Commit e19d7fb0 authored by Jiri Baum's avatar Jiri Baum
Browse files

Masquerading auditability - report on masquerading sessions. (Bug #1027574)



Masquerading session report, including who, why and when the session started.

Change-Id: I93a6daa60c97ac6a22b6f6d35ba25cb7c2ab275e
Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
parent 7a6d1f34
......@@ -39,6 +39,10 @@ $tabs = array(
'id' => 'accesslist',
'name' => get_string('accesslist', 'view'),
),
'loginaslog' => array(
'id' => 'loginaslog',
'name' => get_string('loginaslog', 'admin'),
),
);
$selected = 'users';
......@@ -154,6 +158,39 @@ else if ($selected == 'accesslist') {
$smarty->assign_by_ref('USER', $USER);
$userlisthtml = $smarty->fetch('admin/users/accesslists.tpl');
}
else if ($selected == 'loginaslog') {
$ph = array_merge($userids, $userids);
$log = get_records_sql_array('
SELECT *
FROM event_log
WHERE (usr IN (' . join(',', array_fill(0, count($userids), '?')) . ')
OR realusr IN (' . join(',', array_fill(0, count($userids), '?')) . '))
AND event = \'loginas\'
ORDER BY time DESC',
$ph
);
if (empty($log)) {
$log = array();
}
foreach($log as $l) {
$l->data = json_decode($l->data);
foreach(array('usr', 'realusr') as $f) {
$l->{$f . 'name'} = display_name($l->{$f});
}
}
if (!in_array(get_config('eventloglevel'), array('masq', 'all'))) {
$note = get_string('masqueradingnotloggedwarning', 'admin', get_config('wwwroot'));
}
else {
$note = false;
}
$smarty = smarty_core();
$smarty->assign_by_ref('log', $log);
$smarty->assign_by_ref('USER', $USER);
$smarty->assign('note', $note);
$userlisthtml = $smarty->fetch('admin/users/loginaslog.tpl');
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', TITLE);
......
......@@ -1026,6 +1026,11 @@ $string['masqueradereason'] = 'Reason';
$string['masqueradereasondescription'] = 'Please enter a reason for logging in as this user. Note: The user will not be notified of this reason, but it will be logged.';
$string['masqueradenotificationdone'] = 'The user has been notified of this masquerading session.';
$string['masqueradenotifiedreasondescription'] = 'Please enter a reason for logging in as this user. Note: The user will receive a message containing your name, the date and time as well as the reason for your masquerading.';
$string['masqueradetime'] = 'Start of masquerading';
$string['masquerader'] = 'Masquerading administrator';
$string['masqueradee'] = 'User';
$string['loginaslog'] = 'Masquerading sessions';
$string['masqueradingnotloggedwarning'] = '<b>Note</b>: Logging of masquerading sessions is currently disabled. In order to see data in this table, the site administrator needs to turn it on in "Logging settings" under "<a href="%sadmin/site/options.php">Configure site</a>".';
$string['masqueradenotificationsubject'] = 'An administrator logged in as you';
$string['masqueradenotificationnoreason'] = 'The administrator %s logged into your account on %s.';
$string['masqueradenotificationreason'] = 'The administrator %s logged into your account on %s. The reason was: %s';
<h3>Log events</h3>
<p>Events are generated every time the user does anything significant on the site, such as editing a page.</p>
<p>Optionally, a log of these events can be kept. You can keep either all events, which could be a lot of data and database activity on a busy site, or only those events pertaining to the masquerading of an administrator as another user when using the "Log in as" functionality.
This log is kept in the event_log table in the database.</p>
This log is kept in the event_log table in the database. A report of masquerading sessions is available in the "User reports" section of the "User search" administration page.</p>
<p>No matter which setting you choose, all events are still logged in the access log.</p>
<table class="fullwidth">
<thead>
<tr>
<th>{str tag=masqueradee section=admin}</th>
<th>{str tag=masqueradereason section=admin}</th>
<th>{str tag=masquerader section=admin}</th>
<th>{str tag=masqueradetime section=admin}</th>
</tr>
</thead>
<tbody>
{foreach from=$log item=l}
<tr class="{cycle values='r0,r1'}">
<td><a href="{profile_url($l->usr)}">{$l->usrname}</a></td>
<td>{$l->data->reason}</a></td>
<td><a href="{profile_url($l->realusr)}">{$l->realusrname}</a></td>
<td>{$l->data->when}</a></td>
</tr>
{/foreach}
</tbody>
</table>
{if $note}
<p>{$note|safe}</p>
{/if}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment