Auth: Add command to synchronize user groups from Azure - refs BT#22639

Author: AngelFQC

public/main/inc/lib/usergroup.lib.php

@@ -1317,6 +1317,8 @@ public function subscribe_users_to_usergroup(
     }
 
     /**
+     * @deprecated Use UsergroupRepository::getByTitleInUrl().
+     *
      * @param string $title
      *
      * @return bool
@@ -1555,8 +1557,8 @@ public function save($params, $showQuery = false)
         $params['updated_at'] = $params['created_at'] = api_get_utc_datetime();
         $params['group_type'] = isset($params['group_type']) ? Usergroup::SOCIAL_CLASS : Usergroup::NORMAL_CLASS;
         $params['allow_members_leave_group'] = isset($params['allow_members_leave_group']) ? 1 : 0;
-        $params['url'] = isset($params['url']) ? $params['url'] : "";
-        $params['visibility'] = isset($params['visibility']) ? $params['visibility'] : Usergroup::GROUP_PERMISSION_OPEN;
+        $params['url'] = $params['url'] ?? "";
+        $params['visibility'] = $params['visibility'] ?? Usergroup::GROUP_PERMISSION_OPEN;
 
         $userGroupExists = $this->usergroup_exists(trim($params['title']));
         if (false === $userGroupExists) {

src/CoreBundle/Command/AzureSyncAbstractCommand.php

@@ -7,10 +7,14 @@
 namespace Chamilo\CoreBundle\Command;
 
 use Chamilo\CoreBundle\Entity\AzureSyncState;
+use Chamilo\CoreBundle\Helpers\AccessUrlHelper;
 use Chamilo\CoreBundle\Helpers\AuthenticationConfigHelper;
 use Chamilo\CoreBundle\Helpers\AzureAuthenticatorHelper;
+use Chamilo\CoreBundle\Helpers\UserHelper;
 use Chamilo\CoreBundle\Repository\AzureSyncStateRepository;
+use Chamilo\CoreBundle\Repository\Node\UsergroupRepository;
 use Chamilo\CoreBundle\Repository\Node\UserRepository;
+use Chamilo\CoreBundle\Settings\SettingsManager;
 use Doctrine\ORM\EntityManagerInterface;
 use Exception;
 use Generator;
@@ -39,6 +43,10 @@ public function __construct(
         readonly protected AzureSyncStateRepository $syncStateRepo,
         protected readonly EntityManagerInterface $entityManager,
         protected readonly UserRepository $userRepository,
+        protected readonly UsergroupRepository $usergroupRepository,
+        protected readonly AccessUrlHelper $accessUrlHelper,
+        protected readonly SettingsManager $settingsManager,
+        protected readonly UserHelper $userHelper,
     ) {
         parent::__construct();
 
@@ -74,12 +82,12 @@ protected function getAzureUsers(): Generator
 
             $query = $usersDeltaLink
                 ? $usersDeltaLink->getValue()
-                : \sprintf('$select=%s', implode(',', AzureAuthenticatorHelper::QUERY_FIELDS));
+                : \sprintf('$select=%s', implode(',', AzureAuthenticatorHelper::QUERY_USER_FIELDS));
         } else {
             $query = \sprintf(
                 '$top=%d&$select=%s',
                 AzureSyncState::API_PAGE_SIZE,
-                implode(',', AzureAuthenticatorHelper::QUERY_FIELDS)
+                implode(',', AzureAuthenticatorHelper::QUERY_USER_FIELDS)
             );
         }
 
@@ -128,16 +136,10 @@ protected function getAzureUsers(): Generator
      */
     protected function getAzureGroupMembers(string $groupUid): Generator
     {
-        $userFields = [
-            'mail',
-            'mailNickname',
-            'id',
-        ];
-
         $query = \sprintf(
             '$top=%d&$select=%s',
             AzureSyncState::API_PAGE_SIZE,
-            implode(',', $userFields)
+            implode(',', AzureAuthenticatorHelper::QUERY_GROUP_MEMBERS_FIELDS)
         );
 
         $token = null;
@@ -147,14 +149,14 @@ protected function getAzureGroupMembers(string $groupUid): Generator
                 $this->generateOrRefreshToken($token);
 
                 $azureGroupMembersRequest = $this->provider->get(
-                    "groups/$groupUid/members?$query",
+                    "/v1.0/groups/$groupUid/members?$query",
                     $token
                 );
             } catch (GuzzleException|Exception $e) {
                 throw new Exception('Exception when requesting group members from Azure: '.$e->getMessage());
             }
 
-            $azureGroupMembers = $azureGroupMembersRequest['value'] ?? [];
+            $azureGroupMembers = $azureGroupMembersRequest ?? [];
 
             foreach ($azureGroupMembers as $azureGroupMember) {
                 yield $azureGroupMember;
@@ -166,6 +168,69 @@ protected function getAzureGroupMembers(string $groupUid): Generator
                 $hasNextLink = true;
                 $query = parse_url($azureGroupMembersRequest['@odata.nextLink'], PHP_URL_QUERY);
             }
-        } while ($hasNextLink = false);
+        } while ($hasNextLink);
+    }
+
+    /**
+     * @throws Exception
+     */
+    protected function getAzureGroups(): Generator
+    {
+        $getUsergroupsDelta = 'true' === $this->providerParams['script_usergroups_delta'];
+
+        if ($getUsergroupsDelta) {
+            $usergroupsDeltaLink = $this->syncStateRepo->findOneBy(['title' => AzureSyncState::USERGROUPS_DATALINK]);
+
+            $query = $usergroupsDeltaLink
+                ? $usergroupsDeltaLink->getValue()
+                : sprintf('$select=%s', implode(',', AzureAuthenticatorHelper::QUERY_GROUP_FIELDS));
+        } else {
+            $query = sprintf(
+                '$top=%d&$select=%s',
+                AzureSyncState::API_PAGE_SIZE,
+                implode(',', AzureAuthenticatorHelper::QUERY_GROUP_FIELDS)
+            );
+        }
+
+        $token = null;
+
+        do {
+            try {
+                $this->generateOrRefreshToken($token);
+
+                $azureGroupsRequest = $this->provider->get(
+                    $getUsergroupsDelta ? "/v1.0/groups/delta?$query" : "/v1.0/groups?$query",
+                    $token
+                );
+            } catch (Exception|GuzzleException $e) {
+                throw new Exception('Exception when requesting groups from Azure: '.$e->getMessage());
+            }
+
+            $azureGroupsInfo = $azureGroupsRequest ?? [];
+
+            foreach ($azureGroupsInfo as $azureGroupInfo) {
+                if (!empty($this->providerParams['group_filter_regex']) &&
+                    !preg_match("/{$this->providerParams['group_filter_regex']}/", $azureGroupInfo['displayName'])
+                ) {
+                    continue;
+                }
+
+                yield $azureGroupInfo;
+            }
+
+            $hasNextLink = false;
+
+            if (!empty($azureGroupsRequest['@odata.nextLink'])) {
+                $hasNextLink = true;
+                $query = parse_url($azureGroupsRequest['@odata.nextLink'], PHP_URL_QUERY);
+            }
+
+            if ($getUsergroupsDelta && !empty($azureGroupsRequest['@odata.deltaLink'])) {
+                $this->syncStateRepo->save(
+                    AzureSyncState::USERGROUPS_DATALINK,
+                    parse_url($azureGroupsRequest['@odata.deltaLink'], PHP_URL_QUERY),
+                );
+            }
+        } while ($hasNextLink);
     }
 }

src/CoreBundle/Command/AzureSyncUsergroupsCommand.php

@@ -0,0 +1,117 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Command;
+
+use Chamilo\CoreBundle\Entity\Usergroup;
+use Exception;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand(
+    name: 'app:azure-sync-usergroups',
+    description: 'Synchronize groups registered in Azure with Chamilo user groups',
+)]
+class AzureSyncUsergroupsCommand extends AzureSyncAbstractCommand
+{
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+        $io->title('Synchronizing groups from Azure.');
+
+        $accessUrl = $this->accessUrlHelper->getCurrent();
+
+        /** @var array<string, Usergroup> $groupIdByUid */
+        $groupIdByUid = [];
+
+        $admin = $this->userRepository->getRootUser();
+
+        try {
+            foreach ($this->getAzureGroups() as $azureGroupInfo) {
+                $userGroup = $this->usergroupRepository->getOneByTitleInUrl($azureGroupInfo['displayName'], $accessUrl);
+
+                if ($userGroup) {
+                    $userGroup->getUsers()->clear();
+
+                    $io->text(
+                        sprintf(
+                            'Class exists, all users unsubscribed: %s (ID %d)',
+                            $userGroup->getTitle(),
+                            $userGroup->getId()
+                        )
+                    );
+                } else {
+                    $userGroup = (new Usergroup())
+                        ->setTitle($azureGroupInfo['displayName'])
+                        ->setDescription($azureGroupInfo['description'])
+                        ->setCreator($admin)
+                    ;
+
+                    if ('true' === $this->settingsManager->getSetting('profile.allow_teachers_to_classes')) {
+                        $userGroup->setAuthorId(
+                            $this->userHelper->getCurrent()->getId()
+                        );
+                    }
+
+                    $userGroup->addAccessUrl($accessUrl);
+
+                    $this->usergroupRepository->create($userGroup);
+
+                    $io->text(sprintf('Class created: %s (ID %d)', $userGroup->getTitle(), $userGroup->getId()));
+                }
+
+                $groupIdByUid[$azureGroupInfo['id']] = $userGroup;
+            }
+        } catch (Exception $e) {
+            $io->error($e->getMessage());
+
+            return Command::INVALID;
+        }
+
+        $io->section('Subscribing users to groups');
+
+        foreach ($groupIdByUid as $azureGroupUid => $group) {
+            $newGroupMembers = [];
+
+            $io->text(sprintf('Obtaining members for group (ID %d)', $group->getId()));
+
+            try {
+                foreach ($this->getAzureGroupMembers($azureGroupUid) as $azureGroupMember) {
+                    if ($userId = $this->azureHelper->getUserIdByVerificationOrder($azureGroupMember)) {
+                        $newGroupMembers[] = $userId;
+                    }
+                }
+            } catch (Exception $e) {
+                $io->warning($e->getMessage());
+
+                continue;
+            }
+
+            foreach ($newGroupMembers as $newGroupMemberId) {
+                $user = $this->userRepository->find($newGroupMemberId);
+
+                $group->addUser($user);
+            }
+
+            $io->text(
+                sprintf(
+                    'User IDs subscribed in class (ID %d): %s',
+                    $group->getId(),
+                    implode(', ', $newGroupMembers)
+                )
+            );
+        }
+
+        $this->entityManager->flush();
+
+        $io->success('Done.');
+
+        return Command::SUCCESS;
+    }
+}

src/CoreBundle/Entity/Usergroup.php

@@ -139,7 +139,7 @@ class Usergroup extends AbstractResource implements ResourceInterface, ResourceI
     /**
      * @var Collection<int, UsergroupRelUser>
      */
-    #[ORM\OneToMany(mappedBy: 'usergroup', targetEntity: UsergroupRelUser::class, cascade: ['persist'])]
+    #[ORM\OneToMany(mappedBy: 'usergroup', targetEntity: UsergroupRelUser::class, cascade: ['persist'], orphanRemoval: true)]
     protected Collection $users;
 
     /**
@@ -226,10 +226,20 @@ public function setUsers(Collection $users): void
             $this->addUsers($user);
         }
     }
-    public function addUsers(UsergroupRelUser $user): self
+    public function addUsers(UsergroupRelUser $relUser): self
     {
-        $user->setUsergroup($this);
-        $this->users[] = $user;
+        $relUser->setUsergroup($this);
+        $this->users[] = $relUser;
+
+        $user = $relUser->getUser();
+
+        foreach ($this->courses as $relcourse) {
+            $relcourse->getCourse()->addUserAsStudent($user);
+        }
+
+        foreach ($this->sessions as $relSession) {
+            $relSession->getSession()->addUserInSession(Session::STUDENT, $user);
+        }
 
         return $this;
     }
@@ -242,6 +252,18 @@ public function removeUsers(UsergroupRelUser $user): void
         }
     }
 
+    public function addUser(User $user, int $relationType = 0): static
+    {
+        $rel = (new UsergroupRelUser())
+            ->setUser($user)
+            ->setRelationType($relationType)
+        ;
+
+        $this->addUsers($rel);
+
+        return $this;
+    }
+
     /**
      * Get id.
      */

src/CoreBundle/Helpers/AzureAuthenticatorHelper.php

@@ -22,7 +22,7 @@
     public const EXTRA_FIELD_AZURE_ID = 'azure_id';
     public const EXTRA_FIELD_AZURE_UID = 'azure_uid';
 
-    public const QUERY_FIELDS = [
+    public const QUERY_USER_FIELDS = [
         'givenName',
         'surname',
         'mail',
@@ -33,6 +33,17 @@
         'mailNickname',
         'id',
     ];
+    public const QUERY_GROUP_FIELDS = [
+        'id',
+        'displayName',
+        'description',
+    ];
+
+    public const QUERY_GROUP_MEMBERS_FIELDS = [
+        'mail',
+        'mailNickname',
+        'id',
+    ];
 
     public function __construct(
         private ExtraFieldValuesRepository $extraFieldValuesRepo,

src/CoreBundle/Repository/Node/UsergroupRepository.php

@@ -6,6 +6,7 @@
 
 namespace Chamilo\CoreBundle\Repository\Node;
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\Course;
 use Chamilo\CoreBundle\Entity\Session;
 use Chamilo\CoreBundle\Entity\User;
@@ -472,4 +473,23 @@ public function getCurrentAccessUrlId(): int
         // For now, returning 1 as a default value.
         return 1;
     }
+
+    public function getOneByTitleInUrl(string $title, AccessUrl $url): ?Usergroup
+    {
+        $qb = $this->getOrCreateQueryBuilder(null, 'g');
+
+        return $qb
+            ->innerJoin('g.urls', 'u')
+            ->where($qb->expr()->eq('g.title', ':title'))
+            ->andWhere($qb->expr()->eq('u.url', ':url'))
+            ->setMaxResults(1)
+            ->setParameters([
+                'title' => $title,
+                'url' => $url->getId()
+            ])
+            ->setParameter('title', $title)
+            ->getQuery()
+            ->getOneOrNullResult()
+        ;
+    }
 }