Your IP : 192.168.165.1


Current Path : C:/xampp/htdocs/moodle/repository/nextcloud/classes/
Upload File :
Current File : C:/xampp/htdocs/moodle/repository/nextcloud/classes/access_controlled_link_manager.php

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Manages the creation and usage of access controlled links.
 *
 * @package    repository_nextcloud
 * @copyright  2017 Nina Herrmann (Learnweb, University of Münster)
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
namespace repository_nextcloud;

use context;
use \core\oauth2\api;
use \core\notification;
use repository_exception;

defined('MOODLE_INTERNAL') || die();
require_once($CFG->libdir . '/webdavlib.php');

/**
 * Manages the creation and usage of access controlled links.
 *
 * @package    repository_nextcloud
 * @copyright  2017 Nina Herrmann (Learnweb, University of Münster)
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class access_controlled_link_manager{
    /**
     * OCS client that uses the Open Collaboration Services REST API.
     * @var ocs_client
     */
    protected $ocsclient;
    /**
     * ocsclient of the systemaccount.
     * @var ocs_client
     */
    protected $systemocsclient;
    /**
     * Client to manage oauth2 features from the systemaccount.
     * @var \core\oauth2\client
     */
    protected $systemoauthclient;
    /**
     * Client to manage webdav request from the systemaccount..
     * @var \webdav_client
     */
    protected $systemwebdavclient;
    /**
     * Issuer from the oauthclient.
     * @var \core\oauth2\issuer
     */
    protected $issuer;
    /**
     * Name of the related repository.
     * @var string
     */
    protected $repositoryname;

    /**
     * Access_controlled_link_manager constructor.
     * @param ocs_client $ocsclient
     * @param \core\oauth2\client $systemoauthclient
     * @param ocs_client $systemocsclient
     * @param \core\oauth2\issuer $issuer
     * @param string $repositoryname
     * @throws configuration_exception
     */
    public function __construct($ocsclient, $systemoauthclient, $systemocsclient, $issuer, $repositoryname) {
        $this->ocsclient = $ocsclient;
        $this->systemoauthclient = $systemoauthclient;
        $this->systemocsclient = $systemocsclient;

        $this->repositoryname = $repositoryname;
        $this->issuer = $issuer;
        $this->systemwebdavclient = $this->create_system_dav();
    }

    /**
     * Deletes the share of the systemaccount and a user. In case the share could not be deleted a notification is
     * displayed.
     * @param int $shareid Remote ID of the share to be deleted.
     */
    public function delete_share_dataowner_sysaccount($shareid) {
        $shareid = (int) $shareid;
        $deleteshareparams = [
            'share_id' => $shareid
        ];
        $deleteshareresponse = $this->ocsclient->call('delete_share', $deleteshareparams);
        $xml = simplexml_load_string($deleteshareresponse);

        if (empty($xml->meta->statuscode) || $xml->meta->statuscode != 100 ) {
            notification::warning('You just shared a file with a access controlled link.
             However, the share between you and the systemaccount could not be deleted and is still present in your instance.');
        }
    }

    /**
     * Creates a share between a user and the system account. If $username is set the sharing direction is system account -> user,
     * otherwise user -> system account.
     * @param string $path Remote path of the file that will be shared
     * @param string $username optional when set the file is shared with the corresponding user otherwise with
     * the systemaccount.
     * @param bool $maywrite if false, only(!) read access is granted.
     * @return array statuscode, shareid, and filetarget
     * @throws request_exception
     */
    public function create_share_user_sysaccount($path, $username = null, $maywrite = false) {
        $result = array();

        if ($username != null) {
            $shareusername = $username;
        } else {
            $systemaccount = \core\oauth2\api::get_system_account($this->issuer);
            $shareusername = $systemaccount->get('username');
        }
        $permissions = ocs_client::SHARE_PERMISSION_READ;
        if ($maywrite) {
            // Add more privileges (write, reshare) if allowed for the given user.
            $permissions |= ocs_client::SHARE_PERMISSION_ALL;
        }
        $createshareparams = [
            'path' => $path,
            'shareType' => ocs_client::SHARE_TYPE_USER,
            'publicUpload' => false,
            'shareWith' => $shareusername,
            'permissions' => $permissions,
        ];

