If you need help, please contact the site administrator,
$a->admin';
+$string['emailpasswordchangeinfodisabled'] = 'Hi $a->firstname,
+
+Someone (probably you) has requested a new password for your
+account on \'$a->sitename\'.
+
+Unfortunately your account on this site is disabled and can not be reset,
+please contact the site administrator,
+$a->admin';
$string['emailpasswordchangeinfofail'] = 'Hi $a->firstname,
Someone (probably you) has requested a new password for your
$string['site:viewfullnames'] = 'Always see full names of users';
$string['site:viewparticipants'] = 'View participants';
$string['site:viewreports'] = 'View reports';
+$string['user:changeownpassword'] = 'Change own password';
$string['user:create'] = 'Create users';
$string['user:delete'] = 'Delete users';
+$string['user:editownprofile'] = 'Edit own user profile';
$string['user:editprofile'] = 'Edit user profile';
$string['user:loginas'] = 'Login as other users';
$string['user:readuserblogs'] = 'See all user blogs';
'riskbitmask' => RISK_SPAM,
- 'captype' => 'read',
+ 'captype' => 'write',
'contextlevel' => CONTEXT_USER,
'legacy' => array(
'admin' => CAP_ALLOW
)
),
+ 'moodle/user:editownprofile' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PROHIBIT,
+ 'user' => CAP_ALLOW,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
+ 'moodle/user:changeownpassword' => array(
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_SYSTEM,
+ 'legacy' => array(
+ 'guest' => CAP_PROHIBIT,
+ 'user' => CAP_ALLOW,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
// The next 3 might make no sense for some roles, e.g teacher, etc.
// since the next level up is site. These are more for the parent role
'moodle/user:readuserposts' => array(
$from = get_admin();
$userauth = get_auth_plugin($user->auth);
- if (!$userauth->can_reset_password()) {
+ if (!$userauth->can_reset_password() or !is_enabled_auth($user->auth)) {
trigger_error("Attempt to reset user password for user $user->username with Auth $user->auth.");
return false;
}
$site = get_site();
$from = get_admin();
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
$data = new object();
$data->firstname = $user->firstname;
$data->sitename = format_string($site->fullname);
$data->admin = fullname($from).' ('. $from->email .')';
- $userauth = get_auth_plugin($user->auth);
+ $userauth = get_auth_plugin($user->auth);
+
+ if (!is_enabled_auth($user->auth) or $user->auth == 'nologin') {
+ $message = get_string('emailpasswordchangeinfodisabled', '', $data);
+ $subject = get_string('emailpasswordchangeinfosubject', '', format_string($site->fullname));
+ return email_to_user($user, $from, $subject, $message);
+ }
+
if ($userauth->can_change_password() and $userauth->change_password_url()) {
- // we have some external url for password cahnging
+ // we have some external url for password changing
$data->link .= $userauth->change_password_url();
} else {
$data->link = '';
}
- if (!empty($data->link)) {
+ if (!empty($data->link) and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
$message = get_string('emailpasswordchangeinfo', '', $data);
$subject = get_string('emailpasswordchangeinfosubject', '', format_string($site->fullname));
} else {
error('No such course!');
}
- // require proper login; guest can not change password
- // TODO: add change password capability so that we can prevent participants from changing password
- if (empty($USER->id) or isguestuser() or has_capability('moodle/legacy:guest', $systemcontext, $USER->id, false)) {
+ // require proper login; guest user can not change password
+ if (empty($USER->id) or isguestuser()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
redirect($CFG->httpswwwroot.'/login/index.php');
}
+ // do not require change own password cap if change forced
+ if (!get_user_preferences('auth_forcepasswordchange', false)) {
+ require_capability('moodle/user:changeownpassword', $systemcontext);
+ }
+
// do not allow "Logged in as" users to change any passwords
if (!empty($USER->realuser)) {
error('Can not use this script when "Logged in as"!');
httpsrequired();
-$sitecontext = get_context_instance(CONTEXT_SYSTEM);
+$systemcontext = get_context_instance(CONTEXT_SYSTEM);
