diff --git a/lbplanner/classes/helpers/user_helper.php b/lbplanner/classes/helpers/user_helper.php index 94ac85ba..e57aaf1e 100644 --- a/lbplanner/classes/helpers/user_helper.php +++ b/lbplanner/classes/helpers/user_helper.php @@ -40,39 +40,6 @@ class user_helper { */ const LB_PLANNER_USER_TABLE = 'local_lbplanner_users'; - /** - * Checks if the current user has access to the given user id. - * - * @param int $userid The id of the user to check access for. - * - * @return bool True if the current user has access to the given user id, false otherwise. - */ - public static function check_access(int $userid): bool { - global $USER; - - if (((int) $USER->id) === $userid) { - return true; - } else { - $context = context_system::instance(); - return has_capability(CAPABILITY::ADMIN, $context, $USER->id); - } - } - - /** - * Checks if the current user has access to the given user id. - * Throws an exception if the current user does not have access. - * - * @param int $userid The id of the user to check access for. - * - * @return void - * @throws moodle_exception - */ - public static function assert_access(int $userid): void { - if (!self::check_access($userid)) { - throw new moodle_exception('Access denied'); - } - } - /** * Checks if the given user exists in the LB_PLANNER_USER database. * diff --git a/lbplanner/services/modules/get_module.php b/lbplanner/services/modules/get_module.php index 263016f6..a976e0e2 100644 --- a/lbplanner/services/modules/get_module.php +++ b/lbplanner/services/modules/get_module.php @@ -36,7 +36,6 @@ class modules_get_module extends external_api { public static function get_module_parameters(): external_function_parameters { return new external_function_parameters([ 'moduleid' => new external_value(PARAM_INT, 'The id of the module', VALUE_REQUIRED, null, NULL_NOT_ALLOWED), - 'userid' => new external_value(PARAM_INT, 'The id of the user', VALUE_REQUIRED, null, NULL_NOT_ALLOWED), ]); } @@ -44,21 +43,14 @@ public static function get_module_parameters(): external_function_parameters { * Returns the data for a module * * @param int $moduleid The ID of the course - * @param int $userid The ID of the user * @return array the module */ - public static function get_module(int $moduleid, int $userid): array { - global $DB; + public static function get_module(int $moduleid): array { + global $USER; - self::validate_parameters(self::get_module_parameters(), ['moduleid' => $moduleid, 'userid' => $userid]); + self::validate_parameters(self::get_module_parameters(), ['moduleid' => $moduleid, 'userid' => $USER->id]); - user_helper::assert_access($userid); - - if (!$DB->record_exists(modules_helper::MDL_ASSIGN_TABLE, ['id' => $moduleid])) { - throw new \moodle_exception('Module not found'); - } - - return modules_helper::get_module($moduleid, $userid); + return modules_helper::get_module($moduleid, $USER->id); } /** diff --git a/lbplanner/services/user/delete_user.php b/lbplanner/services/user/delete_user.php index b952e738..95756909 100644 --- a/lbplanner/services/user/delete_user.php +++ b/lbplanner/services/user/delete_user.php @@ -38,30 +38,17 @@ class user_delete_user extends external_api { * @return external_function_parameters */ public static function delete_user_parameters(): external_function_parameters { - global $USER; - return new external_function_parameters( - ['userid' => new external_value( - PARAM_INT, - 'The id of the user to delete', - VALUE_DEFAULT, - $USER->id, - NULL_NOT_ALLOWED, - )] - ); + return new external_function_parameters([]); } /** * Removes all user data stored by the lbplanner app - * @param int $userid (optional) the id of the user to delete * @throws dml_exception * @throws moodle_exception */ - public static function delete_user($userid) { - global $DB; - - self::validate_parameters(self::delete_user_parameters(), ['userid' => $userid]); - - user_helper::assert_access($userid); + public static function delete_user() { + global $DB, $USER; + $userid = $USER->id; // Check if User is in user table. if (!$DB->record_exists(user_helper::LB_PLANNER_USER_TABLE, ['userid' => $userid])) { diff --git a/lbplanner/services/user/get_all_users.php b/lbplanner/services/user/get_all_users.php index 84fae9c6..5f380469 100644 --- a/lbplanner/services/user/get_all_users.php +++ b/lbplanner/services/user/get_all_users.php @@ -51,14 +51,10 @@ public static function get_all_users_parameters(): external_function_parameters * @throws invalid_parameter_exception */ public static function get_all_users(?string $vintage): array { - global $DB, $USER; + global $DB; self::validate_parameters(self::get_all_users_parameters(), ['vintage' => $vintage]); - // Check if token is allowed to access this function. - - user_helper::assert_access($USER->id); - $users = $DB->get_records(user_helper::LB_PLANNER_USER_TABLE); $results = []; diff --git a/lbplanner/services/user/get_user.php b/lbplanner/services/user/get_user.php index b3222962..c5592c39 100644 --- a/lbplanner/services/user/get_user.php +++ b/lbplanner/services/user/get_user.php @@ -41,39 +41,23 @@ class user_get_user extends \core_external\external_api { * @return external_function_parameters */ public static function get_user_parameters(): external_function_parameters { - global $USER; - return new external_function_parameters([ - 'userid' => new external_value( - PARAM_INT, - 'The id of the user to get the data for. If not provided it will be inferred via the token', - VALUE_DEFAULT, - $USER->id, - NULL_NOT_ALLOWED, - ), - ]); + return new external_function_parameters([]); } /** - * Gives back the data of a user. - * Default: The user who calls this function - * @param int $userid gives back the data of the given user + * Gives back the data of the user calling the function. * @throws coding_exception * @throws dml_exception * @throws moodle_exception * @return array The data of the user */ - public static function get_user(int $userid): array { + public static function get_user(): array { global $USER, $DB; - self::validate_parameters(self::get_user_parameters(), ['userid' => $userid]); - - // Check if the user is allowed to get the data for this userid. - user_helper::assert_access($userid); - // Checks if the user is enrolled in LB Planner. - if (!user_helper::check_user_exists($userid)) { + if (!user_helper::check_user_exists($USER->id)) { // Register user if not found. - $lbplanneruser = new user(0, $userid, 'default', 'en', 'none', 1); + $lbplanneruser = new user(0, $USER->id, 'default', 'en', 'none', 1); $lbpid = $DB->insert_record(user_helper::LB_PLANNER_USER_TABLE, $lbplanneruser->prepare_for_db()); $lbplanneruser->set_fresh($lbpid); @@ -86,15 +70,15 @@ public static function get_user(int $userid): array { // Set user as owner of new plan. $planaccess = new \stdClass(); - $planaccess->userid = $userid; + $planaccess->userid = $USER->id; $planaccess->accesstype = PLAN_ACCESS_TYPE::OWNER; $planaccess->planid = $planid; $DB->insert_record(plan_helper::ACCESS_TABLE, $planaccess); // Notify the FE that this user likely hasn't used LBP before. - notifications_helper::notify_user($userid, -1, NOTIF_TRIGGER::USER_REGISTERED); + notifications_helper::notify_user($USER->id, -1, NOTIF_TRIGGER::USER_REGISTERED); } else { - $lbplanneruser = user_helper::get_user($userid); + $lbplanneruser = user_helper::get_user($USER->id); } return $lbplanneruser->prepare_for_api(); diff --git a/lbplanner/services/user/update_user.php b/lbplanner/services/user/update_user.php index 4c28abc8..541b47c6 100644 --- a/lbplanner/services/user/update_user.php +++ b/lbplanner/services/user/update_user.php @@ -77,7 +77,6 @@ public static function update_user($lang, $theme, $colorblindness, $displaytaskc 'displaytaskcount' => $displaytaskcount, ] ); - user_helper::assert_access($USER->id); // Look if User-Id is in the DB. if (!user_helper::check_user_exists($USER->id)) {