Commit 847f49ef authored by Robert Lyon's avatar Robert Lyon Committed by Aaron Wells
Browse files

Getting suspended institutions to keep their user out. (Bug 1348024)



Users who are logged in on the suspended institution's auth method
are logged out.

Change-Id: I10e1dec465a4363a076e92f4d90ec663ff8a822e
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 973fb7cc
...@@ -937,6 +937,19 @@ if ($institution && $institution != 'mahara') { ...@@ -937,6 +937,19 @@ if ($institution && $institution != 'mahara') {
$SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin')); $SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin'));
} }
else { else {
// Need to logout any users that are using this institution's authinstance.
if ($loggedin = get_records_sql_array("SELECT ui.usr FROM {usr_institution} ui
JOIN {usr} u ON u.id = ui.usr
JOIN {auth_instance} ai ON ai.id = u.authinstance
JOIN {usr_session} us ON us.usr = u.id
WHERE ui.institution = ?
AND ai.institution = ?", array($values['i'], $values['i']))) {
foreach ($loggedin as $user) {
$loggedinarray[] = $user->usr;
}
delete_records_sql("DELETE FROM {usr_session} WHERE usr IN (" . join(',', $loggedinarray) . ")");
$SESSION->add_ok_msg(get_string('institutionlogoutusers', 'admin', count($loggedin)));
}
set_field('institution', 'suspended', 1, 'name', $values['i']); set_field('institution', 'suspended', 1, 'name', $values['i']);
$SESSION->add_ok_msg(get_string('institutionsuspended', 'admin')); $SESSION->add_ok_msg(get_string('institutionsuspended', 'admin'));
} }
......
...@@ -1426,6 +1426,20 @@ class LiveUser extends User { ...@@ -1426,6 +1426,20 @@ class LiveUser extends User {
if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) { if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) {
$instanceid = $parentid; $instanceid = $parentid;
} }
// Check for a suspended institution
// If a user in more than one institution and one of them is suspended
// make sure their authinstance is not set to the suspended institution
// otherwise they will not be able to login.
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
$auth = AuthFactory::create($instanceid); $auth = AuthFactory::create($instanceid);
// catch the AuthInstanceException that allows authentication plugins to // catch the AuthInstanceException that allows authentication plugins to
...@@ -1433,17 +1447,6 @@ class LiveUser extends User { ...@@ -1433,17 +1447,6 @@ class LiveUser extends User {
try { try {
if ($auth->authenticate_user_account($user, $password)) { if ($auth->authenticate_user_account($user, $password)) {
$this->authenticate($user, $auth->instanceid); $this->authenticate($user, $auth->instanceid);
// Check for a suspended institution
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
return true; return true;
} }
} }
......
...@@ -981,9 +981,13 @@ $string['makeuserinstitutionstaff'] = 'Automatically assign institution staff pe ...@@ -981,9 +981,13 @@ $string['makeuserinstitutionstaff'] = 'Automatically assign institution staff pe
$string['errorwhileunsuspending'] = 'An error occurred while trying to unsuspend'; $string['errorwhileunsuspending'] = 'An error occurred while trying to unsuspend';
$string['institutionsuspended'] = 'Institution suspended'; $string['institutionsuspended'] = 'Institution suspended';
$string['institutionunsuspended'] = 'Institution unsuspended'; $string['institutionunsuspended'] = 'Institution unsuspended';
$string['institutionlogoutusers'] = array(
0 => 'Logged out 1 user',
1 => 'Logged out %s users',
);
$string['suspendedinstitution'] = 'SUSPENDED'; $string['suspendedinstitution'] = 'SUSPENDED';
$string['suspendinstitution'] = 'Suspend institution'; $string['suspendinstitution'] = 'Suspend institution';
$string['suspendinstitutiondescription'] = 'Here you may suspend an institution. Users of suspended institutions will be unable to log in until the institution is unsuspended.'; $string['suspendinstitutiondescription'] = 'Here you may suspend an institution. Users using an authentication method of a suspended institution will be unable to log in until the institution is unsuspended.';
$string['suspendedinstitutionmessage'] = 'This institution has been suspended.'; $string['suspendedinstitutionmessage'] = 'This institution has been suspended.';
$string['unsuspendinstitution'] = 'Unsuspend institution'; $string['unsuspendinstitution'] = 'Unsuspend institution';
$string['unsuspendinstitutiondescription'] = 'Here you may unsuspend an institution. Users of suspended institutions will be unable to log in until the institution is unsuspended.<br /><strong>Beware:</strong> Unsuspending an institution without resetting or turning off its expiry date may result in a daily re-suspension.'; $string['unsuspendinstitutiondescription'] = 'Here you may unsuspend an institution. Users of suspended institutions will be unable to log in until the institution is unsuspended.<br /><strong>Beware:</strong> Unsuspending an institution without resetting or turning off its expiry date may result in a daily re-suspension.';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment