mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 22:08:20 +01:00
New implementation of loginas see MDL-6626
This commit is contained in:
moodler
parent
9343a7333a
commit
6c95827fdf
@ -9,6 +9,7 @@
|
||||
|
||||
if (!empty($USER->realuser)) {
|
||||
$USER = get_complete_user_data('id', $USER->realuser);
|
||||
load_user_capability(); // load all this user's normal capabilities
|
||||
|
||||
if (isset($SESSION->oldcurrentgroup)) { // Restore previous "current group" cache.
|
||||
$SESSION->currentgroup = $SESSION->oldcurrentgroup;
|
||||
@ -26,11 +27,12 @@
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
///-------------------------------------
|
||||
/// try to login as student if allowed
|
||||
/// We are trying to log in as this user in the first place
|
||||
|
||||
$id = required_param('id', PARAM_INT); // course id
|
||||
$user = required_param('user', PARAM_INT); // login as this user
|
||||
$password = optional_param('password', '', PARAM_RAW); // site wide password
|
||||
$userid = required_param('user', PARAM_INT); // login as this user
|
||||
|
||||
if (!$site = get_site()) {
|
||||
error("Site isn't defined!");
|
||||
@ -40,86 +42,53 @@
|
||||
error("Course ID was incorrect");
|
||||
}
|
||||
|
||||
if ($course->category) {
|
||||
/// User must be logged in
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
require_login();
|
||||
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
|
||||
} else {
|
||||
require_login($course->id);
|
||||
$context = get_context_instance(CONTEXT_COURSE, $course->id);
|
||||
}
|
||||
|
||||
// $user must be defined to go on
|
||||
/// User must have permissions
|
||||
|
||||
if (!isteacher($course->id)) {
|
||||
error("Only teachers can use this page!");
|
||||
require_capability('moodle/user:loginas', $context);
|
||||
|
||||
if (!has_capability('moodle/course:view', $context, $userid, false)) {
|
||||
error('This user is not in this course!');
|
||||
}
|
||||
|
||||
// validate loginaspassword if defined in config.php
|
||||
|
||||
if (empty($SESSION->loginasvalidated) && !empty($CFG->loginaspassword)) {
|
||||
if ($password == $CFG->loginaspassword && confirm_sesskey()) {
|
||||
$SESSION->loginasvalidated = true;
|
||||
} else {
|
||||
$strloginaspasswordexplain = get_string('loginaspasswordexplain');
|
||||
$strloginas = get_string('loginas');
|
||||
$strpassword = get_string('password');
|
||||
|
||||
print_header("$site->fullname: $strloginas", "$site->fullname: $strloginas",
|
||||
' ', 'passwordform.password');
|
||||
print_simple_box_start('center', '50%', '', 5, 'noticebox');
|
||||
?>
|
||||
<p align="center"><?php echo $strloginaspasswordexplain?></p>
|
||||
<form action="loginas.php" name="passwordform" method="post">
|
||||
<table border="0" cellpadding="3" cellspacing="3" align="center">
|
||||
<tr><td><?php echo $strpassword?>:</td>
|
||||
<td><input type="password" name="password" size="15" value="" alt="<?php p($strpassword)?>" /></td>
|
||||
<td><input type="submit" value="<?php p($strloginas)?>" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="id" value="<?php p($id)?>"/>
|
||||
<input type="hidden" name="user" value="<?php p($user)?>"/>
|
||||
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey)?>"/>
|
||||
</form>
|
||||
<?php
|
||||
print_simple_box_end();
|
||||
print_footer();
|
||||
die;
|
||||
}
|
||||
}
|
||||
|
||||
if ($course->category and !has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id), $user) and !isadmin()) {
|
||||
error("This student is not in this course!");
|
||||
}
|
||||
|
||||
if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user))) {
|
||||
error("You can not login as this person!");
|
||||
}
|
||||
|
||||
// Remember current timeaccess settings for later
|
||||
/// Remember current timeaccess settings for later
|
||||
|
||||
if (isset($USER->timeaccess)) {
|
||||
$SESSION->oldtimeaccess = $USER->timeaccess;
|
||||
}
|
||||
|
||||
// Login as this student and return to course home page.
|
||||
/// Login as this user and return to course home page.
