MDL-55791 admin: maintenance mode access capability

Add capability to allow certain non-admin users through maintenance mode.
2025-08-02 15:49:43 +02:00 · 2016-09-12 10:37:25 -04:00 · 2016-09-12 10:37:25 -04:00 · 59c66f926f
commit 59c66f926f
parent 0344082208
7 changed files with 22 additions and 13 deletions
--- a/index.php
+++ b/index.php
@ -52,13 +52,15 @@ if ($CFG->forcelogin) {
    user_accesstime_log();
 }

-$hassiteconfig = has_capability('moodle/site:config', context_system::instance());
+$hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance());

 // If the site is currently under maintenance, then print a message.
-if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
    print_maintenance_message();
 }

+$hassiteconfig = has_capability('moodle/site:config', context_system::instance());
+
 if ($hassiteconfig && moodle_needs_upgrading()) {
    redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php');
 }
--- a/lang/en/role.php
+++ b/lang/en/role.php
@ -392,6 +392,7 @@ $string['site:doanything'] = 'Allowed to do everything';
 $string['site:doclinks'] = 'Show links to offsite docs';
 $string['site:forcelanguage'] = 'Override course language';
 $string['site:import'] = 'Import other courses into a course';
+$string['site:maintenanceaccess'] = 'Allowed access when maintenance mode is enabled.';
 $string['site:manageblocks'] = 'Manage blocks on a page';
 $string['site:mnetloginfromremote'] = 'Login from a remote application via MNet';
 $string['site:mnetlogintoremote'] = 'Roam to a remote application via MNet';
--- a/lib/db/access.php
+++ b/lib/db/access.php
@ -2292,5 +2292,11 @@ $capabilities = array(
            'manager' => CAP_ALLOW
        ),
    ),
+    'moodle/site:maintenanceaccess' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_SYSTEM,
+        'archetypes' => array(
+        )
+    ),

 );
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -2683,7 +2683,7 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
    }

    // If the site is currently under maintenance, then print a message.
-    if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:config', $sysctx)) {
+    if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:maintenanceaccess', $sysctx)) {
        if ($preventredirect) {
            throw new require_login_exception('Maintenance in progress');
        }
--- a/login/token.php
+++ b/login/token.php
@ -46,9 +46,9 @@ if (is_restored_user($username)) {
 $user = authenticate_user_login($username, $password);
 if (!empty($user)) {

-    //Non admin can not authenticate if maintenance mode
-    $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-    if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+    // Cannot authenticate unless maintenance access is granted.
+    $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+    if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
        throw new moodle_exception('sitemaintenance', 'admin');
    }

--- a/version.php
+++ b/version.php
@ -29,7 +29,7 @@

 defined('MOODLE_INTERNAL') || die();

-$version  = 2016090800.01;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2016090800.02;              // YYYYMMDD      = weekly release date of this DEV branch.
                                        //         RR    = release increments - 00 in DEV branches.
                                        //           .XX = incremental changes.

--- a/webservice/lib.php
+++ b/webservice/lib.php
@ -120,9 +120,9 @@ class webservice {
            }
        }

-        //Non admin can not authenticate if maintenance mode
-        $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-        if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+        // Cannot authenticate unless maintenance access is granted.
+        $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+        if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
            //this is usually temporary, client want to implement code logic  => moodle_exception
            throw new moodle_exception('sitemaintenance', 'admin');
        }
@ -924,9 +924,9 @@ abstract class webservice_server implements webservice_server_interface {
            $user = $this->authenticate_by_token(EXTERNAL_TOKEN_EMBEDDED);
        }

-        //Non admin can not authenticate if maintenance mode
-        $hassiteconfig = has_capability('moodle/site:config', context_system::instance(), $user);
-        if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
+        // Cannot authenticate unless maintenance access is granted.
+        $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
+        if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
            throw new moodle_exception('sitemaintenance', 'admin');
        }