Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.

Differences Between: [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  /**
  17   * Privacy class for requesting user data for auth_oauth2.
  18   *
  19   * @package    auth_oauth2
  20   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  namespace auth_oauth2\privacy;
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  use core_privacy\local\metadata\collection;
  28  use core_privacy\local\request\contextlist;
  29  use core_privacy\local\request\approved_contextlist;
  30  use core_privacy\local\request\transform;
  31  use core_privacy\local\request\writer;
  32  use core_privacy\local\request\userlist;
  33  use core_privacy\local\request\approved_userlist;
  34  
  35  /**
  36   * Privacy provider for auth_oauth2
  37   *
  38   * @package    auth_oauth2
  39   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  40   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  41   */
  42  class provider implements
  43      \core_privacy\local\metadata\provider,
  44      \core_privacy\local\request\core_userlist_provider,
  45      \core_privacy\local\request\plugin\provider {
  46  
  47      /**
  48       * Get information about the user data stored by this plugin.
  49       *
  50       * @param  collection $collection An object for storing metadata.
  51       * @return collection The metadata.
  52       */
  53      public static function get_metadata(collection $collection) : collection {
  54          $authfields = [
  55              'timecreated' => 'privacy:metadata:auth_oauth2:timecreated',
  56              'timemodified' => 'privacy:metadata:auth_oauth2:timemodified',
  57              'usermodified' => 'privacy:metadata:auth_oauth2:usermodified',
  58              'userid' => 'privacy:metadata:auth_oauth2:userid',
  59              'issuerid' => 'privacy:metadata:auth_oauth2:issuerid',
  60              'username' => 'privacy:metadata:auth_oauth2:username',
  61              'email' => 'privacy:metadata:auth_oauth2:email',
  62              'confirmtoken' => 'privacy:metadata:auth_oauth2:confirmtoken',
  63              'confirmtokenexpires' => 'privacy:metadata:auth_oauth2:confirmtokenexpires'
  64          ];
  65  
  66          $collection->add_database_table('auth_oauth2_linked_login', $authfields, 'privacy:metadata:auth_oauth2:tableexplanation');
  67          $collection->link_subsystem('core_auth', 'privacy:metadata:auth_oauth2:authsubsystem');
  68  
  69          return $collection;
  70      }
  71  
  72      /**
  73       * Return all contexts for this userid. In this situation the user context.
  74       *
  75       * @param  int $userid The user ID.
  76       * @return contextlist The list of context IDs.
  77       */
  78      public static function get_contexts_for_userid(int $userid) : contextlist {
  79          $sql = "SELECT ctx.id
  80                    FROM {auth_oauth2_linked_login} ao
  81                    JOIN {context} ctx ON ctx.instanceid = ao.userid AND ctx.contextlevel = :contextlevel
  82                   WHERE ao.userid = :userid";
  83          $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
  84          $contextlist = new contextlist();
  85          $contextlist->add_from_sql($sql, $params);
  86  
  87          return $contextlist;
  88      }
  89  
  90      /**
  91       * Get the list of users within a specific context.
  92       *
  93       * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
  94       */
  95      public static function get_users_in_context(userlist $userlist) {
  96          $context = $userlist->get_context();
  97  
  98          if (!$context instanceof \context_user) {
  99              return;
 100          }
 101  
 102          $sql = "SELECT userid
 103                    FROM {auth_oauth2_linked_login}
 104                   WHERE userid = ?";
 105          $params = [$context->instanceid];
 106          $userlist->add_from_sql('userid', $sql, $params);
 107      }
 108  
 109      /**
 110       * Export all oauth2 information for the list of contexts and this user.
 111       *
 112       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 113       */
 114      public static function export_user_data(approved_contextlist $contextlist) {
 115          global $DB;
 116  
 117          // Export oauth2 linked accounts.
 118          $context = \context_user::instance($contextlist->get_user()->id);
 119          $sql = "SELECT ll.id, ll.username, ll.email, ll.timecreated, ll.timemodified, oi.name as issuername
 120                  FROM {auth_oauth2_linked_login} ll JOIN {oauth2_issuer} oi ON oi.id = ll.issuerid
 121                  WHERE ll.userid = :userid";
 122          if ($oauth2accounts = $DB->get_records_sql($sql, ['userid' => $contextlist->get_user()->id])) {
 123              foreach ($oauth2accounts as $oauth2account) {
 124                  $data = (object)[
 125                      'timecreated' => transform::datetime($oauth2account->timecreated),
 126                      'timemodified' => transform::datetime($oauth2account->timemodified),
 127                      'issuerid' => $oauth2account->issuername,
 128                      'username' => $oauth2account->username,
 129                      'email' => $oauth2account->email
 130                  ];
 131                  writer::with_context($context)->export_data([
 132                          get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'),
 133                          $oauth2account->issuername
 134                      ], $data);
 135              }
 136          }
 137      }
 138  
 139      /**
 140       * Delete all user data for this context.
 141       *
 142       * @param  \context $context The context to delete data for.
 143       */
 144      public static function delete_data_for_all_users_in_context(\context $context) {
 145          if ($context->contextlevel != CONTEXT_USER) {
 146              return;
 147          }
 148          static::delete_user_data($context->instanceid);
 149      }
 150  
 151      /**
 152       * Delete multiple users within a single context.
 153       *
 154       * @param approved_userlist $userlist The approved context and user information to delete information for.
 155       */
 156      public static function delete_data_for_users(approved_userlist $userlist) {
 157          $context = $userlist->get_context();
 158  
 159          if ($context instanceof \context_user) {
 160              static::delete_user_data($context->instanceid);
 161          }
 162      }
 163  
 164      /**
 165       * Delete all user data for this user only.
 166       *
 167       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 168       */
 169      public static function delete_data_for_user(approved_contextlist $contextlist) {
 170          if (empty($contextlist->count())) {
 171              return;
 172          }
 173          $userid = $contextlist->get_user()->id;
 174          foreach ($contextlist->get_contexts() as $context) {
 175              if ($context->contextlevel != CONTEXT_USER) {
 176                  continue;
 177              }
 178              if ($context->instanceid == $userid) {
 179                  // Because we only use user contexts the instance ID is the user ID.
 180                  static::delete_user_data($context->instanceid);
 181              }
 182          }
 183      }
 184  
 185      /**
 186       * This does the deletion of user data for the auth_oauth2.
 187       *
 188       * @param  int $userid The user ID
 189       */
 190      protected static function delete_user_data(int $userid) {
 191          global $DB;
 192  
 193          // Because we only use user contexts the instance ID is the user ID.
 194          $DB->delete_records('auth_oauth2_linked_login', ['userid' => $userid]);
 195      }
 196  }