Commit ae894987 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Change user to internal auth when removed from an external-auth institution

parent 84f2c5fc
......@@ -315,14 +315,18 @@ function edituser_institution_submit(Pieform $form, $values) {
db_commit();
break;
} else if (isset($values[$i->institution.'_remove'])) {
db_begin();
delete_records('usr_institution', 'usr', $user->id, 'institution', $i->institution);
handle_event('updateuser', $user->id);
db_commit();
if ($user->id == $USER->id) {
$USER->leave_institution($i->institution);
} else {
$user->leave_institution($i->institution);
}
// Institutional admins can no longer access this page
// if they remove the user from the institution, so
// send them back to user search.
if (!$USER->get('admin')) {
if (!$USER->is_institutional_admin()) {
redirect(get_config('wwwroot'));
}
redirect('/admin/users/search.php');
}
break;
......
......@@ -76,7 +76,6 @@ if ($usertype == 'requesters') {
'righttitle' => get_string('userstobeadded', 'admin'),
'searchparams' => array('requested' => 1),
);
$update = 'addUserAsMember';
$submittext = get_string('addmembers', 'admin');
} else if ($usertype == 'members') {
// LHS shows institution members, RHS shows users to be removed
......@@ -86,7 +85,6 @@ if ($usertype == 'requesters') {
'righttitle' => get_string('userstoberemoved', 'admin'),
'searchparams' => array('member' => 1),
);
$update = 'removeMember';
$submittext = get_string('removeusers', 'admin');
} else { // $usertype == nonmembers
// Behaviour depends on whether we allow users to have > 1 institution
......@@ -98,7 +96,6 @@ if ($usertype == 'requesters') {
'righttitle' => get_string('userstobeinvited', 'admin'),
'searchparams' => array('member' => 0, 'invited' => 0, 'requested' => 0)
);
$update = 'inviteUser';
$submittext = get_string('inviteusers', 'admin');
}
......@@ -124,11 +121,6 @@ $userlistform = pieform(array(
'value' => $institution,
'rules' => array('regex' => '/^[a-zA-Z0-9]+$/')
),
'update' => array(
'type' => 'hidden',
'value' => $update,
'rules' => array('regex' => '/^[a-zA-Z]+$/')
),
'submit' => array(
'type' => 'submit',
'value' => $submittext
......@@ -146,30 +138,51 @@ function institutionusers_submit(Pieform $form, $values) {
redirect($url);
}
$institution = new Institution($values['institution']);
if (!in_array($values['update'], array('addUserAsMember', 'removeMember', 'inviteUser'))) {
$dataerror = false;
if (!in_array($values['usertype'], array('requesters', 'members', 'nonmembers'))
|| !is_array($values['users'])) {
$dataerror = true;
} else {
foreach ($values['users'] as $id) {
if (!is_numeric($id)) {
$dataerror = true;
break;
}
}
}
if ($dataerror) {
$SESSION->add_error_msg(get_string('errorupdatinginstitutionusers', 'admin'));
redirect($url);
}
$institution = new Institution($values['institution']);
$maxusers = $institution->maxuseraccounts;
if (!empty($maxusers)) {
$members = $institution->countMembers();
if ($values['update'] == 'addUserAsMember' && $members + count($values['users']) >= $maxusers) {
if ($values['usertype'] == 'requesters' && $members + count($values['users']) >= $maxusers) {
$SESSION->add_error_msg(get_string('institutionuserserrortoomanyusers', 'admin'));
redirect($url);
}
if ($values['update'] == 'inviteUser'
if ($values['usertype'] == 'nonmembers'
&& $members + $institution->countInvites() + count($values['users']) >= $maxusers) {
$SESSION->add_error_msg(get_string('institutionuserserrortoomanyinvites', 'admin'));
redirect($url);
}
}
db_begin();
if ($values['usertype'] == 'members') {
$institution->removeMembers($values['users']);
} else {
$update = $values['usertype'] == 'requesters' ? 'addUserAsMember' : 'inviteUser';
foreach ($values['users'] as $id) {
$institution->{$values['update']}($id);
$institution->{$update}($id);
}
}
db_commit();
$SESSION->add_ok_msg(get_string('institutionusersupdated'.$values['usertype'], 'admin'));
if (!$USER->get('admin') && !$USER->is_institutional_admin()) {
redirect(get_config('wwwroot'));
}
redirect($url);
}
......
......@@ -375,8 +375,7 @@ class User {
if ($institution != 'mahara' && $this->in_institution($institution)) {
require_once('institution.php');
$institution = new Institution($institution);
$institution->removeMember($this);
$this->reset_institutions();
$institution->removeMember($this->to_stdclass());
}
}
......@@ -411,8 +410,12 @@ class User {
}
public function set_admin_institutions($institutions) {
if (empty($institutions)) {
$this->set('admininstitutions', array());
} else {
$this->set('admininstitutions', array_combine($institutions, $institutions));
}
}
public function add_institution_request($institution, $studentid = null) {
if (empty($institution) || $institution == 'mahara') {
......@@ -588,7 +591,10 @@ class LiveUser extends User {
return $this;
}
protected function reloadLiveUser($id) {
protected function reloadLiveUser($id=null) {
if (is_null($id)) {
$id = $this->get('id');
}
$this->commit();
$this->find_by_id($id);
$this->activityprefs = load_activity_preferences($id);
......@@ -628,5 +634,12 @@ class LiveUser extends User {
return $id;
}
public function leave_institution($institution) {
parent::leave_institution($institution);
$this->find_by_id($this->get('id'));
$this->reset_institutions();
}
}
?>
......@@ -249,6 +249,41 @@ $string['forgotpasswordenternew'] = 'Please enter your new password to continue'
$string['nosuchpasswordrequest'] = 'No such password request';
$string['passwordchangedok'] = 'Your password was successfully changed';
// Reset password when moving from external to internal auth.
$string['noinstitutionsetpassemailsubject'] = '%s: Membership of %s';
$string['noinstitutionsetpassemailmessagetext'] = 'Dear %s,
You are no longer a member of %s.
You may continue to use %s with your current username %s, but you must set a new password for your account.
Please follow the link below to continue the reset process.
' . get_config('wwwroot') . 'forgotpass.php?key=%s
If you have any questsions regarding the above, please feel free to contact
us.
' . get_config('wwwroot') . 'contact.php
Regards, %s Site Administrator
' . get_config('wwwroot') . 'forgotpass.php?key=%s';
$string['noinstitutionsetpassemailmessagehtml'] = '<p>Dear %s,</p>
<p>You are no longer a member of %s.</p>
<p>You may continue to use %s with your current username %s, but you must set a new password for your account.</p>
<p>Please follow the link below to continue the reset process.</p>
<p><a href="' . get_config('wwwroot') . 'forgotpass.php?key=%s">' . get_config('wwwroot') . 'forgotpass.php?key=%s</a></p>
<p>If you have any questsions regarding the above, please feel free to <a href="' . get_config('wwwroot') . 'contact.php">contact us</a>.</p>
<p>Regards, %s Site Administrator</p>
<p><a href="' . get_config('wwwroot') . 'forgotpass.php?key=%s">' . get_config('wwwroot') . 'forgotpass.php?key=%s</a></p>';
// Expiry times
$string['noenddate'] = 'No end date';
$string['day'] = 'day';
......
......@@ -306,10 +306,82 @@ class Institution {
db_commit();
}
public function removeMembers($userids) {
// Remove self last.
global $USER;
$users = get_records_select_array('usr', 'id IN (' . join(',', $userids) . ')');
$removeself = false;
foreach ($users as $user) {
if ($user->id == $USER->id) {
$removeself = true;
continue;
}
$this->removeMember($user);
}
if ($removeself) {
$USER->leave_institution($this->name);
}
}
public function removeMember($user) {
$userid = is_object($user) ? $user->id : $user;
delete_records('usr_institution', 'usr', $userid, 'institution', $this->name);
handle_event('updateuser', $userid);
if (is_numeric($user)) {
$user = get_record('usr', 'id', $user);
}
db_begin();
// If the user is being authed by the institution they are
// being removed from, change them to internal auth
$authinstances = get_records_select_assoc('auth_instance', "
institution IN ('mahara','" . $this->name . "')");
$oldauth = $user->authinstance;
if (isset($authinstances[$oldauth]) && $authinstances[$oldauth]->institution == $this->name) {
foreach ($authinstances as $ai) {
if ($ai->instancename == 'internal' && $ai->institution == 'mahara') {
$user->authinstance = $ai->id;
break;
}
}
delete_records('auth_remote_user', 'authinstance', $oldauth, 'localusr', $user->id);
// If the old authinstance was external, the user may need
// to set a password
if ($user->password == '') {
log_debug('resetting pw for '.$user->id);
$this->removeMemberSetPassword($user);
}
update_record('usr', $user);
}
delete_records('usr_institution', 'usr', $user->id, 'institution', $this->name);
handle_event('updateuser', $user->id);
db_commit();
}
/**
* Reset user's password, and send them a password change email
*/
private function removeMemberSetPassword(&$user) {
global $SESSION, $USER;
if ($user->id == $USER->id) {
$user->passwordchange = 1;
return;
}
try {
$pwrequest = new StdClass;
$pwrequest->usr = $user->id;
$pwrequest->expiry = db_format_timestamp(time() + 86400);
$pwrequest->key = get_random_key();
$sitename = get_config('sitename');
$fullname = display_name($user, null, true);
email_user($user, null,
get_string('noinstitutionsetpassemailsubject', 'mahara', $sitename, $this->displayname),
get_string('noinstitutionsetpassemailmessagetext', 'mahara', $fullname, $this->displayname, $sitename, $user->username, $pwrequest->key, $sitename, $pwrequest->key),
get_string('noinstitutionsetpassemailmessagehtml', 'mahara', $fullname, $this->displayname, $sitename, $user->username, $pwrequest->key, $pwrequest->key, $sitename, $pwrequest->key, $pwrequest->key));
insert_record('usr_password_request', $pwrequest);
}
catch (SQLException $e) {
$SESSION->add_error_msg(get_string('forgotpassemailsendunsuccessful'));
}
catch (EmailException $e) {
$SESSION->add_error_msg(get_string('forgotpassemailsendunsuccessful'));
}
}
public function countMembers() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment