mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-06-03 14:46:35 +02:00
Code Issues Projects Releases Wiki Activity

MDL-9574 + MDL-9607 Add Change-own-password and Edit-own-profile capabilities

Browse Source
This commit is contained in:
skodak 2007-04-26 21:41:08 +00:00
parent 101ed55bda
commit 1cb3da3613
10 changed files with 86 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lang/en_utf8/moodle.php
View File

@ -500,6 +500,14 @@ line at the top of your web browser window.
If you need help, please contact the site administrator,
$a->admin';
$string['emailpasswordchangeinfodisabled'] = 'Hi $a->firstname,
Someone (probably you) has requested a new password for your
account on \'$a->sitename\'.
Unfortunately your account on this site is disabled and can not be reset,
please contact the site administrator,
$a->admin';
$string['emailpasswordchangeinfofail'] = 'Hi $a->firstname,
Someone (probably you) has requested a new password for your

2
lang/en_utf8/role.php
View File

@ -116,8 +116,10 @@ $string['site:uploadusers'] = 'Upload new users from file';
$string['site:viewfullnames'] = 'Always see full names of users';
$string['site:viewparticipants'] = 'View participants';
$string['site:viewreports'] = 'View reports';
$string['user:changeownpassword'] = 'Change own password';
$string['user:create'] = 'Create users';
$string['user:delete'] = 'Delete users';
$string['user:editownprofile'] = 'Edit own user profile';
$string['user:editprofile'] = 'Edit user profile';
$string['user:loginas'] = 'Login as other users';
$string['user:readuserblogs'] = 'See all user blogs';

24
lib/db/access.php
View File

@ -719,13 +719,35 @@ $moodle_capabilities = array(
'riskbitmask' => RISK_SPAM,
'captype' => 'read',
'captype' => 'write',
'contextlevel' => CONTEXT_USER,
'legacy' => array(
'admin' => CAP_ALLOW
)
),
'moodle/user:editownprofile' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
'guest' => CAP_PROHIBIT,
'user' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/user:changeownpassword' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
'guest' => CAP_PROHIBIT,
'user' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
// The next 3 might make no sense for some roles, e.g teacher, etc.
// since the next level up is site. These are more for the parent role
'moodle/user:readuserposts' => array(

16
lib/moodlelib.php
View File

@ -3575,7 +3575,7 @@ function reset_password_and_mail($user) {
$from = get_admin();
$userauth = get_auth_plugin($user->auth);
if (!$userauth->can_reset_password()) {
if (!$userauth->can_reset_password() or !is_enabled_auth($user->auth)) {
trigger_error("Attempt to reset user password for user $user->username with Auth $user->auth.");
return false;
}
@ -3676,15 +3676,23 @@ function send_password_change_info($user) {
$site = get_site();
$from = get_admin();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
$data = new object();
$data->firstname = $user->firstname;
$data->sitename = format_string($site->fullname);
$data->admin = fullname($from).' ('. $from->email .')';
$userauth = get_auth_plugin($user->auth);
$userauth = get_auth_plugin($user->auth);
if (!is_enabled_auth($user->auth) or $user->auth == 'nologin') {
$message = get_string('emailpasswordchangeinfodisabled', '', $data);
$subject = get_string('emailpasswordchangeinfosubject', '', format_string($site->fullname));
return email_to_user($user, $from, $subject, $message);
}
if ($userauth->can_change_password() and $userauth->change_password_url()) {
// we have some external url for password cahnging
// we have some external url for password changing
$data->link .= $userauth->change_password_url();
} else {
@ -3692,7 +3700,7 @@ function send_password_change_info($user) {
$data->link = '';
}
if (!empty($data->link)) {
if (!empty($data->link) and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
$message = get_string('emailpasswordchangeinfo', '', $data);
$subject = get_string('emailpasswordchangeinfosubject', '', format_string($site->fullname));
} else {

10
login/change_password.php
View File

@ -14,15 +14,19 @@
error('No such course!');
}
// require proper login; guest can not change password
// TODO: add change password capability so that we can prevent participants from changing password
if (empty($USER->id) or isguestuser() or has_capability('moodle/legacy:guest', $systemcontext, $USER->id, false)) {
// require proper login; guest user can not change password
if (empty($USER->id) or isguestuser()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
redirect($CFG->httpswwwroot.'/login/index.php');
}
// do not require change own password cap if change forced
if (!get_user_preferences('auth_forcepasswordchange', false)) {
require_capability('moodle/user:changeownpassword', $systemcontext);
}
// do not allow "Logged in as" users to change any passwords
if (!empty($USER->realuser)) {
error('Can not use this script when "Logged in as"!');

