admin/mnet/access_control.php

   1 <?php
   2
   3 // Allows the admin to control user logins from remote moodles.
   4
   5 require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
   6 require_once($CFG->libdir.'/adminlib.php');
   7 include_once($CFG->dirroot.'/mnet/lib.php');
   8
   9 $sort         = optional_param('sort', 'username', PARAM_ALPHA);
  10 $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
  11 $page         = optional_param('page', 0, PARAM_INT);
  12 $perpage      = optional_param('perpage', 30, PARAM_INT);
  13 $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
  14
  15 require_login();
  16
  17 admin_externalpage_setup('ssoaccesscontrol');
  18
  19 echo $OUTPUT->header();
  20
  21 if (!extension_loaded('openssl')) {
  22     print_error('requiresopenssl', 'mnet');
  23 }
  24
  25 $sitecontext = context_system::instance();
  26 $sesskey = sesskey();
  27 $formerror = array();
  28
  29 // grab the mnet hosts and remove the localhost
  30 $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
  31 if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
  32     unset($mnethosts[$CFG->mnet_localhost_id]);
  33 }
  34
  35
  36
  37 // process actions
  38 if (!empty($action) and confirm_sesskey()) {
  39
  40     // boot if insufficient permission
  41     if (!has_capability('moodle/user:delete', $sitecontext)) {
  42         print_error('nomodifyacl','mnet');
  43     }
  44
  45     // fetch the record in question
  46     $id = required_param('id', PARAM_INT);
  47     if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
  48         print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  49     }
  50
  51     switch ($action) {
  52
  53         case "delete":
  54             $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
  55             redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
  56             break;
  57
  58         case "acl":
  59
  60             // require the access parameter, and it must be 'allow' or 'deny'
  61             $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
  62             if ($accessctrl != 'allow' and $accessctrl != 'deny') {
  63                 print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  64             }
  65
  66             if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
  67                 if ($accessctrl == 'allow') {
  68                     redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('uset'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
  69                 } elseif ($accessctrl == 'deny') {
  70                     redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
  71                 }
  72             }
  73             break;
  74
  75         default:
  76             print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  77     }
  78 }
  79
  80
  81
  82 // process the form results
  83 if ($form = data_submitted() and confirm_sesskey()) {
  84
  85     // check permissions and verify form input
  86     if (!has_capability('moodle/user:delete', $sitecontext)) {
  87         print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  88     }
  89     if (empty($form->username)) {
  90         $formerror['username'] = get_string('enterausername','mnet');
  91     }
  92     if (empty($form->mnet_host_id)) {
  93         $formerror['mnet_host_id'] = get_string('selectahost','mnet');
  94     }
  95     if (empty($form->accessctrl)) {
  96         $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
  97     }
  98
  99     // process if there are no errors
 100     if (count($formerror) == 0) {
 101
 102         // username can be a comma separated list
 103         $usernames = explode(',', $form->username);
 104
 105         foreach ($usernames as $username) {
 106             $username = trim(textlib::strtolower($username));
 107             if (!empty($username)) {
 108                 if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
 109                     if ($form->accessctrl == 'allow') {
 110                         redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 111                     } elseif ($form->accessctrl == 'deny') {
 112                         redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 113                     }
 114                 }
 115             }
 116         }
 117     }
 118     exit;
 119 }
 120
 121 // Explain
 122 echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
 123 // Are the needed bits enabled?
 124 $warn = '';
 125 if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
 126     $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
 127 }
 128
 129 if (!is_enabled_auth('mnet')) {
 130     $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 131 }
 132
 133 if (!empty($warn)) {
 134     $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
 135     echo $OUTPUT->box($warn);
 136 }
 137 // output the ACL table
 138 $columns = array("username", "mnet_host_id", "access", "delete");
 139 $headings = array();
 140 $string = array('username'     => get_string('username'),
 141                 'mnet_host_id' => get_string('remotehost', 'mnet'),
 142                 'access'       => get_string('accesslevel', 'mnet'),
 143                 'delete'       => get_string('delete'));
 144 foreach ($columns as $column) {
 145     if ($sort != $column) {
 146         $columnicon = "";
 147         $columndir = "ASC";
 148     } else {
 149         $columndir = $dir == "ASC" ? "DESC" : "ASC";
 150         $columnicon = $dir == "ASC" ? "down" : "up";
 151         $columnicon = " <img src=\"" . $OUTPUT->pix_url('t/' . $columnicon) . "\" alt=\"\" />";
 152     }
 153     $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
 154 }
 155 $headings['delete'] = '';
 156 $acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
 157 $aclcount = $DB->count_records('mnet_sso_access_control');
 158
 159 if (!$acl) {
 160     echo $OUTPUT->heading(get_string('noaclentries','mnet'));
 161     $table = NULL;
 162 } else {
 163     $table = new html_table();
 164     $table->head = $headings;
 165     $table->align = array('left', 'left', 'center');
 166     $table->width = "95%";
 167     foreach ($acl as $aclrecord) {
 168         if ($aclrecord->accessctrl == 'allow') {
 169             $accesscolumn = get_string('allow', 'mnet')
 170                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
 171                 . get_string('deny', 'mnet') . "</a>)";
 172         } else {
 173             $accesscolumn = get_string('deny', 'mnet')
 174                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
 175                 . get_string('allow', 'mnet') . "</a>)";
 176         }
 177         $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
 178                 . get_string('delete') . "</a>";
 179         $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
 180     }
 181 }
 182
 183 if (!empty($table)) {
 184     echo html_writer::table($table);
 185     echo '<p>&nbsp;</p>';
 186     $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
 187     echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
 188 }
 189
 190
 191
 192 // output the add form
 193 echo $OUTPUT->box_start();
 194
 195 ?>
 196  <div class="mnetaddtoaclform">
 197   <form id="mnetaddtoacl" method="post">
 198     <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
 199 <?php
 200
 201 // enter a username
 202 echo get_string('username') . ":\n";
 203 if (!empty($formerror['username'])) {
 204     echo '<span class="error"> * </span>';
 205 }
 206 echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
 207 echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
 208
 209 // choose a remote host
 210 echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
 211 if (!empty($formerror['mnet_host_id'])) {
 212     echo '<span class="error"> * </span>';
 213 }
 214 echo html_writer::select($mnethosts, 'mnet_host_id');
 215
 216 // choose an access level
 217 echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
 218 if (!empty($formerror['accessctrl'])) {
 219     echo '<span class="error"> * </span>';
 220 }
 221 $accessmenu['allow'] = get_string('allow', 'mnet');
 222 $accessmenu['deny'] = get_string('deny', 'mnet');
 223 echo html_writer::select($accessmenu, 'accessctrl');
 224
 225 // submit button
 226 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
 227 echo "</form></div>\n";
 228
 229 // print errors
 230 foreach ($formerror as $error) {
 231     echo "<br><span class=\"error\">$error<span>";
 232 }
 233
 234 echo $OUTPUT->box_end();
 235 echo $OUTPUT->footer();