Skip to content

Commit

Permalink
MDL-28452 core_user: add custom profilefield capability
Browse files Browse the repository at this point in the history 
Add a setting to show custom profilefields to self or others
with capability moodle/sit:viewuseridentity in the course context only
  • Loading branch information
Bas Brands committed Apr 21, 2021
1 parent 2c89b82 commit 0fe5d5f
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 6 deletions.
1 change: 1 addition & 0 deletions lang/en/admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1036,6 +1036,7 @@
$string['profilevisibleall'] = 'Visible to everyone';
$string['profilevisiblenone'] = 'Not visible';
$string['profilevisibleprivate'] = 'Visible to user';
$string['profilevisibleteachers'] = 'Visible to user teachers and admins';
$string['profiling'] = 'Profiling';
$string['profilingallowall'] = 'Continuous profiling';
$string['profilingallowall_help'] = 'If you enable this setting, then, at any moment, you can use the PROFILEALL parameter anywhere (PGC) to enable profiling for all the executed scripts along the Moodle session life. Analogously, you can use the PROFILEALLSTOP parameter to stop it.';
Expand Down
2 changes: 2 additions & 0 deletions user/profile/definelib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,9 @@ public function define_form_common(&$form) {
$choices = array();
$choices[PROFILE_VISIBLE_NONE] = get_string('profilevisiblenone', 'admin');
$choices[PROFILE_VISIBLE_PRIVATE] = get_string('profilevisibleprivate', 'admin');
$choices[PROFILE_VISIBLE_TEACHERS] = get_string('profilevisibleteachers', 'admin');
$choices[PROFILE_VISIBLE_ALL] = get_string('profilevisibleall', 'admin');

$form->addElement('select', 'visible', get_string('profilevisible', 'admin'), $choices);
$form->addHelpButton('visible', 'profilevisible', 'admin');
$form->setDefault('visible', PROFILE_VISIBLE_ALL);
Expand Down
18 changes: 17 additions & 1 deletion user/profile/lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,13 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/

/**
* Visible to anyone who has the moodle/site:viewuseridentity permission.
* Editable by the profile owner if they have the moodle/user:editownprofile capability
* or any user with the moodle/user:update capability.
*/
define('PROFILE_VISIBLE_TEACHERS', '3');

/**
* Visible to anyone who can view the user.
* Editable by the profile owner if they have the moodle/user:editownprofile capability
Expand Down Expand Up @@ -428,11 +435,20 @@ public function load_data() {
* @return bool
*/
public function is_visible() {
global $USER;
global $USER, $COURSE;

$context = ($this->userid > 0) ? context_user::instance($this->userid) : context_system::instance();

switch ($this->field->visible) {
case PROFILE_VISIBLE_TEACHERS:
if ($this->is_signup_field() && (empty($this->userid) || isguestuser($this->userid))) {
return true;
} else if ($this->userid == $USER->id) {
return true;
} else {
$coursecontext = context_course::instance($COURSE->id);
return has_capability('moodle/site:viewuseridentity', $coursecontext);
}
case PROFILE_VISIBLE_ALL:
return true;
case PROFILE_VISIBLE_PRIVATE:
Expand Down
34 changes: 29 additions & 5 deletions user/tests/behat/custom_profile_fields.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,21 @@ Feature: Custom profile fields should be visible and editable by those with the
| Who is this field visible to? | Visible to everyone |
And I click on "Save changes" "button"

And I set the field "datatype" to "Text input"
And I set the following fields to these values:
| Short name | teachervisible_field |
| Name | teachervisible_field |
| Display on signup page? | Yes |
| Who is this field visible to? | Visible to user teachers and admins |
And I click on "Save changes" "button"

