chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Developed new option to block the "login as" feature - refs #6165

Browse Source
skala
Yannick Warnier 13 years ago
parent 69a9a3a8ca
commit 9a6ec762a8
7 changed files with 64 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      main/admin/user_information.php
  2. 39
      main/admin/user_list.php
  3. 9
      main/install/1.10.0/db_main.sql
  4. 5
      main/install/1.10.0/migrate-db-1.9.0-1.10.0-pre.sql
  5. 2
      main/install/configuration.dist.php
  6. 2
      main/install/configuration.dist.yml.php
  7. 8
      main/user/user.php

19
main/admin/user_information.php
Unescape View File

@ -36,11 +36,24 @@ if ( isset($_GET['action']) ) {
break;
}
}
//only allow platform admins to login_as, or session admins only for students (not teachers nor other admins)
//only allow platform admins to login_as, or session admins only for students
// (not teachers nor other admins), and only if all options confirm it
// $_configuration['login_as_forbidden_globally'], defined in configuration.php,
// is the master key to these conditions
$statusname = api_get_status_langvars();
$login_as_icon = '';
if (api_is_platform_admin() || (api_is_session_admin() && $row['6'] == $statusname[STUDENT])) {
$login_as_icon = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_list.php?action=login_as&amp;user_id='.$user['user_id'].'&amp;sec_token='.Security::getCurrentToken().'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>';
if (empty($_configuration['login_as_forbidden_globally']) &&
(api_is_global_platform_admin() ||
(api_get_setting('login_as_allowed') === 'true' &&
(api_is_platform_admin() ||
(api_is_session_admin() &&
(api_is_session_admin() && $row['6'] == $statusname[STUDENT])
)
)
)
)
) {
$login_as_icon = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_list.php?action=login_as&amp;user_id='.$user['user_id'].'&amp;sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>';
}
echo '<div class="actions"><a href="'.api_get_path(WEB_CODE_PATH).'mySpace/myStudents.php?student='.intval($_GET['user_id']).'" title="'.get_lang('Reporting').'">'.Display::return_icon('statistics.png',get_lang('Reporting'),'', ICON_SIZE_MEDIUM).'</a>'.$login_as_icon.'</div>';

39
main/admin/user_list.php
Unescape View File

@ -174,7 +174,7 @@ function login_user($user_id) {
$user_info = api_get_user_info($user_id);
// check if the user is allowed to 'login_as'
$can_login_as = (api_is_platform_admin() OR (api_is_session_admin() && $user_info['status'] == 5 ));
$can_login_as = empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || (api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() OR (api_is_session_admin() && $user_info['status'] == 5 ))));
if (!$can_login_as) { return false; }
$firstname = $user_info['firstname'];
@ -475,21 +475,36 @@ function modify_filter($user_id, $url_params, $row) {
}
}
//only allow platform admins to login_as, or session admins only for students (not teachers nor other admins)
if (api_is_platform_admin() || (api_is_session_admin() && $current_user_status_label == $statusname[STUDENT])) {
if (!$user_is_anonymous) {
//only allow platform admins to login_as, or session admins only for
// students (not teachers nor other admins), and only if all options
// match to say this user has the permission to do so
// $_configuration['login_as_forbidden_globally'], defined in
// configuration.php, is the master key to these conditions
global $_configuration;
if (empty($_configuration['login_as_forbidden_globally']) &&
(api_is_global_platform_admin() ||
(api_get_setting('login_as_allowed') === 'true' &&
(api_is_platform_admin() ||
(api_is_session_admin() &&
$current_user_status_label == $statusname[STUDENT]
)
)
)
)
) {
if (!$user_is_anonymous) {
if (api_global_admin_can_edit_admin($user_id)) {
$result .= '<a href="user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.Security::getCurrentToken().'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>&nbsp;&nbsp;';
// everything looks good, show "login as" link
$result .= '<a href="user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>&nbsp;&nbsp;';
} else {
// if this user in particular can't be edited, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).'&nbsp;&nbsp;';
}
//$result .= '<a href="user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.Security::getCurrentToken().'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>&nbsp;&nbsp;';
} else {
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).'&nbsp;&nbsp;';
}
} else {
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).'&nbsp;&nbsp;';
}
} else {
// if anonymous user but other users show the option, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).'&nbsp;&nbsp;';
}
} // Else don't show anything, because the option is not available at all
if ($current_user_status_label != $statusname[STUDENT]) {
$result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')).'&nbsp;&nbsp;';

