$limit = 20;
if (!$USER->get('admin')) {
// Institutional admins with only 1 institution go straight to the edit page for that institution
// They cannot add or delete institutions, or edit an institution they don't administer
$add = false;
$delete = false;
if (!empty($institution) && !$USER->is_institutional_admin($institution)) {
$institution = '';
$edit = false;
}
if (empty($institution) && count($USER->get('admininstitutions')) == 1) {
redirect(get_config('wwwroot') . 'admin/users/institutions.php?i=' . key($USER->get('admininstitutions')));
}
}
if ($institution || $add) {
$authinstances = auth_get_auth_instances_for_institution($institution);
if (false == $authinstances) {
$authinstances = array();
}
if ($delete) {
function delete_validate(Pieform $form, $values)
{
if (get_field('usr_institution', 'COUNT(*)', 'institution', $values['i'])) {
throw new ConfigException('Attempt to delete an institution that has members');
}
}
function delete_cancel_submit()
{
redirect('/admin/users/institutions.php');
}
function delete_submit(Pieform $form, $values)
public static function get_instance_config_options($institution, $instance = 0)
{
$peer = new Peer();
// TODO : switch to getrecord
// Get a list of applications and make a dropdown from it
$applicationset = new ApplicationSet();
$apparray = array();
foreach ($applicationset as $app) {
$apparray[$app->name] = $app->displayname;
}
/**
* A parent authority for XML-RPC is the data-source that a remote XML-RPC service
* communicates with to authenticate a user, for example, the XML-RPC server that
* we connect to might be authorising users against an LDAP store. If this is the
* case, and we know of the LDAP store, and our users are able to log on to our
* system and be authenticated directly against the LDAP store, then we honor that
* association.
*
* In this way, the unique relationship is between the username and the authority,
* not the username and the institution. This allows an institution to have a user
* 'donal' on server 'LDAP-1' and a different user 'donal' on server 'LDAP-2'.
*
* Get a list of auth instances for this institution, and eliminate those that
* would not be valid parents (as they themselves require a parent). These are
* eliminated only to provide a saner interface to the admin user. In theory, it's
* ok to chain authorities.
*/
$instances = auth_get_auth_instances_for_institution($institution);
$options = array('None');
if (is_array($instances)) {
foreach ($instances as $someinstance) {
if ($someinstance->requires_parent == 1 || $someinstance->authname == 'none') {
continue;
}
$options[$someinstance->id] = $someinstance->instancename;
}
}
// Get the current data (if any exists) for this auth instance
if ($instance > 0) {
$default = get_record('auth_instance', 'id', $instance);
if ($default == false) {
throw new SystemException(get_string('nodataforinstance', 'auth') . $instance);
}
$current_config = get_records_menu('auth_instance_config', 'instance', $instance, '', 'field, value');
if ($current_config == false) {
throw new SystemException('No config data for instance: ' . $instance);
}
foreach (self::$default_config as $key => $value) {
if (array_key_exists($key, $current_config)) {
self::$default_config[$key] = $current_config[$key];
// We can use the wwwroot to create a Peer object
if ('wwwroot' == $key) {
$peer->findByWwwroot($current_config[$key]);
self::$default_config['wwwroot_orig'] = $current_config[$key];
}
} elseif (property_exists($default, $key)) {
self::$default_config[$key] = $default->{$key};
}
}
} else {
$max_priority = get_field('auth_instance', 'MAX(priority)', 'institution', $institution);
self::$default_config['priority'] = ++$max_priority;
}
if (empty($peer->application->name)) {
self::$default_config['appname'] = key(current($applicationset));
} else {
self::$default_config['appname'] = $peer->application->name;
}
$elements['instancename'] = array('type' => 'text', 'title' => get_string('authname', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => self::$default_config['instancename'], 'help' => true);
$elements['instance'] = array('type' => 'hidden', 'value' => $instance);
$elements['institution'] = array('type' => 'hidden', 'value' => $institution);
$elements['deleted'] = array('type' => 'hidden', 'value' => $peer->deleted);
$elements['authname'] = array('type' => 'hidden', 'value' => 'xmlrpc');
$elements['wwwroot'] = array('type' => 'text', 'title' => get_string('wwwroot', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => self::$default_config['wwwroot'], 'help' => true);
$elements['wwwroot_orig'] = array('type' => 'hidden', 'value' => self::$default_config['wwwroot_orig']);
$elements['oldwwwroot'] = array('type' => 'hidden', 'value' => 'xmlrpc');
if ($instance) {
$elements['publickey'] = array('type' => 'textarea', 'title' => get_string('publickey', 'admin'), 'defaultvalue' => get_field('host', 'publickey', 'wwwroot', self::$default_config['wwwroot']), 'rules' => array('required' => true), 'rows' => 15, 'cols' => 70);
$elements['publickeyexpires'] = array('type' => 'html', 'title' => get_string('publickeyexpires', 'admin'), 'value' => format_date(get_field('host', 'publickeyexpires', 'wwwroot', self::$default_config['wwwroot'])));
}
$elements['name'] = array('type' => 'text', 'title' => get_string('name', 'auth'), 'rules' => array('required' => true), 'defaultvalue' => $peer->name, 'help' => true);
/**
* empty($peer->appname) would ALWAYS return true, because the property doesn't really
* exist. When we try to get $peer->appname, we're actually calling the peer class's
* __get overloader. Unfortunately, the 'empty' function seems to just check for the
* existence of the property - it doesn't call the overloader. Bug or feature?
