MDL-63806 glossary: Return user permissions for entries in WS

f9b56649 · Juan Leyva · a7a1f0d4 · f9b56649 · f9b56649 · f9b56649
Commit f9b56649 authored Sep 25, 2020 by Juan Leyva
--- a/mod/glossary/classes/external.php
+++ b/mod/glossary/classes/external.php
@@ -1406,10 +1406,16 @@ class mod_glossary_external extends external_api {
        $entry = glossary_get_entry_by_id($id);
        self::fill_entry_details($entry, $context);

+        // Permissions (for entry edition).
+        $permissions = [
+            'candelete' => mod_glossary_can_delete_entry($entry, $glossary, $context),
+        ];
+
        return array(
            'entry' => $entry,
            'ratinginfo' => \core_rating\external\util::get_rating_info($glossary, $context, 'mod_glossary', 'entry',
                array($entry)),
+            'permissions' => $permissions,
            'warnings' => $warnings
        );
    }
@@ -1424,6 +1430,12 @@ class mod_glossary_external extends external_api {
        return new external_single_structure(array(
            'entry' => self::get_entry_return_structure(),
            'ratinginfo' => \core_rating\external\util::external_ratings_structure(),
+            'permissions' => new external_single_structure(
+                [
+                    'candelete' => new external_value(PARAM_BOOL, 'Whether the user can delete the entry.'),
+                ],
+                'User permissions for the managing the entry.', VALUE_OPTIONAL
+            ),
            'warnings' => new external_warnings()
        ));
    }

--- a/mod/glossary/tests/external_test.php
+++ b/mod/glossary/tests/external_test.php
@@ -1077,11 +1077,14 @@ class mod_glossary_external_testcase extends externallib_advanced_testcase {
        $c1 = $this->getDataGenerator()->create_course();
        $c2 = $this->getDataGenerator()->create_course();
        $g1 = $this->getDataGenerator()->create_module('glossary', array('course' => $c1->id));
-        $g2 = $this->getDataGenerator()->create_module('glossary', array('course' => $c1->id, 'visible' => 0));
+        $g2 = $this->getDataGenerator()->create_module('glossary', array('course' => $c2->id, 'visible' => 0));
        $u1 = $this->getDataGenerator()->create_user();
        $u2 = $this->getDataGenerator()->create_user();
+        $u3 = $this->getDataGenerator()->create_user();
        $ctx = context_module::instance($g1->cmid);
        $this->getDataGenerator()->enrol_user($u1->id, $c1->id);
+        $this->getDataGenerator()->enrol_user($u2->id, $c1->id);
+        $this->getDataGenerator()->enrol_user($u3->id, $c1->id);

        $e1 = $gg->create_content($g1, array('approved' => 1, 'userid' => $u1->id, 'tags' => array('Cats', 'Dogs')));
        // Add a fake inline image to the entry.
@@ -1108,10 +1111,12 @@ class mod_glossary_external_testcase extends externallib_advanced_testcase {
        $this->assertEquals('Cats', $return['entry']['tags'][0]['rawname']);
        $this->assertEquals('Dogs', $return['entry']['tags'][1]['rawname']);
        $this->assertEquals($filename, $return['entry']['definitioninlinefiles'][0]['filename']);
+        $this->assertTrue($return['permissions']['candelete']);

        $return = mod_glossary_external::get_entry_by_id($e2->id);
        $return = external_api::clean_returnvalue(mod_glossary_external::get_entry_by_id_returns(), $return);
        $this->assertEquals($e2->id, $return['entry']['id']);
+        $this->assertTrue($return['permissions']['candelete']);

        try {
            $return = mod_glossary_external::get_entry_by_id($e3->id);
@@ -1127,11 +1132,19 @@ class mod_glossary_external_testcase extends externallib_advanced_testcase {
            // All good.
        }

-        // An admin can be other's entries to be approved.
+        // An admin can see other's entries to be approved.
        $this->setAdminUser();
        $return = mod_glossary_external::get_entry_by_id($e3->id);
        $return = external_api::clean_returnvalue(mod_glossary_external::get_entry_by_id_returns(), $return);
        $this->assertEquals($e3->id, $return['entry']['id']);
+        $this->assertTrue($return['permissions']['candelete']);
+
+        // Students can see other students approved entries but they will not be able to delete them.
+        $this->setUser($u3);
+        $return = mod_glossary_external::get_entry_by_id($e1->id);
+        $return = external_api::clean_returnvalue(mod_glossary_external::get_entry_by_id_returns(), $return);
+        $this->assertEquals($e1->id, $return['entry']['id']);
+        $this->assertFalse($return['permissions']['candelete']);
    }

    public function test_add_entry_without_optional_settings() {

--- a/mod/glossary/upgrade.txt
+++ b/mod/glossary/upgrade.txt
 This files describes API changes in /mod/glossary/*,
 information provided here is intended especially for developers.

+=== 3.10 ===
+* External function get_entries_by_id now returns and additional "permissions" field indicating the user permissions for managing
+  the entry.
+
 === 3.8 ===
 * The following functions have been finally deprecated and can not be used anymore:
    * glossary_scale_used()