documentation/moodle/access__control_8php_source.html

00001 <?php
00002
00003 // Allows the admin to control user logins from remote moodles.
00004
00005 require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
00006 require_once($CFG->libdir.'/adminlib.php');
00007 include_once($CFG->dirroot.'/mnet/lib.php');
00008
00009 $sort         = optional_param('sort', 'username', PARAM_ALPHA);
00010 $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
00011 $page         = optional_param('page', 0, PARAM_INT);
00012 $perpage      = optional_param('perpage', 30, PARAM_INT);
00013 $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
00014
00015 require_login();
00016
00017 admin_externalpage_setup('ssoaccesscontrol');
00018
00019 echo $OUTPUT->header();
00020
00021 if (!extension_loaded('openssl')) {
00022     print_error('requiresopenssl', 'mnet');
00023 }
00024
00025 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
00026 $sesskey = sesskey();
00027 $formerror = array();
00028
00029 // grab the mnet hosts and remove the localhost
00030 $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
00031 if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
00032     unset($mnethosts[$CFG->mnet_localhost_id]);
00033 }
00034
00035
00036
00037 // process actions
00038 if (!empty($action) and confirm_sesskey()) {
00039
00040     // boot if insufficient permission
00041     if (!has_capability('moodle/user:delete', $sitecontext)) {
00042         print_error('nomodifyacl','mnet');
00043     }
00044
00045     // fetch the record in question
00046     $id = required_param('id', PARAM_INT);
00047     if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
00048         print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
00049     }
00050
00051     switch ($action) {
00052
00053         case "delete":
00054             $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
00055             redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
00056             break;
00057
00058         case "acl":
00059
00060             // require the access parameter, and it must be 'allow' or 'deny'
00061             $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
00062             if ($accessctrl != 'allow' and $accessctrl != 'deny') {
00063                 print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
00064             }
00065
00066             if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
00067                 if ($accessctrl == 'allow') {
00068                     redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('uset'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
00069                 } elseif ($accessctrl == 'deny') {
00070                     redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
00071                 }
00072             }
00073             break;
00074
00075         default:
00076             print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
00077     }
00078 }
00079
00080
00081
00082 // process the form results
00083 if ($form = data_submitted() and confirm_sesskey()) {
00084
00085     // check permissions and verify form input
00086     if (!has_capability('moodle/user:delete', $sitecontext)) {
00087         print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
00088     }
00089     if (empty($form->username)) {
00090         $formerror['username'] = get_string('enterausername','mnet');
00091     }
00092     if (empty($form->mnet_host_id)) {
00093         $formerror['mnet_host_id'] = get_string('selectahost','mnet');
00094     }
00095     if (empty($form->accessctrl)) {
00096         $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
00097     }
00098
00099     // process if there are no errors
00100     if (count($formerror) == 0) {
00101
00102         // username can be a comma separated list
00103         $usernames = explode(',', $form->username);
00104
00105         foreach ($usernames as $username) {
00106             $username = trim(moodle_strtolower($username));
00107             if (!empty($username)) {
00108                 if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
00109                     if ($form->accessctrl == 'allow') {
00110                         redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
00111                     } elseif ($form->accessctrl == 'deny') {
00112                         redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
00113                     }
00114                 }
00115             }
00116         }
00117     }
00118     exit;
00119 }
00120
00121 // Explain
00122 echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
00123 // Are the needed bits enabled?
00124 $warn = '';
00125 if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
00126     $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
00127 }
00128
00129 if (!is_enabled_auth('mnet')) {
00130     $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
00131 }
00132
00133 if (!empty($warn)) {
00134     $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
00135     echo $OUTPUT->box($warn);
00136 }
00137 // output the ACL table
00138 $columns = array("username", "mnet_host_id", "access", "delete");
00139 $headings = array();
00140 $string = array('username'     => get_string('username'),
00141                 'mnet_host_id' => get_string('remotehost', 'mnet'),
00142                 'access'       => get_string('accesslevel', 'mnet'),
00143                 'delete'       => get_string('delete'));
00144 foreach ($columns as $column) {
00145     if ($sort != $column) {
00146         $columnicon = "";
00147         $columndir = "ASC";
00148     } else {
00149         $columndir = $dir == "ASC" ? "DESC" : "ASC";
00150         $columnicon = $dir == "ASC" ? "down" : "up";
00151         $columnicon = " <img src=\"" . $OUTPUT->pix_url('t/' . $columnicon) . "\" alt=\"\" />";
00152     }
00153     $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
00154 }
00155 $headings['delete'] = '';
00156 $acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
00157 $aclcount = $DB->count_records('mnet_sso_access_control');
00158
00159 if (!$acl) {
00160     echo $OUTPUT->heading(get_string('noaclentries','mnet'));
00161     $table = NULL;
00162 } else {
00163     $table = new html_table();
00164     $table->head = $headings;
00165     $table->align = array('left', 'left', 'center');
00166     $table->width = "95%";
00167     foreach ($acl as $aclrecord) {
00168         if ($aclrecord->accessctrl == 'allow') {
00169             $accesscolumn = get_string('allow', 'mnet')
00170                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
00171                 . get_string('deny', 'mnet') . "</a>)";
00172         } else {
00173             $accesscolumn = get_string('deny', 'mnet')
00174                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
00175                 . get_string('allow', 'mnet') . "</a>)";
00176         }
00177         $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
00178                 . get_string('delete') . "</a>";
00179         $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
00180     }
00181 }
00182
00183 if (!empty($table)) {
00184     echo html_writer::table($table);
00185     echo '<p>&nbsp;</p>';
00186     $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
00187     echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
00188 }
00189
00190
00191
00192 // output the add form
00193 echo $OUTPUT->box_start();
00194
00195 ?>
00196  <div class="mnetaddtoaclform">
00197   <form id="mnetaddtoacl" method="post">
00198     <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
00199 <?php
00200
00201 // enter a username
00202 echo get_string('username') . ":\n";
00203 if (!empty($formerror['username'])) {
00204     echo '<span class="error"> * </span>';
00205 }
00206 echo '<input type="text" name="username" size="20" maxlength="100" />';
00207
00208 // choose a remote host
00209 echo " " . get_string('remotehost', 'mnet') . ":\n";
00210 if (!empty($formerror['mnet_host_id'])) {
00211     echo '<span class="error"> * </span>';
00212 }
00213 echo html_writer::select($mnethosts, 'mnet_host_id');
00214
00215 // choose an access level
00216 echo " " . get_string('accesslevel', 'mnet') . ":\n";
00217 if (!empty($formerror['accessctrl'])) {
00218     echo '<span class="error"> * </span>';
00219 }
00220 $accessmenu['allow'] = get_string('allow', 'mnet');
00221 $accessmenu['deny'] = get_string('deny', 'mnet');
00222 echo html_writer::select($accessmenu, 'accessctrl');
00223
00224 // submit button
00225 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
00226 echo "</form></div>\n";
00227
00228 // print errors
00229 foreach ($formerror as $error) {
00230     echo "<br><span class=\"error\">$error<span>";
00231 }
00232
00233 echo $OUTPUT->box_end();
00234 echo $OUTPUT->footer();