Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 /** 17 * Privacy class for requesting user data for auth_oauth2. 18 * 19 * @package auth_oauth2 20 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 */ 23 namespace auth_oauth2\privacy; 24 25 defined('MOODLE_INTERNAL') || die(); 26 27 use core_privacy\local\metadata\collection; 28 use core_privacy\local\request\contextlist; 29 use core_privacy\local\request\approved_contextlist; 30 use core_privacy\local\request\transform; 31 use core_privacy\local\request\writer; 32 use core_privacy\local\request\userlist; 33 use core_privacy\local\request\approved_userlist; 34 35 /** 36 * Privacy provider for auth_oauth2 37 * 38 * @package auth_oauth2 39 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 40 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 41 */ 42 class provider implements 43 \core_privacy\local\metadata\provider, 44 \core_privacy\local\request\core_userlist_provider, 45 \core_privacy\local\request\plugin\provider { 46 47 /** 48 * Get information about the user data stored by this plugin. 49 * 50 * @param collection $collection An object for storing metadata. 51 * @return collection The metadata. 52 */ 53 public static function get_metadata(collection $collection) : collection { 54 $authfields = [ 55 'timecreated' => 'privacy:metadata:auth_oauth2:timecreated', 56 'timemodified' => 'privacy:metadata:auth_oauth2:timemodified', 57 'usermodified' => 'privacy:metadata:auth_oauth2:usermodified', 58 'userid' => 'privacy:metadata:auth_oauth2:userid', 59 'issuerid' => 'privacy:metadata:auth_oauth2:issuerid', 60 'username' => 'privacy:metadata:auth_oauth2:username', 61 'email' => 'privacy:metadata:auth_oauth2:email', 62 'confirmtoken' => 'privacy:metadata:auth_oauth2:confirmtoken', 63 'confirmtokenexpires' => 'privacy:metadata:auth_oauth2:confirmtokenexpires' 64 ]; 65 66 $collection->add_database_table('auth_oauth2_linked_login', $authfields, 'privacy:metadata:auth_oauth2:tableexplanation'); 67 68 // Regarding this block, we are unable to export or purge this data, as 69 // it would damage the oauth2 data across the whole site. 70 foreach ([ 71 'oauth2_endpoint', 72 'oauth2_user_field_mapping', 73 'oauth2_access_token', 74 'oauth2_system_account', 75 ] as $tablename) { 76 $collection->add_database_table($tablename, [ 77 'usermodified' => 'privacy:metadata:auth_oauth2:usermodified', 78 ], 'privacy:metadata:auth_oauth2:tableexplanation'); 79 } 80 81 $collection->link_subsystem('core_auth', 'privacy:metadata:auth_oauth2:authsubsystem'); 82 83 return $collection; 84 } 85 86 /** 87 * Return all contexts for this userid. In this situation the user context. 88 * 89 * @param int $userid The user ID. 90 * @return contextlist The list of context IDs. 91 */ 92 public static function get_contexts_for_userid(int $userid) : contextlist { 93 $sql = "SELECT ctx.id 94 FROM {auth_oauth2_linked_login} ao 95 JOIN {context} ctx ON ctx.instanceid = ao.userid AND ctx.contextlevel = :contextlevel 96 WHERE ao.userid = :userid"; 97 $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER]; 98 $contextlist = new contextlist(); 99 $contextlist->add_from_sql($sql, $params); 100 101 return $contextlist; 102 } 103 104 /** 105 * Get the list of users within a specific context. 106 * 107 * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination. 108 */ 109 public static function get_users_in_context(userlist $userlist) { 110 $context = $userlist->get_context(); 111 112 if (!$context instanceof \context_user) { 113 return; 114 } 115 116 $sql = "SELECT userid 117 FROM {auth_oauth2_linked_login} 118 WHERE userid = ?"; 119 $params = [$context->instanceid]; 120 $userlist->add_from_sql('userid', $sql, $params); 121 } 122 123 /** 124 * Export all oauth2 information for the list of contexts and this user. 125 * 126 * @param approved_contextlist $contextlist The list of approved contexts for a user. 127 */ 128 public static function export_user_data(approved_contextlist $contextlist) { 129 global $DB; 130 131 // Export oauth2 linked accounts. 132 $context = \context_user::instance($contextlist->get_user()->id); 133 $sql = "SELECT ll.id, ll.username, ll.email, ll.timecreated, ll.timemodified, oi.name as issuername 134 FROM {auth_oauth2_linked_login} ll JOIN {oauth2_issuer} oi ON oi.id = ll.issuerid 135 WHERE ll.userid = :userid"; 136 if ($oauth2accounts = $DB->get_records_sql($sql, ['userid' => $contextlist->get_user()->id])) { 137 foreach ($oauth2accounts as $oauth2account) { 138 $data = (object)[ 139 'timecreated' => transform::datetime($oauth2account->timecreated), 140 'timemodified' => transform::datetime($oauth2account->timemodified), 141 'issuerid' => $oauth2account->issuername, 142 'username' => $oauth2account->username, 143 'email' => $oauth2account->email 144 ]; 145 writer::with_context($context)->export_data([ 146 get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'), 147 $oauth2account->issuername 148 ], $data); 149 } 150 } 151 } 152 153 /** 154 * Delete all user data for this context. 155 * 156 * @param \context $context The context to delete data for. 157 */ 158 public static function delete_data_for_all_users_in_context(\context $context) { 159 if ($context->contextlevel != CONTEXT_USER) { 160 return; 161 } 162 static::delete_user_data($context->instanceid); 163 } 164 165 /** 166 * Delete multiple users within a single context. 167 * 168 * @param approved_userlist $userlist The approved context and user information to delete information for. 169 */ 170 public static function delete_data_for_users(approved_userlist $userlist) { 171 $context = $userlist->get_context(); 172 173 if ($context instanceof \context_user) { 174 static::delete_user_data($context->instanceid); 175 } 176 } 177 178 /** 179 * Delete all user data for this user only. 180 * 181 * @param approved_contextlist $contextlist The list of approved contexts for a user. 182 */ 183 public static function delete_data_for_user(approved_contextlist $contextlist) { 184 if (empty($contextlist->count())) { 185 return; 186 } 187 $userid = $contextlist->get_user()->id; 188 foreach ($contextlist->get_contexts() as $context) { 189 if ($context->contextlevel != CONTEXT_USER) { 190 continue; 191 } 192 if ($context->instanceid == $userid) { 193 // Because we only use user contexts the instance ID is the user ID. 194 static::delete_user_data($context->instanceid); 195 } 196 } 197 } 198 199 /** 200 * This does the deletion of user data for the auth_oauth2. 201 * 202 * @param int $userid The user ID 203 */ 204 protected static function delete_user_data(int $userid) { 205 global $DB; 206 207 // Because we only use user contexts the instance ID is the user ID. 208 $DB->delete_records('auth_oauth2_linked_login', ['userid' => $userid]); 209 } 210 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body