9
main/install/1.10.0/db_main.sql
Unescape View File

@ -925,7 +925,8 @@ VALUES
('settings_latest_update', NULL, NULL, NULL, '', '','', NULL, NULL, 0),
('user_name_order', NULL, 'textfield', 'Platform', '', 'UserNameOrderTitle', 'UserNameOrderComment', NULL, NULL, 1),
('allow_teachers_to_create_sessions', NULL,'radio','Session','false','AllowTeachersToCreateSessionsTitle','AllowTeachersToCreateSessionsComment', NULL, NULL, 0),
('chamilo_database_version', NULL, 'textfield', NULL, '1.10.0.001','DatabaseVersion','', NULL, NULL, 0);
('login_as_allowed',NULL,'radio','Security','true','AdminLoginAsAllowedTitle','AdminLoginAsAllowedComment', 1, 0, 1);
('chamilo_database_version', NULL, 'textfield', NULL, '1.10.0.001','DatabaseVersion','', NULL, NULL, 0); -- base value, updated at end of file. Don't change here
UNLOCK TABLES;
/*!40000 ALTER TABLE settings_current ENABLE KEYS */;
@ -1276,7 +1277,9 @@ VALUES
('session_page_enabled', 'true', 'Yes'),
('session_page_enabled', 'false', 'No'),
('allow_teachers_to_create_sessions', 'true', 'Yes'),
('allow_teachers_to_create_sessions', 'false', 'No');
('allow_teachers_to_create_sessions', 'false', 'No'),
('login_as_allowed','true','Yes'),
('login_as_allowed','false','No');
UNLOCK TABLES;
@ -3521,4 +3524,4 @@ CREATE TABLE ext_log_entries (
) DEFAULT CHARSET=utf8;
-- Do not move this
UPDATE settings_current SET selected_value = '1.10.0.013' WHERE variable = 'chamilo_database_version';
UPDATE settings_current SET selected_value = '1.10.0.014' WHERE variable = 'chamilo_database_version';

5
main/install/1.10.0/migrate-db-1.9.0-1.10.0-pre.sql
Unescape View File

@ -73,6 +73,9 @@ ALTER TABLE session_rel_course_rel_user ADD INDEX idx_session_rel_course_rel_use
ALTER TABLE session_rel_user ADD INDEX idx_session_rel_user_id_user_moved (id_user, moved_to);
INSERT INTO settings_current(variable, type, category, selected_value, title, comment, access_url, access_url_changeable, access_url_locked) values ('login_as_allowed','radio','security','true','AdminLoginAsAllowedTitle','AdminLoginAsAllowedComment', 1, 0, 1);
INSERT INTO settings_options(variable, value, display_text) values ('login_as_allowed','true','Yes'),('login_as_allowed','false','No');
-- Courses changes c_XXX
-- ALTER TABLE c_lp_item ADD INDEX idx_c_lp_item_cid_lp_id (c_id, lp_id);
@ -283,4 +286,4 @@ ALTER TABLE question_field_values ADD COLUMN comment VARCHAR(100) default '';
ALTER TABLE c_quiz ADD COLUMN end_button int NOT NULL default 0;
-- Do not move this
UPDATE settings_current SET selected_value = '1.10.0.013' WHERE variable = 'chamilo_database_version';
UPDATE settings_current SET selected_value = '1.10.0.014' WHERE variable = 'chamilo_database_version';

2
main/install/configuration.dist.php
Unescape View File

@ -142,6 +142,8 @@ $_configuration['security_key'] = '{SECURITY_KEY}';
$_configuration['password_encryption'] = '{ENCRYPT_PASSWORD}';
//Deny the elimination of users
$_configuration['deny_delete_users'] = false;
//Prevent all admins from using the "login_as" feature
$_configuration['login_as_forbidden_globally'] = false;
/** Multiple URL */
// Activation for multi-url access

2
main/install/configuration.dist.yml.php
Unescape View File

@ -42,5 +42,7 @@ $_configuration['session_lifetime'] = 3600;
//$_configuration['multiple_access_urls'] = true;
//Deny the elimination of users
$_configuration['deny_delete_users'] = false;
//Prevent all admins from using the "login_as" feature
$_configuration['login_as_forbidden_globally'] = false;
// Version settings
$_configuration['system_version'] = '1.10';

8
main/user/user.php
Unescape View File

@ -608,7 +608,13 @@ function modify_filter($user_id) {
//if platform admin, show the login_as icon (this drastically shortens
// time taken by support to test things out)
if (api_is_platform_admin()) {
$result .= ' <a href="'.api_get_path(WEB_CODE_PATH).'admin/user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.Security::getCurrentToken().'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>&nbsp;&nbsp;';
// If not forbidden globally
if (empty($_configuration['login_as_forbidden_globally'])) {
// If global admin, authorize, otherwise check db setting allows it
if (api_is_global_platform_admin() or api_get_setting('login_as_allowed')==='true') {
$result .= ' <a href="'.api_get_path(WEB_CODE_PATH).'admin/user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a>&nbsp;&nbsp;';
}
}
}
if (api_is_allowed_to_edit(null, true)) {

Write Preview
Loading…
Cancel
Save