Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49921

External function get_forums_by_courses does not handle exceptions correctly

    XMLWordPrintable

Details

    • MOODLE_27_STABLE, MOODLE_28_STABLE
    • MOODLE_27_STABLE, MOODLE_28_STABLE
    • MDL-49921-master
    • Hide
      1. As admin or teacher, create two courses with a forum activity inside each course
      2. Enrol a student user only in one of those courses
      3. Enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Create a Token for the student user:
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      5. Next, you can do a CURL REST call simulating a WS client with the user .
        • You need to replace the wstoken and URL values.

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66'

          Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output

      6. Confirm that
        • The json returned contains the forums info for only the course you are enrolled.
      7. Now, do a new curl call. Replacing the courseids with the two courses you created. (you need to replace the values of 'courseids%5B0%5D and 'courseids%5B1%5D) with the course ids

        curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=114&courseids%5B1%5D=4&wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66'

      8. Confirm that
        • The json returned contains the forums info for only the course you are enrolled.
      Show
      As admin or teacher, create two courses with a forum activity inside each course Enrol a student user only in one of those courses Enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the student user: Click on Site administration ► Plugins ► Web services ► Manage tokens Next, you can do a CURL REST call simulating a WS client with the user . You need to replace the wstoken and URL values. curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output Confirm that The json returned contains the forums info for only the course you are enrolled. Now, do a new curl call. Replacing the courseids with the two courses you created. (you need to replace the values of 'courseids%5B0%5D and 'courseids%5B1%5D) with the course ids curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=114&courseids%5B1%5D=4&wsfunction=mod_forum_get_forums_by_courses&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' Confirm that The json returned contains the forums info for only the course you are enrolled.

    Description

      In my general external functions review I've noticed that this function does not handle exceptions as expected. I've detected two problematic scenarios:

      1. The user doesn't have permissions to see one of the specified courses: This will make the function to throw an exception and not return any information
      1. The user doesn't have permissions to see a forum in a course: This will make the function to throw an exception and not return any information

      The function should handle this scenarios and omit the courses where the user doesn't have permissions and check correctly the forum capabilities, it should work like the same functions for assign and data modules.

      Note that this makes the mobile app to not be able to display forums in those scenarios.

      Attachments

        Activity

          People

            jleyva Juan Leyva
            jleyva Juan Leyva
            Dani Palou Dani Palou
            Dan Poltawski Dan Poltawski
            Jetha Chan Jetha Chan
            Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo, Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              11/May/15