From 99d080f1cd21efd2dff0f061f0078602e49c478e Mon Sep 17 00:00:00 2001
From: Dmitrii Metelkin <dmitriim@catalyst-au.net>
Date: Thu, 18 Aug 2016 18:10:38 +1000
Subject: [PATCH] Add 'Generate user key' permission

---
 db/access.php              | 37 +++++++++++++++++++++++++++++++++++++
 externallib.php            |  3 +++
 lang/en/auth_userkey.php   |  1 +
 tests/externallib_test.php |  8 ++++++--
 4 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 db/access.php

diff --git a/db/access.php b/db/access.php
new file mode 100644
index 0000000..e419516
--- /dev/null
+++ b/db/access.php
@@ -0,0 +1,37 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * User key auth method caps.
+ *
+ * @package    auth_userkey
+ * @copyright  2016 Dmitrii Metelkin (dmitriim@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+$capabilities = array(
+    'auth/userkey:generatekey' => array(
+        'riskbitmask' => RISK_PERSONAL | RISK_SPAM | RISK_XSS ,
+
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'archetypes' => array(
+            'manager' => CAP_ALLOW
+        ),
+    ),
+);
diff --git a/externallib.php b/externallib.php
index 3499fa7..3b5a6b5 100644
--- a/externallib.php
+++ b/externallib.php
@@ -51,6 +51,9 @@ class auth_userkey_external extends external_api {
      */
     public static function request_login_url($user) {
 
+        $context = context_system::instance();
+        require_capability('auth/userkey:generatekey', $context);
+
         $auth = get_auth_plugin('userkey');
         $loginurl = $auth->get_login_url($user);
 
diff --git a/lang/en/auth_userkey.php b/lang/en/auth_userkey.php
index bcb3c1d..8ca8f4a 100644
--- a/lang/en/auth_userkey.php
+++ b/lang/en/auth_userkey.php
@@ -32,3 +32,4 @@ $string['keylifetime'] = 'User key life time';
 $string['keylifetime_desc'] = 'Life time in seconds of the each user login key.';
 $string['createuser'] = 'Crete user?';
 $string['createuser_desc'] = 'If enabled, a new user will be created if fail to find one in LMS.';
+$string['userkey:generatekey'] = 'Generate login user key';
\ No newline at end of file
diff --git a/tests/externallib_test.php b/tests/externallib_test.php
index e44dcb6..33c9728 100644
--- a/tests/externallib_test.php
+++ b/tests/externallib_test.php
@@ -44,8 +44,6 @@ class auth_userkey_externallib_testcase extends advanced_testcase {
 
         $this->resetAfterTest();
 
-        $this->setAdminUser();
-
         $user = array();
         $user['username'] = 'username';
         $user['email'] = 'exists@test.com';
@@ -59,6 +57,8 @@ class auth_userkey_externallib_testcase extends advanced_testcase {
     public function test_successful_webservice_calls() {
         global $DB, $CFG;
 
+        $this->setAdminUser();
+
         // Email.
         $params = array(
             'email' => 'exists@test.com',
@@ -117,6 +117,8 @@ class auth_userkey_externallib_testcase extends advanced_testcase {
      * @expectedExceptionMessage Invalid parameter value detected (Required field "email" is not set or empty.)
      */
     public function test_request_incorrect_parameters() {
+        $this->setAdminUser();
+
         $params = array(
             'bla' => 'exists@test.com',
         );
@@ -132,6 +134,8 @@ class auth_userkey_externallib_testcase extends advanced_testcase {
      * @expectedExceptionMessage Invalid parameter value detected (User is not exist)
      */
     public function test_request_not_existing_user() {
+        $this->setAdminUser();
+
         $params = array(
             'email' => 'notexists@test.com',
         );