MDL-55791 admin: maintenance mode access capability

Add capability to allow certain non-admin users through maintenance mode.
marinaglancy · Sep 12, 2016 · 59c66f9 · 59c66f9
1 parent 0344082
commit 59c66f9
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 13 deletions.
diff --git a/index.php b/index.php
@@ -52,13 +52,15 @@
     user_accesstime_log();
 }
 
-$hassiteconfig = has_capability('moodle/site:config', context_system::instance());
+$hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance());
 
 // If the site is currently under maintenance, then print a message.
-if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
     print_maintenance_message();
 }
 
+$hassiteconfig = has_capability('moodle/site:config', context_system::instance());
+
 if ($hassiteconfig && moodle_needs_upgrading()) {
     redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php');
 }

diff --git a/lang/en/role.php b/lang/en/role.php
@@ -392,6 +392,7 @@
 $string['site:doclinks'] = 'Show links to offsite docs';
 $string['site:forcelanguage'] = 'Override course language';
 $string['site:import'] = 'Import other courses into a course';
+$string['site:maintenanceaccess'] = 'Allowed access when maintenance mode is enabled.';
 $string['site:manageblocks'] = 'Manage blocks on a page';
 $string['site:mnetloginfromremote'] = 'Login from a remote application via MNet';
 $string['site:mnetlogintoremote'] = 'Roam to a remote application via MNet';

diff --git a/lib/db/access.php b/lib/db/access.php
@@ -2292,5 +2292,11 @@
             'manager' => CAP_ALLOW
         ),
     ),
+    'moodle/site:maintenanceaccess' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'archetypes' => array(
+        )
+    ),
 
 );
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2683,7 +2683,7 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
     }
 
     // If the site is currently under maintenance, then print a message.
-    if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:config', $sysctx)) {
+    if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:maintenanceaccess', $sysctx)) {
         if ($preventredirect) {
             throw new require_login_exception('Maintenance in progress');
         }

diff --git a/login/token.php b/login/token.php
@@ -46,9 +46,9 @@
 $user = authenticate_user_login($username, $password);
 if (!empty($user)) {
 
-    //Non admin can not authenticate if maintenance mode
-    $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-    if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+    // Cannot authenticate unless maintenance access is granted.
+    $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+    if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
         throw new moodle_exception('sitemaintenance', 'admin');
     }
 

diff --git a/version.php b/version.php
@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2016090800.01;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2016090800.02;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.
 

diff --git a/webservice/lib.php b/webservice/lib.php
@@ -120,9 +120,9 @@ public function authenticate_user($token) {
             }
         }
 
-        //Non admin can not authenticate if maintenance mode
-        $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-        if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+        // Cannot authenticate unless maintenance access is granted.
+        $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+        if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
             //this is usually temporary, client want to implement code logic  => moodle_exception
             throw new moodle_exception('sitemaintenance', 'admin');
         }
@@ -924,9 +924,9 @@ protected function authenticate_user() {
             $user = $this->authenticate_by_token(EXTERNAL_TOKEN_EMBEDDED);
         }
 
-        //Non admin can not authenticate if maintenance mode
-        $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-        if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+        // Cannot authenticate unless maintenance access is granted.
+        $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+        if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
             throw new moodle_exception('sitemaintenance', 'admin');
         }