|
||||
|
||||
$teacher_name = fullname($USER, true);
|
||||
$teacher_id = "$USER->id";
|
||||
$oldfullname = fullname($USER, true);
|
||||
$olduserid = $USER->id;
|
||||
|
||||
$USER = get_complete_user_data('id', $user); // Create the new USER object with all details
|
||||
$USER->realuser = $teacher_id;
|
||||
$USER = get_complete_user_data('id', $userid); // Create the new USER object with all details
|
||||
$USER->realuser = $olduserid;
|
||||
|
||||
load_user_capability('', $context); // load this user's capabilities for this context only
|
||||
|
||||
if (isset($SESSION->currentgroup)) { // Remember current cache setting for later
|
||||
$SESSION->oldcurrentgroup = $SESSION->currentgroup;
|
||||
unset($SESSION->currentgroup);
|
||||
}
|
||||
|
||||
$student_name = fullname($USER, true);
|
||||
$newfullname = fullname($USER, true);
|
||||
|
||||
add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$user", "$teacher_name -> $student_name");
|
||||
add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$userid", "$oldfullname -> $newfullname");
|
||||
|
||||
$strloginas = get_string('loginas');
|
||||
$strloggedinas = get_string('loggedinas', '', $newfullname);
|
||||
|
||||
$strloginas = get_string("loginas");
|
||||
$strloggedinas = get_string("loggedinas", "", $student_name);
|
||||
|
||||
print_header_simple("$strloginas $student_name", '', "$strloginas $student_name", '', '',
|
||||
true, ' ', navmenu($course));
|
||||
print_header_simple($strloggedinas, '', $strloggedinas, '', '', true, ' ', navmenu($course));
|
||||
notice($strloggedinas, "$CFG->wwwroot/course/view.php?id=$course->id");
|
||||
|
||||
|
||||
|
||||
@ -355,6 +355,35 @@ $moodle_capabilities = array(
|
||||
)
|
||||
),
|
||||
|
||||
'moodle/user:viewusergrades' => array(
|
||||
'captype' => 'write',
|
||||
'contextlevel' => CONTEXT_COURSE,
|
||||
'legacy' => array(
|
||||
'guest' => CAP_PREVENT,
|
||||
'student' => CAP_ALLOW,
|
||||
'teacher' => CAP_ALLOW,
|
||||
'editingteacher' => CAP_ALLOW,
|
||||
'coursecreator' => CAP_ALLOW,
|
||||
'admin' => CAP_ALLOW
|
||||
)
|
||||
),
|
||||
|
||||
'moodle/user:loginas' => array(
|
||||
|
||||
'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
|
||||
|
||||
'captype' => 'write',
|
||||
'contextlevel' => CONTEXT_COURSE,
|
||||
'legacy' => array(
|
||||
'guest' => CAP_PREVENT,
|
||||
'student' => CAP_PREVENT,
|
||||
'teacher' => CAP_PREVENT,
|
||||
'editingteacher' => CAP_PREVENT,
|
||||
'coursecreator' => CAP_PREVENT,
|
||||
'admin' => CAP_ALLOW
|
||||
)
|
||||
),
|
||||
|
||||
'moodle/role:assign' => array(
|
||||
|
||||
'captype' => 'write',
|
||||
@ -1071,19 +1100,6 @@ $moodle_capabilities = array(
|
||||
'coursecreator' => CAP_ALLOW,
|
||||
'admin' => CAP_ALLOW
|
||||
)
|
||||
),
|
||||
|
||||
'moodle/user:viewusergrades' => array(
|
||||
'captype' => 'write',
|
||||
'contextlevel' => CONTEXT_USER,
|
||||
'legacy' => array(
|
||||
'guest' => CAP_PREVENT,
|
||||
'student' => CAP_ALLOW,
|
||||
'teacher' => CAP_ALLOW,
|
||||
'editingteacher' => CAP_ALLOW,
|
||||
'coursecreator' => CAP_ALLOW,
|
||||
'admin' => CAP_ALLOW
|
||||
)
|
||||
)
|
||||
|
||||
);
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
// This is compared against the values stored in the database to determine
|
||||
// whether upgrades should be performed (see lib/db/*.php)
|
||||
|
||||
$version = 2006092800; // YYYYMMDD = date
|
||||
$version = 2006092801; // YYYYMMDD = date
|
||||
// XY = increments within a single day
|
||||
|
||||
$release = '1.7 dev'; // Human-friendly version name
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user