MDL-19608 do not force changing of passwords if users may not actually change them

diff --git a/admin/user/user_bulk_forcepasswordchange.php b/admin/user/user_bulk_forcepasswordchange.php
index 4d75218c50b31504fc0139c08a2ef2d0765cf557..d47a7fff26c0c27b9567651429ddea193c0252d8 100644 (file)
--- a/admin/user/user_bulk_forcepasswordchange.php
+++ b/admin/user/user_bulk_forcepasswordchange.php
@@ -22,14 +22,29 @@ if (empty($SESSION->bulk_users)) {
 admin_externalpage_print_header();
 
 if ($confirm and confirm_sesskey()) {
-    $primaryadmin = get_admin();
+    // only force password change if user may actually change the password
+    $authsavailable = get_plugin_list('auth');
+    $changeable = array();
+    foreach($authsavailable as $authname=>$path) {
+        if (!$auth = get_auth_plugin($authname)) {
+            continue;
+        }
+        if (@$auth->can_change_password()) { // plugins may not be configured yet, not nice :-(
+            $changeable[$authname] = true;
+        }
+    }
 
     $parts = array_chunk($SESSION->bulk_users, 300);
     foreach ($parts as $users) {
         list($in, $params) = $DB->get_in_or_equal($users);
         if ($rs = $DB->get_recordset_select('user', "id $in", $params)) {
             foreach ($rs as $user) {
-                set_user_preference('auth_forcepasswordchange', 1, $user->id);
+                if (!empty($changeable[$user->auth])) {
+                    set_user_preference('auth_forcepasswordchange', 1, $user->id);
+                    unset($SESSION->bulk_users[$user->id]);
+                } else {
+                    echo $OUTPUT->notification(get_string('forcepasswordchangenot', '', fullname($user, true)));
+                }
             }
             $rs->close();
         }