*/
$tmpappname = $peer->appname;
$elements['appname'] = array('type' => 'select', 'title' => get_string('application', 'auth'), 'collapseifoneoption' => true, 'multiple' => false, 'options' => $apparray, 'defaultvalue' => empty($tmpappname) ? 'moodle' : $tmpappname, 'help' => true);
$elements['parent'] = array('type' => 'select', 'title' => get_string('parent', 'auth'), 'collapseifoneoption' => false, 'options' => $options, 'defaultvalue' => self::$default_config['parent'], 'help' => true);
$elements['authloginmsg'] = array('type' => 'wysiwyg', 'rows' => 10, 'cols' => 70, 'title' => '', 'description' => get_string('authloginmsg2', 'auth'), 'defaultvalue' => self::$default_config['authloginmsg'], 'help' => true);
$elements['ssodirection'] = array('type' => 'select', 'title' => get_string('ssodirection', 'auth'), 'options' => array(0 => '--', 'theyssoin' => get_string('theyssoin', 'auth'), 'wessoout' => get_string('wessoout', 'auth')), 'defaultvalue' => self::$default_config['wessoout'] ? 'wessoout' : 'theyssoin', 'help' => true);
$elements['updateuserinfoonlogin'] = array('type' => 'switchbox', 'title' => get_string('updateuserinfoonlogin', 'auth'), 'defaultvalue' => self::$default_config['updateuserinfoonlogin'], 'help' => true);
$elements['weautocreateusers'] = array('type' => 'switchbox', 'title' => get_string('weautocreateusers', 'auth'), 'defaultvalue' => self::$default_config['weautocreateusers'], 'help' => true);
$elements['theyautocreateusers'] = array('type' => 'switchbox', 'title' => get_string('theyautocreateusers', 'auth'), 'defaultvalue' => self::$default_config['theyautocreateusers'], 'help' => true);
$elements['weimportcontent'] = array('type' => 'switchbox', 'title' => get_string('weimportcontent', 'auth'), 'defaultvalue' => self::$default_config['weimportcontent'], 'help' => true);
return array('elements' => $elements, 'renderer' => 'div');
}
function find_remote_user($username, $wwwroot)
{
$institution = get_field('host', 'institution', 'wwwroot', $wwwroot);
if (false == $institution) {
// This should never happen, because if we don't know the host we'll
// already have exited
throw new XmlrpcServerException('Unknown error');
}
$authinstances = auth_get_auth_instances_for_institution($institution);
$candidates = array();
$auths = array();
$aiid = 'ai.id';
if (!is_mysql()) {
$aiid = 'CAST(ai.id AS TEXT)';
}
$sql = 'SElECT
ai.*
FROM
{auth_instance} ai,
{auth_instance} ai2,
{auth_instance_config} aic
WHERE
ai.id = ? AND
ai.institution = ? AND
ai2.institution = ai.institution AND
' . $aiid . ' = aic.value AND
aic.field = \'parent\' AND
aic.instance = ai2.id AND
ai2.authname = \'xmlrpc\'';
foreach ($authinstances as $authinstance) {
if ($authinstance->authname != 'xmlrpc') {
$records = get_records_sql_array($sql, array($authinstance->id, $institution));
if (false == $records) {
continue;
}
}
try {
$user = new User();
$user->find_by_instanceid_username($authinstance->id, $username, true);
$candidates[$user->id] = $user;
$auths[] = $authinstance->id;
} catch (Exception $e) {
// we don't care
continue;
}
}
if (count($candidates) != 1) {
return false;
}
safe_require('auth', 'xmlrpc');
return array(array_pop($candidates), new AuthXmlrpc(array_pop($auths)));
}
