Commit 3fb9009f authored by Francois Marier's avatar Francois Marier
Browse files

Prevent masquerading users from jumping as others



As described in bug #884223, if an administator is masquerading as another
user, they should be prevented from jumping as that other user.

Change-Id: Ie07f3b807a61bbbb94c9051fb7c4b8df03d19f24
Signed-off-by: default avatarAndrew Robert Nicols <andrew.nicols@luns.net.uk>
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent aeba1733
......@@ -64,6 +64,11 @@ function generate_token() {
function start_jump_session($peer, $instanceid, $wantsurl="") {
global $USER;
if ($USER->get('parentuser')) {
// Prevent masquerading users from jumping
throw new AccessTotallyDeniedException(get_string('cannotjumpasmasqueradeduser', 'auth'));
}
$rpc_negotiation_timeout = 15;
$providers = get_service_providers($USER->authinstance);
......
......@@ -86,3 +86,4 @@ $string['hostwwwrootinuse'] = 'WWW root already in use by another institution (%
// Error messages for external authentication usernames
$string['duplicateremoteusername'] = 'This external authentication username is already in use by the user %s. External authentication usernames must be unique within an authentication method.';
$string['duplicateremoteusernameformerror'] = 'External authentication usernames must be unique within an authentication method.';
$string['cannotjumpasmasqueradeduser'] = 'You cannot jump to another application whilst masquerading as another user.';
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment