Bug 1566122: Add token set institution to user's institution

Rather than setting it to 'mahara' by default behatnotneeded Change-Id: I7dcd754febe0ab56488aeca941b76e6cce112409 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Bug 1566122: Add token set institution to user's institution
Rather than setting it to 'mahara' by default behatnotneeded Change-Id: I7dcd754febe0ab56488aeca941b76e6cce112409 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
380a44e1 · Robert Lyon · 7668c944 · 380a44e1 · 380a44e1
Commit 380a44e1 authored Sep 20, 2017 by Robert Lyon
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 3 deletions

htdocs/webservice/admin/index.php htdocs/webservice/admin/index.php +3 -1

htdocs/webservice/lib.php htdocs/webservice/lib.php +9 -2

No files found.
--- a/htdocs/webservice/admin/index.php
+++ b/htdocs/webservice/admin/index.php
@@ -960,7 +960,9 @@ function webservice_token_submit(Pieform $form, $values) {
                else {
                    // just pass the first one for the moment
                    $service = array_shift($services);
-                    $token = webservice_generate_token(EXTERNAL_TOKEN_PERMANENT, $service, $dbuser->id);
+                    $auth_instance = webservice_validate_user($dbuser);
+                    $institution = $auth_instance ? $auth_instance->institution : 'mahara';
+                    $token = webservice_generate_token(EXTERNAL_TOKEN_PERMANENT, $service, $dbuser->id, $institution);
                    $dbtoken = get_record('external_tokens', 'token', $token);
                    redirect('/webservice/admin/tokenconfig.php?token=' . $dbtoken->id);
                }

--- a/htdocs/webservice/lib.php
+++ b/htdocs/webservice/lib.php
@@ -149,8 +149,15 @@ function mahara_external_atom_returns() {
 function webservice_validate_user($dbuser) {
    global $SESSION;
    if (!empty($dbuser)) {
-        $auth_instance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1);
-        if ($auth_instance->authname == 'webservice') {
+        if ($auth_instance = get_record_sql("SELECT * FROM {auth_instance}
+                                             WHERE authname = 'webservice'
+                                             AND active = 1
+                                             AND institution = (
+                                                SELECT institution FROM {auth_instance}
+                                                WHERE id = ?
+                                                AND active = 1
+                                             )", array($dbuser->authinstance))) {
+            // User belongs to an institution that contains the 'webservice' auth method
            $memberships = count_records('usr_institution', 'usr', $dbuser->id);
            if ($memberships == 0) {
                // auth instance should be a mahara one