$limit = 20; if (!$USER->get('admin')) { // Institutional admins with only 1 institution go straight to the edit page for that institution // They cannot add or delete institutions, or edit an institution they don't administer $add = false; $delete = false; if (!empty($institution) && !$USER->is_institutional_admin($institution)) { $institution = ''; $edit = false; } if (empty($institution) && count($USER->get('admininstitutions')) == 1) { redirect(get_config('wwwroot') . 'admin/users/institutions.php?i=' . key($USER->get('admininstitutions'))); } } if ($institution || $add) { $authinstances = auth_get_auth_instances_for_institution($institution); if (false == $authinstances) { $authinstances = array(); } if ($delete) { function delete_validate(Pieform $form, $values) { if (get_field('usr_institution', 'COUNT(*)', 'institution', $values['i'])) { throw new ConfigException('Attempt to delete an institution that has members'); } } function delete_cancel_submit() { redirect('/admin/users/institutions.php'); } function delete_submit(Pieform $form, $values)
public static function get_instance_config_options($institution, $instance = 0) { $peer = new Peer(); // TODO : switch to getrecord // Get a list of applications and make a dropdown from it $applicationset = new ApplicationSet(); $apparray = array(); foreach ($applicationset as $app) { $apparray[$app->name] = $app->displayname; } /** * A parent authority for XML-RPC is the data-source that a remote XML-RPC service * communicates with to authenticate a user, for example, the XML-RPC server that * we connect to might be authorising users against an LDAP store. If this is the * case, and we know of the LDAP store, and our users are able to log on to our * system and be authenticated directly against the LDAP store, then we honor that * association. * * In this way, the unique relationship is between the username and the authority, * not the username and the institution. This allows an institution to have a user * 'donal' on server 'LDAP-1' and a different user 'donal' on server 'LDAP-2'. * * Get a list of auth instances for this institution, and eliminate those that * would not be valid parents (as they themselves require a parent). These are * eliminated only to provide a saner interface to the admin user. In theory, it's * ok to chain authorities. */ $instances = auth_get_auth_instances_for_institution($institution); $options = array('None'); if (is_array($instances)) { foreach ($instances as $someinstance) { if ($someinstance->requires_parent == 1 || $someinstance->authname == 'none') { continue; } $options[$someinstance->id] = $someinstance->instancename; } } // Get the current data (if any exists) for this auth instance if ($instance > 0) { $default = get_record('auth_instance', 'id', $instance); if ($default == false) { throw new SystemException(get_string('nodataforinstance', 'auth') . $instance); } $current_config = get_records_menu('auth_instance_config', 'instance', $instance, '', 'field, value'); if ($current_config == false) { throw new SystemException('No config data for instance: ' . $instance); } foreach (self::$default_config as $key => $value) { if (array_key_exists($key, $current_config)) { self::$default_config[$key] = $current_config[$key]; // We can use the wwwroot to create a Peer object if ('wwwroot' == $key) { $peer->findByWwwroot($current_config[$key]); self::$default_config['wwwroot_orig'] = $current_config[$key]; } } elseif (property_exists($default, $key)) { self::$default_config[$key] = $default->{$key}; } } } else { $max_priority = get_field('auth_instance', 'MAX(priority)', 'institution', $institution); self::$default_config['priority'] = ++$max_priority; } if (empty($peer->application->name)) { self::$default_config['appname'] = key(current($applicationset)); } else { self::$default_config['appname'] = $peer->application->name; } $elements['instancename'] = array('type' => 'text', 'title' => get_string('authname', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => self::$default_config['instancename'], 'help' => true); $elements['instance'] = array('type' => 'hidden', 'value' => $instance); $elements['institution'] = array('type' => 'hidden', 'value' => $institution); $elements['deleted'] = array('type' => 'hidden', 'value' => $peer->deleted); $elements['authname'] = array('type' => 'hidden', 'value' => 'xmlrpc'); $elements['wwwroot'] = array('type' => 'text', 'title' => get_string('wwwroot', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => self::$default_config['wwwroot'], 'help' => true); $elements['wwwroot_orig'] = array('type' => 'hidden', 'value' => self::$default_config['wwwroot_orig']); $elements['oldwwwroot'] = array('type' => 'hidden', 'value' => 'xmlrpc'); if ($instance) { $elements['publickey'] = array('type' => 'textarea', 'title' => get_string('publickey', 'admin'), 'defaultvalue' => get_field('host', 'publickey', 'wwwroot', self::$default_config['wwwroot']), 'rules' => array('required' => true), 'rows' => 15, 'cols' => 70); $elements['publickeyexpires'] = array('type' => 'html', 'title' => get_string('publickeyexpires', 'admin'), 'value' => format_date(get_field('host', 'publickeyexpires', 'wwwroot', self::$default_config['wwwroot']))); } $elements['name'] = array('type' => 'text', 'title' => get_string('name', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => $peer->name, 'help' => true); /** * empty($peer->appname) would ALWAYS return true, because the property doesn't really * exist. When we try to get $peer->appname, we're actually calling the peer class's * __get overloader. Unfortunately, the 'empty' function seems to just check for the * existence of the property - it doesn't call the overloader. Bug or feature? */ $tmpappname = $peer->appname; $elements['appname'] = array('type' => 'select', 'title' => get_string('application', 'auth'), 'collapseifoneoption' => true, 'multiple' => false, 'options' => $apparray, 'defaultvalue' => empty($tmpappname) ? 'moodle' : $tmpappname, 'help' => true); $elements['parent'] = array('type' => 'select', 'title' => get_string('parent', 'auth'), 'collapseifoneoption' => false, 'options' => $options, 'defaultvalue' => self::$default_config['parent'], 'help' => true); $elements['authloginmsg'] = array('type' => 'wysiwyg', 'rows' => 10, 'cols' => 70, 'title' => '', 'description' => get_string('authloginmsg2', 'auth'), 'defaultvalue' => self::$default_config['authloginmsg'], 'help' => true); $elements['ssodirection'] = array('type' => 'select', 'title' => get_string('ssodirection', 'auth'), 'options' => array(0 => '--', 'theyssoin' => get_string('theyssoin', 'auth'), 'wessoout' => get_string('wessoout', 'auth')), 'defaultvalue' => self::$default_config['wessoout'] ? 'wessoout' : 'theyssoin', 'help' => true); $elements['updateuserinfoonlogin'] = array('type' => 'switchbox', 'title' => get_string('updateuserinfoonlogin', 'auth'), 'defaultvalue' => self::$default_config['updateuserinfoonlogin'], 'help' => true); $elements['weautocreateusers'] = array('type' => 'switchbox', 'title' => get_string('weautocreateusers', 'auth'), 'defaultvalue' => self::$default_config['weautocreateusers'], 'help' => true); $elements['theyautocreateusers'] = array('type' => 'switchbox', 'title' => get_string('theyautocreateusers', 'auth'), 'defaultvalue' => self::$default_config['theyautocreateusers'], 'help' => true); $elements['weimportcontent'] = array('type' => 'switchbox', 'title' => get_string('weimportcontent', 'auth'), 'defaultvalue' => self::$default_config['weimportcontent'], 'help' => true); return array('elements' => $elements, 'renderer' => 'div'); }
function find_remote_user($username, $wwwroot) { $institution = get_field('host', 'institution', 'wwwroot', $wwwroot); if (false == $institution) { // This should never happen, because if we don't know the host we'll // already have exited throw new XmlrpcServerException('Unknown error'); } $authinstances = auth_get_auth_instances_for_institution($institution); $candidates = array(); $auths = array(); $aiid = 'ai.id'; if (!is_mysql()) { $aiid = 'CAST(ai.id AS TEXT)'; } $sql = 'SElECT ai.* FROM {auth_instance} ai, {auth_instance} ai2, {auth_instance_config} aic WHERE ai.id = ? AND ai.institution = ? AND ai2.institution = ai.institution AND ' . $aiid . ' = aic.value AND aic.field = \'parent\' AND aic.instance = ai2.id AND ai2.authname = \'xmlrpc\''; foreach ($authinstances as $authinstance) { if ($authinstance->authname != 'xmlrpc') { $records = get_records_sql_array($sql, array($authinstance->id, $institution)); if (false == $records) { continue; } } try { $user = new User(); $user->find_by_instanceid_username($authinstance->id, $username, true); $candidates[$user->id] = $user; $auths[] = $authinstance->id; } catch (Exception $e) { // we don't care continue; } } if (count($candidates) != 1) { return false; } safe_require('auth', 'xmlrpc'); return array(array_pop($candidates), new AuthXmlrpc(array_pop($auths))); }