moodle/backup/restore_check.html
Eloy Lafuente ac94303a42 MDL-19233 restore of roles - prevent role creation, role assignment and
permission overrides by observing corresponding caps. Improve role mapping a bit.
Credit goes to Daniel Neis. Merged from 19_STABLE
2010-03-22 22:33:30 +00:00

450 lines
20 KiB
HTML

<?php
//This page receive all the restore_form data. Then, if existing course
//has been selected, shows a list of courses to select one.
//It cheks that the parammeter from restore_form are coherent.
//It puts all the restore info in the session.
//Finally, it calls restore_execute to do the hard work
//Get objects from session
global $DB, $OUTPUT;
if ($SESSION) {
$info = $SESSION->info;
$course_header = $SESSION->course_header;
if (isset($SESSION->restore)) {
$restore = $SESSION->restore;
}
}
//Detect if we are coming from the restore form
$fromform = optional_param ('fromform', 0, PARAM_INT);
if ($form1 = data_submitted()) {
$currentcourseshortname = $course_header->course_shortname; //"store_ShortName";
$course_header->course_shortname = !empty($form1->shortname) ? $form1->shortname : ''; //"update_ShortName";
$course_header->course_fullname = !empty($form1->fullname) ? $form1->fullname : ''; //"update_FullName";
/// Roll dates only if the backup course has a start date
/// (some formats like main page, social..., haven't it and rolling dates
/// from 0 produces crazy dates. MDL-10125 and we have passed some custom startyear/month/day. MDL-12922
if ($course_header->course_startdate && !empty($form1->startyear)) {
$form1->startdate = make_timestamp($form1->startyear, $form1->startmonth, $form1->startday);
$currentcoursestartdate = $course_header->course_startdate;
$coursestartdatedateoffset = $form1->startdate - $currentcoursestartdate;
$restore->course_startdateoffset = $coursestartdatedateoffset; //change to restore
// Only apply rolling of dates if differences are bigger than one day
// that should solve current problems with daylight changes between
// backup and restore
if (abs($restore->course_startdateoffset) < 24 * 60 * 60) {
$coursestartdatedateoffset = 0;
$restore->course_startdateoffset = 0;
}
} else { // don't roll if the course hasn't start date
$coursestartdatedateoffset = 0;
$restore->course_startdateoffset = 0;
}
}
///Enforce SESSION->course_header rewrite (PHP 4.x needed because assigns are by value) MDL-8298
$SESSION->course_header = $course_header;
//If restore session info exists, but we are coming from the form
//it has prioriry
if (isset($restore) and !empty($fromform)) {
unset($restore);
}
// check for session objects
if (empty($info) or empty($course_header)) {
print_error('sessionmissing', 'debug', '',
'info and course_header');
}
//If the restore object doesn't exist, we are going
//to check every variable individually and create it
if (!isset($restore)) {
//Check that we have all we need
//backup_unique_code
$backup_unique_code = required_param('backup_unique_code', PARAM_INT);
//file
$file = required_param('file', PARAM_PATH);
//Checks for the required restoremod parameters
if ($allmods = $DB->get_records("modules")) {
foreach ($allmods as $mod) {
$modname = $mod->name;
$var = "restore_".$modname;
$$var = optional_param( $var,0, PARAM_CLEAN);
$var = "restore_user_info_".$modname;
$$var = optional_param( $var,0, PARAM_CLEAN);
$instances = !empty($info->mods[$mod->name]->instances) ? $info->mods[$mod->name]->instances : NULL;
if ($instances === NULL) {
continue;
}
foreach ($instances as $instance) {
$var = 'restore_'.$modname.'_instance_'.$instance->id;
$$var = optional_param($var,0,PARAM_INT);
$var = 'restore_user_info_'.$modname.'_instance_'.$instance->id;
$$var = optional_param($var,0,PARAM_INT);
}
}
}
//restoreto
$restore_restoreto = required_param('restore_restoreto', PARAM_INT);
//restore_metacourse
$restore_metacourse = required_param('restore_metacourse', PARAM_INT);
//restore_users
$restore_users = required_param('restore_users', PARAM_INT);
$restore_groups = required_param('restore_groups', PARAM_INT);
//restore_logs
$restore_logs = required_param('restore_logs', PARAM_INT);
//restore_user_files
$restore_user_files = required_param('restore_user_files', PARAM_INT);
//restore_course_files
$restore_course_files = required_param('restore_course_files', PARAM_INT);
//restore_site_files
$restore_site_files = required_param('restore_site_files', PARAM_INT);
//restore_gradebook_history
$restore_gradebook_history = required_param('restore_gradebook_history', PARAM_INT);
//restore_messages
$restore_messages = required_param('restore_messages', PARAM_INT);
//restore_blogs
$restore_blogs = required_param('restore_blogs', PARAM_INT);
//Check we've selected a course to restore to
$course_id = optional_param('course_id', 0, PARAM_INT);
//We are here, having all we need !!
