MDL-20849 moodle/restore:userinfo - new cababilty to allow/deny

permissions to restore any (users, messages, modulesactivity...) user-level information. Merged from 19_STABLE
patkira · Nov 20, 2009 · f6459d1 · f6459d1
1 parent 05565da
commit f6459d1
Show file tree

Hide file tree

Showing 8 changed files with 157 additions and 101 deletions.
diff --git a/backup/backup_form.html b/backup/backup_form.html
@@ -288,7 +288,7 @@
         }
 
         // do you want grade histories to be backed up?
-        if (empty($CFG->disablegradehistory)) {
+        if (empty($to) and $backupuserinfo and empty($CFG->disablegradehistory)) {
             echo "<tr>";
             echo "<td align=\"right\" colspan=\"2\"><b>";
             echo '<label for="menubackup_gradebook_history">'.get_string ('gradebookhistories', 'grades').'</label>';

diff --git a/backup/restore_check.html b/backup/restore_check.html
@@ -200,15 +200,21 @@
 
     $loginurl = get_login_url();
 
+    //Init restoreuserinfo
+    $restoreuserinfo = false;
+
+
     //Check admin
     if (!empty($id)) {
         if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $id))) {
             print_error("cannotuseadminadminorteacher", '', $loginurl);
         }
+        $restoreuserinfo = has_capability('moodle/restore:userinfo', get_context_instance(CONTEXT_COURSE, $id));
     } else {
         if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM))) {
             print_error("cannotuseadmin", '', $loginurl);
         }
+        $restoreuserinfo = has_capability('moodle/restore:userinfo', get_context_instance(CONTEXT_SYSTEM));
     }
 
     //Check site
@@ -320,6 +326,32 @@
             }
         }
 
+        // Re-enforce moodle/restore:userinfo capability
+        if (!$restoreuserinfo) {
+            $userinfocheck = true;
+            // Confirm that all the settings are properly set to no users
+            // if anything is wrong, message and stop
+            // First global settings
+            if ($restore->users != 2 or $restore->user_files or $restore->messages or $restore->blogs) {
+                $userinfocheck = false;
+
+            // Now all modules userinfo flag
+            } else {
+                $mods = $restore->mods;
+                foreach ($mods as $mod) {
+                    if ($mod->userinfo) {
+                        $userinfocheck = false;
+                    }
+                }
+            }
+
+            if (!$userinfocheck) { // Something was wrong
+                $messages[] = get_string('restoreuserinfofailed');
+                $show_continue_button = false;
+            }
+        }
+
+
     /// If restoring users and backup has mnet remote users and we are restoring to different site, forbid restore to non-admins. MDL-17009
         if ($restore->users != 2 &&                                                   /// If restoring users
             !empty($info->mnet_remoteusers) && $info->mnet_remoteusers === 'true'  && /// and backup contains remote users

diff --git a/backup/restore_form.html b/backup/restore_form.html
diff --git a/backup/restorelib.php b/backup/restorelib.php
@@ -1473,7 +1473,7 @@ function restore_migrate_old_gradebook($restore,$xml_file) {
         $restoreall = true;  // set to false if any grade_item is not selected/restored
         $importing  = !empty($SESSION->restore->importing); // there should not be a way to import old backups, but anyway ;-)
 
-        if ($importing) {
+        if ($importing || $restore->users == 2) {
             $restoreall = false;
 
         } else {
@@ -1664,7 +1664,7 @@ function restore_create_gradebook($restore,$xml_file) {
         $restoreall = true;  // set to false if any grade_item is not selected/restored or already exist
         $importing  = !empty($SESSION->restore->importing);
 
-        if ($importing) {
+        if ($importing || $restore->users == 2) {
             $restoreall = false;
 
         } else {

diff --git a/lang/en_utf8/moodle.php b/lang/en_utf8/moodle.php
@@ -1371,6 +1371,7 @@
 $string['restoreto'] = 'Restore to';
 $string['restoretositeadding'] = 'Warning: You are about to restore to the site front page, adding data to it!';
 $string['restoretositedeleting'] = 'Warning: You are about to restore to the site front page, deleting data from it first!';
+$string['restoreuserinfofailed'] = '<strong>Warning:</strong> To be able to restore any user data (in activities, files, messages...) the \"moodle/restore:userinfo\" capability is required and you are missing it. Restore process stopped.';
 $string['restricted'] = 'Restricted';
 $string['restrictmodules'] = 'Restrict activity modules?';
 $string['returntooriginaluser'] = 'Return to $a';

diff --git a/lang/en_utf8/role.php b/lang/en_utf8/role.php
@@ -24,6 +24,7 @@
 $string['assignmentcontext'] = 'Assignment context';
 $string['assignmentoptions'] = 'Assignment options';
 $string['backtoallroles'] = 'Back to the list of all roles';
+$string['backup:userinfo'] = 'Backup user data';
 $string['blog:associatecourse'] = 'Associate blog entries with courses';
 $string['blog:associatemodule'] = 'Associate blog entries with activity modules';
 $string['blog:create'] = 'Create new blog entries';
@@ -199,6 +200,7 @@
 $string['resetrolesure'] = 'Are you sure that you want to reset role \"$a->name ($a->shortname)\" to defaults?<p></p>The defaults are taken from the selected legacy capability ($a->legacytype).';
 $string['resetrolesurenolegacy'] = 'Are you sure that you want to clear all permissions defined in this role \"$a->name ($a->shortname)\"?';
 $string['restore:rolldates'] = 'Allowed to roll activity configuration dates on restore';
+$string['restore:userinfo'] = 'Restore user data';
 $string['risks'] = 'Risks';
 $string['role:assign'] = 'Assign roles to users';
 $string['role:manage'] = 'Create and manage roles';

diff --git a/lib/db/access.php b/lib/db/access.php
@@ -195,9 +195,9 @@
 
     'moodle/backup:userinfo' => array(
 
-        'riskbitmask' => RISK_PERSONAL | RISK_CONFIG,
+        'riskbitmask' => RISK_PERSONAL,
 
-        'captype' => 'write',
+        'captype' => 'read',
         'contextlevel' => CONTEXT_COURSE,
         'legacy' => array(
             'admin' => CAP_ALLOW
@@ -216,6 +216,17 @@
         )
     ),
 
+    'moodle/restore:userinfo' => array(
+
+        'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
+
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'admin' => CAP_ALLOW
+        )
+    ),
+
     'moodle/restore:rolldates' => array(
 
         'captype' => 'write',

diff --git a/version.php b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2009111800;  // YYYYMMDD   = date of the last version bump
+    $version = 2009112000;  // YYYYMMDD   = date of the last version bump
                             //         XX = daily increments
 
     $release = '2.0 dev (Build: 20091117)';  // Human-friendly version name