/** * Sync sharepoint access for a list of courses and users. * * @param array $courses The courses to sync. * @param array $users The users to sync. * @param string $requiredcap The required capability. * @param \local\o365\rest\sharepoint $sharepoint Constructed sharepoint API client. * @return bool Success/Failure. */ protected function sync_spsiteaccess_for_courses_and_users(array $courses, array $users, $requiredcap, \local_o365\rest\sharepoint $sharepoint) { global $DB; foreach ($courses as $course) { $courseid = is_numeric($course) ? $course : $course->id; $context = \context_course::instance($courseid); $spgroupsql = 'SELECT * FROM {local_o365_coursespsite} site JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id WHERE site.courseid = ? AND grp.permtype = ?'; $spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']); foreach ($users as $user) { $userid = is_numeric($user) ? $user : $user->id; $userupn = \local_o365\rest\azuread::get_muser_upn($user); $hascap = has_capability($requiredcap, $context, $user); if ($hascap === true) { // Add to group. $sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $userid); } else { // Remove from group. $sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $userid); } } } return true; }
/** * Sync sharepoint access for a list of courses and users. * * @param array $courses The courses to sync. * @param array $users The users to sync. * @param string $requiredcap The required capability. * @param \local\o365\rest\sharepoint $sharepoint Constructed sharepoint API client. * @return bool Success/Failure. */ protected function sync_spsiteaccess_for_courses_and_users(array $courses, array $users, $requiredcap, \local_o365\rest\sharepoint $sharepoint) { global $DB; foreach ($courses as $course) { $courseid = is_numeric($course) ? $course : $course->id; $context = \context_course::instance($courseid); $spgroupsql = 'SELECT * FROM {local_o365_coursespsite} site JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id WHERE site.courseid = ? AND grp.permtype = ?'; $spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']); if (!empty($spgrouprec)) { foreach ($users as $user) { $userid = is_numeric($user) ? $user : $user->id; if (!\local_o365\utils::is_o365_connected($userid)) { continue; } $userupn = \local_o365\rest\azuread::get_muser_upn($user); $hascap = has_capability($requiredcap, $context, $user); if ($hascap === true) { // Add to group. try { mtrace('Adding user #' . $userid . ' to group id ' . $spgrouprec->groupid . '...'); $sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $userid); } catch (\Exception $e) { mtrace('Error: ' . $e->getMessage()); } } else { // Remove from group. try { mtrace('Removing user #' . $userid . ' from group id ' . $spgrouprec->groupid . '...'); $sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $userid); } catch (\Exception $e) { mtrace('Error: ' . $e->getMessage()); } } } } } return true; }
/** * Sync Sharepoint course site access when a role was assigned or unassigned for a user. * * @param int $roleid The ID of the role that was assigned/unassigned. * @param int $userid The ID of the user that it was assigned to or unassigned from. * @param int $contextid The ID of the context the role was assigned/unassigned in. * @return bool Success/Failure. */ public static function sync_spsite_access_for_roleassign_change($roleid, $userid, $contextid) { global $DB; $requiredcap = \local_o365\rest\sharepoint::get_course_site_required_capability(); // Check if the role affected the required capability. $rolecapsql = "SELECT *\n FROM {role_capabilities}\n WHERE roleid = ? AND capability = ?"; $capassignrec = $DB->get_record_sql($rolecapsql, [$roleid, $requiredcap]); if (empty($capassignrec) || $capassignrec->permission == CAP_INHERIT) { // Role doesn't affect required capability. Doesn't concern us. return false; } $context = \context::instance_by_id($contextid, IGNORE_MISSING); if (empty($context)) { // Invalid context, stop here. return false; } if ($context->contextlevel == CONTEXT_COURSE) { $courseid = $context->instanceid; $user = $DB->get_record('user', ['id' => $userid]); if (empty($user)) { // Bad userid. return false; } $userupn = \local_o365\rest\azuread::get_muser_upn($user); if (empty($userupn)) { // No user UPN, can't continue. return false; } $spgroupsql = 'SELECT * FROM {local_o365_coursespsite} site JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id WHERE site.courseid = ? AND grp.permtype = ?'; $spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']); if (empty($spgrouprec)) { // No sharepoint group, can't fix that here. return false; } // If the context is a course context we can change SP access now. $sharepoint = static::construct_sharepoint_api_with_system_user(); if (empty($sharepoint)) { // O365 not configured. return false; } $hascap = has_capability($requiredcap, $context, $user); if ($hascap === true) { // Add to group. $sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $user->id); } else { // Remove from group. $sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $user->id); } return true; } else { if ($context->get_course_context(false) == false) { // If the context is higher than a course, we have to run a sync in cron. $spaccesssync = new \local_o365\task\sharepointaccesssync(); $spaccesssync->set_custom_data(['roleid' => $roleid, 'userid' => $userid, 'contextid' => $contextid]); \core\task\manager::queue_adhoc_task($spaccesssync); return true; } } }
/** * Add users with a given capability in a given context to a Sharepoint group. * * @param \context $context The context to check for the capability. * @param string $capability The capability to check for. * @param int $spgroupid The sharepoint group ID to add users to. */ public function add_users_with_capability_to_group($context, $capability, $spgroupid) { $now = time(); $users = get_users_by_capability($context, $capability); $results = []; // Assign users to group. foreach ($users as $user) { // Only Azure AD users can be added to sharepoint. if (\local_o365\utils::is_o365_connected($user->id) !== true) { continue; } try { $userupn = \local_o365\rest\azuread::get_muser_upn($user); } catch (\Exception $e) { continue; } if (!empty($userupn)) { $results[$user->id] = $this->add_user_to_group($userupn, $spgroupid, $user->id); } } return $results; }