Updated view_user_cert to support all certificates. #681
Conversation
|
Can you please look at failing CI pipeline please? |
|
Please rebase on the latest MOODLE_404_STABLE branch as I have bumped the Moodle Plugin CI version. |
Raza403
force-pushed
the
features/custom-cert-view-all-certificates#231
branch
from
b215843 to
f478725
Compare
|
@mdjnelson rebased. |
|
This is still failing. Please address the errors you can see at https://github.com/mdjnelson/moodle-mod_customcert/pull/681/checks. |
| * | ||
| * @return string | ||
| */ | ||
| public static function generate_code(): string { |
There was a problem hiding this comment.
Why is the return type being removed?
classes/certificate.php
Outdated
| private static function generate_code_upper_lower_digits(): string { | ||
| return random_string(10); | ||
| // Upper/lower/digits random string | ||
| private static function generate_code_upper_lower_digits() { |
classes/certificate.php
Outdated
| random_int(0, 9999) | ||
| ); | ||
| // Digits with hyphens | ||
| private static function generate_code_digits_with_hyphens() { |
| } | ||
|
|
||
| // Drop the unique index on 'code' and add a non-unique one. | ||
| if ($oldversion < 2024042210) { |
There was a problem hiding this comment.
Why are we touching this upgrade step?
element/qrcode/classes/element.php
Outdated
| } | ||
|
|
||
| $qrcodeurl = new \moodle_url('/mod/customcert/verify_certificate.php', $urlparams); | ||
| $qrcodeurl = new \moodle_url('https://app.pacificmedicaltraining.com/verify', $urlparams); |
element/qrcode/classes/element.php
Outdated
| $urlparams = [ | ||
| 'code' => $code, | ||
| 'qrcode' => 1, | ||
| 'certId' => $code, |
There was a problem hiding this comment.
Why are we changing the name of the variable?
There was a problem hiding this comment.
@fulldecent our verification URL is like "https://app.pacificmedicaltraining.com/verify?certId=1069-9865-6509", can we replace certId to code, then we won't require this change in the $urlprams.
| 'customcert/codegenerationmethod', | ||
| get_string('codegenerationmethod', 'customcert'), | ||
| get_string('codegenerationmethod_desc', 'customcert'), | ||
| 0, // Default option (0 = Upper/lower/digits random string method). |
settings.php
Outdated
| [ | ||
| 0 => get_string('codegenerationmethod_upperlowerdigits', 'customcert'), // Upper/lower/digits random string. | ||
| 1 => get_string('codegenerationmethod_digitshyphens', 'customcert'), // Digits with hyphens numeric code. | ||
| 0 => get_string('Upper/lower/digits', 'customcert'), // Upper/lower/digits random string |
There was a problem hiding this comment.
Why do we need different language strings?
|
Apologies. Initially I said I would address these but there are a few uncertainties about this patch. I would like this cleaned up so I can see a clear solution (right now it's touching code all over the place and im not sure why) at what is trying to be achieved. Please let me know when you are ready for me to re-review. Thanks. |
Raza403
changed the title
|
Hi @mdjnelson, my apologies for bothering you, I have updated the title of this PR to [WIP], We'll let you know and will invite you to review this PR once this is ready. |
db/install.xml
Outdated
| <INDEXES> | ||
| <INDEX NAME="userid-customcertid" UNIQUE="false" FIELDS="userid, customcertid"/> | ||
| <INDEX NAME="code" UNIQUE="false" FIELDS="code"/> | ||
| <INDEX NAME="code" UNIQUE="true" FIELDS="code"/> |
There was a problem hiding this comment.
This has to be false due to backup/restore issues (which are always a pain cause I almost always forget abt it).
db/upgrade.php
Outdated
| upgrade_plugin_savepoint(true, 2024042210, 'mod', 'customcert'); | ||
| } | ||
|
|
||
| if ($oldversion < 2025041401) { |
There was a problem hiding this comment.
This upgrade step was part of another PR, so can be removed.
… being generated. This PR is made for #1 and #2 custom cert, updated the names of both code generation methods. Added view_user_cert page, a logged in user can see certificate if having a valid token and ecard code. This is being used from view_tokens.php page. customcert view certificate function is made. This is made for mdjnelson#212 Updated verify certificate URL. This PR is made for 221 Updated the verify URL for QR code.
