Beispiel #1
  * Construct a user API client, accounting for unified api presence, and fall back to system api user if desired.
  * @param int $muserid The userid to get the outlook token for. If you want to force a system API user client, use an empty
  *                     value here and set $systemfallback to true.
  * @return \local_o365\rest\o365api|bool A constructed user API client (unified or legacy), or false if error.
 public function construct_user_api($muserid = null, $systemfallback = true)
     $unifiedconfigured = \local_o365\rest\unified::is_configured();
     if ($unifiedconfigured === true) {
         $resource = \local_o365\rest\unified::get_resource();
     } else {
         $resource = \local_o365\rest\azuread::get_resource();
     $token = null;
     if (!empty($muserid)) {
         $token = \local_o365\oauth2\token::instance($muserid, $resource, $this->clientdata, $this->httpclient);
     if (empty($token) && $systemfallback === true) {
         $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $this->clientdata, $this->httpclient);
     if (empty($token)) {
         throw new \Exception('No token available for user #' . $muserid);
     if ($unifiedconfigured === true) {
         $apiclient = new \local_o365\rest\unified($token, $this->httpclient);
     } else {
         $apiclient = new \local_o365\rest\azuread($token, $this->httpclient);
     return $apiclient;
Beispiel #2
  * Get a unified api token.
  * @param bool $system If true, get a system API ser token instead of the user's token.
  * @param int|null $userid The userid to get a token for. If null, the current user will be used.
  * @return \local_o365\oauth2\token A unified api token object.
 protected function get_unified_token($system = false, $userid = null)
     global $USER;
     $resource = \local_o365\rest\unified::get_resource();
     if ($system === true) {
         return \local_o365\oauth2\systemtoken::instance(null, $resource, $this->clientdata, $this->httpclient);
     } else {
         $userid = !empty($userid) ? $userid : $USER->id;
         return \local_o365\oauth2\token::instance($userid, $resource, $this->clientdata, $this->httpclient);
Beispiel #3
  * Get a Unified API instance.
  * @param string $caller The calling function, used for logging.
  * @return \local_o365\rest\unified A Unified API instance.
 public static function get_unified_api($caller = 'get_unified_api')
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $httpclient = new \local_o365\httpclient();
     $resource = \local_o365\rest\unified::get_resource();
     $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
     if (!empty($token)) {
         return new \local_o365\rest\unified($token, $httpclient);
     } else {
         $msg = 'Couldn\'t construct unified api client because we didn\'t have a system API user token.';
         $caller = '\\local_o365\\feature\\usergroups\\observers::' . $caller;
         \local_o365\utils::debug($msg, $caller);
         return false;
  * Construct an API client.
  * @return \local_o365\rest\o365api|bool A constructed user API client (unified or legacy), or false if error.
 public function get_api()
     $unifiedconfigured = \local_o365\rest\unified::is_configured();
     if ($unifiedconfigured === true) {
         $resource = \local_o365\rest\unified::get_resource();
     } else {
         $resource = \local_o365\rest\azuread::get_resource();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $httpclient = new \local_o365\httpclient();
     $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
     if (empty($token)) {
         throw new \Exception('No token available for system user. Please run local_o365 health check.');
     if ($unifiedconfigured === true) {
         $apiclient = new \local_o365\rest\unified($token, $httpclient);
     } else {
         $apiclient = new \local_o365\rest\azuread($token, $httpclient);
     return $apiclient;
Beispiel #5
  * Get a unified api token.
  * @return \local_o365\oauth2\token A unified api token object.
 protected function get_unified_token()
     global $USER;
     $resource = \local_o365\rest\unified::get_resource();
     return \local_o365\oauth2\token::instance($USER->id, $resource, $this->clientdata, $this->httpclient);
Beispiel #6
  * Check setup in Azure.
 public function mode_checksetup()
     $data = new \stdClass();
     $success = false;
     $resource = \local_o365\rest\azuread::get_resource();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $httpclient = new \local_o365\httpclient();
     $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
     if (empty($token)) {
         throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
     // Legacy API.
     $legacyapi = new \stdClass();
     $aadapiclient = new \local_o365\rest\azuread($token, $httpclient);
     list($missingperms, $haswrite) = $aadapiclient->check_permissions();
     $legacyapi->missingperms = $missingperms;
     $legacyapi->haswrite = $haswrite;
     // Unified API.
     $unifiedapi = new \stdClass();
     $unifiedapi->active = false;
     $httpclient = new \local_o365\httpclient();
     $unifiedresource = \local_o365\rest\unified::get_resource();
     $token = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
     if (empty($token)) {
         throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
     $unifiedapiclient = new \local_o365\rest\unified($token, $httpclient);
     $unifiedpermsresult = $unifiedapiclient->check_permissions();
     if ($unifiedpermsresult === null) {
         $unifiedapi->active = false;
     } else {
         $unifiedapi->active = true;
         $unifiedapi->missingperms = $unifiedpermsresult;
     $data->legacyapi = $legacyapi;
     $data->unifiedapi = $unifiedapi;
     set_config('azuresetupresult', serialize($data), 'local_o365');
     set_config('unifiedapiactive', (int) $unifiedapi->active, 'local_o365');
     $success = true;
     echo $this->ajax_response($data, $success);
Beispiel #7
  * Do the job.
 public function execute()
     global $DB;
     $configsetting = get_config('local_o365', 'creategroups');
     if (empty($configsetting)) {
         mtrace('Groups not enabled, skipping...');
         return true;
     $now = time();
     $httpclient = new \local_o365\httpclient();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $unifiedresource = \local_o365\rest\unified::get_resource();
     $unifiedtoken = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
     if (empty($unifiedtoken)) {
         mtrace('Could not get unified API token.');
         return true;
     $unifiedclient = new \local_o365\rest\unified($unifiedtoken, $httpclient);
     $aadresource = \local_o365\rest\azuread::get_resource();
     $aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient);
     if (empty($aadtoken)) {
         mtrace('Could not get Azure AD token.');
         return true;
     $aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient);
     $siterec = $DB->get_record('course', ['id' => SITEID]);
     $siteshortname = strtolower(preg_replace('/[^a-z0-9]+/iu', '', $siterec->shortname));
     $sql = 'SELECT crs.*
               FROM {course} crs
          LEFT JOIN {local_o365_objects} obj ON obj.type = ? AND obj.subtype = ? AND obj.moodleid =
              WHERE IS NULL AND != ?
