From 1fc0c4bd4e3d27a5df09c395235d362f2972cd55 Mon Sep 17 00:00:00 2001 From: Brendan Heywood Date: Wed, 5 Jun 2019 14:07:28 +1000 Subject: [PATCH] MDL-58439 admin: Ignore guest logins for all admin pages --- admin/antiviruses.php | 3 +-- admin/auth.php | 3 +-- admin/category.php | 4 +--- admin/courseformats.php | 3 +-- admin/customfields.php | 3 +-- admin/dataformats.php | 3 +-- admin/editors.php | 3 +-- admin/enrol.php | 3 +-- admin/licenses.php | 3 +-- admin/media.php | 3 +-- admin/mnet/delete.php | 3 --- admin/plugins.php | 3 +-- admin/qbehaviours.php | 2 +- admin/qtypes.php | 4 ++-- admin/roles/define.php | 4 +++- admin/roles/manage.php | 3 ++- admin/roles/usersroles.php | 2 +- admin/tasklogs.php | 3 --- admin/timezone.php | 4 +--- admin/tool/installaddon/permcheck.php | 2 +- admin/tool/log/stores.php | 3 +-- admin/tool/lp/competencies.php | 2 +- admin/tool/lp/competencyframeworks.php | 2 +- admin/tool/lp/editcompetency.php | 2 +- admin/tool/lp/editcompetencyframework.php | 2 +- admin/tool/monitor/edit.php | 2 +- admin/tool/monitor/index.php | 2 +- admin/tool/monitor/managerules.php | 5 +---- admin/tool/oauth2/endpoints.php | 4 +--- admin/tool/oauth2/issuers.php | 4 +--- admin/tool/oauth2/userfieldmappings.php | 4 +--- admin/tool/recyclebin/index.php | 2 +- admin/tool/task/clear_fail_delay.php | 3 +-- admin/tool/task/schedule_task.php | 3 +-- admin/tool/task/scheduledtasks.php | 4 +--- admin/updatesetting.php | 3 +-- admin/webservice/protocols.php | 3 +-- lib/adminlib.php | 2 +- lib/moodlelib.php | 8 ++++++++ 39 files changed, 48 insertions(+), 73 deletions(-) diff --git a/admin/antiviruses.php b/admin/antiviruses.php index 4bde452a19a..e6a0ce2dba9 100644 --- a/admin/antiviruses.php +++ b/admin/antiviruses.php @@ -33,8 +33,7 @@ $confirm = optional_param('confirm', 0, PARAM_BOOL); $PAGE->set_url('/admin/antiviruses.php', array('action' => $action, 'antivirus' => $antivirus)); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageantiviruses"; diff --git a/admin/auth.php b/admin/auth.php index c83e8482bee..c45b0da93cf 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -11,8 +11,7 @@ require_once('../config.php'); require_once($CFG->libdir.'/adminlib.php'); require_once($CFG->libdir.'/tablelib.php'); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $returnurl = new moodle_url('/admin/settings.php', array('section'=>'manageauths')); diff --git a/admin/category.php b/admin/category.php index f15fafb8628..c06426e8023 100644 --- a/admin/category.php +++ b/admin/category.php @@ -30,9 +30,7 @@ $category = required_param('category', PARAM_SAFEDIR); $return = optional_param('return','', PARAM_ALPHA); $adminediting = optional_param('adminedit', -1, PARAM_BOOL); -/// no guest autologin -require_login(0, false); -$PAGE->set_context(context_system::instance()); +require_admin(); $PAGE->set_url('/admin/category.php', array('category' => $category)); $PAGE->set_pagetype('admin-setting-' . $category); $PAGE->set_pagelayout('admin'); diff --git a/admin/courseformats.php b/admin/courseformats.php index 80f76803bb1..44ab2047609 100644 --- a/admin/courseformats.php +++ b/admin/courseformats.php @@ -32,8 +32,7 @@ $syscontext = context_system::instance(); $PAGE->set_url('/admin/courseformats.php'); $PAGE->set_context($syscontext); -require_login(); -require_capability('moodle/site:config', $syscontext); +require_admin(); require_sesskey(); $return = new moodle_url('/admin/settings.php', array('section' => 'manageformats')); diff --git a/admin/customfields.php b/admin/customfields.php index 2f7681eb312..2cf80448f52 100644 --- a/admin/customfields.php +++ b/admin/customfields.php @@ -32,8 +32,7 @@ $syscontext = context_system::instance(); $PAGE->set_url('/admin/customfields.php'); $PAGE->set_context($syscontext); -require_login(); -require_capability('moodle/site:config', $syscontext); +require_admin(); require_sesskey(); $return = new moodle_url('/admin/settings.php', array('section' => 'managecustomfields')); diff --git a/admin/dataformats.php b/admin/dataformats.php index f531e9b4ed5..42a8e50f955 100644 --- a/admin/dataformats.php +++ b/admin/dataformats.php @@ -33,8 +33,7 @@ $syscontext = context_system::instance(); $PAGE->set_url('/admin/dataformats.php'); $PAGE->set_context($syscontext); -require_login(); -require_capability('moodle/site:config', $syscontext); +require_admin(); require_sesskey(); $return = new moodle_url('/admin/settings.php', array('section' => 'managedataformats')); diff --git a/admin/editors.php b/admin/editors.php index 5d8a50ce768..649d2f5bbed 100644 --- a/admin/editors.php +++ b/admin/editors.php @@ -15,8 +15,7 @@ $confirm = optional_param('confirm', 0, PARAM_BOOL); $PAGE->set_url('/admin/editors.php', array('action'=>$action, 'editor'=>$editor)); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageeditors"; diff --git a/admin/enrol.php b/admin/enrol.php index 5f26effc3e8..cfe0636b298 100644 --- a/admin/enrol.php +++ b/admin/enrol.php @@ -35,8 +35,7 @@ $confirm = optional_param('confirm', 0, PARAM_BOOL); $PAGE->set_url('/admin/enrol.php'); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); require_sesskey(); $enabled = enrol_get_plugins(true); diff --git a/admin/licenses.php b/admin/licenses.php index 47d3929201c..820e7758a69 100644 --- a/admin/licenses.php +++ b/admin/licenses.php @@ -23,8 +23,7 @@ require_once('../config.php'); require_once($CFG->libdir.'/adminlib.php'); require_once($CFG->libdir.'/licenselib.php'); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=managelicenses"; diff --git a/admin/media.php b/admin/media.php index d6886a080fb..2a5f05b4394 100644 --- a/admin/media.php +++ b/admin/media.php @@ -35,8 +35,7 @@ $confirm = optional_param('confirm', 0, PARAM_BOOL); $PAGE->set_url('/admin/media.php'); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); require_sesskey(); $plugins = core_plugin_manager::instance()->get_plugins_of_type('media'); diff --git a/admin/mnet/delete.php b/admin/mnet/delete.php index 479d559215a..5dec22bcfa8 100644 --- a/admin/mnet/delete.php +++ b/admin/mnet/delete.php @@ -34,9 +34,6 @@ $step = optional_param('step', 'verify', PARAM_ALPHA); $hostid = required_param('hostid', PARAM_INT); - -$context = context_system::instance(); - $mnet = get_mnet_environment(); $PAGE->set_url('/admin/mnet/delete.php'); diff --git a/admin/plugins.php b/admin/plugins.php index 1176f3b2928..c99ae525e30 100644 --- a/admin/plugins.php +++ b/admin/plugins.php @@ -43,9 +43,8 @@ $confirminstallupdate = optional_param('confirminstallupdate', false, PARAM_BOOL // NOTE: do not use admin_externalpage_setup() here because it loads // full admin tree which is not possible during uninstallation. -require_login(); +require_admin(); $syscontext = context_system::instance(); -require_capability('moodle/site:config', $syscontext); // URL params we want to maintain on redirects. $pageparams = array('updatesonly' => $updatesonly, 'contribonly' => $contribonly); diff --git a/admin/qbehaviours.php b/admin/qbehaviours.php index 057429cf5c0..ae01d317292 100644 --- a/admin/qbehaviours.php +++ b/admin/qbehaviours.php @@ -31,7 +31,7 @@ require_once($CFG->libdir . '/adminlib.php'); require_once($CFG->libdir . '/tablelib.php'); // Check permissions. -require_login(); +require_login(null, false); $systemcontext = context_system::instance(); require_capability('moodle/question:config', $systemcontext); diff --git a/admin/qtypes.php b/admin/qtypes.php index f9dfc2e2b0c..a6bc06a4abd 100644 --- a/admin/qtypes.php +++ b/admin/qtypes.php @@ -30,12 +30,12 @@ require_once($CFG->libdir . '/questionlib.php'); require_once($CFG->libdir . '/adminlib.php'); require_once($CFG->libdir . '/tablelib.php'); -// Check permissions. +admin_externalpage_setup('manageqtypes'); + $systemcontext = context_system::instance(); require_capability('moodle/question:config', $systemcontext); $canviewreports = has_capability('report/questioninstances:view', $systemcontext); -admin_externalpage_setup('manageqtypes'); $thispageurl = new moodle_url('/admin/qtypes.php'); $qtypes = question_bank::get_all_qtypes(); diff --git a/admin/roles/define.php b/admin/roles/define.php index a298052b1c5..1a90cddd39a 100644 --- a/admin/roles/define.php +++ b/admin/roles/define.php @@ -52,10 +52,12 @@ if ($return === 'manage') { $returnurl = new moodle_url('/admin/roles/define.php', array('action'=>'view', 'roleid'=>$roleid));; } +admin_externalpage_setup('defineroles', '', array('action' => $action, 'roleid' => $roleid), + new moodle_url('/admin/roles/define.php')); + // Check access permissions. $systemcontext = context_system::instance(); require_capability('moodle/role:manage', $systemcontext); -admin_externalpage_setup('defineroles', '', array('action' => $action, 'roleid' => $roleid), new moodle_url('/admin/roles/define.php')); // Export role. if ($action === 'export') { diff --git a/admin/roles/manage.php b/admin/roles/manage.php index 9da57eb5a14..5a1530f6068 100644 --- a/admin/roles/manage.php +++ b/admin/roles/manage.php @@ -46,10 +46,11 @@ if ($action) { $baseurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/manage.php'; $defineurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/define.php'; +admin_externalpage_setup('defineroles'); + // Check access permissions. $systemcontext = context_system::instance(); require_capability('moodle/role:manage', $systemcontext); -admin_externalpage_setup('defineroles'); // Get some basic data we are going to need. $roles = role_fix_names(get_all_roles(), $systemcontext, ROLENAME_ORIGINAL); diff --git a/admin/roles/usersroles.php b/admin/roles/usersroles.php index c455902c03e..362c4297a12 100644 --- a/admin/roles/usersroles.php +++ b/admin/roles/usersroles.php @@ -45,7 +45,7 @@ $PAGE->set_pagelayout('admin'); // Check login and permissions. if ($course->id == SITEID) { - require_login(); + require_login(null, false); $PAGE->set_context($usercontext); } else { require_login($course); diff --git a/admin/tasklogs.php b/admin/tasklogs.php index 6684a7ebc4b..ef808c0b821 100644 --- a/admin/tasklogs.php +++ b/admin/tasklogs.php @@ -40,9 +40,6 @@ $strheading = get_string('tasklogs', 'tool_task'); $PAGE->set_title($strheading); $PAGE->set_heading($strheading); -require_login(); - -require_capability('moodle/site:config', context_system::instance()); admin_externalpage_setup('tasklogs'); $logid = optional_param('logid', null, PARAM_INT); diff --git a/admin/timezone.php b/admin/timezone.php index 8e603a628fb..510d2d0b670 100644 --- a/admin/timezone.php +++ b/admin/timezone.php @@ -12,9 +12,7 @@ $PAGE->set_url('/admin/timezone.php'); $PAGE->set_context(context_system::instance()); - require_login(); - - require_capability('moodle/site:config', context_system::instance()); + require_admin(); $strtimezone = get_string("timezone"); $strsavechanges = get_string("savechanges"); diff --git a/admin/tool/installaddon/permcheck.php b/admin/tool/installaddon/permcheck.php index db488848597..64b23b2ea41 100644 --- a/admin/tool/installaddon/permcheck.php +++ b/admin/tool/installaddon/permcheck.php @@ -29,7 +29,7 @@ define('AJAX_SCRIPT', true); require(__DIR__ . '/../../../config.php'); require_once($CFG->libdir.'/adminlib.php'); -require_login(); +require_login(null, false); if (!has_capability('moodle/site:config', context_system::instance())) { header('HTTP/1.1 403 Forbidden'); diff --git a/admin/tool/log/stores.php b/admin/tool/log/stores.php index 5b8e7121604..4710362b7fb 100644 --- a/admin/tool/log/stores.php +++ b/admin/tool/log/stores.php @@ -31,8 +31,7 @@ $enrol = required_param('store', PARAM_PLUGIN); $PAGE->set_url('/admin/tool/log/stores.php'); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); require_sesskey(); $all = \tool_log\log\manager::get_store_plugins(); diff --git a/admin/tool/lp/competencies.php b/admin/tool/lp/competencies.php index 3543c181b90..a7b48d79363 100644 --- a/admin/tool/lp/competencies.php +++ b/admin/tool/lp/competencies.php @@ -39,7 +39,7 @@ if ($competencyid) { $pagecontext = context::instance_by_id($pagecontextid); } -require_login(); +require_login(null, false); \core_competency\api::require_enabled(); $framework = \core_competency\api::read_framework($id); diff --git a/admin/tool/lp/competencyframeworks.php b/admin/tool/lp/competencyframeworks.php index 8f484ad2f26..1d8e3a2497d 100644 --- a/admin/tool/lp/competencyframeworks.php +++ b/admin/tool/lp/competencyframeworks.php @@ -31,7 +31,7 @@ $context = context::instance_by_id($pagecontextid); $url = new moodle_url("/admin/tool/lp/competencyframeworks.php"); $url->param('pagecontextid', $pagecontextid); -require_login(); +require_login(null, false); \core_competency\api::require_enabled(); if (!\core_competency\competency_framework::can_read_context($context)) { diff --git a/admin/tool/lp/editcompetency.php b/admin/tool/lp/editcompetency.php index 8e34d1cc7ab..4fce0de2ae9 100644 --- a/admin/tool/lp/editcompetency.php +++ b/admin/tool/lp/editcompetency.php @@ -30,7 +30,7 @@ $competencyframeworkid = optional_param('competencyframeworkid', 0, PARAM_INT); $pagecontextid = required_param('pagecontextid', PARAM_INT); // Reference to the context we came from. $parentid = optional_param('parentid', 0, PARAM_INT); -require_login(); +require_login(null, false); \core_competency\api::require_enabled(); if (empty($competencyframeworkid) && empty($id)) { diff --git a/admin/tool/lp/editcompetencyframework.php b/admin/tool/lp/editcompetencyframework.php index a61cd8bda25..9c896f6c90f 100644 --- a/admin/tool/lp/editcompetencyframework.php +++ b/admin/tool/lp/editcompetencyframework.php @@ -39,7 +39,7 @@ if (!empty($id)) { } // We check that we have the permission to edit this framework, in its own context. -require_login(); +require_login(null, false); \core_competency\api::require_enabled(); require_capability('moodle/competency:competencymanage', $context); diff --git a/admin/tool/monitor/edit.php b/admin/tool/monitor/edit.php index 1e01a32d164..9ffa433380c 100644 --- a/admin/tool/monitor/edit.php +++ b/admin/tool/monitor/edit.php @@ -29,7 +29,7 @@ $courseid = optional_param('courseid', 0, PARAM_INT); // Validate course id. if (empty($courseid)) { - require_login(); + require_login(null, false); $context = context_system::instance(); $coursename = format_string($SITE->fullname, true, array('context' => $context)); $PAGE->set_context($context); diff --git a/admin/tool/monitor/index.php b/admin/tool/monitor/index.php index 65d9cdd3696..5392fd62805 100644 --- a/admin/tool/monitor/index.php +++ b/admin/tool/monitor/index.php @@ -36,7 +36,7 @@ $confirm = optional_param('confirm', false, PARAM_BOOL); $choose = false; // Validate course id. if (empty($courseid)) { - require_login(); + require_login(null, false); $context = context_system::instance(); // check system level capability. if (!has_capability('tool/monitor:subscribe', $context)) { diff --git a/admin/tool/monitor/managerules.php b/admin/tool/monitor/managerules.php index 13f21a93d48..001ad64ae4a 100644 --- a/admin/tool/monitor/managerules.php +++ b/admin/tool/monitor/managerules.php @@ -33,6 +33,7 @@ $status = optional_param('status', 0, PARAM_BOOL); // Validate course id. if (empty($courseid)) { + admin_externalpage_setup('toolmonitorrules', '', null, '', array('pagelayout' => 'report')); $context = context_system::instance(); $coursename = format_string($SITE->fullname, true, array('context' => $context)); $PAGE->set_context($context); @@ -53,10 +54,6 @@ $PAGE->set_pagelayout('report'); $PAGE->set_title($coursename); $PAGE->set_heading($coursename); -// Site level report. -if (empty($courseid)) { - admin_externalpage_setup('toolmonitorrules', '', null, '', array('pagelayout' => 'report')); -} if (!empty($action) && $action == 'changestatus') { require_sesskey(); diff --git a/admin/tool/oauth2/endpoints.php b/admin/tool/oauth2/endpoints.php index cf3a3fe3b0b..bb39a821253 100644 --- a/admin/tool/oauth2/endpoints.php +++ b/admin/tool/oauth2/endpoints.php @@ -33,9 +33,7 @@ $strheading = get_string('pluginname', 'tool_oauth2'); $PAGE->set_title($strheading); $PAGE->set_heading($strheading); -require_login(); - -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $renderer = $PAGE->get_renderer('tool_oauth2'); diff --git a/admin/tool/oauth2/issuers.php b/admin/tool/oauth2/issuers.php index 87fb17d1132..87863905089 100644 --- a/admin/tool/oauth2/issuers.php +++ b/admin/tool/oauth2/issuers.php @@ -33,9 +33,7 @@ $strheading = get_string('pluginname', 'tool_oauth2'); $PAGE->set_title($strheading); $PAGE->set_heading($strheading); -require_login(); - -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $renderer = $PAGE->get_renderer('tool_oauth2'); diff --git a/admin/tool/oauth2/userfieldmappings.php b/admin/tool/oauth2/userfieldmappings.php index d0961ceb9d8..28fc5a6fead 100644 --- a/admin/tool/oauth2/userfieldmappings.php +++ b/admin/tool/oauth2/userfieldmappings.php @@ -33,9 +33,7 @@ $strheading = get_string('pluginname', 'tool_oauth2'); $PAGE->set_title($strheading); $PAGE->set_heading($strheading); -require_login(); - -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $renderer = $PAGE->get_renderer('tool_oauth2'); diff --git a/admin/tool/recyclebin/index.php b/admin/tool/recyclebin/index.php index c8940170984..747d4f61086 100644 --- a/admin/tool/recyclebin/index.php +++ b/admin/tool/recyclebin/index.php @@ -52,7 +52,7 @@ switch ($context->contextlevel) { break; case CONTEXT_COURSECAT: - require_login(); + require_login(null, false); $recyclebin = new \tool_recyclebin\category_bin($context->instanceid); if (!