function write_role_overrides_xml($bf, $context, $startlevel) { fwrite($bf, start_tag("ROLES_OVERRIDES", $startlevel, true)); if ($roles = get_roles_with_override_on_context($context)) { foreach ($roles as $role) { fwrite($bf, start_tag("ROLE", $startlevel + 1, true)); fwrite($bf, full_tag("ID", $startlevel + 2, false, $role->id)); fwrite($bf, full_tag("NAME", $startlevel + 2, false, $role->name)); fwrite($bf, full_tag("SHORTNAME", $startlevel + 2, false, $role->shortname)); fwrite($bf, start_tag("CAPABILITIES", $startlevel + 2, true)); if ($capabilities = get_capabilities_from_role_on_context($role, $context)) { foreach ($capabilities as $capability) { fwrite($bf, start_tag("CAPABILITY", $startlevel + 3, true)); fwrite($bf, full_tag("NAME", $startlevel + 4, false, $capability->capability)); fwrite($bf, full_tag("PERMISSION", $startlevel + 4, false, $capability->permission)); fwrite($bf, full_tag("TIMEMODIFIED", $startlevel + 4, false, $capability->timemodified)); if (!isset($capability->modifierid)) { $capability->modifierid = 0; } fwrite($bf, full_tag("MODIFIERID", $startlevel + 4, false, $capability->modifierid)); fwrite($bf, end_tag("CAPABILITY", $startlevel + 3, true)); } } fwrite($bf, end_tag("CAPABILITIES", $startlevel + 2, true)); fwrite($bf, end_tag("ROLE", $startlevel + 1, true)); } } fwrite($bf, end_tag("ROLES_OVERRIDES", $startlevel, true)); }
/** * Create a user, role and token. Return the created token id. * @param string $rolename the role to create/use - will be assign to the user * @param string $servicename service to link to the new token * @param string $username user to link to the new token * @param array $capabilities list of capabilities to add to the role * @return object created token */ function create_hub_token($rolename, $servicename, $username, $capabilities) { global $CFG, $DB; //requires libraries require_once $CFG->dirroot . '/user/lib.php'; //check the hidden service //because we cannot know the id of the service, we consider that hidden services have unique name! $services = $DB->get_records('external_services', array('name' => $servicename)); //if ever we have two hidden service with the same name, it's due to a programmation error if (count($services) > 1) { throw new moodle_exception('hiddenservicewithsamename'); } if (count($services) < 1) { throw new moodle_exception('unknownservicename'); } $role = $DB->get_record('role', array('name' => $rolename)); if (empty($role)) { $roleid = create_role($rolename, clean_param($rolename, PARAM_ALPHAEXT), get_string('hubwsroledescription', 'local_hub'), '', true); } else { $roleid = $role->id; } //check and create a user $user = $DB->get_record('user', array('username' => $username, 'idnumber' => $username)); if (empty($user)) { $user = new stdClass(); $user->username = $username; $user->firstname = $username; $user->lastname = get_string('donotdeleteormodify', 'local_hub'); $user->password = ''; //login no authorised with webservice authentication $user->auth = 'webservice'; $user->confirmed = 1; //need to be confirmed otherwise got deleted $user->idnumber = $username; $user->mnethostid = 1; $user->description = get_string('hubwsuserdescription', 'local_hub'); $user->timecreated = time(); $user->timemodified = $user->timecreated; // Add extra fields to prevent a debug notice. $userfields = get_all_user_name_fields(); foreach ($userfields as $key => $field) { if (!isset($user->{$key})) { $user->{$key} = null; } } // Insert the "site" user into the database. $user->id = $DB->insert_record('user', $user); \core\event\user_created::create_from_userid($user->id)->trigger(); add_to_log(SITEID, 'user', get_string('create'), '/view.php?id=' . $user->id, fullname($user)); } //check and assign the role to user $context = context_system::instance(); $existingroleassign = $DB->get_records('role_assignments', array('roleid' => $roleid, 'contextid' => $context->id, 'userid' => $user->id), 'id'); if (empty($existingroleassign)) { role_assign($roleid, $user->id, $context->id); } //check and assign capabilities to role $capabilities[] = 'webservice/xmlrpc:use'; if (empty($role)) { $role = new stdClass(); $role->id = $roleid; } $rolecapabilities = get_capabilities_from_role_on_context($role, $context); if (!empty($capabilities)) { foreach ($capabilities as $capability) { $capabilityassigned = false; foreach ($rolecapabilities as $rolecapability) { if ($rolecapability->capability == $capability) { $capabilityassigned = true; break; } } if (!$capabilityassigned) { assign_capability($capability, CAP_ALLOW, $roleid, $context->id); } } } //enable the hidden service and assign it to the user foreach ($services as $service) { //there should be only one service into the array!!! //checked at beginning of the function $serviceid = $service->id; //if no hidden token was created for this service, we need to enable it if (!$service->enabled) { $service->enabled = 1; $DB->update_record('external_services', $service); } $serviceuser = $DB->get_record('external_services_users', array('externalserviceid' => $serviceid, 'userid' => $user->id)); if (empty($serviceuser)) { $serviceuser = new stdClass(); $serviceuser->externalserviceid = $serviceid; $serviceuser->userid = $user->id; $serviceuser->timecreated = time(); $DB->insert_record('external_services_users', $serviceuser); } } //check and create a token $resulttoken = new stdClass(); $resulttoken->userid = $user->id; $resulttoken->tokentype = EXTERNAL_TOKEN_PERMANENT; $resulttoken->externalserviceid = $serviceid; $resulttoken->contextid = $context->id; $resulttoken->creatorid = $user->id; $token = $DB->get_record('external_tokens', (array) $resulttoken); if (empty($token)) { $resulttoken->timecreated = time(); $resulttoken->token = md5(uniqid(rand(), 1)); $tokenid = $DB->insert_record('external_tokens', $resulttoken); $resulttoken->id = $tokenid; } else { //throw new moodle_exception('hiddentokenalreadyexist'); // Just return the found token instead of throwing an error. $resulttoken = $token; } return $resulttoken; }