Search moodle.org's
Developer Documentation

   1  <?php
   2  
   3  // Allows the admin to control user logins from remote moodles.
   4  
   5  require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
   6  require_once($CFG->libdir.'/adminlib.php');
   7  include_once($CFG->dirroot.'/mnet/lib.php');
   8  
   9  $sort         = optional_param('sort', 'username', PARAM_ALPHA);
  10  $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
  11  $page         = optional_param('page', 0, PARAM_INT);
  12  $perpage      = optional_param('perpage', 30, PARAM_INT);
  13  $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
  14  
  15  require_login();
  16  
  17  admin_externalpage_setup('ssoaccesscontrol');
  18  
  19  if (!extension_loaded('openssl')) {
  20      print_error('requiresopenssl', 'mnet');
  21  }
  22  
  23  $sitecontext = context_system::instance();
  24  $sesskey = sesskey();
  25  $formerror = array();
  26  
  27  // grab the mnet hosts and remove the localhost
  28  $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
  29  if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
  30      unset($mnethosts[$CFG->mnet_localhost_id]);
  31  }
  32  
  33  
  34  
  35  // process actions
  36  if (!empty($action) and confirm_sesskey()) {
  37  
  38      // boot if insufficient permission
  39      if (!has_capability('moodle/user:delete', $sitecontext)) {
  40          print_error('nomodifyacl','mnet');
  41      }
  42  
  43      // fetch the record in question
  44      $id = required_param('id', PARAM_INT);
  45      if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
  46          print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  47      }
  48  
  49      switch ($action) {
  50  
  51          case "delete":
  52              $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
  53              redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
  54              break;
  55  
  56          case "acl":
  57  
  58              // require the access parameter, and it must be 'allow' or 'deny'
  59              $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
  60              if ($accessctrl != 'allow' and $accessctrl != 'deny') {
  61                  print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  62              }
  63  
  64              if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
  65                  if ($accessctrl == 'allow') {
  66                      redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username,
  67                          'host' => $mnethosts[$idrec->mnet_host_id])));
  68                  } else if ($accessctrl == 'deny') {
  69                      redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username,
  70                          'host' => $mnethosts[$idrec->mnet_host_id])));
  71                  }
  72              }
  73              break;
  74  
  75          default:
  76              print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  77      }
  78  }
  79  
  80  
  81  
  82  // process the form results
  83  if ($form = data_submitted() and confirm_sesskey()) {
  84  
  85      // check permissions and verify form input
  86      if (!has_capability('moodle/user:delete', $sitecontext)) {
  87          print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  88      }
  89      if (empty($form->username)) {
  90          $formerror['username'] = get_string('enterausername','mnet');
  91      }
  92      if (empty($form->mnet_host_id)) {
  93          $formerror['mnet_host_id'] = get_string('selectahost','mnet');
  94      }
  95      if (empty($form->accessctrl)) {
  96          $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
  97      }
  98  
  99      // process if there are no errors
 100      if (count($formerror) == 0) {
 101  
 102          // username can be a comma separated list
 103          $usernames = explode(',', $form->username);
 104  
 105          foreach ($usernames as $username) {
 106              $username = trim(core_text::strtolower($username));
 107              if (!empty($username)) {
 108                  if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
 109                      if ($form->accessctrl == 'allow') {
 110                          redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 111                      } elseif ($form->accessctrl == 'deny') {
 112                          redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 113                      }
 114                  }
 115              }
 116          }
 117      }
 118      exit;
 119  }
 120  
 121  echo $OUTPUT->header();
 122  
 123  // Explain
 124  echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
 125  // Are the needed bits enabled?
 126  $warn = '';
 127  if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
 128      $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
 129  }
 130  
 131  if (!is_enabled_auth('mnet')) {
 132      $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 133  }
 134  
 135  if (!empty($warn)) {
 136      $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
 137      echo $OUTPUT->box($warn);
 138  }
 139  // output the ACL table
 140  $columns = array("username", "mnet_host_id", "access", "delete");
 141  $headings = array();
 142  $string = array('username'     => get_string('username'),
 143                  'mnet_host_id' => get_string('remotehost', 'mnet'),
 144                  'access'       => get_string('accesslevel', 'mnet'),
 145                  'delete'       => get_string('delete'));
 146  foreach ($columns as $column) {
 147      if ($sort != $column) {
 148          $columnicon = "";
 149          $columndir = "ASC";
 150      } else {
 151          $columndir = $dir == "ASC" ? "DESC" : "ASC";
 152          $columnicon = $dir == "ASC" ? "down" : "up";
 153          $columnicon = " <img src=\"" . $OUTPUT->pix_url('t/' . $columnicon) . "\" alt=\"\" />";
 154      }
 155      $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
 156  }
 157  $headings['delete'] = '';
 158  $acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
 159  $aclcount = $DB->count_records('mnet_sso_access_control');
 160  
 161  if (!$acl) {
 162      echo $OUTPUT->heading(get_string('noaclentries','mnet'));
 163      $table = NULL;
 164  } else {
 165      $table = new html_table();
 166      $table->head = $headings;
 167      $table->align = array('left', 'left', 'center');
 168      $table->width = "95%";
 169      foreach ($acl as $aclrecord) {
 170          if ($aclrecord->accessctrl == 'allow') {
 171              $accesscolumn = get_string('allow', 'mnet')
 172                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
 173                  . get_string('deny', 'mnet') . "</a>)";
 174          } else {
 175              $accesscolumn = get_string('deny', 'mnet')
 176                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
 177                  . get_string('allow', 'mnet') . "</a>)";
 178          }
 179          $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
 180                  . get_string('delete') . "</a>";
 181          $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
 182      }
 183  }
 184  
 185  if (!empty($table)) {
 186      echo html_writer::table($table);
 187      echo '<p>&nbsp;</p>';
 188      $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
 189      echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
 190  }
 191  
 192  
 193  
 194  // output the add form
 195  echo $OUTPUT->box_start();
 196  
 197  ?>
 198   <div class="mnetaddtoaclform">
 199    <form id="mnetaddtoacl" method="post">
 200      <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
 201  <?php
 202  
 203  // enter a username
 204  echo get_string('username') . ":\n";
 205  if (!empty($formerror['username'])) {
 206      echo '<span class="error"> * </span>';
 207  }
 208  echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
 209  echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
 210  
 211  // choose a remote host
 212  echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
 213  if (!empty($formerror['mnet_host_id'])) {
 214      echo '<span class="error"> * </span>';
 215  }
 216  echo html_writer::select($mnethosts, 'mnet_host_id');
 217  
 218  // choose an access level
 219  echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
 220  if (!empty($formerror['accessctrl'])) {
 221      echo '<span class="error"> * </span>';
 222  }
 223  $accessmenu['allow'] = get_string('allow', 'mnet');
 224  $accessmenu['deny'] = get_string('deny', 'mnet');
 225  echo html_writer::select($accessmenu, 'accessctrl');
 226  
 227  // submit button
 228  echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
 229  echo "</form></div>\n";
 230  
 231  // print errors
 232  foreach ($formerror as $error) {
 233      echo "<br><span class=\"error\">$error<span>";
 234  }
 235  
 236  echo $OUTPUT->box_end();
 237  echo $OUTPUT->footer();

Search This Site: