621d75dbce
This partially reverts MDL-73270, where some useful environmental
checks and notifications in the admin UI were added to inform
about different parts of Moodle relying on the "unsupported"
php-xmlrpc extension.
Since then, some changes have happened in core, only available
for Moodle 4.1 and up (see the MDL-70889 mini-epic). Namely:
- MNet (SSO, roaming, auth, enrol and Mahara portfolio) are not
using the php-xmlrpc extension anymore, but a pure php library.
- The xmlrpc webservices protocol, has been move from core to
the plugins directory, although it continues using the php-xmlrpc
extension.
Because of that here we are removing all the checks and notifications
related with MNet (not using the extension anymore), but keeping the
webservice plugin ones (still using the extension). Surely if some day the
protocol stops using the extension, we'll be able to remove the
corresponding checks too. But that's future.
Note the associated lang strings have been also removed (not deprecated)
because they were highly specific and hardly reusable:
- xmlrpcmaharaenabled
- xmlrpcmnetauthenticationenabled
- xmlrpcmnetenabled
And very same applies, because MNet doesn't contain anything deprecated
or not supported anymore, hence, straight deletion, to the function:
- mnet_get_deprecation_notice()
Also, related tests using any of the removed stuff above have been deleted.
In the other side, the "check_xmlrpc_usage" continues existing and
being used both by environment checks and admin notifications but,
as commented above, now it only looks for the xmlrpc webservice
protocol now.
236 lines
8.7 KiB
PHP
236 lines
8.7 KiB
PHP
<?php
|
|
|
|
// Allows the admin to control user logins from remote moodles.
|
|
|
|
require_once(__DIR__ . '/../../config.php');
|
|
require_once($CFG->libdir.'/adminlib.php');
|
|
include_once($CFG->dirroot.'/mnet/lib.php');
|
|
|
|
$sort = optional_param('sort', 'username', PARAM_ALPHA);
|
|
$dir = optional_param('dir', 'ASC', PARAM_ALPHA);
|
|
$page = optional_param('page', 0, PARAM_INT);
|
|
$perpage = optional_param('perpage', 30, PARAM_INT);
|
|
$action = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
|
|
|
|
admin_externalpage_setup('ssoaccesscontrol');
|
|
|
|
if (!extension_loaded('openssl')) {
|
|
throw new \moodle_exception('requiresopenssl', 'mnet');
|
|
}
|
|
|
|
$sitecontext = context_system::instance();
|
|
$sesskey = sesskey();
|
|
$formerror = array();
|
|
|
|
// grab the mnet hosts and remove the localhost
|
|
$mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
|
|
if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
|
|
unset($mnethosts[$CFG->mnet_localhost_id]);
|
|
}
|
|
|
|
|
|
|
|
// process actions
|
|
if (!empty($action) and confirm_sesskey()) {
|
|
|
|
// boot if insufficient permission
|
|
if (!has_capability('moodle/user:delete', $sitecontext)) {
|
|
throw new \moodle_exception('nomodifyacl', 'mnet');
|
|
}
|
|
|
|
// fetch the record in question
|
|
$id = required_param('id', PARAM_INT);
|
|
if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
|
|
throw new \moodle_exception('recordnoexists', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
|
|
}
|
|
|
|
switch ($action) {
|
|
|
|
case "delete":
|
|
$DB->delete_records('mnet_sso_access_control', array('id'=>$id));
|
|
redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
|
|
break;
|
|
|
|
case "acl":
|
|
|
|
// require the access parameter, and it must be 'allow' or 'deny'
|
|
$accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
|
|
if ($accessctrl != 'allow' and $accessctrl != 'deny') {
|
|
throw new \moodle_exception('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
|
|
}
|
|
|
|
if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
|
|
if ($accessctrl == 'allow') {
|
|
redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username,
|
|
'host' => $mnethosts[$idrec->mnet_host_id])));
|
|
} else if ($accessctrl == 'deny') {
|
|
redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username,
|
|
'host' => $mnethosts[$idrec->mnet_host_id])));
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
throw new \moodle_exception('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// process the form results
|
|
if ($form = data_submitted() and confirm_sesskey()) {
|
|
|
|
// check permissions and verify form input
|
|
if (!has_capability('moodle/user:delete', $sitecontext)) {
|
|
throw new \moodle_exception('nomodifyacl', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
|
|
}
|
|
if (empty($form->username)) {
|
|
$formerror['username'] = get_string('enterausername','mnet');
|
|
}
|
|
if (empty($form->mnet_host_id)) {
|
|
$formerror['mnet_host_id'] = get_string('selectahost','mnet');
|
|
}
|
|
if (empty($form->accessctrl)) {
|
|
$formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
|
|
}
|
|
|
|
// process if there are no errors
|
|
if (count($formerror) == 0) {
|
|
|
|
// username can be a comma separated list
|
|
$usernames = explode(',', $form->username);
|
|
|
|
foreach ($usernames as $username) {
|
|
$username = trim(core_text::strtolower($username));
|
|
if (!empty($username)) {
|
|
if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
|
|
if ($form->accessctrl == 'allow') {
|
|
redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
|
|
} elseif ($form->accessctrl == 'deny') {
|
|
redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
exit;
|
|
}
|
|
|
|
echo $OUTPUT->header();
|
|
|
|
// Explain
|
|
echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
|
|
// Are the needed bits enabled?
