webservice MDL-20805 add admin token page. To do: create and delete operation + context support

admin/settings/plugins.php

@@ -236,7 +236,7 @@ if ($hassiteconfig) {
     }
 }
 
-    // Web services
+/// Web services
     $ADMIN->add('modules', new admin_category('webservicesettings', get_string('webservices', 'webservice')));
     $temp = new admin_settingpage('externalservices', get_string('externalservices', 'webservice'));
     $temp->add(new admin_setting_manageexternalservices());
@@ -244,6 +244,7 @@ if ($hassiteconfig) {
     $ADMIN->add('webservicesettings', new admin_externalpage('externalservice', get_string('externalservice', 'webservice'), "$CFG->wwwroot/$CFG->admin/webservice/service.php", 'moodle/site:config', true));
     $ADMIN->add('webservicesettings', new admin_externalpage('externalservicefunctions', get_string('externalservicefunctions', 'webservice'), "$CFG->wwwroot/$CFG->admin/webservice/service_functions.php", 'moodle/site:config', true));
     $ADMIN->add('webservicesettings', new admin_externalpage('externalserviceusers', get_string('externalserviceusers', 'webservice'), "$CFG->wwwroot/$CFG->admin/webservice/service_users.php", 'moodle/site:config', true));
+    /// manage protocol page link
     $temp = new admin_settingpage('webserviceprotocols', get_string('manageprotocols', 'webservice'));
     $temp->add(new admin_setting_managewebserviceprotocols());
     if (empty($CFG->enablewebservices)) {
@@ -251,6 +252,7 @@ if ($hassiteconfig) {
     }
     $temp->add(new admin_setting_configcheckbox('enablewsdocumentation', get_string('enablewsdocumentation', 'admin'), get_string('configenablewsdocumentation', 'admin'), false));
     $ADMIN->add('webservicesettings', $temp);
+    /// links to protocol pages
     $webservices_available = get_plugin_list('webservice');
     $active_webservices = empty($CFG->webserviceprotocols) ? array() : explode(',', $CFG->webserviceprotocols);
     foreach ($webservices_available as $webservice => $location) {
@@ -263,6 +265,14 @@ if ($hassiteconfig) {
             $ADMIN->add('webservicesettings', $settings);
         }
     }
+    /// manage token page link
+    $temp = new admin_settingpage('webservicetokens', get_string('managetokens', 'webservice'));
+    $temp->add(new admin_setting_managewebservicetokens());
+    if (empty($CFG->enablewebservices)) {
+        $temp->add(new admin_setting_heading('webservicesaredisabled', '', get_string('disabledwarning', 'webservice')));
+    }
+    $ADMIN->add('webservicesettings', $temp);
+    
 
 if ($hassiteconfig || has_capability('moodle/question:config', $systemcontext)) {
     // Question type settings.

admin/webservice/tokens.php

@@ -0,0 +1,63 @@
+<?php
+
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Web services tokens admin UI
+ *
+ * @package   webservice
+ * @author Jerome Mouneyrac
+ * @copyright 2009 Moodle Pty Ltd (http://moodle.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+require_once('../../config.php');
+
+$PAGE->set_url('/admin/webservice/tokens.php', array());
+
+require_login();
+require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM));
+
+$returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=webservicetokens";
+
+$action  = optional_param('action', '', PARAM_ACTION);
+$tokenid = optional_param('tokenid', '', PARAM_SAFEDIR);
+$confirm = optional_param('confirm', 0, PARAM_BOOL);
+
+
+////////////////////////////////////////////////////////////////////////////////
+// process actions
+
+if (!confirm_sesskey()) {
+    redirect($returnurl);
+}
+
+switch ($action) {
+
+    case 'create':
+        echo "I'm creating a token yoohoo";
+        break;
+
+    case 'delete':
+        $token = $DB->get_record('external_tokens', array('id' => $tokenid));
+        echo "coucou delete token id:".$token->id;
+        break;
+
+    default:
+        break;
+}
+
+redirect($returnurl);

