MBS-8820: User specific creation and archive download

Author: PM84

classes/Report.php

@@ -131,22 +131,25 @@ public function has_access(string $wstoken): bool {
     /**
      * Get all attempts for all users inside this quiz, excluding previews
      *
+     * @param int $userid - If set, only the attempts of the given user are included.
      * @return array Array of all attempt IDs together with the userid that were
      * made inside this quiz. Indexed by attemptid.
      *
      * @throws \dml_exception
      */
-    public function get_attempts(): array {
+    public function get_attempts($userid = 0): array {
         global $DB;
 
-        return $DB->get_records_sql(
-            "SELECT id AS attemptid, userid " .
-            "FROM {quiz_attempts} " .
-            "WHERE preview = 0 AND quiz = :quizid",
-            [
-                "quizid" => $this->quiz->id,
-            ]
-        );
+        $conditions = [
+            'quiz' => $this->quiz->id,
+            'preview' => 0,
+        ];
+
+        if(!empty($userid)) {
+            $conditions['userid'] = $userid;
+        }
+
+        return $DB->get_records('quiz_attempts', $conditions, '', 'id AS attemptid, userid');
     }
 
     /**

classes/output/job_overview_table.php

@@ -48,10 +48,11 @@ class job_overview_table extends \table_sql {
      * @param int $courseid ID of the course
      * @param int $cmid ID of the course module
      * @param int $quizid ID of the quiz
+     * @param int $userid - If set, the table is limited to the archives created by the user itself.
      *
      * @throws \coding_exception
      */
-    public function __construct(string $uniqueid, int $courseid, int $cmid, int $quizid) {
+    public function __construct(string $uniqueid, int $courseid, int $cmid, int $quizid, int $userid = 0) {
         parent::__construct($uniqueid);
         $this->define_columns([
             'timecreated',
@@ -71,19 +72,22 @@ public function __construct(string $uniqueid, int $courseid, int $cmid, int $qui
             '',
         ]);
 
-        $this->set_sql(
-            'j.jobid, j.userid, j.timecreated, j.timemodified, j.status, j.statusextras, j.retentiontime, j.artifactfilechecksum, '.
-                'f.pathnamehash, f.filesize, u.username',
-            '{'.ArchiveJob::JOB_TABLE_NAME.'} j '.
-                'JOIN {user} u ON j.userid = u.id '.
-                'LEFT JOIN {files} f ON j.artifactfileid = f.id',
-            'j.courseid = :courseid AND j.cmid = :cmid AND j.quizid = :quizid',
-            [
-                'courseid' => $courseid,
-                'cmid' => $cmid,
-                'quizid' => $quizid,
-            ]
-        );
+        $conditions = [
+            'courseid' => $courseid,
+            'cmid' => $cmid,
+            'quizid' => $quizid,
+        ];
+
+        $fields = 'j.jobid, j.userid, j.timecreated, j.timemodified, j.status, j.statusextras, j.retentiontime, j.artifactfilechecksum, f.pathnamehash, f.filesize, u.username';
+        $sql = '{' . ArchiveJob::JOB_TABLE_NAME . '} AS j JOIN {user} AS u ON j.userid = u.id LEFT JOIN {files} AS f ON j.artifactfileid = f.id';
+        $where = 'j.courseid = :courseid AND j.cmid = :cmid AND j.quizid = :quizid';
+
+        if (!empty($userid)) {
+            $conditions['userid'] = $userid;
+            $where .= ' AND u.id = :userid';
+        }
+
+        $this->set_sql($fields, $sql, $where, $conditions);
 
         $this->sortable(true, 'timecreated', SORT_DESC);
         $this->no_sorting('jobid');

db/access.php

@@ -65,4 +65,15 @@
         'contextlevel' => CONTEXT_SYSTEM,
         'archetypes' => [],
     ],
+    // Capability to use the webservice. Required for the webservice user.
+    'mod/quiz_archiver:getownarchive' => [
+        'riskbitmask' => (RISK_PERSONAL),
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'archetypes' => [
+            'student' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'manager' => CAP_ALLOW,
+        ],
+    ],
 ];

lib.php

@@ -48,9 +48,16 @@
 function quiz_archiver_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = []) {
     // Check permissions.
     require_login($course, false, $cm);
-    require_capability('mod/quiz:grade', $context);
-    require_capability('quiz/grading:viewstudentnames', $context);
-    require_capability('quiz/grading:viewidnumber', $context);
+
+    if (!((
+    has_capability('mod/quiz:grade', $context)
+    && has_capability('quiz/grading:viewstudentnames', $context)
+    && has_capability('quiz/grading:viewidnumber', $context)
+    ) ||
+    has_capability('mod/quiz_archiver:getownarchive', $context)
+    )) {
+        throw new moodle_exception("You have not the capability to download the archive file.");
+    }
 
     // Validate course.
     if ($args[1] !== $course->id) {