/** * update one or more sets of group membership * * @param array $groups */ public static function update_group_members($groups) { global $USER, $WEBSERVICE_INSTITUTION; // Do basic automatic PARAM checks on incoming data, using params description $params = self::validate_parameters(self::update_group_members_parameters(), array('groups' => $groups)); db_begin(); $groupids = array(); foreach ($params['groups'] as $group) { // Make sure that the group doesn't already exist if (!empty($group['id'])) { if (!($dbgroup = get_record('group', 'id', $group['id'], 'deleted', 0))) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['id'])); } } else { if (!empty($group['name'])) { if (!($dbgroup = get_record('group', 'name', $group['name'], 'deleted', 0))) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['name'])); } } else { if (!empty($group['shortname'])) { if (empty($group['institution'])) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('instmustset', 'auth.webservice', $group['shortname'])); } if (!($dbgroup = get_record('group', 'shortname', $group['shortname'], 'institution', $group['institution'], 'deleted', 0))) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['shortname'] . '/' . $group['institution'])); } } else { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('nogroup', 'auth.webservice')); } } } // are we allowed to administer this group if (!empty($dbgroup->institution) && $WEBSERVICE_INSTITUTION != $dbgroup->institution) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['name'])); } if (!empty($dbgroup->institution) && !$USER->can_edit_institution($dbgroup->institution)) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['shortname'])); } // get old members $oldmembers = get_records_array('group_member', 'group', $dbgroup->id, '', 'member,role'); $existingmembers = array(); if (!empty($oldmembers)) { foreach ($oldmembers as $member) { $existingmembers[$member->member] = $member->role; } } // check that the members exist and we are allowed to administer them foreach ($group['members'] as $member) { if (!empty($member['id'])) { $dbuser = get_record('usr', 'id', $member['id'], 'deleted', 0); } else { if (!empty($member['username'])) { $dbuser = get_record('usr', 'username', $member['username'], 'deleted', 0); } else { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('nousernameoridgroup', 'auth.webservice', $group['name'])); } } if (empty($dbuser)) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidusergroup', 'auth.webservice', $member['id'] . '/' . $member['username'], $group['name'])); } // check user is in this institution if this is an institution controlled group if (!empty($dbgroup->shortname) && !empty($dbgroup->institution)) { if (!mahara_external_in_institution($dbuser, $WEBSERVICE_INSTITUTION)) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('notauthforuseridinstitutiongroup', 'auth.webservice', $dbuser->id, $WEBSERVICE_INSTITUTION, $group['shortname'])); } } else { // Make sure auth is valid if (!($authinstance = get_record('auth_instance', 'id', $dbuser->authinstance))) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance)); } // check the institution is allowed // basic check authorisation to edit for the current institution of the user if (!$USER->can_edit_institution($authinstance->institution)) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstuser', 'auth.webservice', $authinstance->institution, $dbuser->username)); } } // determine the changes to the group membership if ($member['action'] == 'remove') { if (isset($existingmembers[$dbuser->id])) { unset($existingmembers[$dbuser->id]); } // silently fail } else { if ($member['action'] == 'add') { // check the specified role if (!in_array($member['role'], self::$member_roles)) { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidmemroles', 'auth.webservice', $member['role'], $dbuser->username)); } $existingmembers[$dbuser->id] = $member['role']; // silently fail } else { throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('membersinvalidaction', 'auth.webservice', $member['action'], $dbuser->id . '/' . $dbuser->username, $group['name'])); } } } // now update the group membership group_update_members($dbgroup->id, $existingmembers); } db_commit(); return null; }
/** * Get user favourites for one or more users * * @param array $userids array of user ids * @return array An array of arrays describing users favourites */ public static function get_favourites($users) { global $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER; $params = self::validate_parameters(self::get_favourites_parameters(), array('users' => $users)); // build the final results $result = array(); foreach ($params['users'] as $user) { $dbuser = self::checkuser($user); // check the institution if (!mahara_external_in_institution($dbuser, $WEBSERVICE_INSTITUTION)) { throw new WebserviceInvalidParameterException('get_favourites | ' . get_string('notauthforuseridinstitution', 'auth.webservice', $user['userid'], $auth_instance->institution)); } // get the favourite for the shortname for this user $favs = array(); $favourites = get_user_favorites($dbuser->id, 100); $dbfavourite = get_record('favorite', 'shortname', $user['shortname'], 'institution', $WEBSERVICE_INSTITUTION, 'owner', $dbuser->id); if (empty($dbfavourite)) { // create an empty one $dbfavourite = (object) array('shortname' => $user['shortname'], 'institution' => $WEBSERVICE_INSTITUTION); } if (!empty($favourites)) { foreach ($favourites as $fav) { $dbfavuser = get_record('usr', 'id', $fav->id, 'deleted', 0); $favs[] = array('id' => $fav->id, 'username' => $dbfavuser->username); } } $result[] = array('id' => $dbuser->id, 'username' => $dbuser->username, 'shortname' => $dbfavourite->shortname, 'institution' => $dbfavourite->institution, 'favourites' => $favs); } return $result; }