mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 14:27:22 +01:00
209 lines
7.2 KiB
PHP
209 lines
7.2 KiB
PHP
<?php
|
|
|
|
// Allows the admin to control user logins from remote moodles.
|
|
|
|
require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
|
|
require_once($CFG->libdir.'/adminlib.php');
|
|
include_once($CFG->dirroot.'/mnet/lib.php');
|
|
|
|
$sort = optional_param('sort', 'username', PARAM_ALPHA);
|
|
$dir = optional_param('dir', 'ASC', PARAM_ALPHA);
|
|
$page = optional_param('page', 0, PARAM_INT);
|
|
$perpage = optional_param('perpage', 30, PARAM_INT);
|
|
$action = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
|
|
|
|
require_login();
|
|
$adminroot = admin_get_root();
|
|
admin_externalpage_setup('ssoaccesscontrol', $adminroot);
|
|
admin_externalpage_print_header($adminroot);
|
|
|
|
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
|
|
$sesskey = sesskey();
|
|
$formerror = array();
|
|
|
|
// grab the mnet hosts and remove the localhost
|
|
$mnethosts = get_records_menu('mnet_host', '', '', 'name', 'id, name');
|
|
if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
|
|
unset($mnethosts[$CFG->mnet_localhost_id]);
|
|
}
|
|
|
|
|
|
|
|
// process actions
|
|
if (!empty($action) and confirm_sesskey()) {
|
|
|
|
// boot if insufficient permission
|
|
if (!has_capability('moodle/user:delete', $sitecontext)) {
|
|
error('You are not permitted to modify the MNET access control list.');
|
|
}
|
|
|
|
// fetch the record in question
|
|
$id = required_param('id', PARAM_INT);
|
|
if (!$idrec = get_record('mnet_sso_access_control', 'id', $id)) {
|
|
error('Record does not exist.', '/admin/mnet/access_control.php');
|
|
}
|
|
|
|
switch ($action) {
|
|
|
|
case "delete":
|
|
delete_records('mnet_sso_access_control', 'id', $id);
|
|
notify("SSO ACL: delete record for user '{$idrec->username}' from {$mnethosts[$idrec->mnet_host_id]}.");
|
|
break;
|
|
|
|
case "acl":
|
|
|
|
// require the access parameter, and it must be 'allow' or 'deny'
|
|
$access = trim(strtolower(required_param('access', PARAM_ALPHA)));
|
|
if ($access != 'allow' and $access != 'deny') {
|
|
error('Invalid access parameter.', '/admin/mnet/access_control.php');
|
|
}
|
|
|
|
if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $access)) {
|
|
notify("SSO ACL: $access user '{$idrec->username}' from {$mnethosts[$idrec->mnet_host_id]}");
|
|
}
|
|
break;
|
|
|
|
default:
|
|
error('Invalid action parameter.', '/admin/mnet/access_control.php');
|
|
}
|
|
redirect('access_control.php', get_string('changessaved'));
|
|
}
|
|
|
|
|
|
|
|
// process the form results
|
|
if ($form = data_submitted() and confirm_sesskey()) {
|
|
|
|
// check permissions and verify form input
|
|
if (!has_capability('moodle/user:delete', $sitecontext)) {
|
|
error('You are not permitted to modify the MNET access control list.', '/admin/mnet/access_control.php');
|
|
}
|
|
if (empty($form->username)) {
|
|
$formerror['username'] = 'Please enter a username, or a list of usernames separated by commas.';
|
|
}
|
|
if (empty($form->mnet_host_id)) {
|
|
$formerror['mnet_host_id'] = 'Please select a remote Moodle host.';
|
|
}
|
|
if (empty($form->access)) {
|
|
$formerror['access'] = 'Please select an access level from the list.';
|
|
}
|
|
|
|
// process if there are no errors
|
|
if (count($formerror) == 0) {
|
|
|
|
// username can be a comma separated list
|
|
$usernames = explode(',', $form->username);
|
|
|
|
foreach ($usernames as $username) {
|
|
$username = trim(moodle_strtolower($username));
|
|
if (!empty($username)) {
|
|
if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->access)) {
|
|
