/**
* Sync sharepoint access for a list of courses and users.
*
* @param array $courses The courses to sync.
* @param array $users The users to sync.
* @param string $requiredcap The required capability.
* @param \local\o365\rest\sharepoint $sharepoint Constructed sharepoint API client.
* @return bool Success/Failure.
*/
protected function sync_spsiteaccess_for_courses_and_users(array $courses, array $users, $requiredcap, \local_o365\rest\sharepoint $sharepoint)
{
global $DB;
foreach ($courses as $course) {
$courseid = is_numeric($course) ? $course : $course->id;
$context = \context_course::instance($courseid);
$spgroupsql = 'SELECT *
FROM {local_o365_coursespsite} site
JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id
WHERE site.courseid = ? AND grp.permtype = ?';
$spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']);
foreach ($users as $user) {
$userid = is_numeric($user) ? $user : $user->id;
$userupn = \local_o365\rest\azuread::get_muser_upn($user);
$hascap = has_capability($requiredcap, $context, $user);
if ($hascap === true) {
// Add to group.
$sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $userid);
} else {
// Remove from group.
$sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $userid);
}
}
}
return true;
}
/**
* Sync sharepoint access for a list of courses and users.
*
* @param array $courses The courses to sync.
* @param array $users The users to sync.
* @param string $requiredcap The required capability.
* @param \local\o365\rest\sharepoint $sharepoint Constructed sharepoint API client.
* @return bool Success/Failure.
*/
protected function sync_spsiteaccess_for_courses_and_users(array $courses, array $users, $requiredcap, \local_o365\rest\sharepoint $sharepoint)
{
global $DB;
foreach ($courses as $course) {
$courseid = is_numeric($course) ? $course : $course->id;
$context = \context_course::instance($courseid);
$spgroupsql = 'SELECT *
FROM {local_o365_coursespsite} site
JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id
WHERE site.courseid = ? AND grp.permtype = ?';
$spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']);
if (!empty($spgrouprec)) {
foreach ($users as $user) {
$userid = is_numeric($user) ? $user : $user->id;
if (!\local_o365\utils::is_o365_connected($userid)) {
continue;
}
$userupn = \local_o365\rest\azuread::get_muser_upn($user);
$hascap = has_capability($requiredcap, $context, $user);
if ($hascap === true) {
// Add to group.
try {
mtrace('Adding user #' . $userid . ' to group id ' . $spgrouprec->groupid . '...');
$sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $userid);
} catch (\Exception $e) {
mtrace('Error: ' . $e->getMessage());
}
} else {
// Remove from group.
try {
mtrace('Removing user #' . $userid . ' from group id ' . $spgrouprec->groupid . '...');
$sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $userid);
} catch (\Exception $e) {
mtrace('Error: ' . $e->getMessage());
}
}
}
}
}
return true;
}
/**
* Sync Sharepoint course site access when a role was assigned or unassigned for a user.
*
* @param int $roleid The ID of the role that was assigned/unassigned.
* @param int $userid The ID of the user that it was assigned to or unassigned from.
* @param int $contextid The ID of the context the role was assigned/unassigned in.
* @return bool Success/Failure.
*/
public static function sync_spsite_access_for_roleassign_change($roleid, $userid, $contextid)
{
global $DB;
$requiredcap = \local_o365\rest\sharepoint::get_course_site_required_capability();
// Check if the role affected the required capability.
$rolecapsql = "SELECT *\n FROM {role_capabilities}\n WHERE roleid = ? AND capability = ?";
$capassignrec = $DB->get_record_sql($rolecapsql, [$roleid, $requiredcap]);
if (empty($capassignrec) || $capassignrec->permission == CAP_INHERIT) {
// Role doesn't affect required capability. Doesn't concern us.
return false;
}
$context = \context::instance_by_id($contextid, IGNORE_MISSING);
if (empty($context)) {
// Invalid context, stop here.
return false;
}
if ($context->contextlevel == CONTEXT_COURSE) {
$courseid = $context->instanceid;
$user = $DB->get_record('user', ['id' => $userid]);
if (empty($user)) {
// Bad userid.
return false;
}
$userupn = \local_o365\rest\azuread::get_muser_upn($user);
if (empty($userupn)) {
// No user UPN, can't continue.
return false;
}
$spgroupsql = 'SELECT *
FROM {local_o365_coursespsite} site
JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id
WHERE site.courseid = ? AND grp.permtype = ?';
$spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']);
if (empty($spgrouprec)) {
// No sharepoint group, can't fix that here.
return false;
}
// If the context is a course context we can change SP access now.
$sharepoint = static::construct_sharepoint_api_with_system_user();
if (empty($sharepoint)) {
// O365 not configured.
return false;
}
$hascap = has_capability($requiredcap, $context, $user);
if ($hascap === true) {
// Add to group.
$sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $user->id);
} else {
// Remove from group.
$sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $user->id);
}
return true;
} else {
if ($context->get_course_context(false) == false) {
// If the context is higher than a course, we have to run a sync in cron.
$spaccesssync = new \local_o365\task\sharepointaccesssync();
$spaccesssync->set_custom_data(['roleid' => $roleid, 'userid' => $userid, 'contextid' => $contextid]);
\core\task\manager::queue_adhoc_task($spaccesssync);
return true;
}
}
}
/**
* Add users with a given capability in a given context to a Sharepoint group.
*
* @param \context $context The context to check for the capability.
* @param string $capability The capability to check for.
* @param int $spgroupid The sharepoint group ID to add users to.
*/
public function add_users_with_capability_to_group($context, $capability, $spgroupid)
{
$now = time();
$users = get_users_by_capability($context, $capability);
$results = [];
// Assign users to group.
foreach ($users as $user) {
// Only Azure AD users can be added to sharepoint.
if (\local_o365\utils::is_o365_connected($user->id) !== true) {
continue;
}
try {
$userupn = \local_o365\rest\azuread::get_muser_upn($user);
} catch (\Exception $e) {
continue;
}
if (!empty($userupn)) {
$results[$user->id] = $this->add_user_to_group($userupn, $spgroupid, $user->id);
}
}
return $results;
}
