upload_course: uploader is assigned role non editing teacher instead …

…of editing teacher to prevent teachers from breaking their courses
ProjektAdLer · Dec 17, 2024 · ff784c3 · ff784c3
1 parent 0f25cb3
commit ff784c3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/classes/external/upload_course.php b/classes/external/upload_course.php
@@ -7,6 +7,7 @@
 require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php');
 
 use backup;
+use context_course;
 use context_coursecat;
 use core\di;
 use core_course_category;
@@ -17,6 +18,7 @@
 use dml_exception;
 use invalid_parameter_exception;
 use local_adler\local\exceptions\not_an_adler_course_exception;
+use local_adler\moodle_core;
 use moodle_database;
 use moodle_exception;
 use required_capability_exception;
@@ -146,6 +148,14 @@ public static function execute(int $category_id=null, bool $only_check_permissio
             $controller->execute_precheck();
             $controller->execute_plan();
             $controller->destroy();
+
+            // unassign role teacher
+            $role_id = di::get(moodle_core::class)::get_role('editingteacher')->id;
+            role_unassign($role_id, $USER->id, context_course::instance($course_id)->id);
+
+            // assign role non editing teacher
+            $role_id = di::get(moodle_core::class)::get_role('teacher')->id;
+            role_assign($role_id, $USER->id, context_course::instance($course_id)->id);
         } catch (Throwable $e) {
             $transaction->rollback($e);
             throw $e;

diff --git a/tests/external/upload_course_test.php b/tests/external/upload_course_test.php
@@ -5,6 +5,7 @@
 
 use backup;
 use backup_controller;
+use context_course;
 use invalid_parameter_exception;
 use local_adler\lib\adler_externallib_testcase;
 use local_adler\local\exceptions\not_an_adler_course_exception;
@@ -229,7 +230,7 @@ public function test_execute($upload_error, $fail_validation, $valid_user, $spec
 
         // case dry_run
         $param_dry_run = $dry_run ? true : false;
-        upload_course::execute($param_course_cat, $param_dry_run);
+        $result = upload_course::execute($param_course_cat, $param_dry_run);
 
 
         $course_count_after = $DB->count_records('course');
@@ -238,6 +239,12 @@ public function test_execute($upload_error, $fail_validation, $valid_user, $spec
             $this->assertEquals($course_count_before, $course_count_after);
         } else {
             $this->assertEquals($course_count_before + 1, $course_count_after);
+            // check role of user to be noneditingteacher
+            $user_role = get_role_users(
+                $DB->get_record('role', ['shortname' => 'teacher'])->id,
+                context_course::instance($result['data']['course_id']),
+            );
+            $this->assertCount(1, $user_role);
         }
     }