lang/en_utf8/webservice.php

@@ -10,6 +10,7 @@ $string['apiexplorer'] = 'API explorer';
 $string['apiexplorernotavalaible'] = 'API explorer not available yet.';
 $string['arguments'] = 'Arguments';
 $string['configwebserviceplugins'] = 'For security reasons enable only protocols that are used.';
+$string['context'] = 'Context';
 $string['deleteservice'] = 'Delete the service: $a->name (id: $a->id)';
 $string['deleteserviceconfirm'] = 'Do you really want to delete external service \"$a\"?';
 $string['disabledwarning'] = 'All webs service protocols are disabled, the \Enable web services\" setting can be found in the \"Advanced features\" section.';
@@ -26,9 +27,13 @@ $string['externalserviceusers'] = 'External service users';
 $string['function'] = 'Function';
 $string['functions'] = 'Functions';
 $string['generalstructure'] = 'General structure';
+$string['httpswarning'] = 'Token strings are only displayed if your connection is secured (https)';
 $string['iprestriction'] = 'IP restriction';
 $string['manageprotocols'] = 'Manage protocols';
+$string['managetokens'] = 'Manage tokens';
 $string['norequiredcapability'] = 'No required capability';
+$string['notoken'] = 'You have created no token.';
+$string['operation'] = 'Operation';
 $string['optional'] = 'Optional';
 $string['phpparam'] = 'XML-RPC (PHP structure)';
 $string['phpresponse'] = 'XML-RPC (PHP structure)';
@@ -49,6 +54,7 @@ $string['restparam'] = 'REST (POST parameters)';
 $string['restrictedusers'] = 'Authorised users only';
 $string['selectedcapabilitydoesntexit'] = 'The currently set required capability ($a) doesn\'t exist anymore. Please change it and save the changes.';
 $string['selectedcapability'] = 'Selected';
+$string['service'] = 'Service';
 $string['servicename'] = 'Service name';
 $string['servicesbuiltin'] = 'Built-in services';
 $string['servicescustom'] = 'Custom services';
@@ -56,8 +62,10 @@ $string['serviceusers'] = 'Authorised users';
 $string['serviceusersmatching'] = 'Authorised users matching';
 $string['serviceuserssettings'] = 'Change settings for the authorised users';
 $string['testclient'] = 'Web service test client';
+$string['token'] = 'Token';
 $string['validuntil'] = 'Valid until';
 $string['webservices'] = 'Web services';
+$string['webservicetokens'] = 'Web service tokens';
 $string['wsdocumentation'] = 'Web service documentation';
 $string['wsdocumentationdisable'] = 'Web service documentation is disabled.';
 $string['wsdocumentationintro'] = 'Following is a listing of web service functions available for the username <b>$a</b>.<br/>To create a client we advise you to read the <a href=\"http://docs.moodle.org/en/Development:Creating_a_web_service_and_a_web_service_function#Create_your_own_client\">Moodle documentation</a>';

