class web_service_token_form extends moodleform {
function definition() {
- global $USER, $DB;
+ global $USER, $DB, $CFG;
$mform = $this->_form;
$data = $this->_customdata;
if ($usertotal < 500) {
//user searchable selector - get all users (admin and guest included)
- $users = $DB->get_records('user',
- array('deleted' => 0, 'suspended' => 0, 'confirmed' => 1), 'lastname',
- 'id, firstname, lastname');
+ //user must be confirmed, not deleted, not suspended, not guest
+ $sql = "SELECT u.id, u.firstname, u.lastname
+ FROM {user} u
+ WHERE u.deleted = 0 AND u.confirmed = 1 AND u.suspended = 0 AND u.id != ?
+ ORDER BY u.lastname";
+ $users = $DB->get_records_sql($sql, array($CFG->siteguest));
+
$options = array();
foreach ($users as $userid => $user) {
$options[$userid] = $user->firstname . " " . $user->lastname;
}
}
+ //check if the user is deleted. unconfirmed, suspended or guest
+ $user = $DB->get_record('user', array('id' => $data->user));
+ if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) {
+ throw new moodle_exception('forbiddenwsuser', 'webservice');
+ }
+
//process the creation
if (empty($errormsg)) {
//TODO improvement: either move this function from externallib.php to webservice/lib.php
$string['externalserviceusers'] = 'External service users';
$string['failedtolog'] = 'Failed to log';
$string['filenameexist'] = 'File name already exists: {$a}';
+$string['forbiddenwsuser'] = 'Can not create token for an unconfirmed, deleted, suspended or guest user.';
$string['function'] = 'Function';
$string['functions'] = 'Functions';
$string['generalstructure'] = 'General structure';
