access_control.php 8.37 KB
Newer Older
1
<?php // $Id$
2
3
4
5
6
7
8
9
10
11
12
13
14
15

// Allows the admin to control user logins from remote moodles.

require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
require_once($CFG->libdir.'/adminlib.php');
include_once($CFG->dirroot.'/mnet/lib.php');

$sort         = optional_param('sort', 'username', PARAM_ALPHA);
$dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
$page         = optional_param('page', 0, PARAM_INT);
$perpage      = optional_param('perpage', 30, PARAM_INT);
$action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));

require_login();
16

17
admin_externalpage_setup('ssoaccesscontrol');
18

19
admin_externalpage_print_header();
moodler's avatar
moodler committed
20

21
if (!extension_loaded('openssl')) {
22
    print_error('requiresopenssl', 'mnet');
23
24
}

25
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
26
27
28
29
$sesskey = sesskey();
$formerror = array();

// grab the mnet hosts and remove the localhost
30
$mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
31
32
33
34
35
36
37
38
39
40
41
if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
    unset($mnethosts[$CFG->mnet_localhost_id]);
}



// process actions
if (!empty($action) and confirm_sesskey()) {
    
    // boot if insufficient permission
    if (!has_capability('moodle/user:delete', $sitecontext)) {
42
        print_error('nomodifyacl','mnet');
43
44
45
46
    }

    // fetch the record in question
    $id = required_param('id', PARAM_INT);
47
    if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
48
        print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
49
50
51
52
53
    }

    switch ($action) {

        case "delete":
54
            $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
donal72's avatar
donal72 committed
55
            redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
56
57
58
59
60
            break;

        case "acl":
        
            // require the access parameter, and it must be 'allow' or 'deny'
61
62
            $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
            if ($accessctrl != 'allow' and $accessctrl != 'deny') {
63
                print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
64
65
            }

66
67
            if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
                if ($accessctrl == 'allow') {
donal72's avatar
donal72 committed
68
                    redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
69
                } elseif ($accessctrl == 'deny') {
donal72's avatar
donal72 committed
70
71
                    redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
                }
72
73
74
75
            }
            break;

        default:
76
            print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
77
78
79
80
81
82
    }
}



// process the form results
83
if ($form = data_submitted() and confirm_sesskey()) {
84
85
86

    // check permissions and verify form input
    if (!has_capability('moodle/user:delete', $sitecontext)) {
87
        print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
88
89
    }
    if (empty($form->username)) {
90
        $formerror['username'] = get_string('enterausername','mnet');
91
92
    }
    if (empty($form->mnet_host_id)) {
93
        $formerror['mnet_host_id'] = get_string('selectahost','mnet');
94
    }
95
96
    if (empty($form->accessctrl)) {
        $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
97
98
99
100
101
102
103
104
105
106
107
    }

    // process if there are no errors
    if (count($formerror) == 0) {

        // username can be a comma separated list
        $usernames = explode(',', $form->username);

        foreach ($usernames as $username) {
            $username = trim(moodle_strtolower($username));
            if (!empty($username)) {
108
109
                if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
                    if ($form->accessctrl == 'allow') {
donal72's avatar
donal72 committed
110
                        redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($username, $mnethosts[$form->mnet_host_id])));
111
                    } elseif ($form->accessctrl == 'deny') {
donal72's avatar
donal72 committed
112
113
                        redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($username, $mnethosts[$form->mnet_host_id])));
                    }
114
115
116
117
                }
            }
        }
    }
donal72's avatar
donal72 committed
118
    exit;
119
120
}

121
122
123
124
// Explain
print_box(get_string('ssoacldescr','mnet'));
// Are the needed bits enabled?
$warn = '';
125
if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
126
127
    $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
}
skodak's avatar
skodak committed
128
129

if (!is_enabled_auth('mnet')) {
130
131
    $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
}
skodak's avatar
skodak committed
132

133
134
135
136
137
138
139
if (get_config('auth/mnet', 'auto_add_remote_users') != true) {
    $warn .= '<p>' .  get_string('authmnetautoadddisabled','mnet').'</p>';
}
if (!empty($warn)) {
    $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
    print_box($warn);
}
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// output the ACL table
$columns = array("username", "mnet_host_id", "access", "delete");
$headings = array();
$string = array('username'     => get_string('username'),
                'mnet_host_id' => get_string('remotehost', 'mnet'),
                'access'       => get_string('accesslevel', 'mnet'),
                'delete'       => get_string('delete'));
foreach ($columns as $column) {
    if ($sort != $column) {
        $columnicon = "";
        $columndir = "ASC";
    } else {
        $columndir = $dir == "ASC" ? "DESC" : "ASC";
        $columnicon = $dir == "ASC" ? "down" : "up";
154
        $columnicon = " <img src=\"" . $OUTPUT->old_icon_url('t/' . $columnicon) . "\" alt=\"\" />";
155
156
157
158
    }
    $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
}
$headings['delete'] = '';
159
160
$acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
$aclcount = $DB->count_records('mnet_sso_access_control');
161
162

if (!$acl) {
163
    echo $OUTPUT->heading(get_string('noaclentries','mnet'));
164
165
166
167
168
169
    $table = NULL;
} else {
    $table->head = $headings;
    $table->align = array('left', 'left', 'center');
    $table->width = "95%";
    foreach ($acl as $aclrecord) {
170
        if ($aclrecord->accessctrl == 'allow') {
171
            $accesscolumn = get_string('allow', 'mnet')
skodak's avatar
skodak committed
172
                . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
173
174
175
                . get_string('deny', 'mnet') . "</a>)";
        } else {
            $accesscolumn = get_string('deny', 'mnet')
skodak's avatar
skodak committed
176
                . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
177
178
                . get_string('allow', 'mnet') . "</a>)";
        }
skodak's avatar
skodak committed
179
        $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
                . get_string('delete') . "</a>";
        $table->data[] = array ($aclrecord->username, $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
    }
}

if (!empty($table)) {
    print_table($table);
    echo '<p>&nbsp;</p>';
    print_paging_bar($aclcount, $page, $perpage, "?sort=$sort&amp;dir=$dir&amp;perpage=$perpage&amp;");
}



// output the add form
print_simple_box_start('center','90%','','20');

?>
 <div class="mnetaddtoaclform"> 
198
  <form id="mnetaddtoacl" method="post">
donal72's avatar
donal72 committed
199
    <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
200
201
202
203
204
205
206
<?php

// enter a username
echo get_string('username') . ":\n";
if (!empty($formerror['username'])) {
    echo '<span class="error"> * </span>';
}
207
echo '<input type="text" name="username" size="20" maxlength="100" />';
208
209
210
211
212
213
214
215
216
217

// choose a remote host
echo " " . get_string('remotehost', 'mnet') . ":\n";
if (!empty($formerror['mnet_host_id'])) {
    echo '<span class="error"> * </span>';
}
choose_from_menu($mnethosts, 'mnet_host_id');

// choose an access level
echo " " . get_string('accesslevel', 'mnet') . ":\n";
218
if (!empty($formerror['accessctrl'])) {
219
220
221
222
    echo '<span class="error"> * </span>';
}
$accessmenu['allow'] = get_string('allow', 'mnet');
$accessmenu['deny'] = get_string('deny', 'mnet');
223
choose_from_menu($accessmenu, 'accessctrl');
224
225

// submit button
226
echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
227
228
229
230
231
232
233
234
echo "</form></div>\n";

// print errors
foreach ($formerror as $error) {
    echo "<br><span class=\"error\">$error<span>";
}

print_simple_box_end();
235
echo $OUTPUT->footer();
236
237

?>