        // File is now shared with the system account.
        if ($username === null) {
            $createshareresponse = $this->ocsclient->call('create_share', $createshareparams);
        } else {
            $createshareresponse = $this->systemocsclient->call('create_share', $createshareparams);
        }
        $xml = simplexml_load_string($createshareresponse);

        $statuscode = (int)$xml->meta->statuscode;
        if ($statuscode != 100 && $statuscode != 403) {
            $details = get_string('filenotaccessed', 'repository_nextcloud');
            throw new request_exception(get_string('request_exception',
                'repository_nextcloud', array('instance' => $this->repositoryname, 'errormessage' => $details)));
        }
        $result['shareid'] = (int)$xml->data->id;
        $result['statuscode'] = $statuscode;
        $result['filetarget'] = (string)$xml->data[0]->file_target;

        return $result;
    }

    /** Copy or moves a file to a new path.
     * @param string $srcpath source path
     * @param string $dstpath
     * @param string $operation move or copy
     * @param  \webdav_client $webdavclient needed when moving files.
     * @return String Http-status of the request
     * @throws configuration_exception
     * @throws \coding_exception
     * @throws \moodle_exception
     * @throws \repository_nextcloud\request_exception
     */
    public function transfer_file_to_path($srcpath, $dstpath, $operation, $webdavclient = null) {
        $this->systemwebdavclient->open();
        $webdavendpoint = issuer_management::parse_endpoint_url('webdav', $this->issuer);

        $srcpath = ltrim($srcpath, '/');
        $sourcepath = $webdavendpoint['path'] . $srcpath;
        $dstpath = ltrim($dstpath, '/');
        $destinationpath = $webdavendpoint['path'] . $dstpath . '/' . $srcpath;

        if ($operation === 'copy') {
            $result = $this->systemwebdavclient->copy_file($sourcepath, $destinationpath, true);
        } else if ($operation === 'move') {
            $result = $webdavclient->move($sourcepath, $destinationpath, false);
            if ($result == 412) {
                // A file with that name already exists at that target. Find a unique location!
                $increment = 0; // Will be appended to/inserted into the filename.
                // Define the pattern that is used to insert the increment to the filename.
                if (substr_count($srcpath, '.') === 0) {
                    // No file extension; append increment to the (sprintf-escaped) name.
                    $namepattern = str_replace('%', '%%', $destinationpath) . ' (%s)';
                } else {
                    // Append the increment to the second-to-last component, which is presumably the one before the extension.
                    // Again, the original path is sprintf-escaped.
                    $components = explode('.', str_replace('%', '%%', $destinationpath));
                    $components[count($components) - 2] .= ' (%s)';
                    $namepattern = implode('.', $components);
                }
            }
            while ($result == 412) {
                $increment++;
                $destinationpath = sprintf($namepattern, $increment);
                $result = $webdavclient->move($sourcepath, $destinationpath, false);
            }
        }
        $this->systemwebdavclient->close();
        if (!($result == 201 || $result == 412)) {
            $details = get_string('contactadminwith', 'repository_nextcloud',
                'A webdav request to ' . $operation . ' a file failed.');
            throw new request_exception(array('instance' => $this->repositoryname, 'errormessage' => $details));
        }
        return $result;
    }

    /**
     * Creates a unique folder path for the access controlled link.
     * @param context $context
     * @param string $component
     * @param string $filearea
     * @param string $itemid
     * @return string $result full generated path.
     * @throws request_exception If the folder path cannot be created.
     */
    public function create_folder_path_access_controlled_links($context, $component, $filearea, $itemid) {
        global $CFG, $SITE;
        // The fullpath to store the file is generated from the context.
        $contextlist = array_reverse($context->get_parent_contexts(true));
        $fullpath = '';
        $allfolders = [];
        foreach ($contextlist as $ctx) {
            // Prepare human readable context folders names, making sure they are still unique within the site.
            $prevlang = force_current_language($CFG->lang);
            $foldername = $ctx->get_context_name();
            force_current_language($prevlang);

            if ($ctx->contextlevel === CONTEXT_SYSTEM) {
                // Append the site short name to the root folder.
                $foldername .= ' ('.$SITE->shortname.')';
                // Append the relevant object id.
            } else if ($ctx->instanceid) {
                $foldername .= ' (id '.$ctx->instanceid.')';
            } else {
                // This does not really happen but just in case.
                $foldername .= ' (ctx '.$ctx->id.')';
            }

