[Summary view] [Print] [Text view]

   1  <?php // $Id: access_control.php,v 1.14.4.4 2008/04/02 06:09:58 dongsheng Exp $
   2  
   3  // Allows the admin to control user logins from remote moodles.
   4  
   5  require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
   6  require_once($CFG->libdir.'/adminlib.php');
   7  include_once($CFG->dirroot.'/mnet/lib.php');
   8  
   9  $sort         = optional_param('sort', 'username', PARAM_ALPHA);
  10  $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
  11  $page         = optional_param('page', 0, PARAM_INT);
  12  $perpage      = optional_param('perpage', 30, PARAM_INT);
  13  $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
  14  
  15  require_login();
  16  
  17  admin_externalpage_setup('ssoaccesscontrol');
  18  
  19  admin_externalpage_print_header();
  20  
  21  if (!extension_loaded('openssl')) {
  22      print_error('requiresopenssl', 'mnet');
  23  }
  24  
  25  $sitecontext = get_context_instance(CONTEXT_SYSTEM);
  26  $sesskey = sesskey();
  27  $formerror = array();
  28  
  29  // grab the mnet hosts and remove the localhost
  30  $mnethosts = get_records_menu('mnet_host', '', '', 'name', 'id, name');
  31  if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
  32      unset($mnethosts[$CFG->mnet_localhost_id]);
  33  }
  34  
  35  
  36  
  37  // process actions
  38  if (!empty($action) and confirm_sesskey()) {
  39      
  40      // boot if insufficient permission
  41      if (!has_capability('moodle/user:delete', $sitecontext)) {
  42          print_error('nomodifyacl','mnet');
  43      }
  44  
  45      // fetch the record in question
  46      $id = required_param('id', PARAM_INT);
  47      if (!$idrec = get_record('mnet_sso_access_control', 'id', $id)) {
  48          print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  49      }
  50  
  51      switch ($action) {
  52  
  53          case "delete":
  54              delete_records('mnet_sso_access_control', 'id', $id);
  55              redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  56              break;
  57  
  58          case "acl":
  59          
  60              // require the access parameter, and it must be 'allow' or 'deny'
  61              $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
  62              if ($accessctrl != 'allow' and $accessctrl != 'deny') {
  63                  print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  64              }
  65  
  66              if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
  67                  if ($accessctrl == 'allow') {
  68                      redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  69                  } elseif ($accessctrl == 'deny') {
  70                      redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  71                  }
  72              }
  73              break;
  74  
  75          default:
  76              print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  77      }
  78  }
  79  
  80  
  81  
  82  // process the form results
  83  if ($form = data_submitted() and confirm_sesskey()) {
  84  
  85      // check permissions and verify form input
  86      if (!has_capability('moodle/user:delete', $sitecontext)) {
  87          print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  88      }
  89      if (empty($form->username)) {
  90          $formerror['username'] = get_string('enterausername','mnet');
  91      }
  92      if (empty($form->mnet_host_id)) {
  93          $formerror['mnet_host_id'] = get_string('selectahost','mnet');
  94      }
  95      if (empty($form->accessctrl)) {
  96          $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
  97      }
  98  
  99      // process if there are no errors
 100      if (count($formerror) == 0) {
 101  
 102          // username can be a comma separated list
 103          $usernames = explode(',', $form->username);
 104  
 105          foreach ($usernames as $username) {
 106              $username = trim(moodle_strtolower($username));
 107              if (!empty($username)) {
 108                  if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
 109                      if ($form->accessctrl == 'allow') {
 110                          redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($username, $mnethosts[$form->mnet_host_id])));
 111                      } elseif ($form->accessctrl == 'deny') {
 112                          redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($username, $mnethosts[$form->mnet_host_id])));
 113                      }
 114                  }
 115              }
 116          }
 117      }
 118      exit;
 119  }
 120  
 121  // Explain
 122  print_box(get_string('ssoacldescr','mnet'));
 123  // Are the needed bits enabled?
