MDL-17767 loginas refactoring and simplification; full SESSION switch…

…ing implemented
moodle · Jan 2, 2009 · 6132768 · 6132768
1 parent 542797b
commit 6132768
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 61 deletions.
diff --git a/calendar/lib.php b/calendar/lib.php
@@ -558,7 +558,7 @@ function calendar_print_event($event) {
             $editlink   = CALENDAR_URL.'event.php?action=edit&amp;id='.$event->id.$calendarcourseid;
             $deletelink = CALENDAR_URL.'event.php?action=delete&amp;id='.$event->id.$calendarcourseid;
         } else {
-            $editlink   = $CFG->wwwroot.'/course/mod.php?update='.$event->cmid.'&amp;return=true&amp;sesskey='.$USER->sesskey;
+            $editlink   = $CFG->wwwroot.'/course/mod.php?update='.$event->cmid.'&amp;return=true&amp;sesskey='.sesskey();
             $deletelink = ''; // deleting activities directly from calendar is dangerous/confusing - see MDL-11843
         }
         echo ' <a href="'.$editlink.'"><img
@@ -1144,25 +1144,6 @@ function calendar_get_course_cached(&$coursecache, $courseid) {
 function calendar_session_vars($course=null) {
     global $SESSION, $USER;
 
-    if(!empty($USER->id) && isset($USER->realuser) && !isset($SESSION->cal_loggedinas)) {
-        // We just logged in as someone else, update the filtering
-        unset($SESSION->cal_users_shown);
-        unset($SESSION->cal_courses_shown);
-        $SESSION->cal_loggedinas = true;
-        if(intval(get_user_preferences('calendar_persistflt', 0))) {
-            calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
-        }
-    }
-    else if(!empty($USER->id) && !isset($USER->realuser) && isset($SESSION->cal_loggedinas)) {
-        // We just logged back to our real self, update again
-        unset($SESSION->cal_users_shown);
-        unset($SESSION->cal_courses_shown);
-        unset($SESSION->cal_loggedinas);
-        if(intval(get_user_preferences('calendar_persistflt', 0))) {
-            calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
-        }
-    }
-
     if(!isset($SESSION->cal_course_referer)) {
         $SESSION->cal_course_referer = 0;
     }

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2108,7 +2108,8 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
 
         } else if (has_capability('moodle/course:view', $COURSE->context)) {
             if (is_loggedinas()) {   // Make sure the REAL person can also access this course
-                if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) {
+                $realuser = get_real_user();
+                if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) {
                     print_header_simple();
                     notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
                 }

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
@@ -263,6 +263,18 @@ function is_loggedinas() {
     return !empty($USER->realuser);
 }
 
+/**
+ * Returns the $USER object ignoring current login-as session
+ * @return object user object
+ */
+function get_real_user() {
+    if (is_loggedinas()) {
+        return $_SESSION['REALUSER'];
+    } else {
+        return $_SESSION['USER'];
+    }
+}
+
 /**
  * Login as another user - no security checks here.
  * @param int $userid
@@ -276,28 +288,17 @@ function session_loginas($userid, $context) {
         return;
     }
 
-/// Remember current timeaccess settings for later
-
-    if (isset($USER->timeaccess)) {
-        $SESSION->oldtimeaccess = $USER->timeaccess;
-    }
-    if (isset($USER->grade_last_report)) {
-        $SESSION->grade_last_report = $USER->grade_last_report;
-    }
-
-    $olduserid   = $USER->id;
+    // switch to fresh session
+    $_SESSION['REALSESSION'] = $SESSION;
+    $_SESSION['SESSION']     = new object();
 
 /// Create the new USER object with all details and reload needed capabilitites
+    $_SESSION['REALUSER'] = $USER;
     $USER = get_complete_user_data('id', $userid);
-    $USER->realuser = $olduserid;
+    $USER->realuser       = $_SESSION['REALUSER']->id;
     $USER->loginascontext = $context;
     check_enrolment_plugins($USER);
     load_all_capabilities();   // reload capabilities
-
-    if (isset($SESSION->currentgroup)) {    // Remember current cache setting for later
-        $SESSION->oldcurrentgroup = $SESSION->currentgroup;
-        unset($SESSION->currentgroup);
-    }
 }
 
 /**
@@ -311,21 +312,11 @@ function session_unloginas() {
         return;
     }
 
-    $USER = get_complete_user_data('id', $USER->realuser);
-    load_all_capabilities();   // load all this user's normal capabilities
+    $_SESSION['SESSION'] = $_SESSION['REALSESSION'];
+    unset($_SESSION['REALSESSION']);
 
-    if (isset($SESSION->oldcurrentgroup)) {      // Restore previous "current group" cache.
-        $SESSION->currentgroup = $SESSION->oldcurrentgroup;
-        unset($SESSION->oldcurrentgroup);
-    }
-    if (isset($SESSION->oldtimeaccess)) {        // Restore previous timeaccess settings
-        $USER->timeaccess = $SESSION->oldtimeaccess;
-        unset($SESSION->oldtimeaccess);
-    }
-    if (isset($SESSION->grade_last_report)) {    // Restore grade defaults if any
-        $USER->grade_last_report = $SESSION->grade_last_report;
-        unset($SESSION->grade_last_report);
-    }
+    $_SESSION['USER'] = $_SESSION['REALUSER'];
+    unset($_SESSION['REALUSER']);
 }
 
 /**

diff --git a/lib/setup.php b/lib/setup.php
@@ -505,11 +505,10 @@ function stripslashes_deep($value) {
                                              $USER->lastname);
         }
         if (is_loggedinas()) {
-            if ($realuser = $DB->get_record('user', array('id'=>$USER->realuser))) {
-                $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
-                $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
-                $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
-            }
+            $realuser = get_real_user();
+            $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
+            $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
+            $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
         }
         switch ($CFG->apacheloguser) {
             case 3:

diff --git a/lib/weblib.php b/lib/weblib.php
@@ -3498,11 +3498,10 @@ function user_login_string($course=NULL, $user=NULL) {
     }
 
     if (is_loggedinas()) {
-        if ($realuser = $DB->get_record('user', array('id'=>$user->realuser))) {
-            $fullname = fullname($realuser, true);
-            $realuserinfo = " [<a $CFG->frametarget
-            href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&amp;return=1&amp;sesskey=".sesskey()."\">$fullname</a>] ";
-        }
+        $realuser = get_real_user();
+        $fullname = fullname($realuser, true);
+        $realuserinfo = " [<a $CFG->frametarget
+        href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&amp;return=1&amp;sesskey=".sesskey()."\">$fullname</a>] ";
     } else {
         $realuserinfo = '';
     }