Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/admin/tool/mfa/factor/role/classes/ -> factor.php (source)
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace factor_role; 18 19 use stdClass; 20 use tool_mfa\local\factor\object_factor_base; 21 22 /** 23 * Role factor class. 24 * 25 * @package factor_role 26 * @author Peter Burnett <peterburnett@catalyst-au.net> 27 * @copyright Catalyst IT 28 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 29 */ 30 class factor extends object_factor_base { 31 32 /** 33 * Role implementation. 34 * This factor is a singleton, return single instance. 35 * 36 * @param stdClass $user the user to check against. 37 * @return array 38 */ 39 public function get_all_user_factors(stdClass $user): array { 40 global $DB; 41 $records = $DB->get_records('tool_mfa', ['userid' => $user->id, 'factor' => $this->name]); 42 43 if (!empty($records)) { 44 return $records; 45 } 46 47 // Null records returned, build new record. 48 $record = [ 49 'userid' => $user->id, 50 'factor' => $this->name, 51 'timecreated' => time(), 52 'createdfromip' => $user->lastip, 53 'timemodified' => time(), 54 'revoked' => 0, 55 ]; 56 $record['id'] = $DB->insert_record('tool_mfa', $record, true); 57 return [(object) $record]; 58 } 59 60 /** 61 * Role implementation. 62 * Factor has no input 63 * 64 * {@inheritDoc} 65 */ 66 public function has_input(): bool { 67 return false; 68 } 69 70 /** 71 * Role implementation. 72 * Checks whether the user has selected roles in any context. 73 * 74 * {@inheritDoc} 75 */ 76 public function get_state(): string { 77 global $USER; 78 $rolestring = get_config('factor_role', 'roles'); 79 80 // Nothing selected, everyone passes. 81 if (empty($rolestring)) { 82 return \tool_mfa\plugininfo\factor::STATE_PASS; 83 } 84 85 $selected = explode(',', $rolestring); 86 $syscon = \context_system::instance(); 87 $specials = get_user_roles_with_special($syscon, $USER->id); 88 // Transform the special roles to the matching format. 89 $specials = array_map(function ($el) { 90 return $el->roleid; 91 }, $specials); 92 93 foreach ($selected as $id) { 94 if ($id === 'admin') { 95 if (is_siteadmin()) { 96 return \tool_mfa\plugininfo\factor::STATE_NEUTRAL; 97 } 98 } else { 99 if (user_has_role_assignment($USER->id, $id)) { 100 return \tool_mfa\plugininfo\factor::STATE_NEUTRAL; 101 } 102 103 // Some system default roles do not have an explicit binding. eg Authenticated user. 104 if (in_array((int) $id, $specials)) { 105 return \tool_mfa\plugininfo\factor::STATE_NEUTRAL; 106 } 107 } 108 } 109 110 // If we got here, no roles matched, allow access. 111 return \tool_mfa\plugininfo\factor::STATE_PASS; 112 } 113 114 /** 115 * Role implementation. 116 * Cannot set state, return true. 117 * 118 * @param string $state the state constant to set 119 * @return bool 120 */ 121 public function set_state(string $state): bool { 122 return true; 123 } 124 125 /** 126 * Role implementation. 127 * User can not influence. Result is whatever current state is. 128 * 129 * @param stdClass $user 130 * @return array 131 */ 132 public function possible_states(stdClass $user): array { 133 return [$this->get_state()]; 134 } 135 136 /** 137 * Role implementation 138 * Formats the role list nicely. 139 * 140 * {@inheritDoc} 141 */ 142 public function get_summary_condition(): string { 143 $selectedroles = get_config('factor_role', 'roles'); 144 if (empty($selectedroles)) { 145 return get_string('summarycondition', 'factor_role', get_string('none')); 146 } 147 148 $selectedroles = $this->get_roles(explode(',', $selectedroles)); 149 if (empty($selectedroles)) { 150 return get_string('summarycondition', 'factor_role', get_string('none')); 151 } 152 153 return get_string('summarycondition', 'factor_role', implode(', ', $selectedroles)); 154 } 155 156 /** 157 * Get roles information by given ids. 158 * 159 * @param array $selectedroles List of role ids. 160 * @return array 161 */ 162 public function get_roles(array $selectedroles): array { 163 global $DB; 164 $roles = []; 165 166 // Checks for admin role and gets its role name. 167 if (in_array('admin', $selectedroles)) { 168 $roles[] = get_string('administrator'); 169 } 170 $integerroles = array_map('intval', $selectedroles); 171 172 // Gets role name for all non admin roles. 173 if (!empty($integerroles)) { 174 [$insql, $inparams] = $DB->get_in_or_equal($integerroles); 175 $otherroles = $DB->get_records_select('role', 'id ' . $insql, $inparams); 176 $otherrolenames = role_fix_names($otherroles, null, ROLENAME_ALIAS, true); 177 $roles = array_merge($roles, $otherrolenames); 178 } 179 180 return $roles; 181 } 182 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
