forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDL-82532 Profile: Capability to allow/prevent view of profile images
Introduces a new capability moodle/user:viewprofilepics, granted by default to 'user' and 'guest'. If the 'forcelogin' option or 'forceloginforprofileimage' option is enabled, then users must have this capability in order to see profile pictures (except their own).
- Loading branch information
1 parent
1a33da6
commit bd4a775
Showing
6 changed files
with
239 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
@core @_file_upload | ||
Feature: Profile picture access | ||
In order to enable precise security control and meet legal requirements | ||
As site administrators | ||
We should be able to prevent certain users from viewing profile pictures | ||
|
||
Background: | ||
Given the following "users" exist: | ||
| username | firstname | lastname | | ||
| student1 | Alice | in Wonderland | | ||
| student2 | Bob | a Job Week | | ||
And the following "courses" exist: | ||
| shortname | | ||
| C1 | | ||
And the following "course enrolments" exist: | ||
| user | course | role | | ||
| student1 | C1 | student | | ||
| student2 | C1 | student | | ||
And the following "activity" exists: | ||
| course | C1 | | ||
| activity | forum | | ||
| name | TestForum | | ||
| idnumber | forum1 | | ||
And the following "mod_forum > discussions" exist: | ||
| user | forum | name | message | timemodified | | ||
| student1 | forum1 | Post1 | This is the first post | ##now -1 second## | | ||
And the following "roles" exist: | ||
| shortname | | ||
| dangerous | | ||
And the following "role capability" exists: | ||
| role | dangerous | | ||
| moodle/user:viewprofilepics | prohibit | | ||
And I am on the "Profile editing" page logged in as "student1" | ||
And I upload "/course/tests/fixtures/image.jpg" file to "New picture" filemanager | ||
And I set the field "Picture description" to "MyPic" | ||
And I press "Update profile" | ||
|
||
@javascript | ||
Scenario: Users can view pictures on forum page when permitted | ||
When I am on the "forum1" "forum activity" page logged in as "student2" | ||
# By default you can see user pics. | ||
And ".discussion-list img.userpicture[src*='user/icon']" "css_element" should be visible | ||
# Even if you don't have the capability, you can still see them... | ||
And the following "system role assigns" exist: | ||
| user | role | contextlevel | | ||
| student2 | dangerous | System | | ||
And I reload the page | ||
And ".discussion-list img.userpicture[src*='user/icon']" "css_element" should be visible | ||
# ...unless forcelogin is on, when the system kicks in and hides it. | ||
And the following config values are set as admin: | ||
| forcelogin | 1 | | ||
And I reload the page | ||
Then ".discussion-list img.userpicture[src*='user/icon']" "css_element" should not exist | ||
|
||
@javascript | ||
Scenario: Users can view pictures on profile page when permitted | ||
When I am on the "forum1" "forum activity" page logged in as "student2" | ||
And I follow "Post1" | ||
And I follow "Alice in Wonderland" | ||
# By default you can see user pics. | ||
And ".page-header-image img.userpicture[src*='user/icon']" "css_element" should be visible | ||
# Even if you don't have the capability, you can still see them... | ||
And the following "system role assigns" exist: | ||
| user | role | contextlevel | | ||
| student2 | dangerous | System | | ||
And I reload the page | ||
And ".page-header-image img.userpicture[src*='user/icon']" "css_element" should be visible | ||
# ...unless forcelogin is on, when the system kicks in and hides it. | ||
And the following config values are set as admin: | ||
| forcelogin | 1 | | ||
And I reload the page | ||
Then ".page-header-image img.userpicture[src*='user/icon']" "css_element" should not exist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
<?php | ||
// This file is part of Moodle - http://moodle.org/ | ||
// | ||
// Moodle is free software: you can redistribute it and/or modify | ||
// it under the terms of the GNU General Public License as published by | ||
// the Free Software Foundation, either version 3 of the License, or | ||
// (at your option) any later version. | ||
// | ||
// Moodle is distributed in the hope that it will be useful, | ||
// but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
// GNU General Public License for more details. | ||
// | ||
// You should have received a copy of the GNU General Public License | ||
// along with Moodle. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
namespace core\output; | ||
|
||
/** | ||
* Unit tests for the user_picture class. | ||
* | ||
* @package core | ||
* @copyright 2024 The Open University | ||
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later | ||
* @covers \core\output\user_picture | ||
*/ | ||
final class user_picture_test extends \advanced_testcase { | ||
/** | ||
* Tests {@see user_picture::allow_view()} for a not-logged-in request. | ||
*/ | ||
public function test_allow_view_not_logged_in(): void { | ||
global $DB; | ||
|
||
$this->resetAfterTest(); | ||
|
||
$adminid = $DB->get_field('user', 'id', ['username' => 'admin'], MUST_EXIST); | ||
|
||
// Default config allows user pictures when not logged in. | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
|
||
// Not allowed with either or both forcelogin options. | ||
set_config('forcelogin', 1); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
set_config('forcelogin', 0); | ||
set_config('forceloginforprofileimage', 1); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
set_config('forcelogin', 1); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
} | ||
|
||
/** | ||
* Tests {@see user_picture::allow_view()} for a guest user request. | ||
*/ | ||
public function test_allow_view_guest(): void { | ||
global $DB; | ||
|
||
$this->resetAfterTest(); | ||
$this->setGuestUser(); | ||
|
||
$adminid = $DB->get_field('user', 'id', ['username' => 'admin'], MUST_EXIST); | ||
|
||
// Default config allows user pictures for guests. | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
|
||
// Not allowed with forceloginforprofileimage. | ||
set_config('forceloginforprofileimage', 1); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
|
||
// Allowed by default with just forcelogin. | ||
set_config('forceloginforprofileimage', 0); | ||
set_config('forcelogin', 1); | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
|
||
// But would not be allowed if we change guest role to remove capability. | ||
$guestroleid = $DB->get_field('role', 'id', ['shortname' => 'guest'], MUST_EXIST); | ||
assign_capability('moodle/user:viewprofilepics', CAP_INHERIT, $guestroleid, | ||
\context_system::instance()->id, true); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
} | ||
|
||
/** | ||
* Tests {@see user_picture::allow_view()} for a logged in user. | ||
*/ | ||
public function test_allow_view_user(): void { | ||
global $DB; | ||
|
||
$this->resetAfterTest(); | ||
|
||
$adminid = $DB->get_field('user', 'id', ['username' => 'admin'], MUST_EXIST); | ||
|
||
$generator = self::getDataGenerator(); | ||
$user = $generator->create_user(); | ||
$this->setUser($user); | ||
|
||
// Default config allows user pictures. | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
|
||
// Also allowed with either or both forcelogin option, because they are logged in. | ||
set_config('forcelogin', 1); | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
set_config('forcelogin', 0); | ||
set_config('forceloginforprofileimage', 1); | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
set_config('forcelogin', 1); | ||
$this->assertTrue(user_picture::allow_view($adminid)); | ||
|
||
// But would not be allowed if we change user role to remove capability. | ||
$userroleid = $DB->get_field('role', 'id', ['shortname' => 'user'], MUST_EXIST); | ||
assign_capability('moodle/user:viewprofilepics', CAP_INHERIT, $userroleid, | ||
\context_system::instance()->id, true); | ||
$this->assertFalse(user_picture::allow_view($adminid)); | ||
|
||
// Except you are still allowed to view your own user picture. | ||
$this->assertTrue(user_picture::allow_view($user->id)); | ||
} | ||
} |