Differences Between: [Versions 400 and 401] [Versions 400 and 402] [Versions 400 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 /** 17 * Privacy class for requesting user data for auth_oauth2. 18 * 19 * @package auth_oauth2 20 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 */ 23 namespace auth_oauth2\privacy; 24 25 defined('MOODLE_INTERNAL') || die(); 26 27 use core_privacy\local\metadata\collection; 28 use core_privacy\local\request\contextlist; 29 use core_privacy\local\request\approved_contextlist; 30 use core_privacy\local\request\transform; 31 use core_privacy\local\request\writer; 32 use core_privacy\local\request\userlist; 33 use core_privacy\local\request\approved_userlist; 34 35 /** 36 * Privacy provider for auth_oauth2 37 * 38 * @package auth_oauth2 39 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 40 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 41 */ 42 class provider implements 43 \core_privacy\local\metadata\provider, 44 \core_privacy\local\request\core_userlist_provider, 45 \core_privacy\local\request\plugin\provider { 46 47 /** 48 * Get information about the user data stored by this plugin. 49 * 50 * @param collection $collection An object for storing metadata. 51 * @return collection The metadata. 52 */ 53 public static function get_metadata(collection $collection) : collection { 54 $authfields = [ 55 'timecreated' => 'privacy:metadata:auth_oauth2:timecreated', 56 'timemodified' => 'privacy:metadata:auth_oauth2:timemodified', 57 'usermodified' => 'privacy:metadata:auth_oauth2:usermodified', 58 'userid' => 'privacy:metadata:auth_oauth2:userid', 59 'issuerid' => 'privacy:metadata:auth_oauth2:issuerid', 60 'username' => 'privacy:metadata:auth_oauth2:username', 61 'email' => 'privacy:metadata:auth_oauth2:email', 62 'confirmtoken' => 'privacy:metadata:auth_oauth2:confirmtoken', 63 'confirmtokenexpires' => 'privacy:metadata:auth_oauth2:confirmtokenexpires' 64 ]; 65 66 $collection->add_database_table('auth_oauth2_linked_login', $authfields, 'privacy:metadata:auth_oauth2:tableexplanation'); 67 $collection->link_subsystem('core_auth', 'privacy:metadata:auth_oauth2:authsubsystem'); 68 69 return $collection; 70 } 71 72 /** 73 * Return all contexts for this userid. In this situation the user context. 74 * 75 * @param int $userid The user ID. 76 * @return contextlist The list of context IDs. 77 */ 78 public static function get_contexts_for_userid(int $userid) : contextlist { 79 $sql = "SELECT ctx.id 80 FROM {auth_oauth2_linked_login} ao 81 JOIN {context} ctx ON ctx.instanceid = ao.userid AND ctx.contextlevel = :contextlevel 82 WHERE ao.userid = :userid"; 83 $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER]; 84 $contextlist = new contextlist(); 85 $contextlist->add_from_sql($sql, $params); 86 87 return $contextlist; 88 } 89 90 /** 91 * Get the list of users within a specific context. 92 * 93 * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination. 94 */ 95 public static function get_users_in_context(userlist $userlist) { 96 $context = $userlist->get_context(); 97 98 if (!$context instanceof \context_user) { 99 return; 100 } 101 102 $sql = "SELECT userid 103 FROM {auth_oauth2_linked_login} 104 WHERE userid = ?"; 105 $params = [$context->instanceid]; 106 $userlist->add_from_sql('userid', $sql, $params); 107 } 108 109 /** 110 * Export all oauth2 information for the list of contexts and this user. 111 * 112 * @param approved_contextlist $contextlist The list of approved contexts for a user. 113 */ 114 public static function export_user_data(approved_contextlist $contextlist) { 115 global $DB; 116 117 // Export oauth2 linked accounts. 118 $context = \context_user::instance($contextlist->get_user()->id); 119 $sql = "SELECT ll.id, ll.username, ll.email, ll.timecreated, ll.timemodified, oi.name as issuername 120 FROM {auth_oauth2_linked_login} ll JOIN {oauth2_issuer} oi ON oi.id = ll.issuerid 121 WHERE ll.userid = :userid"; 122 if ($oauth2accounts = $DB->get_records_sql($sql, ['userid' => $contextlist->get_user()->id])) { 123 foreach ($oauth2accounts as $oauth2account) { 124 $data = (object)[ 125 'timecreated' => transform::datetime($oauth2account->timecreated), 126 'timemodified' => transform::datetime($oauth2account->timemodified), 127 'issuerid' => $oauth2account->issuername, 128 'username' => $oauth2account->username, 129 'email' => $oauth2account->email 130 ]; 131 writer::with_context($context)->export_data([ 132 get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'), 133 $oauth2account->issuername 134 ], $data); 135 } 136 } 137 } 138 139 /** 140 * Delete all user data for this context. 141 * 142 * @param \context $context The context to delete data for. 143 */ 144 public static function delete_data_for_all_users_in_context(\context $context) { 145 if ($context->contextlevel != CONTEXT_USER) { 146 return; 147 } 148 static::delete_user_data($context->instanceid); 149 } 150 151 /** 152 * Delete multiple users within a single context. 153 * 154 * @param approved_userlist $userlist The approved context and user information to delete information for. 155 */ 156 public static function delete_data_for_users(approved_userlist $userlist) { 157 $context = $userlist->get_context(); 158 159 if ($context instanceof \context_user) { 160 static::delete_user_data($context->instanceid); 161 } 162 } 163 164 /** 165 * Delete all user data for this user only. 166 * 167 * @param approved_contextlist $contextlist The list of approved contexts for a user. 168 */ 169 public static function delete_data_for_user(approved_contextlist $contextlist) { 170 if (empty($contextlist->count())) { 171 return; 172 } 173 $userid = $contextlist->get_user()->id; 174 foreach ($contextlist->get_contexts() as $context) { 175 if ($context->contextlevel != CONTEXT_USER) { 176 continue; 177 } 178 if ($context->instanceid == $userid) { 179 // Because we only use user contexts the instance ID is the user ID. 180 static::delete_user_data($context->instanceid); 181 } 182 } 183 } 184 185 /** 186 * This does the deletion of user data for the auth_oauth2. 187 * 188 * @param int $userid The user ID 189 */ 190 protected static function delete_user_data(int $userid) { 191 global $DB; 192 193 // Because we only use user contexts the instance ID is the user ID. 194 $DB->delete_records('auth_oauth2_linked_login', ['userid' => $userid]); 195 } 196 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body