              LIMIT 0, 5';
     $params = ['group', 'course', SITEID];
     $courses = $DB->get_recordset_sql($sql, $params);
     foreach ($courses as $course) {
         // Create group.
         $groupname = $siterec->shortname . ': ' . $course->fullname;
         $groupshortname = $siteshortname . '_' . $course->shortname;
         $response = $unifiedclient->create_group($groupname, $groupshortname);
         if (empty($response) || !is_array($response) || empty($response['objectId'])) {
             mtrace('Could not create group for course #' . $course->id);
         mtrace('Created group ' . $response['objectId'] . ' for course #' . $course->id);
         $objectrec = ['type' => 'group', 'subtype' => 'course', 'objectid' => $response['objectId'], 'moodleid' => $course->id, 'o365name' => $groupname, 'timecreated' => $now, 'timemodified' => $now];
         $objectrec['id'] = $DB->insert_record('local_o365_objects', (object) $objectrec);
         mtrace('Recorded group object (' . $objectrec['objectid'] . ') into object table with record id ' . $objectrec['id']);
         // It takes a little while for the group object to register.
         mtrace('Waiting 10 seconds for group to register...');
         // Add enrolled users to group.
         mtrace('Adding users to group (' . $objectrec['objectid'] . ')');
         $coursecontext = \context_course::instance($course->id);
         list($esql, $params) = get_enrolled_sql($coursecontext);
         $sql = "SELECT u.*,\n                           tok.oidcuniqid as userobjectid\n                      FROM {user} u\n                      JOIN ({$esql}) je ON =\n                      JOIN {auth_oidc_token} tok ON tok.username = u.username AND tok.resource = :tokresource\n                     WHERE u.deleted = 0";
         $params['tokresource'] = '';
         $enrolled = $DB->get_recordset_sql($sql, $params);
         foreach ($enrolled as $user) {
             $response = $aadclient->add_member_to_group($objectrec['objectid'], $user->userobjectid);
             if ($response === true) {
                 mtrace('Added user #' . $user->id . ' (' . $user->userobjectid . ')');
             } else {
                 mtrace('Could not add user #' . $user->id . ' (' . $user->userobjectid . ')');
                 mtrace('Received: ' . $response);
Beispiel #8
  * Check setup in Azure.
 public function mode_checksetup()
     $data = new \stdClass();
     $success = false;
     $enableunifiedapi = optional_param('enableunifiedapi', 0, PARAM_INT);
     set_config('enableunifiedapi', $enableunifiedapi, 'local_o365');
     $chineseapi = optional_param('chineseapi', 0, PARAM_INT);
     set_config('chineseapi', $chineseapi, 'local_o365');
     $aadtenant = required_param('aadtenant', PARAM_TEXT);
     set_config('aadtenant', $aadtenant, 'local_o365');
     $odburl = required_param('odburl', PARAM_TEXT);
     set_config('odburl', $odburl, 'local_o365');
     $resource = \local_o365\rest\azuread::get_resource();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $httpclient = new \local_o365\httpclient();
     $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
     if (empty($token)) {
         throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
     // Legacy API.
     $legacyapi = new \stdClass();
     try {
         $aadapiclient = new \local_o365\rest\azuread($token, $httpclient);
         list($missingperms, $haswrite) = $aadapiclient->check_permissions();
         $legacyapi->missingperms = $missingperms;
         $legacyapi->haswrite = $haswrite;
     } catch (\Exception $e) {
         \local_o365\utils::debug($e->getMessage(), 'mode_checksetup:legacy');
         $legacyapi->error = $e->getMessage();
     $data->legacyapi = $legacyapi;
     // Unified API.
     $unifiedapi = new \stdClass();
     $unifiedapi->active = false;
     if (\local_o365\rest\unified::is_enabled() === true) {
         try {
             $httpclient = new \local_o365\httpclient();
             $unifiedresource = \local_o365\rest\unified::get_resource();
             $token = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
             if (empty($token)) {
                 throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
             $unifiedapiclient = new \local_o365\rest\unified($token, $httpclient);
             $unifiedpermsresult = $unifiedapiclient->check_permissions();
             if ($unifiedpermsresult === null) {
                 $unifiedapi->active = false;
             } else {
                 $unifiedapi->active = true;
                 $unifiedapi->missingperms = $unifiedpermsresult;
         } catch (\Exception $e) {
             $unifiedapi->active = false;
             \local_o365\utils::debug($e->getMessage(), 'mode_checksetup:unified');
             $unifiedapi->error = $e->getMessage();
     $data->unifiedapi = $unifiedapi;
     set_config('unifiedapiactive', (int) $unifiedapi->active, 'local_o365');
     set_config('azuresetupresult', serialize($data), 'local_o365');
     $success = true;
     echo $this->ajax_response($data, $success);