Commit c2460f76 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1580399: Stop users logging in to suspended/expired institutions"

parents 94a3128f c10a36bc
......@@ -1676,6 +1676,21 @@ function ensure_user_account_is_active($user=null) {
}
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// Check to see if institution is suspended or expired
// If a user in more than one institution and one of them is suspended
// make sure their authinstance is not set to the suspended/expired institution
// otherwise they will not be able to login (administer via site).
$authinstance = get_record_sql('
SELECT i.suspended, CASE WHEN i.expiry < NOW() THEN 1 ELSE 0 END AS expired, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($user->authinstance));
if ($authinstance->suspended || $authinstance->expired) {
$sitename = get_config('sitename');
$state = ($authinstance->suspended) ? 'suspended' : 'expired';
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institution' . $state, 'mahara', $authinstance->displayname, $sitename));
return false;
}
}
/**
......
......@@ -1498,19 +1498,6 @@ class LiveUser extends User {
if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) {
$instanceid = $parentid;
}
// Check for a suspended institution
// If a user in more than one institution and one of them is suspended
// make sure their authinstance is not set to the suspended institution
// otherwise they will not be able to login.
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
$auth = AuthFactory::create($instanceid);
......
......@@ -245,6 +245,8 @@ $string['linksandresources'] = 'Links and resources';
// auth
$string['accesstotallydenied_institutionsuspended'] = 'Your institution %s has been suspended. Until it is unsuspended, you will not be able to log in to %s.
Please contact your institution for help.';
$string['accesstotallydenied_institutionexpired'] = 'Your institution %s has expired. Until it is unexpired, you will not be able to log in to %s.
Please contact your institution for help.';
$string['accessforbiddentoadminsection'] = 'You are forbidden from accessing the administration section.';
$string['accountdeleted'] = 'Sorry, your account has been deleted. You can <a href="%scontact.php">contact the site administrator</a>.';
$string['accountexpired'] = 'Sorry, your account has expired. You can <a href="%scontact.php">contact the site administrator</a> to have it reactivated.';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment