/**
* update one or more sets of group membership
*
* @param array $groups
*/
public static function update_group_members($groups)
{
global $USER, $WEBSERVICE_INSTITUTION;
// Do basic automatic PARAM checks on incoming data, using params description
$params = self::validate_parameters(self::update_group_members_parameters(), array('groups' => $groups));
db_begin();
$groupids = array();
foreach ($params['groups'] as $group) {
// Make sure that the group doesn't already exist
if (!empty($group['id'])) {
if (!($dbgroup = get_record('group', 'id', $group['id'], 'deleted', 0))) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['id']));
}
} else {
if (!empty($group['name'])) {
if (!($dbgroup = get_record('group', 'name', $group['name'], 'deleted', 0))) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['name']));
}
} else {
if (!empty($group['shortname'])) {
if (empty($group['institution'])) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('instmustset', 'auth.webservice', $group['shortname']));
}
if (!($dbgroup = get_record('group', 'shortname', $group['shortname'], 'institution', $group['institution'], 'deleted', 0))) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('groupnotexist', 'auth.webservice', $group['shortname'] . '/' . $group['institution']));
}
} else {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('nogroup', 'auth.webservice'));
}
}
}
// are we allowed to administer this group
if (!empty($dbgroup->institution) && $WEBSERVICE_INSTITUTION != $dbgroup->institution) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['name']));
}
if (!empty($dbgroup->institution) && !$USER->can_edit_institution($dbgroup->institution)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['shortname']));
}
// get old members
$oldmembers = get_records_array('group_member', 'group', $dbgroup->id, '', 'member,role');
$existingmembers = array();
if (!empty($oldmembers)) {
foreach ($oldmembers as $member) {
$existingmembers[$member->member] = $member->role;
}
}
// check that the members exist and we are allowed to administer them
foreach ($group['members'] as $member) {
if (!empty($member['id'])) {
$dbuser = get_record('usr', 'id', $member['id'], 'deleted', 0);
} else {
if (!empty($member['username'])) {
$dbuser = get_record('usr', 'username', $member['username'], 'deleted', 0);
} else {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('nousernameoridgroup', 'auth.webservice', $group['name']));
}
}
if (empty($dbuser)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidusergroup', 'auth.webservice', $member['id'] . '/' . $member['username'], $group['name']));
}
// check user is in this institution if this is an institution controlled group
if (!empty($dbgroup->shortname) && !empty($dbgroup->institution)) {
if (!mahara_external_in_institution($dbuser, $WEBSERVICE_INSTITUTION)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('notauthforuseridinstitutiongroup', 'auth.webservice', $dbuser->id, $WEBSERVICE_INSTITUTION, $group['shortname']));
}
} else {
// Make sure auth is valid
if (!($authinstance = get_record('auth_instance', 'id', $dbuser->authinstance))) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
// basic check authorisation to edit for the current institution of the user
if (!$USER->can_edit_institution($authinstance->institution)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('accessdeniedforinstuser', 'auth.webservice', $authinstance->institution, $dbuser->username));
}
}
// determine the changes to the group membership
if ($member['action'] == 'remove') {
if (isset($existingmembers[$dbuser->id])) {
unset($existingmembers[$dbuser->id]);
}
// silently fail
} else {
if ($member['action'] == 'add') {
// check the specified role
if (!in_array($member['role'], self::$member_roles)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidmemroles', 'auth.webservice', $member['role'], $dbuser->username));
}
$existingmembers[$dbuser->id] = $member['role'];
// silently fail
} else {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('membersinvalidaction', 'auth.webservice', $member['action'], $dbuser->id . '/' . $dbuser->username, $group['name']));
}
}
}
// now update the group membership
group_update_members($dbgroup->id, $existingmembers);
}
db_commit();
return null;
}
/**
* Get user favourites for one or more users
*
* @param array $userids array of user ids
* @return array An array of arrays describing users favourites
*/
public static function get_favourites($users)
{
global $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER;
$params = self::validate_parameters(self::get_favourites_parameters(), array('users' => $users));
// build the final results
$result = array();
foreach ($params['users'] as $user) {
$dbuser = self::checkuser($user);
// check the institution
if (!mahara_external_in_institution($dbuser, $WEBSERVICE_INSTITUTION)) {
throw new WebserviceInvalidParameterException('get_favourites | ' . get_string('notauthforuseridinstitution', 'auth.webservice', $user['userid'], $auth_instance->institution));
}
// get the favourite for the shortname for this user
$favs = array();
$favourites = get_user_favorites($dbuser->id, 100);
$dbfavourite = get_record('favorite', 'shortname', $user['shortname'], 'institution', $WEBSERVICE_INSTITUTION, 'owner', $dbuser->id);
if (empty($dbfavourite)) {
// create an empty one
$dbfavourite = (object) array('shortname' => $user['shortname'], 'institution' => $WEBSERVICE_INSTITUTION);
}
if (!empty($favourites)) {
foreach ($favourites as $fav) {
$dbfavuser = get_record('usr', 'id', $fav->id, 'deleted', 0);
$favs[] = array('id' => $fav->id, 'username' => $dbfavuser->username);
}
}
$result[] = array('id' => $dbuser->id, 'username' => $dbuser->username, 'shortname' => $dbfavourite->shortname, 'institution' => $dbfavourite->institution, 'favourites' => $favs);
}
return $result;
}