//Create the restore object and put it in the session
$restore->backup_unique_code = $backup_unique_code;
$restore->file = $file;
if ($allmods = $DB->get_records("modules")) {
foreach ($allmods as $mod) {
$modname = $mod->name;
$var = "restore_".$modname;
$restore->mods[$modname]->restore=$$var;
$var = "restore_user_info_".$modname;
$restore->mods[$modname]->userinfo=$$var;
$instances = !empty($info->mods[$mod->name]->instances) ? $info->mods[$mod->name]->instances : NULL;
if ($instances === NULL) {
continue;
}
foreach ($instances as $instance) {
$var = 'restore_'.$modname.'_instance_'.$instance->id;
$restore->mods[$modname]->instances[$instance->id]->restore = $$var;
$var = 'restore_user_info_'.$modname.'_instance_'.$instance->id;
$restore->mods[$modname]->instances[$instance->id]->userinfo = $$var;
}
}
}
$restore->restoreto=$restore_restoreto;
$restore->metacourse=$restore_metacourse;
$restore->users=$restore_users;
$restore->groups=$restore_groups;
$restore->logs=$restore_logs;
$restore->user_files=$restore_user_files;
$restore->course_files=$restore_course_files;
$restore->site_files=$restore_site_files;
$restore->messages=$restore_messages;
$restore->blogs=$restore_blogs;
$restore->restore_gradebook_history=$restore_gradebook_history;
$restore->course_id=$course_id;
//add new vars to restore object
$restore->course_startdateoffset = $coursestartdatedateoffset;
$restore->course_shortname = $currentcourseshortname;
// create role mappings, not sure all should be here
if ($data2 = data_submitted()) {
foreach ($data2 as $tempname=>$tempdata) {
if (strstr($tempname, 'roles_')) {
$temprole = explode('_', $tempname);
$oldroleid = $temprole[1];
$newroleid = $tempdata;
$restore->rolesmapping[$oldroleid] = $newroleid;
}
}
}
// default role mapping for moodle < 1.7
if ($defaultteacheredit = optional_param('defaultteacheredit', 0, PARAM_INT)) {
$restore->rolesmapping['defaultteacheredit'] = $defaultteacheredit;
}
if ($defaultteacher = optional_param('defaultteacher', 0, PARAM_INT)) {
$restore->rolesmapping['defaultteacher'] = $defaultteacher;
}
if ($defaultstudent = optional_param('defaultstudent', 0, PARAM_INT)) {
$restore->rolesmapping['defaultstudent'] = $defaultstudent;
}
} else {
//We have the object, so check if we have a new course_id
//passed as parammeter
$course_id = optional_param('course_id', 0, PARAM_INT);
if ($course_id) {
$restore->course_id=$course_id;
}
}
// pass in the course category param
$restore->restore_restorecatto = optional_param('restore_restorecatto', 0, PARAM_INT);
//We have the object with data, put it in the session
$SESSION->restore = $restore;
//From here to the end of the script, only use the $restore object
//Check login
require_login();
$loginurl = get_login_url();
//Init restoreuserinfo
$restoreuserinfo = false;
//Check admin
if (!empty($id)) {
if (!has_capability('moodle/restore:restorecourse', get_context_instance(CONTEXT_COURSE, $id))) {
print_error("cannotuseadminadminorteacher", '', $loginurl);
}
$restoreuserinfo = has_capability('moodle/restore:userinfo', get_context_instance(CONTEXT_COURSE, $id));
} else {
if (!has_capability('moodle/restore:restorecourse', get_context_instance(CONTEXT_SYSTEM))) {
print_error("cannotuseadmin", '', $loginurl);
}
$restoreuserinfo = has_capability('moodle/restore:userinfo', get_context_instance(CONTEXT_SYSTEM));
}
//Check site
$site = get_site();
// Non-cached - get accessinfo
if (isset($USER->access)) {
$accessinfo = $USER->access;
} else {
$accessinfo = get_user_access_sitewide($USER->id);
