WebSVN – Moodle – /admin/tool/mfa/factor/role/classes/factor.php

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

namespace factor_role;

use stdClass;
use tool_mfa\local\factor\object_factor_base;

/**
 * Role factor class.
 *
 * @package     factor_role
 * @author      Peter Burnett <peterburnett@catalyst-au.net>
 * @copyright   Catalyst IT
 * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class factor extends object_factor_base {

    /**
     * Role implementation.
     * This factor is a singleton, return single instance.
     *
     * @param stdClass $user the user to check against.
     * @return array
     */
    public function get_all_user_factors(stdClass $user): array {
        global $DB;
        $records = $DB->get_records('tool_mfa', ['userid' => $user->id, 'factor' => $this->name]);

        if (!empty($records)) {
            return $records;
        }

        // Null records returned, build new record.
        $record = [
            'userid' => $user->id,
            'factor' => $this->name,
            'timecreated' => time(),
            'createdfromip' => $user->lastip,
            'timemodified' => time(),
            'revoked' => 0,
        ];
        $record['id'] = $DB->insert_record('tool_mfa', $record, true);
        return [(object) $record];
    }

    /**
     * Role implementation.
     * Factor has no input
     *
     * {@inheritDoc}
     */
    public function has_input(): bool {
        return false;
    }

    /**
     * Role implementation.
     * Checks whether the user has selected roles in any context.
     *
     * {@inheritDoc}
     */
    public function get_state(): string {
        global $USER;
        $rolestring = get_config('factor_role', 'roles');

        // Nothing selected, everyone passes.
        if (empty($rolestring)) {
            return \tool_mfa\plugininfo\factor::STATE_PASS;
        }

        $selected = explode(',', $rolestring);
        $syscon = \context_system::instance();
        $specials = get_user_roles_with_special($syscon, $USER->id);
        // Transform the special roles to the matching format.
        $specials = array_map(function ($el) {
            return $el->roleid;
        }, $specials);

        foreach ($selected as $id) {
            if ($id === 'admin') {
                if (is_siteadmin()) {
                    return \tool_mfa\plugininfo\factor::STATE_NEUTRAL;
                }
            } else {
                if (user_has_role_assignment($USER->id, $id)) {
                    return \tool_mfa\plugininfo\factor::STATE_NEUTRAL;
                }

                // Some system default roles do not have an explicit binding. eg Authenticated user.
                if (in_array((int) $id, $specials)) {
                    return \tool_mfa\plugininfo\factor::STATE_NEUTRAL;
                }
            }
        }

        // If we got here, no roles matched, allow access.
        return \tool_mfa\plugininfo\factor::STATE_PASS;
    }

    /**
     * Role implementation.
     * Cannot set state, return true.
     *
     * @param string $state the state constant to set
     * @return bool
     */
    public function set_state(string $state): bool {
        return true;
    }

    /**
     * Role implementation.
     * User can not influence. Result is whatever current state is.
     *
     * @param stdClass $user
     * @return array
     */
    public function possible_states(stdClass $user): array {
        return [$this->get_state()];
    }

    /**
     * Role implementation
     * Formats the role list nicely.
     *
     * {@inheritDoc}
     */
    public function get_summary_condition(): string {
        $selectedroles = get_config('factor_role', 'roles');
        if (empty($selectedroles)) {
            return get_string('summarycondition', 'factor_role', get_string('none'));
        }

        $selectedroles = $this->get_roles(explode(',', $selectedroles));
        if (empty($selectedroles)) {
            return get_string('summarycondition', 'factor_role', get_string('none'));
        }

        return get_string('summarycondition', 'factor_role', implode(', ', $selectedroles));
    }

    /**
     * Get roles information by given ids.
     *
     * @param array $selectedroles List of role ids.
     * @return array
     */
    public function get_roles(array $selectedroles): array {
        global $DB;
        $roles = [];

        // Checks for admin role and gets its role name.
        if (in_array('admin', $selectedroles)) {
            $roles[] = get_string('administrator');
        }
        $integerroles = array_map('intval', $selectedroles);

        // Gets role name for all non admin roles.
        if (!empty($integerroles)) {
            [$insql, $inparams] = $DB->get_in_or_equal($integerroles);
            $otherroles = $DB->get_records_select('role', 'id ' . $insql, $inparams);
            $otherrolenames = role_fix_names($otherroles, null, ROLENAME_ALIAS, true);
            $roles = array_merge($roles, $otherrolenames);
        }

        return $roles;
    }
}
Proyectos de Subversion Moodle

(root)/admin/tool/mfa/factor/role/classes/factor.php @ 1081 – Rev 1