// setup text strings
$strforgotten = get_string('passwordforgotten');
// make sure that url relates to a valid user
// check this isn't guest user
- // TODO: add change password capability so that we can prevent participants to change password
- if (has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) {
+ if (isguestuser($user)) {
error('You cannot reset the guest password');
}
+ // make sure user is allowed to change password
+ require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
+
// override email stop and mail new password
$user->emailstop = 0;
if (!reset_password_and_mail($user)) {
if ($user and !empty($user->confirmed)) {
$userauth = get_auth_plugin($user->auth);
+ if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
+ // send email (make sure mail block is off)
+ $user->mailstop = 0;
+ }
- if ($userauth->can_reset_password()) {
- // reset internal password and notify user
+ if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
+ and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
+ // send reset password confirmation
// set 'secret' string
$user->secret = random_string(15);
error('error setting user secret string');
}
- // send email (make sure mail block is off)
- $user->mailstop = 0;
if (!send_password_change_confirmation_email($user)) {
error('error sending password change confirmation email');
}
} else {
- // send email (make sure mail block is off)
- $user->mailstop = 0;
if (!send_password_change_info($user)) {
error('error sending password change confirmation email');
}
redirect($CFG->httpswwwroot.'/login/index.php');
}
- if (isguest()) { //TODO: add proper capability to edit own profile
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+ $personalcontext = get_context_instance(CONTEXT_USER, $user->id);
+
+ if (isguestuser()) {
print_error('guestnoeditprofile');
}
}
// check access control
- if ($user->id != $USER->id) {
+ if ($user->id == $USER->id) {
+ //editing own profile
+ require_capability('moodle/user:editownprofile', $systemcontext);
+
+ } else {
// teachers, parents, etc.
- $personalcontext = get_context_instance(CONTEXT_USER, $user->id);
require_capability('moodle/user:editprofile', $personalcontext);
// no editing of guest user account
if (isguestuser($user->id)) {
}
$edittype = 'none';
- if (is_mnet_remote_user($user)) {
+ if (isguestuser($user)) {
+ // guest account can not be edited
+
+ } else if (is_mnet_remote_user($user)) {
// cannot edit remote users
- } else if (isguest() or !isloggedin()) {
- // can not edit guest like accounts - TODO: add capability to edit own profile
-
+ } else if (isguestuser() or !isloggedin()) {
+ // guests and not logged in can not edit own profile
+
} else if ($USER->id == $user->id) {
if (has_capability('moodle/user:update', $systemcontext)) {
$edittype = 'advanced';
- } else {
+ } else if (has_capability('moodle/user:editownprofile', $systemcontext)) {
$edittype = 'normal';
}
}
if ($course->id == SITEID) {
- $coursecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); // SYSTEM context
+ $coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
} else {
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
}
$usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
if (!empty($CFG->forcelogin) || $course->id != SITEID) {
// do not force parents to enrol
$userauth = get_auth_plugin($user->auth);
$passwordchangeurl = false;
- if (/*$currentuser and */$userauth->can_change_password() and !isguest()) { //TODO: add proper capability for password changing
- if ($userauth->change_password_url()) {
- $passwordchangeurl = $userauth->change_password_url();
- } else {
+ if ($currentuser and $userauth->can_change_password() and !isguestuser() and has_capability('moodle/user:changeownpassword', $systemcontext)) {
+ if (!$passwordchangeurl = $userauth->change_password_url()) {
if (empty($CFG->loginhttps)) {
$passwordchangeurl = "$CFG->wwwroot/login/change_password.php";
} else {
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2007042601; // YYYYMMDD = date
+ $version = 2007042700; // YYYYMMDD = date
// XY = increments within a single day
$release = '1.9 dev'; // Human-friendly version name
projects / moodle.git / commitdiff