}
// Get all the courses the user is able to restore to
$mycourses = get_user_courses_bycap($USER->id, 'moodle/restore:restorecourse', $accessinfo, true, 'c.sortorder ASC', array('id', 'fullname', 'shortname', 'visible'));
// Calculate if the user can create courses
$cancreatecourses = user_can_create_courses();
if (empty($restore->course_id) && ($restore->restoreto == RESTORETO_CURRENT_DELETING || $restore->restoreto == RESTORETO_CURRENT_ADDING)) {
$restore->course_id = $id; /// Force restore to current course, disabling pick course from list
}
//Set restore->deleting as needed
if ($restore->restoreto == RESTORETO_CURRENT_DELETING || $restore->restoreto == RESTORETO_EXISTING_DELETING) {
$restore->deleting = true;
} else {
$restore->deleting = false;
}
//Now, select the course if needed
if (empty($restore->course_id) && ($restore->restoreto == RESTORETO_EXISTING_DELETING || $restore->restoreto == RESTORETO_EXISTING_ADDING)) {
if ($courses = $mycourses) {
echo $OUTPUT->heading(get_string("choosecourse"));
echo $OUTPUT->box_start();
foreach ($courses as $course) {
if (!has_capability('moodle/restore:restorecourse', get_context_instance(CONTEXT_COURSE, $course->id))) {
continue;
}
if (empty($course->visible)) {
$optdimmed = ' class="dimmed" ';
} else {
$optdimmed = '';
}
echo "<a $optdimmed href=\"restore.php?course_id=$course->id&amp;launch=check&amp;id=$id&amp;file=$file\">".format_string($course->fullname).' ('.format_string($course->shortname).')</a><br />'."\n";
}
echo $OUTPUT->box_end();
} else {
echo $OUTPUT->heading(get_string("nocoursesyet"));
echo $OUTPUT->continue_button("$CFG->wwwroot/$CFG->admin/index.php");
}
//Checks everything and execute restore
} else if (($restore->restoreto != RESTORETO_NEW_COURSE and !empty($restore->course_id)) or ($restore->restoreto == RESTORETO_NEW_COURSE)) {
//Final access control check
if (empty($restore->course_id) and !$cancreatecourses) {
print_error("cannotrestoreadminorcreator");
} else if (!empty($restore->course_id) and !has_capability('moodle/restore:restorecourse', get_context_instance(CONTEXT_COURSE, $restore->course_id))) {
print_error("cannotrestoreadminoredit");
}
$show_continue_button = true;
$messages = array();
//Check and warn if we are restoring over frontpage (SITEID) course. MDL-19163
if ($restore->course_id == SITEID) {
if ($restore->restoreto == RESTORETO_CURRENT_DELETING) {
$messages[] = get_string ('restoretositedeleting');
} else if ($restore->restoreto == RESTORETO_CURRENT_ADDING) {
$messages[] = get_string ('restoretositeadding');
}
}
// If we have selected to roll dates on restore and the user is missing
// such capability (moodle/restore:rolldates) in the target course/category,
// disable roll of dates and warn
if ($restore->course_startdateoffset != 0) {
$canrolldates = false; // init to false
// if we know the target course, check the capability on it
if (!empty($restore->course_id)) {
$canrolldates = has_capability('moodle/restore:rolldates', get_context_instance(CONTEXT_COURSE, $restore->course_id));
// if we know the target category, check capability on it
} else if (!empty($restore->restore_restorecatto)) {
$canrolldates = has_capability('moodle/restore:rolldates', get_context_instance(CONTEXT_COURSECAT, $restore->restore_restorecatto));
}
if (!$canrolldates) {
$messages[] = get_string ("noteusercannotrolldatesoncontext");
$restore->course_startdateoffset = 0;
}
}
//Check if we've selected any mod's user info and restore->users
//is set to none. Change it to course and inform.
