Commit fb3715c6 authored by Aaron Wells's avatar Aaron Wells Committed by Gerrit Code Review

Merge "Getting suspended institutions to keep their user out. (Bug 1348024)"

parents d7e6485e de21ad32
......@@ -1011,6 +1011,19 @@ if ($institution && $institution != 'mahara') {
$SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin'));
}
else {
// Need to logout any users that are using this institution's authinstance.
if ($loggedin = get_records_sql_array("SELECT ui.usr FROM {usr_institution} ui
JOIN {usr} u ON u.id = ui.usr
JOIN {auth_instance} ai ON ai.id = u.authinstance
JOIN {usr_session} us ON us.usr = u.id
WHERE ui.institution = ?
AND ai.institution = ?", array($values['i'], $values['i']))) {
foreach ($loggedin as $user) {
$loggedinarray[] = $user->usr;
}
delete_records_sql("DELETE FROM {usr_session} WHERE usr IN (" . join(',', $loggedinarray) . ")");
$SESSION->add_ok_msg(get_string('institutionlogoutusers', 'admin', count($loggedin)));
}
set_field('institution', 'suspended', 1, 'name', $values['i']);
$SESSION->add_ok_msg(get_string('institutionsuspended', 'admin'));
}
......
......@@ -1470,6 +1470,20 @@ class LiveUser extends User {
if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) {
$instanceid = $parentid;
}
// Check for a suspended institution
// If a user in more than one institution and one of them is suspended
// make sure their authinstance is not set to the suspended institution
// otherwise they will not be able to login.
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
$auth = AuthFactory::create($instanceid);
// catch the AuthInstanceException that allows authentication plugins to
......@@ -1477,17 +1491,6 @@ class LiveUser extends User {
try {
if ($auth->authenticate_user_account($user, $password)) {
$this->authenticate($user, $auth->instanceid);
// Check for a suspended institution
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
return true;
}
}
......
......@@ -1026,9 +1026,13 @@ $string['makeuserinstitutionstaff'] = 'Automatically assign institution staff pe
$string['errorwhileunsuspending'] = 'An error occurred while trying to unsuspend';
$string['institutionsuspended'] = 'Institution suspended';
$string['institutionunsuspended'] = 'Institution unsuspended';
$string['institutionlogoutusers'] = array(
0 => 'Logged out 1 user',
1 => 'Logged out %s users',
);
$string['suspendedinstitution'] = 'SUSPENDED';
$string['suspendinstitution'] = 'Suspend institution';
$string['suspendinstitutiondescription'] = 'Here you may suspend an institution. Users of suspended institutions will be unable to log in until the institution is unsuspended.';
$string['suspendinstitutiondescription'] = 'Here you may suspend an institution. Users using an authentication method of a suspended institution will be unable to log in until the institution is unsuspended.';
$string['suspendedinstitutionmessage'] = 'This institution has been suspended.';
$string['unsuspendinstitution'] = 'Unsuspend institution';
$string['unsuspendinstitutiondescription'] = 'Here you may unsuspend an institution. Users of suspended institutions will be unable to log in until the institution is unsuspended.<br /><strong>Beware:</strong> Unsuspending an institution without resetting or turning off its expiry date may result in a daily re-suspension.';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment