if (!empty($USER->realuser)) {
$USER = get_complete_user_data('id', $USER->realuser);
+ load_user_capability(); // load all this user's normal capabilities
if (isset($SESSION->oldcurrentgroup)) { // Restore previous "current group" cache.
$SESSION->currentgroup = $SESSION->oldcurrentgroup;
}
}
+
///-------------------------------------
-/// try to login as student if allowed
+/// We are trying to log in as this user in the first place
+
$id = required_param('id', PARAM_INT); // course id
- $user = required_param('user', PARAM_INT); // login as this user
- $password = optional_param('password', '', PARAM_RAW); // site wide password
+ $userid = required_param('user', PARAM_INT); // login as this user
if (!$site = get_site()) {
error("Site isn't defined!");
error("Course ID was incorrect");
}
- if ($course->category) {
+/// User must be logged in
+
+ if ($course->id == SITEID) {
+ require_login();
+ $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ } else {
require_login($course->id);
+ $context = get_context_instance(CONTEXT_COURSE, $course->id);
}
- // $user must be defined to go on
+/// User must have permissions
- if (!isteacher($course->id)) {
- error("Only teachers can use this page!");
- }
+ require_capability('moodle/user:loginas', $context);
- // validate loginaspassword if defined in config.php
-
- if (empty($SESSION->loginasvalidated) && !empty($CFG->loginaspassword)) {
- if ($password == $CFG->loginaspassword && confirm_sesskey()) {
- $SESSION->loginasvalidated = true;
- } else {
- $strloginaspasswordexplain = get_string('loginaspasswordexplain');
- $strloginas = get_string('loginas');
- $strpassword = get_string('password');
-
- print_header("$site->fullname: $strloginas", "$site->fullname: $strloginas",
- ' ', 'passwordform.password');
- print_simple_box_start('center', '50%', '', 5, 'noticebox');
- ?>
- <p align="center"><?php echo $strloginaspasswordexplain?></p>
- <form action="loginas.php" name="passwordform" method="post">
- <table border="0" cellpadding="3" cellspacing="3" align="center">
- <tr><td><?php echo $strpassword?>:</td>
- <td><input type="password" name="password" size="15" value="" alt="<?php p($strpassword)?>" /></td>
- <td><input type="submit" value="<?php p($strloginas)?>" /></td>
- </tr>
- </table>
- <input type="hidden" name="id" value="<?php p($id)?>"/>
- <input type="hidden" name="user" value="<?php p($user)?>"/>
- <input type="hidden" name="sesskey" value="<?php p($USER->sesskey)?>"/>
- </form>
- <?php
- print_simple_box_end();
- print_footer();
- die;
- }
+ if (!has_capability('moodle/course:view', $context, $userid, false)) {
+ error('This user is not in this course!');
}
- if ($course->category and !has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id), $user) and !isadmin()) {
- error("This student is not in this course!");
- }
-
- if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user))) {
- error("You can not login as this person!");
- }
-
- // Remember current timeaccess settings for later
+/// Remember current timeaccess settings for later
if (isset($USER->timeaccess)) {
$SESSION->oldtimeaccess = $USER->timeaccess;
}
- // Login as this student and return to course home page.
+/// Login as this user and return to course home page.
+
+ $oldfullname = fullname($USER, true);
+ $olduserid = $USER->id;
- $teacher_name = fullname($USER, true);
- $teacher_id = "$USER->id";
+ $USER = get_complete_user_data('id', $userid); // Create the new USER object with all details
+ $USER->realuser = $olduserid;
- $USER = get_complete_user_data('id', $user); // Create the new USER object with all details
- $USER->realuser = $teacher_id;
+ load_user_capability('', $context); // load this user's capabilities for this context only
if (isset($SESSION->currentgroup)) { // Remember current cache setting for later
$SESSION->oldcurrentgroup = $SESSION->currentgroup;
unset($SESSION->currentgroup);
}
- $student_name = fullname($USER, true);
-
- add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$user", "$teacher_name -> $student_name");
+ $newfullname = fullname($USER, true);
+ add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$userid", "$oldfullname -> $newfullname");
- $strloginas = get_string("loginas");
- $strloggedinas = get_string("loggedinas", "", $student_name);
+ $strloginas = get_string('loginas');
+ $strloggedinas = get_string('loggedinas', '', $newfullname);
- print_header_simple("$strloginas $student_name", '', "$strloginas $student_name", '', '',
- true, ' ', navmenu($course));
+ print_header_simple($strloggedinas, '', $strloggedinas, '', '', true, ' ', navmenu($course));
notice($strloggedinas, "$CFG->wwwroot/course/view.php?id=$course->id");
)
),
+ 'moodle/user:viewusergrades' => array(
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_COURSE,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_ALLOW,
+ 'teacher' => CAP_ALLOW,
+ 'editingteacher' => CAP_ALLOW,
+ 'coursecreator' => CAP_ALLOW,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
+ 'moodle/user:loginas' => array(
+
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_COURSE,
+ 'legacy' => array(
+ 'guest' => CAP_PREVENT,
+ 'student' => CAP_PREVENT,
+ 'teacher' => CAP_PREVENT,
+ 'editingteacher' => CAP_PREVENT,
+ 'coursecreator' => CAP_PREVENT,
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
'moodle/role:assign' => array(
'captype' => 'write',
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
- ),
-
- 'moodle/user:viewusergrades' => array(
- 'captype' => 'write',
- 'contextlevel' => CONTEXT_USER,
- 'legacy' => array(
- 'guest' => CAP_PREVENT,
- 'student' => CAP_ALLOW,
- 'teacher' => CAP_ALLOW,
- 'editingteacher' => CAP_ALLOW,
- 'coursecreator' => CAP_ALLOW,
- 'admin' => CAP_ALLOW
- )
)
);
projects / moodle.git / commitdiff