Skip to content

Commit

Permalink
MDL-15403: Patch sent by Peter Bulmer, said to have been written by D…
Browse files Browse the repository at this point in the history 
…onal McMullan. Prevents a remotely-triggered mass-unenrolments of users in a

(mnet-enabled) course. (merge from 1.9)
  • Loading branch information
scyrma committed Jul 9, 2008
1 parent 5bce597 commit b7f2b8e
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions enrol/mnet/enrol.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,9 @@ function enrol_user($user, $courseid) {
$userrecord = $DB->get_record('user',array('username'=>$user['username'], 'mnethostid'=>$MNET_REMOTE_CLIENT->id));

if ($userrecord == false) {
// We should at least be checking that we allow the remote
// site to create users
// TODO: more rigour here thanks!
$userrecord = new stdClass();
$userrecord->username = $user['username'];
$userrecord->email = $user['email'];
Expand Down Expand Up @@ -336,20 +339,23 @@ function enrol_user($user, $courseid) {
* @param int $courseid The id of the local course
* @return bool Whether the user can login from the remote host
*/
function unenrol_user($user, $courseid) {
global $MNET_REMOTE_CLIENT, $DB;
function unenrol_user($username, $courseid) {
global $MNET_REMOTE_CLIENT;

$userrecord = $DB->get_record('user', array('username'=>$user['username'], 'mnethostid'=>$MNET_REMOTE_CLIENT->id));
$userrecord = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$MNET_REMOTE_CLIENT->id));

if ($userrecord == false) {
return false;
// TODO: Error out
}

if (! $course = $DB->get_record('course', array('id'=>$courseid))) {
return false;
// TODO: Error out
}

if (! $context = get_context_instance(CONTEXT_COURSE, $course->id)) {
return false;
// TODO: Error out (Invalid context)
}

Expand Down Expand Up @@ -552,8 +558,7 @@ function req_unenrol_user($userid, $courseid) {
require_once $CFG->dirroot . '/mnet/xmlrpc/client.php';

// in case the remote host doesn't have it
$user = $DB->get_record('user', array('id'=>$userid), 'username, email');
$user = $user->username;
$username = $DB->get_field('user', 'username', array('id'=>$userid));

$course = $DB->get_record('mnet_enrol_course', array('id'=>$courseid));

Expand All @@ -564,7 +569,7 @@ function req_unenrol_user($userid, $courseid) {
// set up the RPC request
$mnetrequest = new mnet_xmlrpc_client();
$mnetrequest->set_method('enrol/mnet/enrol.php/unenrol_user');
$mnetrequest->add_param($user);
$mnetrequest->add_param($username);
$mnetrequest->add_param($course->remoteid);

// TODO - prevent removal of enrolments that are not of
Expand Down

0 comments on commit b7f2b8e

Please sign in to comment.