            $foldername = clean_param($foldername, PARAM_FILE);
            $allfolders[] = $foldername;
        }

        $allfolders[] = clean_param($component, PARAM_FILE);
        $allfolders[] = clean_param($filearea, PARAM_FILE);
        $allfolders[] = clean_param($itemid, PARAM_FILE);

        // Extracts the end of the webdavendpoint.
        $parsedwebdavurl = issuer_management::parse_endpoint_url('webdav', $this->issuer);
        $webdavprefix = $parsedwebdavurl['path'];
        $this->systemwebdavclient->open();
        // Checks whether folder exist and creates non-existent folders.
        foreach ($allfolders as $foldername) {
            $fullpath .= '/' . $foldername;
            $isdir = $this->systemwebdavclient->is_dir($webdavprefix . $fullpath);
            // Folder already exist, continue.
            if ($isdir === true) {
                continue;
            }
            $response = $this->systemwebdavclient->mkcol($webdavprefix . $fullpath);

            if ($response != 201) {
                $this->systemwebdavclient->close();
                $details = get_string('contactadminwith', 'repository_nextcloud',
                    get_string('pathnotcreated', 'repository_nextcloud', $fullpath));
                throw new request_exception(array('instance' => $this->repositoryname,
                    'errormessage' => $details));
            }
        }
        $this->systemwebdavclient->close();
        return $fullpath;
    }

    /** Creates a new webdav_client for the system account.
     * @return \webdav_client
     * @throws configuration_exception
     */
    public function create_system_dav() {
        $webdavendpoint = issuer_management::parse_endpoint_url('webdav', $this->issuer);

        // Selects the necessary information (port, type, server) from the path to build the webdavclient.
        $server = $webdavendpoint['host'];
        if ($webdavendpoint['scheme'] === 'https') {
            $webdavtype = 'ssl://';
            $webdavport = 443;
        } else if ($webdavendpoint['scheme'] === 'http') {
            $webdavtype = '';
            $webdavport = 80;
        }

        // Override default port, if a specific one is set.
        if (isset($webdavendpoint['port'])) {
            $webdavport = $webdavendpoint['port'];
        }

        // Authentication method is `bearer` for OAuth 2. Pass oauth client from which WebDAV obtains the token when needed.
        $dav = new \webdav_client($server, '', '', 'bearer', $webdavtype,
            $this->systemoauthclient->get_accesstoken()->token, $webdavendpoint['path']);

        $dav->port = $webdavport;
        $dav->debug = false;
        return $dav;
    }

    /** Creates a folder to store access controlled links.
     * @param string $controlledlinkfoldername
     * @param \webdav_client $webdavclient
     * @throws \coding_exception
     * @throws configuration_exception
     * @throws request_exception
     */
    public function create_storage_folder($controlledlinkfoldername, $webdavclient) {
        $parsedwebdavurl = issuer_management::parse_endpoint_url('webdav', $this->issuer);
        $webdavprefix = $parsedwebdavurl['path'];
        // Checks whether folder exist and creates non-existent folders.
        $webdavclient->open();
        $isdir = $webdavclient->is_dir($webdavprefix . $controlledlinkfoldername);
        // Folder already exist, continue.
        if (!$isdir) {
            $responsecreateshare = $webdavclient->mkcol($webdavprefix . $controlledlinkfoldername);

            if ($responsecreateshare != 201) {
                $webdavclient->close();
                throw new request_exception(array('instance' => $this->repositoryname,
                    'errormessage' => get_string('contactadminwith', 'repository_nextcloud',
                    'The folder to store files in the user account could not be created.')));
            }
        }
        $webdavclient->close();
    }

    /** Gets all shares from a path (the path is file specific) and extracts the share of a specific user. In case
     * multiple shares exist the first one is taken. Multiple shares can only appear when shares are created outside
     * of this plugin, therefore this case is not handled.
     * @param string $path
     * @param string $username
     * @return \SimpleXMLElement
     * @throws \moodle_exception
     */
    public function get_shares_from_path($path, $username) {
        $ocsparams = [
            'path' => $path,
            'reshares' => true
        ];

