admin/mnet/access_control.php

   1 <?php // $Id$
   2
   3 // Allows the admin to control user logins from remote moodles.
   4
   5 require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
   6 require_once($CFG->libdir.'/adminlib.php');
   7 include_once($CFG->dirroot.'/mnet/lib.php');
   8
   9 $sort         = optional_param('sort', 'username', PARAM_ALPHA);
  10 $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
  11 $page         = optional_param('page', 0, PARAM_INT);
  12 $perpage      = optional_param('perpage', 30, PARAM_INT);
  13 $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
  14
  15 require_login();
  16 $adminroot = admin_get_root();
  17
  18
  19 admin_externalpage_setup('ssoaccesscontrol', $adminroot);
  20
  21 admin_externalpage_print_header($adminroot);
  22
  23 if (!extension_loaded('openssl')) {
  24     print_error('requiresopenssl', 'mnet', '', NULL, true);
  25 }
  26
  27 $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
  28 $sesskey = sesskey();
  29 $formerror = array();
  30
  31 // grab the mnet hosts and remove the localhost
  32 $mnethosts = get_records_menu('mnet_host', '', '', 'name', 'id, name');
  33 if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
  34     unset($mnethosts[$CFG->mnet_localhost_id]);
  35 }
  36
  37
  38
  39 // process actions
  40 if (!empty($action) and confirm_sesskey()) {
  41
  42     // boot if insufficient permission
  43     if (!has_capability('moodle/user:delete', $sitecontext)) {
  44         error(get_string('nomodifyacl','mnet'));
  45     }
  46
  47     // fetch the record in question
  48     $id = required_param('id', PARAM_INT);
  49     if (!$idrec = get_record('mnet_sso_access_control', 'id', $id)) {
  50         error(get_string('recordnoexists','mnet'), '/admin/mnet/access_control.php');
  51     }
  52
  53     switch ($action) {
  54
  55         case "delete":
  56             delete_records('mnet_sso_access_control', 'id', $id);
  57             redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  58             break;
  59
  60         case "acl":
  61
  62             // require the access parameter, and it must be 'allow' or 'deny'
  63             $access = trim(strtolower(required_param('access', PARAM_ALPHA)));
  64             if ($access != 'allow' and $access != 'deny') {
  65                 error(get_string('invalidaccessparam', 'mnet') , '/admin/mnet/access_control.php');
  66             }
  67
  68             if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $access)) {
  69                 if ($access == 'allow') {
  70                     redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  71                 } elseif ($access == 'deny') {
  72                     redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($idrec->username, $mnethosts[$idrec->mnet_host_id])));
  73                 }
  74             }
  75             break;
  76
  77         default:
  78             print_error('invalidactionparam', 'mnet', '/admin/mnet/access_control.php');
  79     }
  80 }
  81
  82
  83
  84 // process the form results
  85 if ($form = data_submitted() and confirm_sesskey()) {
  86
  87     // check permissions and verify form input
  88     if (!has_capability('moodle/user:delete', $sitecontext)) {
  89         error(get_string('nomodifyacl','mnet'), '/admin/mnet/access_control.php');
  90     }
  91     if (empty($form->username)) {
  92         $formerror['username'] = get_string('enterausername','mnet');
  93     }
  94     if (empty($form->mnet_host_id)) {
  95         $formerror['mnet_host_id'] = get_string('selectahost','mnet');
  96     }
  97     if (empty($form->access)) {
  98         $formerror['access'] = get_string('selectaccesslevel','mnet'); ;
  99     }
 100
 101     // process if there are no errors
 102     if (count($formerror) == 0) {
 103
 104         // username can be a comma separated list
 105         $usernames = explode(',', $form->username);
 106
 107         foreach ($usernames as $username) {
 108             $username = trim(moodle_strtolower($username));
 109             if (!empty($username)) {
 110                 if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->access)) {
 111                     if ($form->access == 'allow') {
 112                         redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($username, $mnethosts[$form->mnet_host_id])));
 113                     } elseif ($form->access == 'deny') {
 114                         redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($username, $mnethosts[$form->mnet_host_id])));
 115                     }
 116                 }
 117             }
 118         }
 119     }
 120     exit;
 121 }
 122
 123 // Explain
 124 print_box(get_string('ssoacldescr','mnet'));
 125 // Are the needed bits enabled?
 126 $warn = '';
 127 if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
 128     $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
 129 }
 130 if (empty($CFG->auth_plugins_enabled)) {
 131     $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 132 } else {
 133     $auths = explode(',', $CFG->auth_plugins_enabled);
 134     if (!in_array('mnet', $auths)) {
 135         $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 136     }
 137     unset($auths);
 138 }
 139 if (get_config('auth/mnet', 'auto_add_remote_users') != true) {
 140     $warn .= '<p>' .  get_string('authmnetautoadddisabled','mnet').'</p>';
 141 }
 142 if (!empty($warn)) {
 143     $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
 144     print_box($warn);
 145 }
 146 // output the ACL table
 147 $columns = array("username", "mnet_host_id", "access", "delete");
 148 $headings = array();
 149 $string = array('username'     => get_string('username'),
 150                 'mnet_host_id' => get_string('remotehost', 'mnet'),
 151                 'access'       => get_string('accesslevel', 'mnet'),
 152                 'delete'       => get_string('delete'));
 153 foreach ($columns as $column) {
 154     if ($sort != $column) {
 155         $columnicon = "";
 156         $columndir = "ASC";
 157     } else {
 158         $columndir = $dir == "ASC" ? "DESC" : "ASC";
 159         $columnicon = $dir == "ASC" ? "down" : "up";
 160         $columnicon = " <img src=\"$CFG->pixpath/t/$columnicon.gif\" alt=\"\" />";
 161     }
 162     $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
 163 }
 164 $headings['delete'] = '';
 165 $acl = get_records('mnet_sso_access_control', '', '', "$sort $dir", '*'); //, $page * $perpage, $perpage);
 166 $aclcount = count_records('mnet_sso_access_control');
 167
 168 if (!$acl) {
 169     print_heading(get_string('noaclentries','mnet'));
 170     $table = NULL;
 171 } else {
 172     $table->head = $headings;
 173     $table->align = array('left', 'left', 'center');
 174     $table->width = "95%";
 175     foreach ($acl as $aclrecord) {
 176         if ($aclrecord->access == 'allow') {
 177             $accesscolumn = get_string('allow', 'mnet')
 178                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;access=deny&amp;sesskey={$USER->sesskey}\">"
 179                 . get_string('deny', 'mnet') . "</a>)";
 180         } else {
 181             $accesscolumn = get_string('deny', 'mnet')
 182                 . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;access=allow&amp;sesskey={$USER->sesskey}\">"
 183                 . get_string('allow', 'mnet') . "</a>)";
 184         }
 185         $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey={$USER->sesskey}\">"
 186                 . get_string('delete') . "</a>";
 187         $table->data[] = array ($aclrecord->username, $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
 188     }
 189 }
 190
 191 if (!empty($table)) {
 192     print_table($table);
 193     echo '<p>&nbsp;</p>';
 194     print_paging_bar($aclcount, $page, $perpage, "?sort=$sort&amp;dir=$dir&amp;perpage=$perpage&amp;");
 195 }
 196
 197
 198
 199 // output the add form
 200 print_simple_box_start('center','90%','','20');
 201
 202 ?>
 203  <div class="mnetaddtoaclform">
 204   <form id="mnetaddtoacl" method="post">
 205     <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
 206 <?php
 207
 208 // enter a username
 209 echo get_string('username') . ":\n";
 210 if (!empty($formerror['username'])) {
 211     echo '<span class="error"> * </span>';
 212 }
 213 echo '<input type="text" name="username" size="20" maxlength="100" />';
 214
 215 // choose a remote host
 216 echo " " . get_string('remotehost', 'mnet') . ":\n";
 217 if (!empty($formerror['mnet_host_id'])) {
 218     echo '<span class="error"> * </span>';
 219 }
 220 choose_from_menu($mnethosts, 'mnet_host_id');
 221
 222 // choose an access level
 223 echo " " . get_string('accesslevel', 'mnet') . ":\n";
 224 if (!empty($formerror['access'])) {
 225     echo '<span class="error"> * </span>';
 226 }
 227 $accessmenu['allow'] = get_string('allow', 'mnet');
 228 $accessmenu['deny'] = get_string('deny', 'mnet');
 229 choose_from_menu($accessmenu, 'access');
 230
 231 // submit button
 232 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
 233 echo "</form></div>\n";
 234
 235 // print errors
 236 foreach ($formerror as $error) {
 237     echo "<br><span class=\"error\">$error<span>";
 238 }
 239
 240 print_simple_box_end();
 241 admin_externalpage_print_footer($adminroot);
 242
 243 ?>