Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-42639

core_user_get_users_by_field doesn't work properly using username or idnumber

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      You should have no weird role overrides in your system, if you do just ensure that moodle/user:viewalldetails defaults are maintained.

      1. Set an idnumber to the admin user
      2. Create a web services allowing core_user_get_users_by_field function
      3. Create a new user and assign him manager role at system level
      4. Create a new user and don't assign him role teacher at system level (it does not really matter)
      5. Create tokens for an admin and for both of them (for the service you just created)
      6. Call core_user_get_users_by_field WS function (field = username + values = array('admin') with:
        • An admin user -> You SHOULD see the info
        • The manager user -> You SHOULD see the info
        • The other one -> You SHOULD NOT see the info
      7. Call core_user_get_users_by_field WS function (field = idnumber + values = array('WHATEVER_YOU_SET_HERE_ABOVE') with:
        • An admin user -> You SHOULD see the info
        • The manager user -> You SHOULD see the info
        • The other one -> You SHOULD NOT see the info
      Show
      You should have no weird role overrides in your system, if you do just ensure that moodle/user:viewalldetails defaults are maintained. Set an idnumber to the admin user Create a web services allowing core_user_get_users_by_field function Create a new user and assign him manager role at system level Create a new user and don't assign him role teacher at system level (it does not really matter) Create tokens for an admin and for both of them (for the service you just created) Call core_user_get_users_by_field WS function (field = username + values = array('admin') with: An admin user -> You SHOULD see the info The manager user -> You SHOULD see the info The other one -> You SHOULD NOT see the info Call core_user_get_users_by_field WS function (field = idnumber + values = array('WHATEVER_YOU_SET_HERE_ABOVE') with: An admin user -> You SHOULD see the info The manager user -> You SHOULD see the info The other one -> You SHOULD NOT see the info
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-42639_master

      Description

      core_user_get_users_by_field doesn't return any value if the Web Service user is not an admin or the user you are looking for. core_user_get_users neither.

      Both of them (user/externallib.php) rely on user_get_user_details_courses (user/lib.php) and this one on user_get_user_details (user/lib.php).

      strong*user_get_user_details*strong on line 268 stated the following condition:

      if (($isadmin or $currentuser) and in_array('username', $userfields)) {
      $userdetails['username'] = $user->username;
      }

      So emphasis_username_emphasis is not returned.

      In strong*get_users_by_field*strong:

      if (!empty($userdetails) and !empty($userdetails[$field])) {
      $returnedusers[] = $userdetails;
      }

      As username was not returned before, the second part of the condition is false so $userdetails is not assigned to $returnedusers and the web service return it empty.

      Looking for idnumber differs because in strong*user_get_user_details*strong:

      if ($isadmin or $currentuser or in_array('idnumber', $showuseridentityfields)) {
      if (in_array('idnumber', $userfields) && $user->idnumber) {
      $userdetails['idnumber'] = $user->idnumber;
      }
      }

      The or codition is true if we assign to the web service user the viewuseridentity and to the $CFG->showuseridentity the value idnumber.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                26 Vote for this issue
                Watchers:
                33 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Nov/15