From 124f314d223ebbe09584c287d44fcdaee496f04e Mon Sep 17 00:00:00 2001
From: Dmitrii Metelkin <dmitriim@catalyst-au.net>
Date: Thu, 14 Dec 2017 16:16:04 +1100
Subject: [PATCH] MDL-19667 report: Add a new capability to view user outline
 report

---
 report/outline/db/access.php              | 11 ++++++++
 report/outline/lang/en/report_outline.php |  1 +
 report/outline/lib.php                    |  2 +-
 report/outline/tests/lib_test.php         | 33 +++++++++++++++++++++++
 report/outline/version.php                |  2 +-
 5 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/report/outline/db/access.php b/report/outline/db/access.php
index 1d992be8a1c78..2865763a06352 100644
--- a/report/outline/db/access.php
+++ b/report/outline/db/access.php
@@ -37,6 +37,17 @@
         ),
 
         'clonepermissionsfrom' => 'coursereport/outline:view',
+    ),
+
+    'report/outline:viewuserreport' => array(
+        'riskbitmask' => RISK_PERSONAL,
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_COURSE,
+        'archetypes' => array(
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'manager' => CAP_ALLOW
+        ),
     )
 );
 
diff --git a/report/outline/lang/en/report_outline.php b/report/outline/lang/en/report_outline.php
index 407f9e5d6c59a..fb10e8c4aa9b9 100644
--- a/report/outline/lang/en/report_outline.php
+++ b/report/outline/lang/en/report_outline.php
@@ -30,6 +30,7 @@
 $string['nologreaderenabled'] = 'No log reader enabled';
 $string['numviews'] = '{$a->numviews} views by {$a->distinctusers} users';
 $string['outline:view'] = 'View activity report';
+$string['outline:viewuserreport'] = 'View user activity report';
 $string['page-report-outline-x'] = 'Any outline report';
 $string['page-report-outline-index'] = 'Course outline report';
 $string['page-report-outline-user'] = 'User course outline report';
diff --git a/report/outline/lib.php b/report/outline/lib.php
index 996e10a7d30a1..7e4cd42df3e1e 100644
--- a/report/outline/lib.php
+++ b/report/outline/lib.php
@@ -86,7 +86,7 @@ function report_outline_can_access_user_report($user, $course) {
         return false;
     }
 
-    if (has_capability('report/outline:view', $coursecontext)) {
+    if (has_capability('report/outline:viewuserreport', $coursecontext)) {
         return true;
     }
 
diff --git a/report/outline/tests/lib_test.php b/report/outline/tests/lib_test.php
index 3085bb12dfef6..fa9f20811f027 100644
--- a/report/outline/tests/lib_test.php
+++ b/report/outline/tests/lib_test.php
@@ -45,16 +45,28 @@ class report_outline_lib_testcase extends advanced_testcase {
      */
     private $course;
 
+    /**
+     * @var context_course Course context.
+     */
+    private $coursecontext;
+
     /**
      * @var \core_user\output\myprofile\tree The navigation tree.
      */
     private $tree;
 
+    /**
+     * @var int Dummy role for testing.
+     */
+    private $roleid;
+
     public function setUp() {
         $this->user = $this->getDataGenerator()->create_user();
         $this->user2 = $this->getDataGenerator()->create_user();
         $this->course = $this->getDataGenerator()->create_course();
         $this->tree = new \core_user\output\myprofile\tree();
+        $this->coursecontext = context_course::instance($this->course->id);
+        $this->roleid = create_role('Dummy role', 'dummyrole', 'dummy role description');
         $this->resetAfterTest();
     }
 
@@ -108,4 +120,25 @@ public function test_report_outline_myprofile_navigation_without_permission() {
         $this->assertArrayNotHasKey('outline', $nodes->getValue($this->tree));
         $this->assertArrayNotHasKey('complete', $nodes->getValue($this->tree));
     }
+
+    /**
+     * Test that the current user can not access user report without report/outline:viewuserreport permission.
+     */
+    public function test_report_outline_can_not_access_user_report_without_viewuserreport_permission() {
+        $this->getDataGenerator()->role_assign($this->roleid, $this->user->id, $this->coursecontext->id);
+        $this->setUser($this->user);
+
+        $this->assertFalse(report_outline_can_access_user_report($this->user, $this->course));
+    }
+
+    /**
+     * Test that the current user can access user report with report/outline:viewuserreport permission.
+     */
+    public function test_report_outline_can_access_user_report_with_viewuserreport_permission() {
+        assign_capability('report/outline:viewuserreport', CAP_ALLOW, $this->roleid, $this->coursecontext->id, true);
+        $this->getDataGenerator()->role_assign($this->roleid, $this->user->id, $this->coursecontext->id);
+        $this->setUser($this->user);
+
+        $this->assertTrue(report_outline_can_access_user_report($this->user, $this->course));
+    }
 }
diff --git a/report/outline/version.php b/report/outline/version.php
index 938d0e69c1819..c764e7c974334 100644
--- a/report/outline/version.php
+++ b/report/outline/version.php
@@ -25,6 +25,6 @@
 
 defined('MOODLE_INTERNAL') || die;
 
-$plugin->version   = 2017111300;       // The current plugin version (Date: YYYYMMDDXX)
+$plugin->version   = 2017111301;       // The current plugin version (Date: YYYYMMDDXX)
 $plugin->requires  = 2017110800;       // Requires this Moodle version
 $plugin->component = 'report_outline'; // Full name of the plugin (used for diagnostics)