$recyclebin->can_view()) { diff --git a/admin/tool/task/clear_fail_delay.php b/admin/tool/task/clear_fail_delay.php index d820dda7265..8f41b453df9 100644 --- a/admin/tool/task/clear_fail_delay.php +++ b/admin/tool/task/clear_fail_delay.php @@ -29,9 +29,8 @@ require('../../../config.php'); require_once($CFG->libdir.'/cronlib.php'); // Basic security checks. -require_login(); +require_admin(); $context = context_system::instance(); -require_capability('moodle/site:config', $context); // Get task and check the parameter is valid. $taskname = required_param('task', PARAM_RAW_TRIMMED); diff --git a/admin/tool/task/schedule_task.php b/admin/tool/task/schedule_task.php index 13cf1cef1d2..939486ddc18 100644 --- a/admin/tool/task/schedule_task.php +++ b/admin/tool/task/schedule_task.php @@ -44,9 +44,8 @@ function tool_task_mtrace_wrapper($message, $eol) { $taskname = required_param('task', PARAM_RAW_TRIMMED); // Basic security checks. -require_login(); +require_admin(); $context = context_system::instance(); -require_capability('moodle/site:config', $context); if (!get_config('tool_task', 'enablerunnow')) { print_error('nopermissions', 'error', '', get_string('runnow', 'tool_task')); diff --git a/admin/tool/task/scheduledtasks.php b/admin/tool/task/scheduledtasks.php index 9af5359ce2c..90d8b8d0ebf 100644 --- a/admin/tool/task/scheduledtasks.php +++ b/admin/tool/task/scheduledtasks.php @@ -33,9 +33,7 @@ $strheading = get_string('scheduledtasks', 'tool_task'); $PAGE->set_title($strheading); $PAGE->set_heading($strheading); -require_login(); - -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $renderer = $PAGE->get_renderer('tool_task'); diff --git a/admin/updatesetting.php b/admin/updatesetting.php index a6b3b1dcfc1..7cbcb8a0bce 100644 --- a/admin/updatesetting.php +++ b/admin/updatesetting.php @@ -34,8 +34,7 @@ $type = required_param('type', PARAM_PLUGIN); $PAGE->set_url('/admin/updatesetting.php'); $PAGE->set_context(context_system::instance()); -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); require_sesskey(); $plugintypeclass = "\\core\\plugininfo\\{$type}"; diff --git a/admin/webservice/protocols.php b/admin/webservice/protocols.php index 6c6ff67f923..688fe144d78 100644 --- a/admin/webservice/protocols.php +++ b/admin/webservice/protocols.php @@ -30,8 +30,7 @@ require_once($CFG->libdir.'/tablelib.php'); $PAGE->set_url('/' . $CFG->admin . '/webservice/protocols.php'); //TODO: disable the blocks here or better make the page layout default to no blocks! -require_login(); -require_capability('moodle/site:config', context_system::instance()); +require_admin(); $returnurl = $CFG->wwwroot . "/" . $CFG->admin . "/settings.php?section=webserviceprotocols"; diff --git a/lib/adminlib.php b/lib/adminlib.php index 07f66e4aa9c..78b1a3523a4 100644 --- a/lib/adminlib.php +++ b/lib/adminlib.php @@ -8236,7 +8236,7 @@ function admin_externalpage_setup($section, $extrabutton = '', array $extraurlpa $PAGE->set_context(null); // hack - set context to something, by default to system context $site = get_site(); - require_login(); + require_login(null, false); if (!empty($options['pagelayout'])) { // A specific page layout has been requested. diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 820dc475545..617729c7e5f 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3028,6 +3028,14 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $ } } +/** + * A convenience function for where we must be logged in as admin + * @return void + */ +function require_admin() { + require_login(null, false); + require_capability('moodle/site:config', context_system::instance()); +} /** * This function just makes sure a user is logged out.