 124  $warn = '';
 125  if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
 126      $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
 127  }
 128  
 129  if (!is_enabled_auth('mnet')) {
 130      $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 131  }
 132  
 133  if (get_config('auth/mnet', 'auto_add_remote_users') != true) {
 134      $warn .= '<p>' .  get_string('authmnetautoadddisabled','mnet').'</p>';
 135  }
 136  if (!empty($warn)) {
 137      $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
 138      print_box($warn);
 139  }
 140  // output the ACL table
 141  $columns = array("username", "mnet_host_id", "access", "delete");
 142  $headings = array();
 143  $string = array('username'     => get_string('username'),
 144                  'mnet_host_id' => get_string('remotehost', 'mnet'),
 145                  'access'       => get_string('accesslevel', 'mnet'),
 146                  'delete'       => get_string('delete'));
 147  foreach ($columns as $column) {
 148      if ($sort != $column) {
 149          $columnicon = "";
 150          $columndir = "ASC";
 151      } else {
 152          $columndir = $dir == "ASC" ? "DESC" : "ASC";
 153          $columnicon = $dir == "ASC" ? "down" : "up";
 154          $columnicon = " <img src=\"$CFG->pixpath/t/$columnicon.gif\" alt=\"\" />";
 155      }
 156      $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
 157  }
 158  $headings['delete'] = '';
 159  $acl = get_records('mnet_sso_access_control', '', '', "$sort $dir", '*'); //, $page * $perpage, $perpage);
 160  $aclcount = count_records('mnet_sso_access_control');
 161  
 162  if (!$acl) {
 163      print_heading(get_string('noaclentries','mnet'));
 164      $table = NULL;
 165  } else {
 166      $table->head = $headings;
 167      $table->align = array('left', 'left', 'center');
 168      $table->width = "95%";
 169      foreach ($acl as $aclrecord) {
 170          if ($aclrecord->accessctrl == 'allow') {
 171              $accesscolumn = get_string('allow', 'mnet')
 172                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey={$USER->sesskey}\">"
 173                  . get_string('deny', 'mnet') . "</a>)";
 174          } else {
 175              $accesscolumn = get_string('deny', 'mnet')
 176                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey={$USER->sesskey}\">"
 177                  . get_string('allow', 'mnet') . "</a>)";
 178          }
 179          $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey={$USER->sesskey}\">"
 180                  . get_string('delete') . "</a>";
 181          $table->data[] = array ($aclrecord->username, $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
 182      }
 183  }
 184  
 185  if (!empty($table)) {
 186      print_table($table);
 187      echo '<p>&nbsp;</p>';
 188      print_paging_bar($aclcount, $page, $perpage, "?sort=$sort&amp;dir=$dir&amp;perpage=$perpage&amp;");
 189  }
 190  
 191  
 192  
 193  // output the add form
 194  print_simple_box_start('center','90%','','20');
 195  
 196  ?>
 197   <div class="mnetaddtoaclform"> 
 198    <form id="mnetaddtoacl" method="post">
 199      <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
 200  <?php
 201  
 202  // enter a username
 203  echo get_string('username') . ":\n";
 204  if (!empty($formerror['username'])) {
 205      echo '<span class="error"> * </span>';
 206  }
 207  echo '<input type="text" name="username" size="20" maxlength="100" />';
 208  
 209  // choose a remote host
 210  echo " " . get_string('remotehost', 'mnet') . ":\n";
 211  if (!empty($formerror['mnet_host_id'])) {
 212      echo '<span class="error"> * </span>';
 213  }
 214  choose_from_menu($mnethosts, 'mnet_host_id');
 215  
 216  // choose an access level
 217  echo " " . get_string('accesslevel', 'mnet') . ":\n";
 218  if (!empty($formerror['accessctrl'])) {
 219      echo '<span class="error"> * </span>';
 220  }
 221  $accessmenu['allow'] = get_string('allow', 'mnet');
 222  $accessmenu['deny'] = get_string('deny', 'mnet');
 223  choose_from_menu($accessmenu, 'accessctrl');
 224  
 225  // submit button
 226  echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
 227  echo "</form></div>\n";
 228  
 229  // print errors
 230  foreach ($formerror as $error) {
 231      echo "<br><span class=\"error\">$error<span>";
 232  }
 233  
 234  print_simple_box_end();
 235  admin_externalpage_print_footer();
 236  
 237  ?>