if ($restore->users == 2) {
$changed = false;
$mods = $restore->mods;
foreach ($mods as $mod) {
if ($mod->userinfo) {
$changed = true;
}
}
//If we have selected user files or messages or blogs, then users must be restored too
if ($restore->user_files || $restore->messages || $restore->blogs) {
$changed = 1;
}
if ($changed) {
$messages[] = get_string ("noteuserschangednonetocourse");
$restore->users = 1;
}
}
// Re-enforce 'moodle/restore:restorecourse' at system context to be able to restore all users
if ($restore->users == 0 and !has_capability('moodle/restore:restorecourse', get_context_instance(CONTEXT_SYSTEM))) {
$restore->users = 1; // users => course
}
// Re-enforce moodle/restore:userinfo capability
if (!$restoreuserinfo) {
$userinfocheck = true;
// Confirm that all the settings are properly set to no users
// if anything is wrong, message and stop
// First global settings
if ($restore->users != 2 or $restore->user_files or $restore->messages or $restore->blogs) {
$userinfocheck = false;
// Now all modules userinfo flag
} else {
$mods = $restore->mods;
foreach ($mods as $mod) {
if ($mod->userinfo) {
$userinfocheck = false;
}
}
}
if (!$userinfocheck) { // Something was wrong
$messages[] = get_string('restoreuserinfofailed');
$show_continue_button = false;
}
}
// Re-check all the roles creation/mapping stuff
if (!empty($restore->course_id)) {
$contexttosearch = get_context_instance(CONTEXT_COURSE, $restore->course_id);
// if we know the target category, check capability on it
} else if (!empty($restore->restore_restorecatto)) {
$contexttosearch = get_context_instance(CONTEXT_COURSECAT, $restore->restore_restorecatto);
} else {
$contexttosearch = get_context_instance(CONTEXT_SYSTEM);
}
$cancreateroles = has_capability('moodle/role:manage', get_context_instance(CONTEXT_SYSTEM));
$canassignroles = has_capability('moodle/role:assign', $contexttosearch);
$canoverridecaps= has_capability('moodle/role:override', $contexttosearch) || has_capability('moodle/role:safeoverride', $contexttosearch);
if (!empty($restore->rolesmapping)) {
foreach ($restore->rolesmapping as $originalrole => $targetrole) {
// First, if new role is selected, check used really can do that
if (empty($targetrole) && !$cancreateroles) {
$messages[] = get_string('restorecannotcreateorassignroles');
$show_continue_button = false;
break;
}
// Now, check that the target role is available for role assignments
if (!empty($targetrole) && !$canassignroles) {
$messages[] = get_string('restorecannotassignroles');
$show_continue_button = false;
break;
}
// Now, check that the target role is available for capability overrides
if (!empty($targetrole) && !$canoverridecaps) {
$messages[] = get_string('restorecannotoverrideperms');
$show_continue_button = false;
break;
}
}
}
/// If restoring users and backup has mnet remote users and we are restoring to different site, forbid restore to non-admins. MDL-17009
if ($restore->users != 2 && /// If restoring users
!empty($info->mnet_remoteusers) && $info->mnet_remoteusers === 'true' && /// and backup contains remote users
!backup_is_same_site($info)) { /// and backup is being restored to different site
/// If user is admin (by 'moodle/user:create' cap), warn about conversion to local auth if missing mnet hosts and continue restore
if (has_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM))) {
$messages[] = get_string('mnetrestore_extusers_admin', 'admin');
$show_continue_button = true;
/// else, notify about the thing (suggesting to ask admin) and stop restore
} else {
$messages[] = get_string('mnetrestore_extusers_noadmin', 'admin');
$show_continue_button = false;
}
}
//Save the restore session object
$SESSION->restore = $restore;
// Calculate all session objects checksum and store them in session too
// so restore_execute.html (used by manual restore and import) will be
// able to detect any problem in session info.
restore_save_session_object_checksums($restore, $info, $course_header);
echo "<div style='text-align:center'>";
/// Printout messages
foreach ($messages as $message) {
echo '<p>' . $message . '</p>';
}
/// Warning and button
if ($show_continue_button) {
//Print the continue button to execute the restore NOW !!!!
//All is prepared !!!
$hidden["launch"] = "execute";
$hidden["file"] = $file;
$hidden["id"] = $id;
$hidden["sesskey"] = sesskey();
print_string('longtimewarning','admin');
/// Restore button
echo $OUTPUT->single_button(new moodle_url("restore.php", $hidden), get_string("restorecoursenow"));
}
echo "</div>";
//If we are here. Something must be wrong. Debug !!!
} else {
print_object($restore);
print_object($info);
print_object($course_header);
print_error('error');
}