        $getsharesresponse = $this->systemocsclient->call('get_shares', $ocsparams);
        $xml = simplexml_load_string($getsharesresponse);
        $validelement = array();
        foreach ($fileid = $xml->data->element as $element) {
            if ($element->share_with == $username) {
                $validelement = $element;
                break;
            }
        }
        if (empty($validelement)) {
            throw new request_exception(array('instance' => $this->repositoryname,
                'errormessage' => get_string('filenotaccessed', 'repository_nextcloud')));

        }
        return $validelement->id;
    }

    /** This method can only be used if the response is from a newly created share. In this case there is more information
     * in the response. For a reference refer to
     * https://docs.nextcloud.com/server/13/developer_manual/core/ocs-share-api.html#get-information-about-a-known-share.
     * @param int $shareid
     * @param string $username
     * @return mixed the id of the share
     * @throws \coding_exception
     * @throws \repository_nextcloud\request_exception
     */
    public function get_share_information_from_shareid($shareid, $username) {
        $ocsparams = [
            'share_id' => (int) $shareid
        ];

        $shareinformation = $this->ocsclient->call('get_information_of_share', $ocsparams);
        $xml = simplexml_load_string($shareinformation);
        foreach ($fileid = $xml->data->element as $element) {
            if ($element->share_with == $username) {
                $validelement = $element;
                break;
            }
        }
        if (empty($validelement)) {
            throw new request_exception(array('instance' => $this->repositoryname,
                'errormessage' => get_string('filenotaccessed', 'repository_nextcloud')));

        }
        return (string) $validelement->file_target;
    }

    /**
     * Find a file that has previously been shared with the system account.
     * @param string $path Path to file in user context.
     * @return array shareid: ID of share, filetarget: path to file in sys account.
     * @throws request_exception If the share cannot be resolved.
     */
    public function find_share_in_sysaccount($path) {
        $systemaccount = \core\oauth2\api::get_system_account($this->issuer);
        $systemaccountuser = $systemaccount->get('username');

        // Find out share ID from user files.
        $ocsparams = [
            'path' => $path,
            'reshares' => true
        ];

        $getsharesresponse = $this->ocsclient->call('get_shares', $ocsparams);
        $xml = simplexml_load_string($getsharesresponse);
        $validelement = array();
        foreach ($fileid = $xml->data->element as $element) {
            if ($element->share_with == $systemaccountuser) {
                $validelement = $element;
                break;
            }
        }
        if (empty($validelement)) {
            throw new request_exception(array('instance' => $this->repositoryname,
                'errormessage' => get_string('filenotaccessed', 'repository_nextcloud')));
        }
        $shareid = (int) $validelement->id;

        // Use share id to find file name in system account's context.
        $ocsparams = [
            'share_id' => $shareid
        ];

        $shareinformation = $this->systemocsclient->call('get_information_of_share', $ocsparams);
        $xml = simplexml_load_string($shareinformation);
        foreach ($fileid = $xml->data->element as $element) {
            if ($element->share_with == $systemaccountuser) {
                $validfile = $element;
                break;
            }
        }
        if (empty($validfile)) {
            throw new request_exception(array('instance' => $this->repositoryname,
                'errormessage' => get_string('filenotaccessed', 'repository_nextcloud')));

        }
        return [
            'shareid' => $shareid,
            'filetarget' => (string) $validfile->file_target
            ];
    }

    /**
     * Download a file from the system account for the purpose of offline usage.
     * @param string $srcpath Name of a file owned by the system account
     * @param string $targetpath Temporary filename in Moodle
     * @throws repository_exception The download was unsuccessful, maybe the file does not exist.
     */
    public function download_for_offline_usage(string $srcpath, string $targetpath): void {
        $this->systemwebdavclient->open();
        $webdavendpoint = issuer_management::parse_endpoint_url('webdav', $this->issuer);
        $srcpath = ltrim($srcpath, '/');
        $sourcepath = $webdavendpoint['path'] . $srcpath;

        // Write file into temp location.
        if (!$this->systemwebdavclient->get_file($sourcepath, $targetpath)) {
            $this->systemwebdavclient->close();
            throw new repository_exception('cannotdownload', 'repository');
        }
        $this->systemwebdavclient->close();
    }
}