lib/adminlib.php

@@ -6414,3 +6414,113 @@ class admin_setting_managewebserviceprotocols extends admin_setting {
         return highlight($query, $return);
     }
 }
+
+
+/**
+ * Special class for web service token administration.
+ *
+ * @author Jerome Mouneyrac
+ */
+class admin_setting_managewebservicetokens extends admin_setting {
+
+    /**
+     * Calls parent::__construct with specific arguments
+     */
+    public function __construct() {
+        parent::__construct('webservicestokenui', get_string('managetokens', 'webservice'), '', '');
+    }
+
+    /**
+     * Always returns true, does nothing
+     *
+     * @return true
+     */
+    public function get_setting() {
+        return true;
+    }
+
+    /**
+     * Always returns true, does nothing
+     *
+     * @return true
+     */
+    public function get_defaultsetting() {
+        return true;
+    }
+
+    /**
+     * Always returns '', does not write anything
+     *
+     * @return string Always returns ''
+     */
+    public function write_setting($data) {
+    // do not write any setting
+        return '';
+    }
+
+    /**
+     * Builds the XHTML to display the control
+     *
+     * @param string $data Unused
+     * @param string $query
+     * @return string
+     */
+    public function output_html($data, $query='') {
+        global $CFG, $OUTPUT, $DB, $USER;
+
+        // display strings
+        $stroperation = get_string('operation', 'webservice');
+        $strtoken = get_string('token', 'webservice');
+        $strservice = get_string('service', 'webservice');
+        $struser = get_string('user');
+        $strcontext = get_string('context', 'webservice');
+
+      
+
+
+        $return = $OUTPUT->heading(get_string('webservicetokens', 'webservice'), 3, 'main', true);
+        $return .= $OUTPUT->box_start('generalbox webservicestokenui');
+
+        $table = new html_table();
+        $table->head  = array($strtoken, $struser, $strservice, $strcontext, $stroperation);
+        $table->align = array('left', 'left', 'left', 'left', 'center');
+        $table->width = '100%';
+        $table->data  = array();
+
+        $tokenpageurl = "$CFG->wwwroot/$CFG->admin/webservice/tokens.php?sesskey=" . sesskey();
+
+        //TODO: in order to let the administrator delete obsolete token, split this request in multiple request
+
+        //here retrieve token list (including linked users firstname/lastname and linked services name)
+        $sql = "SELECT
+                    token.id, token.token, user.firstname, user.lastname, service.name
+                FROM
+                    {external_tokens} token, {user} user, {external_services} service
+                WHERE
+                    token.creatorid=? AND service.id = token.externalserviceid AND token.userid = user.id";
+        $tokens = $DB->get_records_sql($sql, array( $USER->id));
+        if (!empty($tokens)) {
+            foreach ($tokens as $token) {
+                //TODO: retrieve context
+
+                $delete = "<a href=\"".$tokenpageurl."&amp;action=delete&amp;tokenid=".$token->id."\">";
+                $delete .= get_string('delete')."</a>";
+
+
+                $table->data[] = array($token->token, $token->firstname." ".$token->lastname, $token->name, '', $delete);
+            }
+
+            $return .= $OUTPUT->table($table);
+            $return .= get_string('httpswarning', 'webservice');
+        } else {
+            $return .= get_string('notoken', 'webservice');
+        }
+
+        $return .= $OUTPUT->box_end();
+        // add a token to the table
+        $return .= "<a href=\"".$tokenpageurl."&amp;action=create\">";
+        $return .= get_string('add')."</a>";
+
+        return highlight($query, $return);
+    }
+}

lib/db/install.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" ?>
-<XMLDB PATH="lib/db" VERSION="20091117" COMMENT="XMLDB file for core Moodle tables"
+<XMLDB PATH="lib/db" VERSION="20100106" COMMENT="XMLDB file for core Moodle tables"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:noNamespaceSchemaLocation="../../lib/xmldb/xmldb.xsd"
 >
@@ -2317,8 +2317,9 @@
         <FIELD NAME="userid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="owner of the token" PREVIOUS="tokentype" NEXT="externalserviceid"/>
         <FIELD NAME="externalserviceid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" PREVIOUS="userid" NEXT="sid"/>
         <FIELD NAME="sid" TYPE="char" LENGTH="128" NOTNULL="false" SEQUENCE="false" COMMENT="link to browser or emulated session" PREVIOUS="externalserviceid" NEXT="contextid"/>
-        <FIELD NAME="contextid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="context id where in token valid" PREVIOUS="sid" NEXT="iprestriction"/>
-        <FIELD NAME="iprestriction" TYPE="char" LENGTH="255" NOTNULL="false" SEQUENCE="false" COMMENT="ip restriction" PREVIOUS="contextid" NEXT="validuntil"/>
+        <FIELD NAME="contextid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="context id where in token valid" PREVIOUS="sid" NEXT="creatorid"/>
+        <FIELD NAME="creatorid" TYPE="int" LENGTH="20" NOTNULL="true" UNSIGNED="true" DEFAULT="1" SEQUENCE="false" COMMENT="user id of the token creator (useful to know when the administrator created a token and so display the token to a specific administrator)" PREVIOUS="contextid" NEXT="iprestriction"/>
+        <FIELD NAME="iprestriction" TYPE="char" LENGTH="255" NOTNULL="false" SEQUENCE="false" COMMENT="ip restriction" PREVIOUS="creatorid" NEXT="validuntil"/>
         <FIELD NAME="validuntil" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" COMMENT="timestampt - valid until data" PREVIOUS="iprestriction" NEXT="timecreated"/>
         <FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="created timestamp" PREVIOUS="validuntil" NEXT="lastaccess"/>
         <FIELD NAME="lastaccess" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" COMMENT="last access timestamp" PREVIOUS="timecreated"/>
@@ -2327,7 +2328,8 @@
         <KEY NAME="primary" TYPE="primary" FIELDS="id" NEXT="userid"/>
         <KEY NAME="userid" TYPE="foreign" FIELDS="userid" REFTABLE="user" REFFIELDS="id" PREVIOUS="primary" NEXT="externalserviceid"/>
         <KEY NAME="externalserviceid" TYPE="foreign" FIELDS="externalserviceid" REFTABLE="external_services" REFFIELDS="id" PREVIOUS="userid" NEXT="contextid"/>
-        <KEY NAME="contextid" TYPE="foreign" FIELDS="contextid" REFTABLE="context" REFFIELDS="id" PREVIOUS="externalserviceid"/>
+        <KEY NAME="contextid" TYPE="foreign" FIELDS="contextid" REFTABLE="context" REFFIELDS="id" PREVIOUS="externalserviceid" NEXT="creatorid"/>
+        <KEY NAME="creatorid" TYPE="foreign" FIELDS="creatorid" REFTABLE="user" REFFIELDS="id" PREVIOUS="contextid"/>
       </KEYS>
     </TABLE>
     <TABLE NAME="blog_association" COMMENT="Associations of blog entries with courses and module instances" PREVIOUS="external_tokens" NEXT="blog_external">
@@ -2360,4 +2362,4 @@
       </KEYS>
     </TABLE>
   </TABLES>
-</XMLDB>
+</XMLDB>

lib/db/upgrade.php

@@ -2835,6 +2835,28 @@ WHERE gradeitemid IS NOT NULL AND grademax IS NOT NULL");
         upgrade_main_savepoint($result, 2009112400);
     }
 
+    if ($result && $oldversion < 2010010601) {
+
+    /// Define field creatorid to be added to external_tokens
+        $table = new xmldb_table('external_tokens');
+        $field = new xmldb_field('creatorid', XMLDB_TYPE_INTEGER, '20', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '1', 'contextid');
+
+    /// Conditionally launch add field creatorid
+        if (!$dbman->field_exists($table, $field)) {
+            $dbman->add_field($table, $field);
+        }
+
+    /// Define key creatorid (foreign) to be added to external_tokens
+        $table = new xmldb_table('external_tokens');
+        $key = new xmldb_key('creatorid', XMLDB_KEY_FOREIGN, array('creatorid'), 'user', array('id'));
+
+    /// Launch add key creatorid
+        $dbman->add_key($table, $key);
+
+    /// Main savepoint reached
+        upgrade_main_savepoint($result, 2010010601);
+    }
+
     return $result;
 }
 

version.php

@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2010010502;  // YYYYMMDD   = date of the last version bump
+    $version = 2010010601;  // YYYYMMDD   = date of the last version bump
                             //         XX = daily increments
 
     $release = '2.0 dev (Build: 20100106)';  // Human-friendly version name