/**
* Do the job.
*/
public function execute()
{
global $DB;
$configsetting = get_config('local_o365', 'creategroups');
if (empty($configsetting)) {
mtrace('Groups not enabled, skipping...');
return true;
}
$now = time();
$httpclient = new \local_o365\httpclient();
$clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
$unifiedresource = \local_o365\rest\unified::get_resource();
$unifiedtoken = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
if (empty($unifiedtoken)) {
mtrace('Could not get unified API token.');
return true;
}
$unifiedclient = new \local_o365\rest\unified($unifiedtoken, $httpclient);
$aadresource = \local_o365\rest\azuread::get_resource();
$aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient);
if (empty($aadtoken)) {
mtrace('Could not get Azure AD token.');
return true;
}
$aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient);
$siterec = $DB->get_record('course', ['id' => SITEID]);
$siteshortname = strtolower(preg_replace('/[^a-z0-9]+/iu', '', $siterec->shortname));
$sql = 'SELECT crs.*
FROM {course} crs
LEFT JOIN {local_o365_objects} obj ON obj.type = ? AND obj.subtype = ? AND obj.moodleid = crs.id
WHERE obj.id IS NULL AND crs.id != ?
LIMIT 0, 5';
$params = ['group', 'course', SITEID];
$courses = $DB->get_recordset_sql($sql, $params);
foreach ($courses as $course) {
// Create group.
$groupname = $siterec->shortname . ': ' . $course->fullname;
$groupshortname = $siteshortname . '_' . $course->shortname;
$response = $unifiedclient->create_group($groupname, $groupshortname);
if (empty($response) || !is_array($response) || empty($response['objectId'])) {
mtrace('Could not create group for course #' . $course->id);
var_dump($response);
continue;
}
mtrace('Created group ' . $response['objectId'] . ' for course #' . $course->id);
$objectrec = ['type' => 'group', 'subtype' => 'course', 'objectid' => $response['objectId'], 'moodleid' => $course->id, 'o365name' => $groupname, 'timecreated' => $now, 'timemodified' => $now];
$objectrec['id'] = $DB->insert_record('local_o365_objects', (object) $objectrec);
mtrace('Recorded group object (' . $objectrec['objectid'] . ') into object table with record id ' . $objectrec['id']);
// It takes a little while for the group object to register.
mtrace('Waiting 10 seconds for group to register...');
sleep(10);
// Add enrolled users to group.
mtrace('Adding users to group (' . $objectrec['objectid'] . ')');
$coursecontext = \context_course::instance($course->id);
list($esql, $params) = get_enrolled_sql($coursecontext);
$sql = "SELECT u.*,\n tok.oidcuniqid as userobjectid\n FROM {user} u\n JOIN ({$esql}) je ON je.id = u.id\n JOIN {auth_oidc_token} tok ON tok.username = u.username AND tok.resource = :tokresource\n WHERE u.deleted = 0";
$params['tokresource'] = 'https://graph.windows.net';
$enrolled = $DB->get_recordset_sql($sql, $params);
foreach ($enrolled as $user) {
$response = $aadclient->add_member_to_group($objectrec['objectid'], $user->userobjectid);
if ($response === true) {
mtrace('Added user #' . $user->id . ' (' . $user->userobjectid . ')');
} else {
mtrace('Could not add user #' . $user->id . ' (' . $user->userobjectid . ')');
mtrace('Received: ' . $response);
}
}
$enrolled->close();
}
$courses->close();
}
/**
* Check setup in Azure.
*/
public function mode_checksetup()
{
$data = new \stdClass();
$success = false;
$resource = \local_o365\rest\azuread::get_resource();
$clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
$httpclient = new \local_o365\httpclient();
$token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
if (empty($token)) {
throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
}
// Legacy API.
$legacyapi = new \stdClass();
$aadapiclient = new \local_o365\rest\azuread($token, $httpclient);
list($missingperms, $haswrite) = $aadapiclient->check_permissions();
$legacyapi->missingperms = $missingperms;
$legacyapi->haswrite = $haswrite;
// Unified API.
$unifiedapi = new \stdClass();
$unifiedapi->active = false;
$httpclient = new \local_o365\httpclient();
$unifiedresource = \local_o365\rest\unified::get_resource();
$token = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
if (empty($token)) {
throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
}
$unifiedapiclient = new \local_o365\rest\unified($token, $httpclient);
$unifiedpermsresult = $unifiedapiclient->check_permissions();
if ($unifiedpermsresult === null) {
$unifiedapi->active = false;
} else {
$unifiedapi->active = true;
$unifiedapi->missingperms = $unifiedpermsresult;
}
$data->legacyapi = $legacyapi;
$data->unifiedapi = $unifiedapi;
set_config('azuresetupresult', serialize($data), 'local_o365');
set_config('unifiedapiactive', (int) $unifiedapi->active, 'local_o365');
$success = true;
echo $this->ajax_response($data, $success);
}
/**
* Check setup in Azure.
*/
public function mode_checksetup()
{
$data = new \stdClass();
$success = false;
$enableunifiedapi = optional_param('enableunifiedapi', 0, PARAM_INT);
set_config('enableunifiedapi', $enableunifiedapi, 'local_o365');
$chineseapi = optional_param('chineseapi', 0, PARAM_INT);
set_config('chineseapi', $chineseapi, 'local_o365');
$aadtenant = required_param('aadtenant', PARAM_TEXT);
set_config('aadtenant', $aadtenant, 'local_o365');
$odburl = required_param('odburl', PARAM_TEXT);
set_config('odburl', $odburl, 'local_o365');
$resource = \local_o365\rest\azuread::get_resource();
$clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
$httpclient = new \local_o365\httpclient();
$token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
if (empty($token)) {
throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
}
// Legacy API.
$legacyapi = new \stdClass();
try {
$aadapiclient = new \local_o365\rest\azuread($token, $httpclient);
list($missingperms, $haswrite) = $aadapiclient->check_permissions();
$legacyapi->missingperms = $missingperms;
$legacyapi->haswrite = $haswrite;
} catch (\Exception $e) {
\local_o365\utils::debug($e->getMessage(), 'mode_checksetup:legacy');
$legacyapi->error = $e->getMessage();
}
$data->legacyapi = $legacyapi;
// Unified API.
$unifiedapi = new \stdClass();
$unifiedapi->active = false;
if (\local_o365\rest\unified::is_enabled() === true) {
try {
$httpclient = new \local_o365\httpclient();
$unifiedresource = \local_o365\rest\unified::get_resource();
$token = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
if (empty($token)) {
throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
}
$unifiedapiclient = new \local_o365\rest\unified($token, $httpclient);
$unifiedpermsresult = $unifiedapiclient->check_permissions();
if ($unifiedpermsresult === null) {
$unifiedapi->active = false;
} else {
$unifiedapi->active = true;
$unifiedapi->missingperms = $unifiedpermsresult;
}
} catch (\Exception $e) {
$unifiedapi->active = false;
\local_o365\utils::debug($e->getMessage(), 'mode_checksetup:unified');
$unifiedapi->error = $e->getMessage();
}
}
$data->unifiedapi = $unifiedapi;
set_config('unifiedapiactive', (int) $unifiedapi->active, 'local_o365');
set_config('azuresetupresult', serialize($data), 'local_o365');
$success = true;
echo $this->ajax_response($data, $success);
}