Raza403
force-pushed
the
features/custom-cert-view-all-certificates#231
branch
from
fd94167 to
9b6ab3a
Compare
|
@fulldecent @mdjnelson this is passing all checks and is working. This PR is good to review. |
Raza403
changed the title
| require_once($CFG->dirroot . '/mod/customcert/lib.php'); | ||
|
|
||
| // Allows guest access to course with ID 1. | ||
| require_login(1, false); |
There was a problem hiding this comment.
Does this line cause this script to only work if the site is configured with "allow guest login" ?
Are there any other situations where this line of code would cause the certificate to not be displayed?
There was a problem hiding this comment.
Hard-coding the front-page course (ID 1) forces everyone to “log in to course 1 (guest if allowed)” even though this page isn’t about course 1 at all. It can bypass the actual course/module access rules for the certificate and behave unpredictably if guest access to the front page is disabled. Please look at https://github.com/mdjnelson/moodle-mod_customcert/blob/MOODLE_500_STABLE/verify_certificate.php to see how we handle non-users to access the site.
|
I've tried this PR, everything works great. However, is it possible to add option to not require token if option |
|
Well every certificate has a URL. And the URL has a token. That's the official public URL of the certificate. I don't think it makes sense to have a separate, additional public URL for certificates if a specific setting is turned on. |
|
Looking now. Sorry for delay. |
| } while ($DB->record_exists('customcert_issues', ['code' => $code])); | ||
| return $code; | ||
| // If the upper/lower/digits is selected (0), use the upper/lower/digits code generation method. | ||
| if ($method == 0) { |
There was a problem hiding this comment.
I am not a fan of using a hard-coded variable like 0. It doesn't mean much to the developer using it.
| upgrade_plugin_savepoint(true, 2024042210, 'mod', 'customcert'); | ||
| } | ||
|
|
||
| if ($oldversion < 2024042213) { |
There was a problem hiding this comment.
We need an upgrade clause to remove these settings from the Moodle DB if it exists, probably use something like unset_config() iirc. Please add another upgrade step to do this and just leave this as is.
| * | ||
| * @return string | ||
| */ | ||
| private static function generate_code_digits_with_hyphens(): string { |
There was a problem hiding this comment.
Can you tell me why we are editing this function?
| * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later | ||
| * @param string $message The error message to display. | ||
| */ | ||
| function display_error_page($message) { |
There was a problem hiding this comment.
Please remove this and any usages of it, we can rely on Moodle's own error handling. This makes it forward compatible if this ever changes.
| require_once($CFG->dirroot . '/mod/customcert/lib.php'); | ||
|
|
||
| // Allows guest access to course with ID 1. | ||
| require_login(1, false); |
There was a problem hiding this comment.
Hard-coding the front-page course (ID 1) forces everyone to “log in to course 1 (guest if allowed)” even though this page isn’t about course 1 at all. It can bypass the actual course/module access rules for the certificate and behave unpredictably if guest access to the front page is disabled. Please look at https://github.com/mdjnelson/moodle-mod_customcert/blob/MOODLE_500_STABLE/verify_certificate.php to see how we handle non-users to access the site.
| // The template defines the layout and content of the generated certificate. | ||
| $template = $DB->get_record('customcert_templates', ['id' => $certificate->templateid]); | ||
| if (!$template) { | ||
| display_error_page('The certificate template could not be found. Please contact the site administrator for assistance.'); |
There was a problem hiding this comment.
This can be removed. If you perform a get_record call and pass MUST_EXIST then an exception is thrown and we want that.
| $template->generate_pdf(false, $issue->userid); | ||
| } catch (Exception $e) { | ||
| // Catch any errors that may occur while generating the certificate PDF. | ||
| display_error_page('Error generating certificate PDF. ' |
| * @param string $certcode The unique code of the certificate. | ||
| * @return string The generated public URL for the certificate. | ||
| */ | ||
| function generate_public_url_for_certificate(string $certcode): string { |
There was a problem hiding this comment.
This doesn't seem to be used anywhere.
| * @param string $certcode The unique certificate code. | ||
| * @return string The generated HMAC signature. | ||
| */ | ||
| function calculate_signature(string $certcode): string { |
There was a problem hiding this comment.
The lib.php file is for functions that Moodle will call itself. We don't need to put it there. I would suggest creating a new class in the classes folder for this functionality.
|
|
||
| if (($user->id != $USER->id) | ||
| && !has_capability('mod/customcert:viewallcertificates', context_system::instance())) { | ||
| if ( |
There was a problem hiding this comment.
This looks worse than before. Was this change necessary?
Previously, this was working only for some specific certificates.