function write_role_overrides_xml($bf, $context, $startlevel)
{
fwrite($bf, start_tag("ROLES_OVERRIDES", $startlevel, true));
if ($roles = get_roles_with_override_on_context($context)) {
foreach ($roles as $role) {
fwrite($bf, start_tag("ROLE", $startlevel + 1, true));
fwrite($bf, full_tag("ID", $startlevel + 2, false, $role->id));
fwrite($bf, full_tag("NAME", $startlevel + 2, false, $role->name));
fwrite($bf, full_tag("SHORTNAME", $startlevel + 2, false, $role->shortname));
fwrite($bf, start_tag("CAPABILITIES", $startlevel + 2, true));
if ($capabilities = get_capabilities_from_role_on_context($role, $context)) {
foreach ($capabilities as $capability) {
fwrite($bf, start_tag("CAPABILITY", $startlevel + 3, true));
fwrite($bf, full_tag("NAME", $startlevel + 4, false, $capability->capability));
fwrite($bf, full_tag("PERMISSION", $startlevel + 4, false, $capability->permission));
fwrite($bf, full_tag("TIMEMODIFIED", $startlevel + 4, false, $capability->timemodified));
if (!isset($capability->modifierid)) {
$capability->modifierid = 0;
}
fwrite($bf, full_tag("MODIFIERID", $startlevel + 4, false, $capability->modifierid));
fwrite($bf, end_tag("CAPABILITY", $startlevel + 3, true));
}
}
fwrite($bf, end_tag("CAPABILITIES", $startlevel + 2, true));
fwrite($bf, end_tag("ROLE", $startlevel + 1, true));
}
}
fwrite($bf, end_tag("ROLES_OVERRIDES", $startlevel, true));
}
/**
* Create a user, role and token. Return the created token id.
* @param string $rolename the role to create/use - will be assign to the user
* @param string $servicename service to link to the new token
* @param string $username user to link to the new token
* @param array $capabilities list of capabilities to add to the role
* @return object created token
*/
function create_hub_token($rolename, $servicename, $username, $capabilities)
{
global $CFG, $DB;
//requires libraries
require_once $CFG->dirroot . '/user/lib.php';
//check the hidden service
//because we cannot know the id of the service, we consider that hidden services have unique name!
$services = $DB->get_records('external_services', array('name' => $servicename));
//if ever we have two hidden service with the same name, it's due to a programmation error
if (count($services) > 1) {
throw new moodle_exception('hiddenservicewithsamename');
}
if (count($services) < 1) {
throw new moodle_exception('unknownservicename');
}
$role = $DB->get_record('role', array('name' => $rolename));
if (empty($role)) {
$roleid = create_role($rolename, clean_param($rolename, PARAM_ALPHAEXT), get_string('hubwsroledescription', 'local_hub'), '', true);
} else {
$roleid = $role->id;
}
//check and create a user
$user = $DB->get_record('user', array('username' => $username, 'idnumber' => $username));
if (empty($user)) {
$user = new stdClass();
$user->username = $username;
$user->firstname = $username;
$user->lastname = get_string('donotdeleteormodify', 'local_hub');
$user->password = '';
//login no authorised with webservice authentication
$user->auth = 'webservice';
$user->confirmed = 1;
//need to be confirmed otherwise got deleted
$user->idnumber = $username;
$user->mnethostid = 1;
$user->description = get_string('hubwsuserdescription', 'local_hub');
$user->timecreated = time();
$user->timemodified = $user->timecreated;
// Add extra fields to prevent a debug notice.
$userfields = get_all_user_name_fields();
foreach ($userfields as $key => $field) {
if (!isset($user->{$key})) {
$user->{$key} = null;
}
}
// Insert the "site" user into the database.
$user->id = $DB->insert_record('user', $user);
\core\event\user_created::create_from_userid($user->id)->trigger();
add_to_log(SITEID, 'user', get_string('create'), '/view.php?id=' . $user->id, fullname($user));
}
//check and assign the role to user
$context = context_system::instance();
$existingroleassign = $DB->get_records('role_assignments', array('roleid' => $roleid, 'contextid' => $context->id, 'userid' => $user->id), 'id');
if (empty($existingroleassign)) {
role_assign($roleid, $user->id, $context->id);
}
//check and assign capabilities to role
$capabilities[] = 'webservice/xmlrpc:use';
if (empty($role)) {
$role = new stdClass();
$role->id = $roleid;
}
$rolecapabilities = get_capabilities_from_role_on_context($role, $context);
if (!empty($capabilities)) {
foreach ($capabilities as $capability) {
$capabilityassigned = false;
foreach ($rolecapabilities as $rolecapability) {
if ($rolecapability->capability == $capability) {
$capabilityassigned = true;
break;
}
}
if (!$capabilityassigned) {
assign_capability($capability, CAP_ALLOW, $roleid, $context->id);
}
}
}
//enable the hidden service and assign it to the user
foreach ($services as $service) {
//there should be only one service into the array!!!
//checked at beginning of the function
$serviceid = $service->id;
//if no hidden token was created for this service, we need to enable it
if (!$service->enabled) {
$service->enabled = 1;
$DB->update_record('external_services', $service);
}
$serviceuser = $DB->get_record('external_services_users', array('externalserviceid' => $serviceid, 'userid' => $user->id));
if (empty($serviceuser)) {
$serviceuser = new stdClass();
$serviceuser->externalserviceid = $serviceid;
$serviceuser->userid = $user->id;
$serviceuser->timecreated = time();
$DB->insert_record('external_services_users', $serviceuser);
}
}
//check and create a token
$resulttoken = new stdClass();
$resulttoken->userid = $user->id;
$resulttoken->tokentype = EXTERNAL_TOKEN_PERMANENT;
$resulttoken->externalserviceid = $serviceid;
$resulttoken->contextid = $context->id;
$resulttoken->creatorid = $user->id;
$token = $DB->get_record('external_tokens', (array) $resulttoken);
if (empty($token)) {
$resulttoken->timecreated = time();
$resulttoken->token = md5(uniqid(rand(), 1));
$tokenid = $DB->insert_record('external_tokens', $resulttoken);
$resulttoken->id = $tokenid;
} else {
//throw new moodle_exception('hiddentokenalreadyexist');
// Just return the found token instead of throwing an error.
$resulttoken = $token;
}
return $resulttoken;
}