And I navigate to "Users > Accounts > Browse list of users" in site administration
And I click on ".icon[title=Edit]" "css_element" in the "userwithinformation@example.com" "table_row"
And I expand all fieldsets
And I set the field "notvisible_field" to "notvisible_field_information"
And I set the field "uservisible_field" to "uservisible_field_information"
And I set the field "everyonevisible_field" to "everyonevisible_field_information"
And I set the field "teachervisible_field" to "teachervisible_field_information"
And I click on "Update profile" "button"
And I log out

Expand All @@ -59,6 +68,7 @@ Feature: Custom profile fields should be visible and editable by those with the
Then I should not see "notvisible_field"
And I should see "uservisible_field"
And I should not see "everyonevisible_field"
And I should see "teachervisible_field"

@javascript
Scenario: Visible custom profile fields can be part of the sign up form for guest users.
Expand All @@ -70,15 +80,17 @@ Feature: Custom profile fields should be visible and editable by those with the
Then I should not see "notvisible_field"
And I should see "uservisible_field"
And I should not see "everyonevisible_field"
And I should see "teachervisible_field"

@javascript
Scenario: User with moodle/user:update but without moodle/user:viewalldetails can only update visible profile fields.
Scenario: User with moodle/user:update but without moodle/user:viewalldetails or moodle/site:viewuseridentity can only update visible profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| Update Users | updateusers | updateusers | |
And the following "permission overrides" exist:
| capability | permission | role | contextlevel | reference |
| moodle/user:update | Allow | updateusers | System | |
| capability | permission | role | contextlevel | reference |
| moodle/user:update | Allow | updateusers | System | |
| moodle/site:viewuseridentity | Prohibit | updateusers | System | |
And the following "users" exist:
| username | firstname | lastname | email |
| user_updateusers | updateusers | 1 | updateusers@example.com |
Expand All @@ -99,14 +111,17 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should not see "uservisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"
And I should not see "teachervisible_field"
And I should not see "teachervisible_field_information"
And I follow "Edit profile"
And the following fields match these values:
| everyonevisible_field | everyonevisible_field_information |
And I should not see "uservisible_field"
And I should not see "notvisible_field"
And I should not see "teachervisible_field"

@javascript
Scenario: User with moodle/user:viewalldetails but without moodle/user:update can view all profile fields.
Scenario: User with moodle/user:viewalldetails and moodle/site:viewuseridentity but without moodle/user:update can view all profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| View All Details | viewalldetails | viewalldetails | |
Expand All @@ -133,10 +148,12 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "uservisible_field_information"
And I should see "notvisible_field"
And I should see "notvisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "Edit profile"

@javascript
Scenario: User with moodle/user:viewalldetails and moodle/user:update capabilities can view and edit all profile fields.
Scenario: User with moodle/user:viewalldetails and moodle/user:update and moodle/site:viewuseridentity capabilities can view and edit all profile fields.
Given the following "roles" exist:
| name | shortname | description | archetype |
| View All Details and Update Users | viewalldetailsandupdateusers | viewalldetailsandupdateusers | |
Expand Down Expand Up @@ -164,11 +181,14 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "uservisible_field_information"
And I should see "notvisible_field"
And I should see "notvisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I follow "Edit profile"
And the following fields match these values:
| everyonevisible_field | everyonevisible_field_information |
| uservisible_field | uservisible_field_information |
| notvisible_field | notvisible_field_information |
| teachervisible_field | teachervisible_field_information |

@javascript
Scenario: Users can view and edit custom profile fields except those marked as not visible.
Expand All @@ -179,6 +199,8 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "everyonevisible_field_information"
And I should see "uservisible_field"
And I should see "uservisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"

Expand Down Expand Up @@ -209,6 +231,8 @@ Feature: Custom profile fields should be visible and editable by those with the
And I should see "everyonevisible_field_information"
And I should see "uservisible_field"
And I should see "uservisible_field_information"
And I should see "teachervisible_field"
And I should see "teachervisible_field_information"
And I should not see "notvisible_field"
And I should not see "notvisible_field_information"

Expand Down

0 comments on commit 0fe5d5f

Please sign in to comment.