Moodle 4.1 XRef and Diffs

Search moodle.org's
Developer Documentation
See Release Notes
Long Term Support Release
Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
Moodle 4.1 Database Schema (by Marcus Green)
/auth/oauth2/classes/privacy/ -> provider.php (source)
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  /**
  17   * Privacy class for requesting user data for auth_oauth2.
  18   *
  19   * @package    auth_oauth2
  20   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  namespace auth_oauth2\privacy;
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  use core_privacy\local\metadata\collection;
  28  use core_privacy\local\request\contextlist;
  29  use core_privacy\local\request\approved_contextlist;
  30  use core_privacy\local\request\transform;
  31  use core_privacy\local\request\writer;
  32  use core_privacy\local\request\userlist;
  33  use core_privacy\local\request\approved_userlist;
  34  
  35  /**
  36   * Privacy provider for auth_oauth2
  37   *
  38   * @package    auth_oauth2
  39   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  40   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  41   */
  42  class provider implements
  43      \core_privacy\local\metadata\provider,
  44      \core_privacy\local\request\core_userlist_provider,
  45      \core_privacy\local\request\plugin\provider {
  46  
  47      /**
  48       * Get information about the user data stored by this plugin.
  49       *
  50       * @param  collection $collection An object for storing metadata.
  51       * @return collection The metadata.
  52       */
  53      public static function get_metadata(collection $collection) : collection {
  54          $authfields = [
  55              'timecreated' => 'privacy:metadata:auth_oauth2:timecreated',
  56              'timemodified' => 'privacy:metadata:auth_oauth2:timemodified',
  57              'usermodified' => 'privacy:metadata:auth_oauth2:usermodified',
  58              'userid' => 'privacy:metadata:auth_oauth2:userid',
  59              'issuerid' => 'privacy:metadata:auth_oauth2:issuerid',
  60              'username' => 'privacy:metadata:auth_oauth2:username',
  61              'email' => 'privacy:metadata:auth_oauth2:email',
  62              'confirmtoken' => 'privacy:metadata:auth_oauth2:confirmtoken',
  63              'confirmtokenexpires' => 'privacy:metadata:auth_oauth2:confirmtokenexpires'
  64          ];
  65  
  66          $collection->add_database_table('auth_oauth2_linked_login', $authfields, 'privacy:metadata:auth_oauth2:tableexplanation');
  67  
  68          // Regarding this block, we are unable to export or purge this data, as
  69          // it would damage the oauth2 data across the whole site.
  70          foreach ([
  71              'oauth2_endpoint',
  72              'oauth2_user_field_mapping',
  73              'oauth2_access_token',
  74              'oauth2_system_account',
  75          ] as $tablename) {
  76              $collection->add_database_table($tablename, [
  77                  'usermodified' => 'privacy:metadata:auth_oauth2:usermodified',
  78              ], 'privacy:metadata:auth_oauth2:tableexplanation');
  79          }
  80  
  81          $collection->link_subsystem('core_auth', 'privacy:metadata:auth_oauth2:authsubsystem');
  82  
  83          return $collection;
  84      }
  85  
  86      /**
  87       * Return all contexts for this userid. In this situation the user context.
  88       *
  89       * @param  int $userid The user ID.
  90       * @return contextlist The list of context IDs.
  91       */
  92      public static function get_contexts_for_userid(int $userid) : contextlist {
  93          $sql = "SELECT ctx.id
  94                    FROM {auth_oauth2_linked_login} ao
  95                    JOIN {context} ctx ON ctx.instanceid = ao.userid AND ctx.contextlevel = :contextlevel
  96                   WHERE ao.userid = :userid";
  97          $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
  98          $contextlist = new contextlist();
  99          $contextlist->add_from_sql($sql, $params);
 100  
 101          return $contextlist;
 102      }
 103  
 104      /**
 105       * Get the list of users within a specific context.
 106       *
 107       * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
 108       */
 109      public static function get_users_in_context(userlist $userlist) {
 110          $context = $userlist->get_context();
 111  
 112          if (!$context instanceof \context_user) {
 113              return;
 114          }
 115  
 116          $sql = "SELECT userid
 117                    FROM {auth_oauth2_linked_login}
 118                   WHERE userid = ?";
 119          $params = [$context->instanceid];
 120          $userlist->add_from_sql('userid', $sql, $params);
 121      }
 122  
 123      /**
 124       * Export all oauth2 information for the list of contexts and this user.
 125       *
 126       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 127       */
 128      public static function export_user_data(approved_contextlist $contextlist) {
 129          global $DB;
 130  
 131          // Export oauth2 linked accounts.
 132          $context = \context_user::instance($contextlist->get_user()->id);
 133          $sql = "SELECT ll.id, ll.username, ll.email, ll.timecreated, ll.timemodified, oi.name as issuername
 134                  FROM {auth_oauth2_linked_login} ll JOIN {oauth2_issuer} oi ON oi.id = ll.issuerid
 135                  WHERE ll.userid = :userid";
 136          if ($oauth2accounts = $DB->get_records_sql($sql, ['userid' => $contextlist->get_user()->id])) {
 137              foreach ($oauth2accounts as $oauth2account) {
 138                  $data = (object)[
 139                      'timecreated' => transform::datetime($oauth2account->timecreated),
 140                      'timemodified' => transform::datetime($oauth2account->timemodified),
 141                      'issuerid' => $oauth2account->issuername,
 142                      'username' => $oauth2account->username,
 143                      'email' => $oauth2account->email
 144                  ];
 145                  writer::with_context($context)->export_data([
 146                          get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'),
 147                          $oauth2account->issuername
 148                      ], $data);
 149              }
 150          }
 151      }
 152  
 153      /**
 154       * Delete all user data for this context.
 155       *
 156       * @param  \context $context The context to delete data for.
 157       */
 158      public static function delete_data_for_all_users_in_context(\context $context) {
 159          if ($context->contextlevel != CONTEXT_USER) {
 160              return;
 161          }
 162          static::delete_user_data($context->instanceid);
 163      }
 164  
 165      /**
 166       * Delete multiple users within a single context.
 167       *
 168       * @param approved_userlist $userlist The approved context and user information to delete information for.
 169       */
 170      public static function delete_data_for_users(approved_userlist $userlist) {
 171          $context = $userlist->get_context();
 172  
 173          if ($context instanceof \context_user) {
 174              static::delete_user_data($context->instanceid);
 175          }
 176      }
 177  
 178      /**
 179       * Delete all user data for this user only.
 180       *
 181       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 182       */
 183      public static function delete_data_for_user(approved_contextlist $contextlist) {
 184          if (empty($contextlist->count())) {
 185              return;
 186          }
 187          $userid = $contextlist->get_user()->id;
 188          foreach ($contextlist->get_contexts() as $context) {
 189              if ($context->contextlevel != CONTEXT_USER) {
 190                  continue;
 191              }
 192              if ($context->instanceid == $userid) {
 193                  // Because we only use user contexts the instance ID is the user ID.
 194                  static::delete_user_data($context->instanceid);
 195              }
 196          }
 197      }
 198  
 199      /**
 200       * This does the deletion of user data for the auth_oauth2.
 201       *
 202       * @param  int $userid The user ID
 203       */
 204      protected static function delete_user_data(int $userid) {
 205          global $DB;
 206  
 207          // Because we only use user contexts the instance ID is the user ID.
 208          $DB->delete_records('auth_oauth2_linked_login', ['userid' => $userid]);
 209      }
 210  }