Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49921

External function get_forums_by_courses does not handle exceptions correctly

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As admin or teacher, create two courses with a forum activity inside each course
      2. Enrol a student user only in one of those courses
      3. Enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Create a Token for the student user:
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      5. Next, you can do a CURL REST call simulating a WS client with the user .
        • You need to replace the wstoken and URL values.

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66'

          Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output

      6. Confirm that
        • The json returned contains the forums info for only the course you are enrolled.
      7. Now, do a new curl call. Replacing the courseids with the two courses you created. (you need to replace the values of 'courseids%5B0%5D and 'courseids%5B1%5D) with the course ids

        curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=114&courseids%5B1%5D=4&wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66'

      8. Confirm that
        • The json returned contains the forums info for only the course you are enrolled.
      Show
      As admin or teacher, create two courses with a forum activity inside each course Enrol a student user only in one of those courses Enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the student user: Click on Site administration ► Plugins ► Web services ► Manage tokens Next, you can do a CURL REST call simulating a WS client with the user . You need to replace the wstoken and URL values. curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output Confirm that The json returned contains the forums info for only the course you are enrolled. Now, do a new curl call. Replacing the courseids with the two courses you created. (you need to replace the values of 'courseids%5B0%5D and 'courseids%5B1%5D) with the course ids curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=114&courseids%5B1%5D=4&wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' Confirm that The json returned contains the forums info for only the course you are enrolled.
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-49921-master

      Description

      In my general external functions review I've noticed that this function does not handle exceptions as expected. I've detected two problematic scenarios:

      1. The user doesn't have permissions to see one of the specified courses: This will make the function to throw an exception and not return any information
      1. The user doesn't have permissions to see a forum in a course: This will make the function to throw an exception and not return any information

      The function should handle this scenarios and omit the courses where the user doesn't have permissions and check correctly the forum capabilities, it should work like the same functions for assign and data modules.

      Note that this makes the mobile app to not be able to display forums in those scenarios.

        Attachments

          Activity

            People

            • Assignee:
              jleyva Juan Leyva
              Reporter:
              jleyva Juan Leyva
              Peer reviewer:
              Dani Palou
              Integrator:
              Dan Poltawski
              Tester:
              Jetha Chan
              Participants:
              Component watchers:
              Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze, Juan Leyva, Jake Dallimore, Jun Pataleta, Ryan Wyllie
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/May/15