notify("SSO ACL: $form->access user '$username' from {$mnethosts[$form->mnet_host_id]}");
|
|
}
|
|
}
|
|
}
|
|
redirect('access_control.php', get_string('changessaved'));
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// output the ACL table
|
|
$columns = array("username", "mnet_host_id", "access", "delete");
|
|
$headings = array();
|
|
$string = array('username' => get_string('username'),
|
|
'mnet_host_id' => get_string('remotehost', 'mnet'),
|
|
'access' => get_string('accesslevel', 'mnet'),
|
|
'delete' => get_string('delete'));
|
|
foreach ($columns as $column) {
|
|
if ($sort != $column) {
|
|
$columnicon = "";
|
|
$columndir = "ASC";
|
|
} else {
|
|
$columndir = $dir == "ASC" ? "DESC" : "ASC";
|
|
$columnicon = $dir == "ASC" ? "down" : "up";
|
|
$columnicon = " <img src=\"$CFG->pixpath/t/$columnicon.gif\" alt=\"\" />";
|
|
}
|
|
$headings[$column] = "<a href=\"?sort=$column&dir=$columndir&\">".$string[$column]."</a>$columnicon";
|
|
}
|
|
$headings['delete'] = '';
|
|
$acl = get_records('mnet_sso_access_control', '', '', "$sort $dir", '*'); //, $page * $perpage, $perpage);
|
|
$aclcount = count_records('mnet_sso_access_control');
|
|
|
|
if (!$acl) {
|
|
print_heading('No entries in the SSO access control list');
|
|
$table = NULL;
|
|
} else {
|
|
$table->head = $headings;
|
|
$table->align = array('left', 'left', 'center');
|
|
$table->width = "95%";
|
|
foreach ($acl as $aclrecord) {
|
|
if ($aclrecord->access == 'allow') {
|
|
$accesscolumn = get_string('allow', 'mnet')
|
|
. " (<a href=\"?id={$aclrecord->id}&action=acl&access=deny&sesskey={$USER->sesskey}\">"
|
|
. get_string('deny', 'mnet') . "</a>)";
|
|
} else {
|
|
$accesscolumn = get_string('deny', 'mnet')
|
|
. " (<a href=\"?id={$aclrecord->id}&action=acl&access=allow&sesskey={$USER->sesskey}\">"
|
|
. get_string('allow', 'mnet') . "</a>)";
|
|
}
|
|
$deletecolumn = "<a href=\"?id={$aclrecord->id}&action=delete&sesskey={$USER->sesskey}\">"
|
|
. get_string('delete') . "</a>";
|
|
$table->data[] = array ($aclrecord->username, $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
|
|
}
|
|
}
|
|
|
|
if (!empty($table)) {
|
|
print_table($table);
|
|
echo '<p> </p>';
|
|
print_paging_bar($aclcount, $page, $perpage, "?sort=$sort&dir=$dir&perpage=$perpage&");
|
|
}
|
|
|
|
|
|
|
|
// output the add form
|
|
print_simple_box_start('center','90%','','20');
|
|
|
|
?>
|
|
<div class="mnetaddtoaclform">
|
|
<form name="mnetaddtoacl" method="post">
|
|
<input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>">
|
|
<?php
|
|
|
|
// enter a username
|
|
echo get_string('username') . ":\n";
|
|
if (!empty($formerror['username'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
echo '<input type="text" name="username" size="20" maxlength="100">';
|
|
|
|
// choose a remote host
|
|
echo " " . get_string('remotehost', 'mnet') . ":\n";
|
|
if (!empty($formerror['mnet_host_id'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
choose_from_menu($mnethosts, 'mnet_host_id');
|
|
|
|
// choose an access level
|
|
echo " " . get_string('accesslevel', 'mnet') . ":\n";
|
|
if (!empty($formerror['access'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
$accessmenu['allow'] = get_string('allow', 'mnet');
|
|
$accessmenu['deny'] = get_string('deny', 'mnet');
|
|
choose_from_menu($accessmenu, 'access');
|
|
|
|
// submit button
|
|
echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '">';
|
|
echo "</form></div>\n";
|
|
|
|
// print errors
|
|
foreach ($formerror as $error) {
|
|
echo "<br><span class=\"error\">$error<span>";
|
|
}
|
|
|
|
print_simple_box_end();
|
|
admin_externalpage_print_footer($adminroot);
|
|
|
|
?>
|