Commit cfe80afb authored by Robert Lyon's avatar Robert Lyon

Fix for bulk user change auth method problem (Bug #1180194)

The auth_remote_user db table was not being updated correctly when
users were being moved from one auth method to another in bulk.
Fix adds in the correct lines to that table. Code similar to what
is used in admin/users/edit.php for single user update.

Moved some things around to improve performance and fixed a mistake
Used a better way to check authname

Change-Id: Ieb2d453bc06646444aadaff92ea5b42af4246411
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 8c020560
......@@ -301,11 +301,15 @@ function adduser_submit(Pieform $form, $values) {
}
$authinstance = get_record('auth_instance', 'id', $values['authinstance']);
$remoteauth = false;
if ($authinstance->authname != 'internal') {
$remoteauth = true;
}
if (!isset($values['remoteusername'])){
$values['remoteusername'] = null;
}
$user->id = create_user($user, array(), $authinstance->institution, $authinstance, $values['remoteusername'], $values);
$user->id = create_user($user, array(), $authinstance->institution, $remoteauth, $values['remoteusername'], $values);
if (isset($user->admin) && $user->admin) {
require_once('activity.php');
......
......@@ -195,7 +195,7 @@ function changeauth_validate(Pieform $form, $values) {
}
function changeauth_submit(Pieform $form, $values) {
global $users, $SESSION, $authinstances;
global $users, $SESSION, $authinstances, $USER;
$newauth = AuthFactory::create($values['authinstance']);
$needspassword = method_exists($newauth, 'change_password');
......@@ -205,19 +205,44 @@ function changeauth_submit(Pieform $form, $values) {
db_begin();
foreach ($users as $user) {
if ($user->authinstance != $values['authinstance']) {
if ($user->haspassword && !$needspassword) {
$user->password = '';
$newauthinst = get_records_select_assoc('auth_instance', 'id = ?', array($values['authinstance']));
if ($USER->get('admin') || $USER->is_institutional_admin($newauthinst[$values['authinstance']]->institution)) {
foreach ($users as $user) {
if ($user->authinstance != $values['authinstance']) {
// Authinstance can be changed by institutional admins if both the
// old and new authinstances belong to the admin's institutions
$authinst = get_records_select_assoc('auth_instance', 'id = ?',
array($user->authinstance));
if ($USER->get('admin') || $USER->is_institutional_admin($authinst[$user->authinstance]->institution)) {
// determine the current remoteusername
$current_remotename = get_field('auth_remote_user', 'remoteusername',
'authinstance', $user->authinstance, 'localusr', $user->id);
if (!$current_remotename) {
$current_remotename = $user->username;
}
// remove row if new authinstance row already exists to avoid doubleups
if ($remoteuserexists = get_records_select_assoc('auth_remote_user', 'localusr = ? AND authinstance = ?',
array($user->id, $values['authinstance']))) {
delete_records('auth_remote_user', 'authinstance', $values['authinstance'], 'localusr', $user->id);
}
insert_record('auth_remote_user', (object) array(
'authinstance' => $values['authinstance'],
'remoteusername' => $current_remotename,
'localusr' => $user->id,
));
}
if ($user->haspassword && !$needspassword) {
$user->password = '';
}
else if ($needspassword && !$user->haspassword) {
$needpassword++;
}
$user->authinstance = $values['authinstance'];
update_record('usr', $user, 'id');
$updated++;
}
else if ($needspassword && !$user->haspassword) {
$needpassword++;
}
$user->authinstance = $values['authinstance'];
update_record('usr', $user, 'id');
$updated++;
}
}
......
......@@ -2171,8 +2171,8 @@ function create_user($user, $profile=array(), $institution=null, $remoteauth=nul
}
$accountprefs['licensedefault'] = LICENSE_INSTITUTION_DEFAULT;
}
if (!empty($remoteauth)) {
$authobj = get_record('auth_instance', 'id', $user->authinstance);
if (!empty($remoteauth) && $authobj->authname != 'internal') {
if (isset($remotename) && strlen($remotename) > 0) {
$un = $remotename;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment