mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-29 19:50:14 +01:00
Code Issues Projects Releases Wiki Activity

webservice MDL-20805 added token creation page in user profil (with service required capability check and moodle/webservice:createtoken capibility check)

Browse Source
This commit is contained in:
jerome mouneyrac 2010-01-12 10:34:52 +00:00
parent 645e2cc14d
commit 5eacbd4be4
7 changed files with 227 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
admin/webservice/forms.php
View File

@ -140,27 +140,35 @@ class web_service_token_form extends moodleform {
$mform->addElement('header', 'token', get_string('token', 'webservice'));
//user searchable selector
$sql = "SELECT user.id, user.firstname, user.lastname, rassign.roleid
FROM {user} user
LEFT JOIN {role_assignments} rassign
ON user.id = rassign.userid
ORDER BY user.lastname";
$users = $DB->get_records_sql($sql,array());
$options = array();
foreach ($users as $userid => $user) {
if ($user->roleid != 1) {
$options[$userid] = $user->firstname. " " . $user->lastname;
if (empty($data->nouserselection)) {
//user searchable selector
$sql = "SELECT user.id, user.firstname, user.lastname, rassign.roleid
FROM {user} user
LEFT JOIN {role_assignments} rassign
ON user.id = rassign.userid
ORDER BY user.lastname";
$users = $DB->get_records_sql($sql,array());
$options = array();
foreach ($users as $userid => $user) {
if ($user->roleid != 1) {
$options[$userid] = $user->firstname. " " . $user->lastname;
}
}
$mform->addElement('searchableselector', 'user', get_string('user'),$options);
$mform->addRule('user', get_string('required'), 'required', null, 'client');
}
$mform->addElement('searchableselector', 'user', get_string('user'),$options);
$mform->addRule('user', get_string('required'), 'required', null, 'client');
//service selector
$services = $DB->get_records('external_services');
$options = array();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
foreach ($services as $serviceid => $service) {
$options[$serviceid] = $service->name;
//check that the user has the required capability (only for generation by the profil page)
if (empty($data->nouserselection)
|| empty($service->requiredcapability)
|| has_capability($service->requiredcapability, $systemcontext, $USER->id)) {
$options[$serviceid] = $service->name;
}
}
$mform->addElement('select', 'service', get_string('service', 'webservice'),$options);
$mform->addRule('service', get_string('required'), 'required', null, 'client');

6
admin/webservice/tokens.php
View File

@ -67,7 +67,11 @@ switch ($action) {
} else {
$newtoken = new object();
$newtoken->token = $generatedtoken;
$newtoken->externalserviceid = $data->service;
if (empty($service->requiredcapability) || has_capability($service->requiredcapability, $systemcontext, $data->user)) {
$newtoken->externalserviceid = $data->service;
} else {
throw new moodle_exception('userhasnocapabilitytousethisservice');
}
$newtoken->tokentype = 2;
$newtoken->userid = $data->user;
//TODO: find a way to get the context - UPDATE FOLLOWING LINE

1
lang/en_utf8/role.php
View File

@ -272,6 +272,7 @@ $string['userswithrole'] = 'All users with a role';
$string['useshowadvancedtochange'] = 'Use \'Show advanced\' to change';
$string['viewrole'] = 'View role details';
$string['viewingdefinitionofrolex'] = 'Viewing the definition of role \'$a\'';
$string['webservice:createtoken'] = 'Create a web service token';
$string['whydoesuserhavecap'] = 'Why does $a->fullname have capability $a->capability in context $a->context?';
$string['whydoesusernothavecap'] = 'Why does $a->fullname not have capability $a->capability in context $a->context?';
$string['xroleassignments'] = '$a\'s role assignments';

9
lib/db/access.php
View File

@ -1509,5 +1509,14 @@ $capabilities = array(
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'moodle/webservice:createtoken' => array(
'riskbitmask' => RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);

6
lib/navigationlib.php
View File

@ -3354,6 +3354,12 @@ class settings_navigation extends navigation_node {
}
}
// Webservice
if ($currentuser && !empty($CFG->enablewebservices) && has_capability('moodle/webservice:createtoken', $systemcontext)) {
$url = new moodle_url($CFG->wwwroot .'/user/managetoken.php', array('sesskey'=>sesskey()));
$usersetting->add(get_string('webservices', 'webservice'), $url, self::TYPE_SETTING);
}
// Repository
if (!$currentuser) {
require_once($CFG->dirroot . '/repository/lib.php');

