MDL-28126 webservice : resolved integration conflicts
authorAparup Banerjee <aparup@moodle.com>
Wed, 21 Dec 2011 03:20:50 +0000 (11:20 +0800)
committerAparup Banerjee <aparup@moodle.com>
Wed, 21 Dec 2011 03:20:50 +0000 (11:20 +0800)
admin/webservice/forms.php
admin/webservice/tokens.php
lang/en/webservice.php

index b95935c..ce16f99 100644 (file)
@@ -179,7 +179,7 @@ class external_service_functions_form extends moodleform {
 class web_service_token_form extends moodleform {
 
     function definition() {
-        global $USER, $DB;
+        global $USER, $DB, $CFG;
 
         $mform = $this->_form;
         $data = $this->_customdata;
@@ -194,9 +194,13 @@ class web_service_token_form extends moodleform {
 
             if ($usertotal < 500) {
                 //user searchable selector - get all users (admin and guest included)
-                $users = $DB->get_records('user',
-                        array('deleted' => 0, 'suspended' => 0, 'confirmed' => 1), 'lastname',
-                        'id, firstname, lastname');
+                //user must be confirmed, not deleted, not suspended, not guest
+                $sql = "SELECT u.id, u.firstname, u.lastname
+                FROM {user} u
+                WHERE u.deleted = 0 AND u.confirmed = 1 AND u.suspended = 0 AND u.id != ?
+                ORDER BY u.lastname";
+                $users = $DB->get_records_sql($sql, array($CFG->siteguest));
+
                 $options = array();
                 foreach ($users as $userid => $user) {
                     $options[$userid] = $user->firstname . " " . $user->lastname;
index ec06e23..cf229ab 100644 (file)
@@ -71,6 +71,12 @@ switch ($action) {
                 }
             }
 
+            //check if the user is deleted. unconfirmed, suspended or guest
+            $user = $DB->get_record('user', array('id' => $data->user));
+            if ($user->id == $CFG->siteguest or $user->deleted or !$user->confirmed or $user->suspended) {
+                throw new moodle_exception('forbiddenwsuser', 'webservice');
+            }
+
             //process the creation
             if (empty($errormsg)) {
                 //TODO improvement: either move this function from externallib.php to webservice/lib.php
index 6bc4e03..7eb7ce4 100644 (file)
@@ -92,6 +92,7 @@ $string['externalservices'] = 'External services';
 $string['externalserviceusers'] = 'External service users';
 $string['failedtolog'] = 'Failed to log';
 $string['filenameexist'] = 'File name already exists: {$a}';
+$string['forbiddenwsuser'] = 'Can not create token for an unconfirmed, deleted, suspended or guest user.';
 $string['function'] = 'Function';
 $string['functions'] = 'Functions';
 $string['generalstructure'] = 'General structure';