Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-28126 webservice : resolved integration conflicts

  • Loading branch information...
commit dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff 2 parents 6ff99dd + b057855
@nebgor nebgor authored
View
11 admin/webservice/forms.php
@@ -179,7 +179,7 @@ function definition() {
class web_service_token_form extends moodleform {
function definition() {
- global $USER, $DB;
+ global $USER, $DB, $CFG;
$mform = $this->_form;
$data = $this->_customdata;
@@ -194,9 +194,12 @@ function definition() {
if ($usertotal < 500) {
//user searchable selector - get all users (admin and guest included)
- $users = $DB->get_records('user',
- array('deleted' => 0, 'suspended' => 0, 'confirmed' => 1), 'lastname',
- 'id, firstname, lastname');
+ //user must be confirmed, not deleted, not suspended, not guest
+ $sql = "SELECT u.id, u.firstname, u.lastname
+ FROM {user} u
+ WHERE u.deleted = 0 AND u.confirmed = 1 AND u.suspended = 0 AND u.id != ?
+ ORDER BY u.lastname";
+ $users = $DB->get_records_sql($sql, array($CFG->siteguest));
$options = array();
foreach ($users as $userid => $user) {
$options[$userid] = $user->firstname . " " . $user->lastname;
View
6 admin/webservice/tokens.php
@@ -71,6 +71,12 @@
}
}
+ //check if the user is deleted. unconfirmed, suspended or guest
+ $user = $DB->get_record('user', array('id' => $data->user));
+ if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) {
+ throw new moodle_exception('forbiddenwsuser', 'webservice');
+ }
+
//process the creation
if (empty($errormsg)) {
//TODO improvement: either move this function from externallib.php to webservice/lib.php
View
1  lang/en/webservice.php
@@ -92,6 +92,7 @@
$string['externalserviceusers'] = 'External service users';
$string['failedtolog'] = 'Failed to log';
$string['filenameexist'] = 'File name already exists: {$a}';
+$string['forbiddenwsuser'] = 'Can not create token for an unconfirmed, deleted, suspended or guest user.';
$string['function'] = 'Function';
$string['functions'] = 'Functions';
$string['generalstructure'] = 'General structure';
Please sign in to comment.
Something went wrong with that request. Please try again.