$safecapability
=
is_safe_capability
(
$capability
);
// Check if the new role is an overrideable role AND if the user performing the restore has the
// capability to assign the capability.
if
(
in_array
(
$newrole
->
info
[
'shortname'
],
$overrideableroles
)
&&
(
$safecapability
&&
has_capability
(
'moodle/role:safeoverride'
,
$context
,
$userid
)
||
!
$safecapability
&&
has_capability
(
'moodle/role:override'
,
$context
,
$userid
))
)
{
assign_capability
(
$data
->
capability
,
$data
->
permission
,
$newroleid
,
$this
->
task
->
get_contextid
());
}
else
{
$this
->
log
(
"Insufficient capability to assign capability '
{
$data
->
capability
}
' to role!"
,
backup
::
LOG_WARNING
);
}
}
}
}
}
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
