MDL-40043 Events API: Added user_loggedinas event to replace add_to_log

course/loginas.php

@@ -1,5 +1,5 @@
 <?php
-// Allows a teacher/admin to login as another user (in stealth mode)
+// Allows a teacher/admin to login as another user (in stealth mode).
 
 require_once('../config.php');
 require_once('lib.php');
@@ -10,7 +10,7 @@ $redirect = optional_param('redirect', 0, PARAM_BOOL);
 $url = new moodle_url('/course/loginas.php', array('id'=>$id));
 $PAGE->set_url($url);
 
-/// Reset user back to their real self if needed, for security reasons you need to log out and log in again
+// Reset user back to their real self if needed, for security reasons you need to log out and log in again.
 if (session_is_loggedinas()) {
     require_sesskey();
     require_logout();
@@ -29,15 +29,13 @@ if ($redirect) {
     redirect(get_login_url());
 }
 
-///-------------------------------------
-/// We are trying to log in as this user in the first place
-
-$userid = required_param('user', PARAM_INT);         // login as this user
+// Try log in as this user.
+$userid = required_param('user', PARAM_INT);
 
 require_sesskey();
 $course = $DB->get_record('course', array('id'=>$id), '*', MUST_EXIST);
 
-/// User must be logged in
+// User must be logged in.
 
 $systemcontext = context_system::instance();
 $coursecontext = context_course::instance($course->id);
@@ -62,13 +60,10 @@ if (has_capability('moodle/user:loginas', $systemcontext)) {
     $context = $coursecontext;
 }
 
-/// Login as this user and return to course home page.
-$oldfullname = fullname($USER, true);
+// Login as this user and return to course home page.
 session_loginas($userid, $context);
 $newfullname = fullname($USER, true);
 
-add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&amp;user=$userid", "$oldfullname -> $newfullname");
-
 $strloginas    = get_string('loginas');
 $strloggedinas = get_string('loggedinas', '', $newfullname);
 

lang/en/auth.php

@@ -82,6 +82,7 @@ $string['errorminpasswordnonalphanum'] = 'Passwords must have at least {$a} non-
 $string['errorminpasswordupper'] = 'Passwords must have at least {$a} upper case letter(s).';
 $string['errorpasswordupdate'] = 'Error updating password, password not changed';
 $string['event_user_loggedin'] = 'User has logged in';
+$string['eventuserloggedinas'] = 'User logged in as another user';
 $string['forcechangepassword'] = 'Force change password';
 $string['forcechangepasswordfirst_help'] = 'Force users to change password on their first login to Moodle.';
 $string['forcechangepassword_help'] = 'Force users to change password on their next login to Moodle.';

lib/classes/event/user_loggedinas.php

@@ -0,0 +1,86 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * User loggedinas event.
+ *
+ * @package    core
+ * @copyright  2013 Rajesh Taneja <rajesh@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace core\event;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * User loggedinas event class.
+ *
+ * @package    core
+ * @copyright  2013 Rajesh Taneja <rajesh@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class user_loggedinas extends base {
+
+    /**
+     * Init method.
+     *
+     * @return void
+     */
+    protected function init() {
+        $this->data['crud'] = 'r';
+        // TODO MDL-41040 set level.
+        $this->data['level'] = 50;
+        $this->data['objecttable'] = 'user';
+    }
+
+    /**
+     * Return localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventuserloggedinas', 'auth');
+    }
+
+    /**
+     * Returns non-localised event description with id's for admin use only.
+     *
+     * @return string
+     */
+    public function get_description() {
+        return 'Userid ' . $this->userid . ' has logged in as '. $this->relateduserid;
+    }
+
+    /**
+     * Return legacy data for add_to_log().
+     *
+     * @return array
+     */
+    protected function get_legacy_logdata() {
+        return array($this->courseid, 'course', 'loginas', '../user/view.php?id=' . $this->courseid . '&amp;user=' . $this->userid,
+            $this->other['originalusername'] . ' -> ' . $this->other['loggedinasusername']);
+    }
+
+    /**
+     * Get URL related to the action.
+     *
+     * @return \moodle_url
+     */
+    public function get_url() {
+        return new \moodle_url('/user/view.php', array('id' => $this->objectid));
+    }
+}

lib/sessionlib.php

@@ -1163,11 +1163,13 @@ function session_get_realuser() {
  * @return void
  */
 function session_loginas($userid, $context) {
+    global $USER;
+
     if (session_is_loggedinas()) {
         return;
     }
 
-    // switch to fresh new $SESSION
+    // Switch to fresh new $SESSION.
     $_SESSION['REALSESSION'] = $_SESSION['SESSION'];
     $_SESSION['SESSION']     = new stdClass();
 
@@ -1177,10 +1179,24 @@ function session_loginas($userid, $context) {
     $user->realuser       = $_SESSION['REALUSER']->id;
     $user->loginascontext = $context;
 
-    // let enrol plugins deal with new enrolments if necessary
+    // Let enrol plugins deal with new enrolments if necessary.
     enrol_check_plugins($user);
-    // set up global $USER
+
+    // Create event before $USER is updated.
+    $event = \core\event\user_loggedinas::create(
+        array(
+            'objectid' => $USER->id,
+            'context' => $context,
+            'relateduserid' => $userid,
+            'other' => array(
+                'originalusername' => fullname($USER, true),
+                'loggedinasusername' => fullname($user, true)
+                )
+            )
+        );
+    // Set up global $USER.
     session_set_user($user);
+    $event->trigger();
 }
 
 /**

lib/tests/sessionlib_test.php

@@ -0,0 +1,88 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Unit tests for (some of) ../sessionlib.php.
+ *
+ * @package    core_session
+ * @category   phpunit
+ * @copyright  2103 Rajesh Taneja <rajesh@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+global $CFG;
+require_once($CFG->libdir . '/sessionlib.php');
+
+/**
+ * Unit tests for (some of) ../sessionlib.php.
+ *
+ * @package    core_session
+ * @category   phpunit
+ * @copyright  2103 Rajesh Taneja <rajesh@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class core_sessionlib_testcase extends advanced_testcase {
+
+    /**
+     * Test session_loginas.
+     */
+    public function test_session_loginas() {
+        global $USER;
+        $this->resetAfterTest();
+
+        // Set current user as Admin user and save it for later use.
+        $this->setAdminUser();
+        $adminuser = $USER;
+
+        // Create a new user and try admin loginas this user.
+        $user = $this->getDataGenerator()->create_user();
+        session_loginas($user->id, context_system::instance());
+
+        $this->assertSame($user->id, $USER->id);
+        $this->assertSame(context_system::instance(), $USER->loginascontext);
+        $this->assertSame($adminuser->id, $USER->realuser);
+
+        // Set user as current user and login as admin user in course context.
+        $this->setUser($user);
+        $this->assertNotEquals($adminuser->id, $USER->id);
+        $course = $this->getDataGenerator()->create_course();
+        $coursecontext = context_course::instance($course->id);
+
+        // Catch event triggred.
+        $sink = $this->redirectEvents();
+        session_loginas($adminuser->id, $coursecontext);
+        $events = $sink->get_events();
+        $sink->close();
+        $event = array_pop($events);
+
+        $this->assertSame($adminuser->id, $USER->id);
+        $this->assertSame($coursecontext, $USER->loginascontext);
+        $this->assertSame($user->id, $USER->realuser);
+
+        // Test event captured has proper information.
+        $this->assertInstanceOf('\core\event\user_loggedinas', $event);
+        $this->assertSame($user->id, $event->objectid);
+        $this->assertSame($adminuser->id, $event->relateduserid);
+        $this->assertSame($course->id, $event->courseid);
+        $this->assertEquals($coursecontext, $event->get_context());
+        $oldfullname = fullname($user, true);
+        $newfullname = fullname($adminuser, true);
+        $expectedlogdata = array($course->id, "course", "loginas", "../user/view.php?id=$course->id&amp;user=$user->id", "$oldfullname -> $newfullname");
+        $this->assertEventLegacyLogData($expectedlogdata, $event);
+    }
+}