See Release Notes
Long Term Support Release
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]
1 <?php 2 3 // Allows the admin to control user logins from remote moodles. 4 5 require_once(__DIR__ . '/../../config.php'); 6 require_once($CFG->libdir.'/adminlib.php'); 7 include_once($CFG->dirroot.'/mnet/lib.php'); 8 9 $sort = optional_param('sort', 'username', PARAM_ALPHAEXT); 10 $dir = optional_param('dir', 'ASC', PARAM_ALPHA); 11 $page = optional_param('page', 0, PARAM_INT); 12 $perpage = optional_param('perpage', 30, PARAM_INT); 13 $action = trim(strtolower(optional_param('action', '', PARAM_ALPHA))); 14 15 admin_externalpage_setup('ssoaccesscontrol'); 16 17 if (!extension_loaded('openssl')) { 18 throw new \moodle_exception('requiresopenssl', 'mnet'); 19 } 20 21 $sitecontext = context_system::instance(); 22 $sesskey = sesskey(); 23 $formerror = array(); 24 25 // grab the mnet hosts and remove the localhost 26 $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name'); 27 if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) { 28 unset($mnethosts[$CFG->mnet_localhost_id]); 29 } 30 31 32 33 // process actions 34 if (!empty($action) and confirm_sesskey()) { 35 36 // boot if insufficient permission 37 if (!has_capability('moodle/user:delete', $sitecontext)) { 38 throw new \moodle_exception('nomodifyacl', 'mnet'); 39 } 40 41 // fetch the record in question 42 $id = required_param('id', PARAM_INT); 43 if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) { 44 throw new \moodle_exception('recordnoexists', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 45 } 46 47 switch ($action) { 48 49 case "delete": 50 $DB->delete_records('mnet_sso_access_control', array('id'=>$id)); 51 redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id]))); 52 break; 53 54 case "acl": 55 56 // require the access parameter, and it must be 'allow' or 'deny' 57 $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA))); 58 if ($accessctrl != 'allow' and $accessctrl != 'deny') { 59 throw new \moodle_exception('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 60 } 61 62 if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) { 63 if ($accessctrl == 'allow') { 64 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username, 65 'host' => $mnethosts[$idrec->mnet_host_id]))); 66 } else if ($accessctrl == 'deny') { 67 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username, 68 'host' => $mnethosts[$idrec->mnet_host_id]))); 69 } 70 } 71 break; 72 73 default: 74 throw new \moodle_exception('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 75 } 76 } 77 78 79 80 // process the form results 81 if ($form = data_submitted() and confirm_sesskey()) { 82 83 // check permissions and verify form input 84 if (!has_capability('moodle/user:delete', $sitecontext)) { 85 throw new \moodle_exception('nomodifyacl', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 86 } 87 if (empty($form->username)) { 88 $formerror['username'] = get_string('enterausername','mnet'); 89 } 90 if (empty($form->mnet_host_id)) { 91 $formerror['mnet_host_id'] = get_string('selectahost','mnet'); 92 } 93 if (empty($form->accessctrl)) { 94 $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ; 95 } 96 97 // process if there are no errors 98 if (count($formerror) == 0) { 99 100 // username can be a comma separated list 101 $usernames = explode(',', $form->username); 102 103 foreach ($usernames as $username) { 104 $username = trim(core_text::strtolower($username)); 105 if (!empty($username)) { 106 if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) { 107 if ($form->accessctrl == 'allow') { 108 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id]))); 109 } elseif ($form->accessctrl == 'deny') { 110 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id]))); 111 } 112 } 113 } 114 } 115 } 116 exit; 117 } 118 119 echo $OUTPUT->header(); 120 121 // Explain 122 echo $OUTPUT->box(get_string('ssoacldescr','mnet')); 123 // Are the needed bits enabled? 124 $warn = ''; 125 if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') { 126 $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>'; 127 } 128 129 if (!is_enabled_auth('mnet')) { 130 $warn .= '<p>' . get_string('authmnetdisabled','mnet').'</p>'; 131 } 132 133 if (!empty($warn)) { 134 $warn = '<p>' . get_string('ssoaclneeds','mnet').'</p>' . $warn; 135 echo $OUTPUT->box($warn); 136 } 137 // output the ACL table 138 $columns = array("username", "mnet_host_id", "access", "delete"); 139 $headings = array(); 140 $string = array('username' => get_string('username'), 141 'mnet_host_id' => get_string('remotehost', 'mnet'), 142 'access' => get_string('accesslevel', 'mnet'), 143 'delete' => get_string('delete')); 144 foreach ($columns as $column) { 145 if ($sort != $column) { 146 $columnicon = ""; 147 $columndir = "ASC"; 148 } else { 149 $columndir = $dir == "ASC" ? "DESC" : "ASC"; 150 $columnicon = $dir == "ASC" ? "down" : "up"; 151 $columnicon = " " . $OUTPUT->pix_icon('t/' . $columnicon, get_string('sort')); 152 } 153 $headings[$column] = "<a href=\"?sort=$column&dir=$columndir&\">".$string[$column]."</a>$columnicon"; 154 } 155 $headings['delete'] = ''; 156 157 $sortorder = get_safe_orderby([ 158 'username' => 'username', 159 'mnet_host_id' => 'mnet_host_id', 160 'access' => 'accessctrl', 161 'default' => 'username', 162 ], $sort, $dir, false); 163 164 $acl = $DB->get_records('mnet_sso_access_control', null, $sortorder); 165 $aclcount = $DB->count_records('mnet_sso_access_control'); 166 167 if (!$acl) { 168 echo $OUTPUT->heading(get_string('noaclentries','mnet')); 169 $table = NULL; 170 } else { 171 $table = new html_table(); 172 $table->head = $headings; 173 $table->align = array('left', 'left', 'center'); 174 $table->width = "95%"; 175 foreach ($acl as $aclrecord) { 176 if ($aclrecord->accessctrl == 'allow') { 177 $accesscolumn = get_string('allow', 'mnet') 178 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=deny&sesskey=".sesskey()."\">" 179 . get_string('deny', 'mnet') . "</a>)"; 180 } else { 181 $accesscolumn = get_string('deny', 'mnet') 182 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=allow&sesskey=".sesskey()."\">" 183 . get_string('allow', 'mnet') . "</a>)"; 184 } 185 $deletecolumn = "<a href=\"?id={$aclrecord->id}&action=delete&sesskey=".sesskey()."\">" 186 . get_string('delete') . "</a>"; 187 $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn); 188 } 189 } 190 191 if (!empty($table)) { 192 echo html_writer::table($table); 193 echo '<p> </p>'; 194 $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage)); 195 echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl); 196 } 197 198 199 200 // output the add form 201 echo $OUTPUT->box_start(); 202 203 ?> 204 <div class="mnetaddtoaclform"> 205 <form id="mnetaddtoacl" method="post"> 206 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" /> 207 <?php 208 209 // enter a username 210 echo get_string('username') . ":\n"; 211 if (!empty($formerror['username'])) { 212 echo '<span class="error"> * </span>'; 213 } 214 echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide')); 215 echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />'; 216 217 // choose a remote host 218 echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n"; 219 if (!empty($formerror['mnet_host_id'])) { 220 echo '<span class="error"> * </span>'; 221 } 222 echo html_writer::select($mnethosts, 'mnet_host_id'); 223 224 // choose an access level 225 echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n"; 226 if (!empty($formerror['accessctrl'])) { 227 echo '<span class="error"> * </span>'; 228 } 229 $accessmenu['allow'] = get_string('allow', 'mnet'); 230 $accessmenu['deny'] = get_string('deny', 'mnet'); 231 echo html_writer::select($accessmenu, 'accessctrl'); 232 233 // submit button 234 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />'; 235 echo "</form></div>\n"; 236 237 // print errors 238 foreach ($formerror as $error) { 239 echo "<br><span class=\"error\">$error<span>"; 240 } 241 242 echo $OUTPUT->box_end(); 243 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body