. /** * Web services tokens admin UI * * @package webservice * @author Jerome Mouneyrac * @copyright 2009 Moodle Pty Ltd (http://moodle.com) * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ require_once('../../config.php'); require_once($CFG->libdir . '/adminlib.php'); require_once($CFG->dirroot . '/' . $CFG->admin . '/webservice/forms.php'); require_once($CFG->libdir . '/externallib.php'); $action = optional_param('action', '', PARAM_ALPHANUMEXT); $tokenid = optional_param('tokenid', '', PARAM_SAFEDIR); $confirm = optional_param('confirm', 0, PARAM_BOOL); admin_externalpage_setup('addwebservicetoken'); //Deactivate the second 'Manage token' navigation node, and use the main 'Manage token' navigation node $node = $PAGE->settingsnav->find('addwebservicetoken', navigation_node::TYPE_SETTING); $newnode = $PAGE->settingsnav->find('webservicetokens', navigation_node::TYPE_SETTING); if ($node && $newnode) { $node->display = false; $newnode->make_active(); } $tokenlisturl = new moodle_url("/" . $CFG->admin . "/settings.php", array('section' => 'webservicetokens')); require_once($CFG->dirroot . "/webservice/lib.php"); $webservicemanager = new webservice(); switch ($action) { case 'create': $mform = new web_service_token_form(null, array('action' => 'create')); $data = $mform->get_data(); if ($mform->is_cancelled()) { redirect($tokenlisturl); } else if ($data and confirm_sesskey()) { ignore_user_abort(true); //check the the user is allowed for the service $selectedservice = $webservicemanager->get_external_service_by_id($data->service); if ($selectedservice->restrictedusers) { $restricteduser = $webservicemanager->get_ws_authorised_user($data->service, $data->user); if (empty($restricteduser)) { $allowuserurl = new moodle_url('/' . $CFG->admin . '/webservice/service_users.php', array('id' => $selectedservice->id)); $allowuserlink = html_writer::tag('a', $selectedservice->name , array('href' => $allowuserurl)); $errormsg = $OUTPUT->notification(get_string('usernotallowed', 'webservice', $allowuserlink)); } } //check if the user is deleted. unconfirmed, suspended or guest $user = $DB->get_record('user', array('id' => $data->user)); if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) { throw new moodle_exception('forbiddenwsuser', 'webservice'); } //process the creation if (empty($errormsg)) { //TODO improvement: either move this function from externallib.php to webservice/lib.php // either move most of webservicelib.php functions into externallib.php // (create externalmanager class) MDL-23523 external_generate_token(EXTERNAL_TOKEN_PERMANENT, $data->service, $data->user, context_system::instance(), $data->validuntil, $data->iprestriction); redirect($tokenlisturl); } } //OUTPUT: create token form echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('createtoken', 'webservice')); if (!empty($errormsg)) { echo $errormsg; } $mform->display(); echo $OUTPUT->footer(); die; break; case 'delete': $token = $webservicemanager->get_token_by_id_with_details($tokenid); if ($token->creatorid != $USER->id) { require_capability("moodle/webservice:managealltokens", context_system::instance()); } //Delete the token if ($confirm and confirm_sesskey()) { $webservicemanager->delete_user_ws_token($token->id); redirect($tokenlisturl); } ////OUTPUT: display delete token confirmation box echo $OUTPUT->header(); $renderer = $PAGE->get_renderer('core', 'webservice'); echo $renderer->admin_delete_token_confirmation($token); echo $OUTPUT->footer(); die; break; default: //wrong url access redirect($tokenlisturl); break; }