|
|
$warn = '';
|
|
if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
|
|
$warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
|
|
}
|
|
|
|
if (!is_enabled_auth('mnet')) {
|
|
$warn .= '<p>' . get_string('authmnetdisabled','mnet').'</p>';
|
|
}
|
|
|
|
if (!empty($warn)) {
|
|
$warn = '<p>' . get_string('ssoaclneeds','mnet').'</p>' . $warn;
|
|
echo $OUTPUT->box($warn);
|
|
}
|
|
// output the ACL table
|
|
$columns = array("username", "mnet_host_id", "access", "delete");
|
|
$headings = array();
|
|
$string = array('username' => get_string('username'),
|
|
'mnet_host_id' => get_string('remotehost', 'mnet'),
|
|
'access' => get_string('accesslevel', 'mnet'),
|
|
'delete' => get_string('delete'));
|
|
foreach ($columns as $column) {
|
|
if ($sort != $column) {
|
|
$columnicon = "";
|
|
$columndir = "ASC";
|
|
} else {
|
|
$columndir = $dir == "ASC" ? "DESC" : "ASC";
|
|
$columnicon = $dir == "ASC" ? "down" : "up";
|
|
$columnicon = " " . $OUTPUT->pix_icon('t/' . $columnicon, get_string('sort'));
|
|
}
|
|
$headings[$column] = "<a href=\"?sort=$column&dir=$columndir&\">".$string[$column]."</a>$columnicon";
|
|
}
|
|
$headings['delete'] = '';
|
|
$acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
|
|
$aclcount = $DB->count_records('mnet_sso_access_control');
|
|
|
|
if (!$acl) {
|
|
echo $OUTPUT->heading(get_string('noaclentries','mnet'));
|
|
$table = NULL;
|
|
} else {
|
|
$table = new html_table();
|
|
$table->head = $headings;
|
|
$table->align = array('left', 'left', 'center');
|
|
$table->width = "95%";
|
|
foreach ($acl as $aclrecord) {
|
|
if ($aclrecord->accessctrl == 'allow') {
|
|
$accesscolumn = get_string('allow', 'mnet')
|
|
. " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=deny&sesskey=".sesskey()."\">"
|
|
. get_string('deny', 'mnet') . "</a>)";
|
|
} else {
|
|
$accesscolumn = get_string('deny', 'mnet')
|
|
. " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=allow&sesskey=".sesskey()."\">"
|
|
. get_string('allow', 'mnet') . "</a>)";
|
|
}
|
|
$deletecolumn = "<a href=\"?id={$aclrecord->id}&action=delete&sesskey=".sesskey()."\">"
|
|
. get_string('delete') . "</a>";
|
|
$table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
|
|
}
|
|
}
|
|
|
|
if (!empty($table)) {
|
|
echo html_writer::table($table);
|
|
echo '<p> </p>';
|
|
$baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
|
|
echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
|
|
}
|
|
|
|
|
|
|
|
// output the add form
|
|
echo $OUTPUT->box_start();
|
|
|
|
?>
|
|
<div class="mnetaddtoaclform">
|
|
<form id="mnetaddtoacl" method="post">
|
|
<input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
|
|
<?php
|
|
|
|
// enter a username
|
|
echo get_string('username') . ":\n";
|
|
if (!empty($formerror['username'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
|
|
echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
|
|
|
|
// choose a remote host
|
|
echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
|
|
if (!empty($formerror['mnet_host_id'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
echo html_writer::select($mnethosts, 'mnet_host_id');
|
|
|
|
// choose an access level
|
|
echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
|
|
if (!empty($formerror['accessctrl'])) {
|
|
echo '<span class="error"> * </span>';
|
|
}
|
|
$accessmenu['allow'] = get_string('allow', 'mnet');
|
|
$accessmenu['deny'] = get_string('deny', 'mnet');
|
|
echo html_writer::select($accessmenu, 'accessctrl');
|
|
|
|
// submit button
|
|
echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
|
|
echo "</form></div>\n";
|
|
|
|
// print errors
|
|
foreach ($formerror as $error) {
|
|
echo "<br><span class=\"error\">$error<span>";
|
|
}
|
|
|
|
echo $OUTPUT->box_end();
|
|
echo $OUTPUT->footer();
|