diff --git a/classes/external.php b/classes/external.php
index ed413ed..4a395e4 100644
--- a/classes/external.php
+++ b/classes/external.php
@@ -64,8 +64,15 @@ class external extends external_api {
* @throws dml_exception
*/
public static function set_order(string $hash, int $sortorder) : array {
+ global $USER;
+
+ require_capability('block/user_favorites:edit', context_user::instance($USER->id), $USER);
+
+ // Parameter validation.
+ $params = self::validate_parameters(self::set_order_parameters(), array('hash' => $hash, 'sortorder' => $sortorder));
+
$favorites = new favorites();
- $favorites->set_order($hash, $sortorder);
+ $favorites->set_order($params['hash'], $params['sortorder']);
return [
'result_code' => self::RESPONSE_CODE_SUCCESS,
@@ -115,15 +122,18 @@ public static function set_order_returns() : external_single_structure {
public static function set_url(string $hash, string $title, int $blockid, array $optional) : array {
global $USER;
- require_capability('block/user_favorites:add', context_block::instance($blockid), $USER);
+ // Parameter validation.
+ $params = self::validate_parameters(self::set_url_parameters(), array('hash' => $hash, 'title' => $title, 'blockid' => $blockid, 'optional' => $optional));
+
+ require_capability('block/user_favorites:add', context_block::instance($params['blockid']), $USER);
$favorites = new favorites();
- if (!empty($optional['url'])) {
+ if (!empty($params['optional']['url'])) {
- if (!filter_var($optional['url'], FILTER_VALIDATE_URL)) {
+ if (!filter_var($params['optional']['url'], FILTER_VALIDATE_URL)) {
throw new moodle_exception('Incorrect url.');
}
- $favorites->set_by_url($optional['url'], $title);
+ $favorites->set_by_url($params['optional']['url'], $params['title']);
return [
'result_code' => self::RESPONSE_CODE_SUCCESS,
@@ -131,7 +141,7 @@ public static function set_url(string $hash, string $title, int $blockid, array
}
// Update url title.
- $favorites->set_title($hash, $title);
+ $favorites->set_title($params['hash'], $params['title']);
return [
'result_code' => self::RESPONSE_CODE_SUCCESS,
@@ -183,10 +193,13 @@ public static function set_url_returns() : external_single_structure {
public static function delete_url(string $hash, int $blockid) : array {
global $USER;
- require_capability('block/user_favorites:delete', context_block::instance($blockid), $USER);
+ // Parameter validation.
+ $params = self::validate_parameters(self::delete_url_parameters(), array('hash' => $hash, 'blockid' => $blockid));
+
+ require_capability('block/user_favorites:delete', context_block::instance($params['blockid']), $USER);
$favorites = new favorites();
- $favorites->delete_by_hash($hash);
+ $favorites->delete_by_hash($params['hash']);
return [
'result_code' => self::RESPONSE_CODE_SUCCESS,
@@ -230,7 +243,11 @@ public static function delete_url_returns() : external_single_structure {
*/
public static function get_content(string $url, int $blockid) : array {
global $PAGE, $USER;
- $context = context_block::instance($blockid);
+
+ // Parameter validation.
+ $params = self::validate_parameters(self::get_content_parameters(), array('url' => $url, 'blockid' => $blockid));
+
+ $context = context_block::instance($params['blockid']);
require_capability('block/user_favorites:view', $context, $USER);
$favorites = new favorites();
@@ -238,7 +255,7 @@ public static function get_content(string $url, int $blockid) : array {
$renderer = $PAGE->get_renderer('block_user_favorites');
return [
- 'content' => $renderer->render_favorites(new output_favorites($favorites, $url)),
+ 'content' => $renderer->render_favorites(new output_favorites($favorites, $params['url'])),
'result_code' => self::RESPONSE_CODE_SUCCESS,
];
}
diff --git a/db/access.php b/db/access.php
index 019b6cf..a709dcc 100644
--- a/db/access.php
+++ b/db/access.php
@@ -63,6 +63,19 @@
],
],
+ 'block/user_favorites:edit' => [
+ 'riskbitmask' => RISK_SPAM | RISK_XSS,
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_BLOCK,
+ 'archetypes' => [
+ 'teacher' => CAP_ALLOW,
+ 'editingteacher' => CAP_ALLOW,
+ 'manager' => CAP_ALLOW,
+ 'student' => CAP_ALLOW,
+ 'user' => CAP_ALLOW,
+ ],
+ ],
+
'block/user_favorites:delete' => [
'riskbitmask' => RISK_SPAM | RISK_XSS,
diff --git a/db/install.xml b/db/install.xml
index cb42fc5..bc2942f 100644
--- a/db/install.xml
+++ b/db/install.xml
@@ -1,25 +1,25 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/lang/en/block_user_favorites.php b/lang/en/block_user_favorites.php
index cb14670..ff79d97 100644
--- a/lang/en/block_user_favorites.php
+++ b/lang/en/block_user_favorites.php
@@ -33,6 +33,7 @@
$string['user_favorites:add'] = 'Add favourite';
$string['user_favorites:delete'] = 'Delete favourite';
$string['user_favorites:view'] = 'View favorites';
+$string['user_favorites:edit'] = 'Edit favorites';
// Buttons.
$string['btn:delete'] = 'Delete favourite';
diff --git a/lang/nl/block_user_favorites.php b/lang/nl/block_user_favorites.php
index a6b366e..3207962 100644
--- a/lang/nl/block_user_favorites.php
+++ b/lang/nl/block_user_favorites.php
@@ -33,6 +33,7 @@
$string['user_favorites:add'] = 'Favoriet toevoegen';
$string['user_favorites:delete'] = 'Verwijder favoriet';
$string['user_favorites:view'] = 'Bekijk favoriet';
+$string['user_favorites:edit'] = 'Bewerk favoriet';
// Buttons.
$string['btn:delete'] = 'Verwijder favoriet';
diff --git a/version.php b/version.php
index 7e09f7d..85b2400 100644
--- a/version.php
+++ b/version.php
@@ -26,7 +26,7 @@
defined('MOODLE_INTERNAL') || die;
-$plugin->version = 2023050900;
+$plugin->version = 2023091300;
$plugin->requires = 2017111300;
$plugin->component = 'block_user_favorites';
$plugin->release = '4.1.2';