183
user/managetoken.php Normal file
View File

@ -0,0 +1,183 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Web service test client.
*
* @package webservice
* @copyright 2009 Moodle Pty Ltd (http://moodle.com)
* @author Petr Skoda (skodak)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require('../config.php');
$PAGE->set_url('user/managetoken.php');
$action = optional_param('action', '', PARAM_ACTION);
$tokenid = optional_param('tokenid', '', PARAM_SAFEDIR);
$confirm = optional_param('confirm', 0, PARAM_BOOL);
require_login();
require_sesskey();
$returnurl = "$CFG->wwwroot/user/managetoken.php?sesskey=" . sesskey();
//TODO: include tabs.php => tabs.php is a bit ugly require variable $course, $user to be defined here
//look to a better solution, do we really need it? (see /user/portfolio.php and other profil pages)
switch ($action) {
case 'create':
require_once($CFG->dirroot."/admin/webservice/forms.php");
$mform = new web_service_token_form(null, array('action' => 'create', 'nouserselection' => true));
if ($mform->is_cancelled()) {
redirect($returnurl);
} else if ($data = $mform->get_data()) {
ignore_user_abort(true); // no interruption here!
//generate token
$generatedtoken = md5(uniqid(rand(),1));
// make sure the token doesn't exist (even if it should be almost impossible with the random generation)
if ($DB->record_exists('external_tokens', array('token'=>$generatedtoken))) {
throw new moodle_exception('tokenalreadyexist');
} else {
$newtoken = new object();
$newtoken->token = $generatedtoken;
//check that the user has capability on this service
$service = $DB->get_record('external_services', array('id' => $data->service));
if (empty($service)) {
throw new moodle_exception('servicedonotexist');
}
if (empty($service->requiredcapability) || has_capability($service->requiredcapability, $systemcontext, $USER->id)) {
$newtoken->externalserviceid = $data->service;
} else {
throw new moodle_exception('nocapabilitytousethisservice');
}
$newtoken->tokentype = 2;
$newtoken->userid = $USER->id;
//TODO: find a way to get the context - UPDATE FOLLOWING LINE
$newtoken->contextid = get_context_instance(CONTEXT_SYSTEM)->id;
$newtoken->creatorid = $USER->id;
$newtoken->timecreated = time();
$newtoken->validuntil = $data->validuntil;
if (!empty($data->iprestriction)) {
$newtoken->iprestriction = $data->iprestriction;
}
$DB->insert_record('external_tokens', $newtoken);
}
redirect($returnurl);
}
//ask for function id
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('createtoken', 'webservice'));
$mform->display();
echo $OUTPUT->footer();
die;
break;
case 'delete':
$sql = "SELECT
token.id, token.token, user.firstname, user.lastname, service.name
FROM
{external_tokens} token, {user} user, {external_services} service
WHERE
token.creatorid=? AND token.id=? AND token.tokentype = 2 AND service.id = token.externalserviceid AND token.userid = user.id";
$token = $DB->get_record_sql($sql, array($USER->id, $tokenid), MUST_EXIST); //must be the token creator
if (!$confirm) {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('managetokens', 'webservice'));
$optionsyes = array('tokenid'=>$tokenid, 'action'=>'delete', 'confirm'=>1, 'sesskey'=>sesskey());
$optionsno = array('section'=>'webservicetokens', 'sesskey'=>sesskey());
$formcontinue = new single_button(new moodle_url($returnurl, $optionsyes), get_string('delete'));
$formcancel = new single_button(new moodle_url($returnurl, $optionsno), get_string('cancel'), 'get');
echo $OUTPUT->confirm(get_string('deletetokenconfirm', 'webservice', (object)array('user'=>$token->firstname." ".$token->lastname, 'service'=>$token->name)), $formcontinue, $formcancel);
echo $OUTPUT->footer();
die;
}
$DB->delete_records('external_tokens', array('id'=>$token->id));
redirect($returnurl);
break;
default: //display the list of token
// display strings
$stroperation = get_string('operation', 'webservice');
$strtoken = get_string('token', 'webservice');
$strservice = get_string('service', 'webservice');
$struser = get_string('user');
$strcontext = get_string('context', 'webservice');
$strvaliduntil = get_string('validuntil', 'webservice');
$return = $OUTPUT->heading(get_string('webservicetokens', 'webservice'), 3, 'main', true);
$return .= $OUTPUT->box_start('generalbox webservicestokenui');
$table = new html_table();
$table->head = array($strtoken, $struser, $strservice, $strcontext, $strvaliduntil, $stroperation);
$table->align = array('left', 'left', 'left', 'left', 'center');
$table->width = '100%';
$table->data = array();
//TODO: automatically delete obsolete token (service don't exist anymore), use LEFT JOIN for detection
//here retrieve token list (including linked users firstname/lastname and linked services name)
$sql = "SELECT
token.id, token.token, user.firstname, user.lastname, service.name, token.validuntil
FROM
{external_tokens} token, {user} user, {external_services} service
WHERE
token.creatorid=? AND token.tokentype = 2 AND service.id = token.externalserviceid AND token.userid = user.id";
$tokens = $DB->get_records_sql($sql, array( $USER->id));
if (!empty($tokens)) {
foreach ($tokens as $token) {
//TODO: retrieve context
$delete = "<a href=\"".$returnurl."&amp;action=delete&amp;tokenid=".$token->id."\">";
$delete .= get_string('delete')."</a>";
if (empty($_SERVER['HTTPS'])) {
$token->token = get_string('activatehttps', 'webservice');
}
$validuntil = '';
if (!empty($token->validuntil)) {
$validuntil = date("F j, Y"); //TODO: language support (look for moodle function)
}
$table->data[] = array($token->token, $token->firstname." ".$token->lastname, $token->name, '', $validuntil, $delete);
}
$return .= $OUTPUT->table($table);
$return .= get_string('httpswarning', 'webservice');
} else {
$return .= get_string('notoken', 'webservice');
}
$return .= $OUTPUT->box_end();
// "add a token" link
$return .= "<a href=\"".$returnurl."&amp;action=create\">";
$return .= get_string('add')."</a>";
echo $OUTPUT->header();
echo $return;
echo $OUTPUT->footer();
die();
break;
}
redirect($returnurl);

2
version.php
View File

@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
$version = 2010011200; // YYYYMMDD = date of the last version bump
$version = 2010011201; // YYYYMMDD = date of the last version bump
// XX = daily increments
$release = '2.0 dev (Build: 20100112)'; // Human-friendly version name