Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 39 and 311] [Versions 39 and 400] [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]

   1  <?php
   2  
   3  // This file is part of Moodle - http://moodle.org/
   4  //
   5  // Moodle is free software: you can redistribute it and/or modify
   6  // it under the terms of the GNU General Public License as published by
   7  // the Free Software Foundation, either version 3 of the License, or
   8  // (at your option) any later version.
   9  //
  10  // Moodle is distributed in the hope that it will be useful,
  11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  // GNU General Public License for more details.
  14  //
  15  // You should have received a copy of the GNU General Public License
  16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17  
  18  /**
  19   * Web services tokens admin UI
  20   *
  21   * @package   webservice
  22   * @author Jerome Mouneyrac
  23   * @copyright 2009 Moodle Pty Ltd (http://moodle.com)
  24   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  25   */
  26  require_once('../../config.php');
  27  require_once($CFG->libdir . '/adminlib.php');
  28  require_once($CFG->dirroot . '/' . $CFG->admin . '/webservice/forms.php');
  29  require_once($CFG->libdir . '/externallib.php');
  30  
  31  $action = optional_param('action', '', PARAM_ALPHANUMEXT);
  32  $tokenid = optional_param('tokenid', '', PARAM_SAFEDIR);
  33  $confirm = optional_param('confirm', 0, PARAM_BOOL);
  34  
  35  admin_externalpage_setup('addwebservicetoken');
  36  
  37  //Deactivate the second 'Manage token' navigation node, and use the main 'Manage token' navigation node
  38  $node = $PAGE->settingsnav->find('addwebservicetoken', navigation_node::TYPE_SETTING);
  39  $newnode = $PAGE->settingsnav->find('webservicetokens', navigation_node::TYPE_SETTING);
  40  if ($node && $newnode) {
  41      $node->display = false;
  42      $newnode->make_active();
  43  }
  44  
  45  
  46  $tokenlisturl = new moodle_url("/" . $CFG->admin . "/settings.php", array('section' => 'webservicetokens'));
  47  
  48  require_once($CFG->dirroot . "/webservice/lib.php");
  49  $webservicemanager = new webservice();
  50  
  51  switch ($action) {
  52  
  53      case 'create':
  54          $mform = new web_service_token_form(null, array('action' => 'create'));
  55          $data = $mform->get_data();
  56          if ($mform->is_cancelled()) {
  57              redirect($tokenlisturl);
  58          } else if ($data and confirm_sesskey()) {
  59              ignore_user_abort(true);
  60  
  61              //check the the user is allowed for the service
  62              $selectedservice = $webservicemanager->get_external_service_by_id($data->service);
  63              if ($selectedservice->restrictedusers) {
  64                  $restricteduser = $webservicemanager->get_ws_authorised_user($data->service, $data->user);
  65                  if (empty($restricteduser)) {
  66                      $allowuserurl = new moodle_url('/' . $CFG->admin . '/webservice/service_users.php',
  67                              array('id' => $selectedservice->id));
  68                      $allowuserlink = html_writer::tag('a', $selectedservice->name , array('href' => $allowuserurl));
  69                      $errormsg = $OUTPUT->notification(get_string('usernotallowed', 'webservice', $allowuserlink));
  70                  }
  71              }
  72  
  73              //check if the user is deleted. unconfirmed, suspended or guest
  74              $user = $DB->get_record('user', array('id' => $data->user));
  75              if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) {
  76                  throw new moodle_exception('forbiddenwsuser', 'webservice');
  77              }
  78  
  79              //process the creation
  80              if (empty($errormsg)) {
  81                  //TODO improvement: either move this function from externallib.php to webservice/lib.php
  82                  // either move most of webservicelib.php functions into externallib.php
  83                  // (create externalmanager class) MDL-23523
  84                  external_generate_token(EXTERNAL_TOKEN_PERMANENT, $data->service,
  85                          $data->user, context_system::instance(),
  86                          $data->validuntil, $data->iprestriction);
  87                  redirect($tokenlisturl);
  88              }
  89          }
  90  
  91          //OUTPUT: create token form
  92          echo $OUTPUT->header();
  93          echo $OUTPUT->heading(get_string('createtoken', 'webservice'));
  94          if (!empty($errormsg)) {
  95              echo $errormsg;
  96          }
  97          $mform->display();
  98          echo $OUTPUT->footer();
  99          die;
 100          break;
 101  
 102      case 'delete':
 103          $token = $webservicemanager->get_token_by_id_with_details($tokenid);
 104  
 105          if ($token->creatorid != $USER->id) {
 106              require_capability("moodle/webservice:managealltokens", context_system::instance());
 107          }
 108  
 109          //Delete the token
 110          if ($confirm and confirm_sesskey()) {
 111              $webservicemanager->delete_user_ws_token($token->id);
 112              redirect($tokenlisturl);
 113          }
 114  
 115          ////OUTPUT: display delete token confirmation box
 116          echo $OUTPUT->header();
 117          $renderer = $PAGE->get_renderer('core', 'webservice');
 118          echo $renderer->admin_delete_token_confirmation($token);
 119          echo $OUTPUT->footer();
 120          die;
 121          break;
 122  
 123      default:
 124          //wrong url access
 125          redirect($tokenlisturl);
 126          break;
 127  }