Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
< < // This file is part of Moodle -
> // This file is part of Moodle -
// // Moodle is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // Moodle is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Moodle. If not, see <>. /**
< * Web services tokens admin UI
> * Web services / external tokens management UI.
< * @package webservice < * @author Jerome Mouneyrac < * @copyright 2009 Moodle Pty Ltd (
> * @package core_webservice > * @category admin > * @copyright 2009 Jerome Mouneyrac
* @license GNU GPL v3 or later */
< require_once('../../config.php');
> > require(__DIR__ . '/../../config.php');
require_once($CFG->libdir . '/adminlib.php');
< require_once($CFG->dirroot . '/' . $CFG->admin . '/webservice/forms.php');
require_once($CFG->libdir . '/externallib.php');
> require_once($CFG->dirroot . '/webservice/lib.php');
$action = optional_param('action', '', PARAM_ALPHANUMEXT); $tokenid = optional_param('tokenid', '', PARAM_SAFEDIR); $confirm = optional_param('confirm', 0, PARAM_BOOL);
> $ftoken = optional_param('ftoken', '', PARAM_ALPHANUM); > $fusers = optional_param_array('fusers', [], PARAM_INT); admin_externalpage_setup('addwebservicetoken'); > $fservices = optional_param_array('fservices', [], PARAM_INT);
< admin_externalpage_setup('addwebservicetoken'); < < //Deactivate the second 'Manage token' navigation node, and use the main 'Manage token' navigation node < $node = $PAGE->settingsnav->find('addwebservicetoken', navigation_node::TYPE_SETTING); < $newnode = $PAGE->settingsnav->find('webservicetokens', navigation_node::TYPE_SETTING); < if ($node && $newnode) { < $node->display = false; < $newnode->make_active(); < } <
> admin_externalpage_setup('webservicetokens');
< $tokenlisturl = new moodle_url("/" . $CFG->admin . "/settings.php", array('section' => 'webservicetokens')); < < require_once($CFG->dirroot . "/webservice/lib.php");
> if ($action === 'create') {
$webservicemanager = new webservice();
< < switch ($action) { < < case 'create': < $mform = new web_service_token_form(null, array('action' => 'create'));
> $mform = new \core_webservice\token_form(null, ['action' => 'create']);
$data = $mform->get_data();
if ($mform->is_cancelled()) {
< redirect($tokenlisturl); < } else if ($data and confirm_sesskey()) {
> redirect($PAGE->url); > > } else if ($data) {
< //check the the user is allowed for the service
> // Check the user is allowed for the service.
$selectedservice = $webservicemanager->get_external_service_by_id($data->service);
if ($selectedservice->restrictedusers) { $restricteduser = $webservicemanager->get_ws_authorised_user($data->service, $data->user);
if (empty($restricteduser)) {
< $allowuserurl = new moodle_url('/' . $CFG->admin . '/webservice/service_users.php', < array('id' => $selectedservice->id)); < $allowuserlink = html_writer::tag('a', $selectedservice->name , array('href' => $allowuserurl)); < $errormsg = $OUTPUT->notification(get_string('usernotallowed', 'webservice', $allowuserlink));
> $errormsg = $OUTPUT->notification(get_string('usernotallowed', 'webservice', $selectedservice->name));
} }
< //check if the user is deleted. unconfirmed, suspended or guest < $user = $DB->get_record('user', array('id' => $data->user)); < if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) { < throw new moodle_exception('forbiddenwsuser', 'webservice'); < }
> $user = \core_user::get_user($data->user, '*', MUST_EXIST); > \core_user::require_active_user($user);
< //process the creation
> // Generate the token.
if (empty($errormsg)) {
< //TODO improvement: either move this function from externallib.php to webservice/lib.php < // either move most of webservicelib.php functions into externallib.php < // (create externalmanager class) MDL-23523 < external_generate_token(EXTERNAL_TOKEN_PERMANENT, $data->service, < $data->user, context_system::instance(),
> external_generate_token(EXTERNAL_TOKEN_PERMANENT, $data->service, $data->user, context_system::instance(),
$data->validuntil, $data->iprestriction);
< redirect($tokenlisturl);
> redirect($PAGE->url);
} }
< //OUTPUT: create token form
echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('createtoken', 'webservice')); if (!empty($errormsg)) { echo $errormsg; } $mform->display(); echo $OUTPUT->footer();
< die; < break;
> die(); > }
< case 'delete':
> if ($action === 'delete') { > $webservicemanager = new webservice();
$token = $webservicemanager->get_token_by_id_with_details($tokenid); if ($token->creatorid != $USER->id) {
< require_capability("moodle/webservice:managealltokens", context_system::instance());
> require_capability('moodle/webservice:managealltokens', context_system::instance());
< //Delete the token < if ($confirm and confirm_sesskey()) {
> if ($confirm && confirm_sesskey()) {
< redirect($tokenlisturl);
> redirect($PAGE->url);
< ////OUTPUT: display delete token confirmation box
echo $OUTPUT->header();
< $renderer = $PAGE->get_renderer('core', 'webservice'); < echo $renderer->admin_delete_token_confirmation($token);
> > echo $OUTPUT->confirm( > get_string('deletetokenconfirm', 'webservice', [ > 'user' => $token->firstname . ' ' . $token->lastname, > 'service' => $token->name, > ]), > new single_button(new moodle_url('/admin/webservice/tokens.php', [ > 'tokenid' => $token->id, > 'action' => 'delete', > 'confirm' => 1, > 'sesskey' => sesskey(), > ]), get_string('delete')), > $PAGE->url > ); >
echo $OUTPUT->footer();
< die; < break;
> die(); > } > > // Pre-populate the form with the values that come as a part of the URL - typically when using the table_sql control > // links. > $filterdata = (object)[ > 'token' => $ftoken, > 'users' => $fusers, > 'services' => $fservices, > ];
< default: < //wrong url access < redirect($tokenlisturl); < break;
> $filter = new \core_webservice\token_filter($PAGE->url, $filterdata); > > $filter->set_data($filterdata); > > if ($filter->is_submitted()) { > $filterdata = $filter->get_data(); > > if (isset($filterdata->resetbutton)) { > redirect($PAGE->url); > } > } > > echo $OUTPUT->header(); > echo $OUTPUT->heading(get_string('managetokens', 'core_webservice')); > > echo html_writer::div($OUTPUT->render(new single_button(new moodle_url($PAGE->url, ['action' => 'create']), > get_string('createtoken', 'core_webservice'), 'get', true)), 'my-3'); > > $filter->display(); > > $table = new \core_webservice\token_table('webservicetokens', $filterdata); > > // In order to not lose the filter form values by clicking the table control links, make them part of the table's baseurl. > $baseurl = new moodle_url($PAGE->url, ['ftoken' => $filterdata->token]); > > foreach ($filterdata->users as $i => $userid) { > $baseurl->param("fusers[{$i}]", $userid); > } > > foreach ($filterdata->services as $i => $serviceid) { > $baseurl->param("fservices[{$i}]", $serviceid);
> > $table->define_baseurl($baseurl); > > $table->attributes['class'] = 'admintable generaltable'; > $table->data = []; > $table->out(30, false); > > echo $OUTPUT->footer();