21
login/forgot_password.php
View File

@ -12,7 +12,7 @@ $p_username = optional_param('s', false, PARAM_RAW);
httpsrequired();
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
// setup text strings
$strforgotten = get_string('passwordforgotten');
@ -41,11 +41,13 @@ if ($p_secret !== false) {
// make sure that url relates to a valid user
// check this isn't guest user
// TODO: add change password capability so that we can prevent participants to change password
if (has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) {
if (isguestuser($user)) {
error('You cannot reset the guest password');
}
// make sure user is allowed to change password
require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
// override email stop and mail new password
$user->emailstop = 0;
if (!reset_password_and_mail($user)) {
@ -97,9 +99,14 @@ if ($mform->is_cancelled()) {
if ($user and !empty($user->confirmed)) {
$userauth = get_auth_plugin($user->auth);
if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
// send email (make sure mail block is off)
$user->mailstop = 0;
}
if ($userauth->can_reset_password()) {
// reset internal password and notify user
if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
// send reset password confirmation
// set 'secret' string
$user->secret = random_string(15);
@ -107,15 +114,11 @@ if ($mform->is_cancelled()) {
error('error setting user secret string');
}
// send email (make sure mail block is off)
$user->mailstop = 0;
if (!send_password_change_confirmation_email($user)) {
error('error sending password change confirmation email');
}
} else {
// send email (make sure mail block is off)
$user->mailstop = 0;
if (!send_password_change_info($user)) {
error('error sending password change confirmation email');
}

12
user/edit.php
View File

@ -24,7 +24,10 @@
redirect($CFG->httpswwwroot.'/login/index.php');
}
if (isguest()) { //TODO: add proper capability to edit own profile
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
if (isguestuser()) {
print_error('guestnoeditprofile');
}
@ -38,9 +41,12 @@
}
// check access control
if ($user->id != $USER->id) {
if ($user->id == $USER->id) {
//editing own profile
require_capability('moodle/user:editownprofile', $systemcontext);
} else {
// teachers, parents, etc.
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
require_capability('moodle/user:editprofile', $personalcontext);
// no editing of guest user account
if (isguestuser($user->id)) {

13
user/tabs.php
View File

@ -102,16 +102,19 @@
}
$edittype = 'none';
if (is_mnet_remote_user($user)) {
if (isguestuser($user)) {
// guest account can not be edited
} else if (is_mnet_remote_user($user)) {
// cannot edit remote users
} else if (isguest() or !isloggedin()) {
// can not edit guest like accounts - TODO: add capability to edit own profile
} else if (isguestuser() or !isloggedin()) {
// guests and not logged in can not edit own profile
} else if ($USER->id == $user->id) {
if (has_capability('moodle/user:update', $systemcontext)) {
$edittype = 'advanced';
} else {
} else if (has_capability('moodle/user:editownprofile', $systemcontext)) {
$edittype = 'normal';
}

9
user/view.php
View File

@ -31,11 +31,12 @@
}
if ($course->id == SITEID) {
$coursecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); // SYSTEM context
$coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
} else {
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
}
$usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context
$systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
if (!empty($CFG->forcelogin) || $course->id != SITEID) {
// do not force parents to enrol
@ -356,10 +357,8 @@
$userauth = get_auth_plugin($user->auth);
$passwordchangeurl = false;
if (/*$currentuser and */$userauth->can_change_password() and !isguest()) { //TODO: add proper capability for password changing
if ($userauth->change_password_url()) {
$passwordchangeurl = $userauth->change_password_url();
} else {
if ($currentuser and $userauth->can_change_password() and !isguestuser() and has_capability('moodle/user:changeownpassword', $systemcontext)) {
if (!$passwordchangeurl = $userauth->change_password_url()) {
if (empty($CFG->loginhttps)) {
$passwordchangeurl = "$CFG->wwwroot/login/change_password.php";
} else {

2
version.php
View File

@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
$version = 2007042601; // YYYYMMDD = date
$version = 2007042700; // YYYYMMDD = date
// XY = increments within a single day
$release = '1.9 dev'; // Human-friendly version name