/** * Sync Sharepoint course site access when a role was assigned or unassigned for a user. * * @param int $roleid The ID of the role that was assigned/unassigned. * @param int $userid The ID of the user that it was assigned to or unassigned from. * @param int $contextid The ID of the context the role was assigned/unassigned in. * @return bool Success/Failure. */ public static function sync_spsite_access_for_roleassign_change($roleid, $userid, $contextid) { global $DB; $requiredcap = \local_o365\rest\sharepoint::get_course_site_required_capability(); // Check if the role affected the required capability. $rolecapsql = "SELECT *\n FROM {role_capabilities}\n WHERE roleid = ? AND capability = ?"; $capassignrec = $DB->get_record_sql($rolecapsql, [$roleid, $requiredcap]); if (empty($capassignrec) || $capassignrec->permission == CAP_INHERIT) { // Role doesn't affect required capability. Doesn't concern us. return false; } $context = \context::instance_by_id($contextid, IGNORE_MISSING); if (empty($context)) { // Invalid context, stop here. return false; } if ($context->contextlevel == CONTEXT_COURSE) { $courseid = $context->instanceid; $user = $DB->get_record('user', ['id' => $userid]); if (empty($user)) { // Bad userid. return false; } $userupn = \local_o365\rest\azuread::get_muser_upn($user); if (empty($userupn)) { // No user UPN, can't continue. return false; } $spgroupsql = 'SELECT * FROM {local_o365_coursespsite} site JOIN {local_o365_spgroupdata} grp ON grp.coursespsiteid = site.id WHERE site.courseid = ? AND grp.permtype = ?'; $spgrouprec = $DB->get_record_sql($spgroupsql, [$courseid, 'contribute']); if (empty($spgrouprec)) { // No sharepoint group, can't fix that here. return false; } // If the context is a course context we can change SP access now. $sharepoint = static::construct_sharepoint_api_with_system_user(); if (empty($sharepoint)) { // O365 not configured. return false; } $hascap = has_capability($requiredcap, $context, $user); if ($hascap === true) { // Add to group. $sharepoint->add_user_to_group($userupn, $spgrouprec->groupid, $user->id); } else { // Remove from group. $sharepoint->remove_user_from_group($userupn, $spgrouprec->groupid, $user->id); } return true; } else { if ($context->get_course_context(false) == false) { // If the context is higher than a course, we have to run a sync in cron. $spaccesssync = new \local_o365\task\sharepointaccesssync(); $spaccesssync->set_custom_data(['roleid' => $roleid, 'userid' => $userid, 'contextid' => $contextid]); \core\task\manager::queue_adhoc_task($spaccesssync); return true; } } }
/** * Test create_course_site method. */ public function test_create_course_site() { global $DB; $requiredcapability = \local_o365\rest\sharepoint::get_course_site_required_capability(); $course = $this->getDataGenerator()->create_course(); $role = $this->getDataGenerator()->create_role(['archetype' => 'editingteacher']); $coursecontext = \context_course::instance($course->id); $user1 = $this->getDataGenerator()->create_user(['auth' => 'oidc']); $user2 = $this->getDataGenerator()->create_user(['auth' => 'oidc']); $aaduserdata = (object) ['type' => 'user', 'subtype' => '', 'objectid' => '', 'moodleid' => $user1->id, 'o365name' => '*****@*****.**', 'timecreated' => time(), 'timemodified' => time()]; $aaduserdata->id = $DB->insert_record('local_o365_objects', $aaduserdata); $result = $this->getDataGenerator()->role_assign($role, $user1->id, $coursecontext); $httpclient = new \local_o365\tests\mockhttpclient(); $httpresponses = ['', $this->get_response_create_site($course->fullname, $course->shortname, $course->summary), $this->get_response_create_group('testgroup', 'testgroup'), $this->get_response_assign_group_permission(), $this->get_response_add_user_to_group($aaduserdata->userupn)]; $httpclient->set_responses($httpresponses); $apiclient = new \local_o365\rest\sharepoint($this->get_mock_token(), $httpclient); $apiclient->create_course_site($course->id); $coursespsite = $DB->get_record('local_o365_coursespsite', ['courseid' => $course->id]); $this->assertNotEmpty($coursespsite); $this->assertEquals('/moodle/' . $course->shortname, $coursespsite->siteurl); $spgroupdata = $DB->get_records('local_o365_spgroupdata', ['coursespsiteid' => $coursespsite->id]); $this->assertNotEmpty($spgroupdata); }
/** * Get listing for a course folder. * * @param string $path Folder path. * @return array List of $list array and $path array. */ protected function get_listing_course($path = '') { global $USER, $OUTPUT; $list = []; $breadcrumb = [['name' => $this->name, 'path' => '/'], ['name' => 'Courses', 'path' => '/courses/']]; $reqcap = \local_o365\rest\sharepoint::get_course_site_required_capability(); $courses = get_user_capability_course($reqcap, $USER->id, true, 'shortname'); // Reindex courses array using course id. $coursesbyid = []; foreach ($courses as $i => $course) { $coursesbyid[$course->id] = $course; unset($courses[$i]); } unset($courses); if ($path === '/') { // Show available courses. foreach ($coursesbyid as $course) { $list[] = ['title' => $course->shortname, 'path' => '/courses/' . $course->id, 'thumbnail' => $OUTPUT->pix_url(file_folder_icon(90))->out(false), 'children' => []]; } } else { $pathtrimmed = trim($path, '/'); $pathparts = explode('/', $pathtrimmed); if (!is_numeric($pathparts[0])) { throw new \moodle_exception('errorbadpath', 'repository_office365'); } $courseid = (int) $pathparts[0]; unset($pathparts[0]); $relpath = !empty($pathparts) ? implode('/', $pathparts) : ''; if (isset($coursesbyid[$courseid])) { if ($this->path_is_upload($path) === false) { $sharepointclient = $this->get_sharepoint_apiclient(); if (!empty($sharepointclient)) { $parentsiteuri = $sharepointclient->get_course_subsite_uri($coursesbyid[$courseid]->id); $sharepointclient->set_site($parentsiteuri); try { $fullpath = !empty($relpath) ? '/' . $relpath : '/'; $contents = $sharepointclient->get_files($fullpath); $list = $this->contents_api_response_to_list($contents, $path, 'sharepoint', $parentsiteuri); } catch (\Exception $e) { $list = []; } } } $curpath = '/courses/' . $courseid; $breadcrumb[] = ['name' => $coursesbyid[$courseid]->shortname, 'path' => $curpath]; foreach ($pathparts as $pathpart) { if (!empty($pathpart)) { $curpath .= '/' . $pathpart; $breadcrumb[] = ['name' => $pathpart, 'path' => $curpath]; } } } } return [$list, $breadcrumb]; }
/** * Do the job. */ public function execute() { $reqcap = \local_o365\rest\sharepoint::get_course_site_required_capability(); $oidcconfig = get_config('auth_oidc'); if (!empty($oidcconfig)) { $spresource = \local_o365\rest\sharepoint::get_resource(); if (!empty($spresource)) { $httpclient = new \local_o365\httpclient(); $clientdata = new \local_o365\oauth2\clientdata($oidcconfig->clientid, $oidcconfig->clientsecret, $oidcconfig->authendpoint, $oidcconfig->tokenendpoint); $sptoken = \local_o365\oauth2\systemtoken::instance(null, $spresource, $clientdata, $httpclient); if (!empty($sptoken)) { $sharepoint = new \local_o365\rest\sharepoint($sptoken, $httpclient); } } } if (empty($sharepoint)) { throw new \moodle_exception('errorcreatingsharepointclient', 'local_o365'); } $opdata = $this->get_custom_data(); if ($opdata->userid !== '*' && $opdata->roleid !== '*' && !empty($opdata->contextid)) { // Single user role assign/unassign. $this->do_role_assignmentchange($opdata->roleid, $opdata->userid, $opdata->contextid, $reqcap, $sharepoint); } else { if ($opdata->userid === '*' && $opdata->roleid !== '*') { // Capability update. $this->do_role_capabilitychange($opdata->roleid, $reqcap, $sharepoint); } else { if ($opdata->roleid === '*' && $opdata->userid === '*') { // Role deleted. $this->do_role_delete($reqcap, $sharepoint); } } } }