Plugin: Azure Active Directory: Add support for Azure groups to define roles in Chamilo - refs BT#18507

plugin/azure_active_directory/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Azure Active Directory Changelog
 
+## 2.3 - 2021-03-30
+
+* Added admin, session admin and teacher groups. This requires adding the following fields to your database if 
+  upgrading from a previous version of the plugin manually:
+```
+INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url, access_url_changeable, access_url_locked) VALUES ('azure_active_directory_group_id_admin', 'azure_active_directory', 'setting', 'Plugins', '', 'azure_active_directory', '', null, null, 1, 1, 0);
+INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url, access_url_changeable, access_url_locked) VALUES ('azure_active_directory_group_id_session_admin', 'azure_active_directory', 'setting', 'Plugins', '', 'azure_active_directory', '', null, null, 1, 1, 0);
+INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url, access_url_changeable, access_url_locked) VALUES ('azure_active_directory_group_id_teacher', 'azure_active_directory', 'setting', 'Plugins', '', 'azure_active_directory', '', null, null, 1, 1, 0);
+```
+
 ## 2.2 - 2021-03-02
 
 * Added provisioning setting

plugin/azure_active_directory/lang/dutch.php

@@ -28,3 +28,9 @@ $strings['ManagementLogin'] = 'Beheer Login';
 $strings['InvalidId'] = 'Deze identificatie is niet geldig (verkeerde log-in of wachtwoord). Errocode: AZMNF';
 $strings['provisioning'] = 'Geautomatiseerde inrichting';
 $strings['provisioning_help'] = 'Maak automatisch nieuwe gebruikers (als studenten) vanuit Azure wanneer ze niet in Chamilo zijn.';
+$strings['group_id_admin'] = 'Groeps-ID voor platformbeheerders';
+$strings['group_id_admin_help'] = 'De groeps-ID is te vinden in de details van de gebruikersgroep en ziet er ongeveer zo uit: ae134eef-cbd4-4a32-ba99-49898a1314b6. Indien leeg, wordt er automatisch geen gebruiker aangemaakt als admin.';
+$strings['group_id_session_admin'] = 'Groeps-ID voor sessiebeheerders';
+$strings['group_id_session_admin_help'] = 'De groeps-ID voor sessiebeheerders. Indien leeg, wordt er automatisch geen gebruiker aangemaakt als sessiebeheerder.';
+$strings['group_id_teacher'] = 'Groeps-ID voor docenten';
+$strings['group_id_teacher_help'] = 'De groeps-ID voor docenten. Indien leeg, wordt er automatisch geen gebruiker aangemaakt als docent.';

plugin/azure_active_directory/lang/english.php

@@ -28,3 +28,9 @@ $strings['ManagementLogin'] = 'Management Login';
 $strings['InvalidId'] = 'Login failed - incorrect login or password. Errocode: AZMNF';
 $strings['provisioning'] = 'Automated provisioning';
 $strings['provisioning_help'] = 'Automatically create new users (as students) from Azure when they are not in Chamilo.';
+$strings['group_id_admin'] = 'Group ID for platform admins';
+$strings['group_id_admin_help'] = 'The group ID can be found in the user group details, looking similar to this: ae134eef-cbd4-4a32-ba99-49898a1314b6. If empty, no user will be automatically created as admin.';
+$strings['group_id_session_admin'] = 'Group ID for session admins';
+$strings['group_id_session_admin_help'] = 'The group ID for session admins. If empty, no user will be automatically created as session admin.';
+$strings['group_id_teacher'] = 'Group ID for teachers';
+$strings['group_id_teacher_help'] = 'The group ID for teachers. If empty, no user will be automatically created as teacher.';

plugin/azure_active_directory/lang/french.php

@@ -28,3 +28,9 @@ $strings['ManagementLogin'] = 'Login de gestion';
 $strings['InvalidId'] = 'Échec du login - nom d\'utilisateur ou mot de passe incorrect. Errocode: AZMNF';
 $strings['provisioning'] = 'Création automatisée';
 $strings['provisioning_help'] = 'Créer les utilisateurs automatiquement (en tant qu\'apprenants) depuis Azure s\'ils n\'existent pas encore dans Chamilo.';
+$strings['group_id_admin'] = 'ID du groupe administrateur';
+$strings['group_id_admin_help'] = 'L\'id du groupe peut être trouvé dans les détails du groupe, et ressemble à ceci : ae134eef-cbd4-4a32-ba99-49898a1314b6. Si ce champ est laissé vide, aucun utilisateur ne sera créé en tant qu\'administrateur.';
+$strings['group_id_session_admin'] = 'ID du groupe administrateur de sessions';
+$strings['group_id_session_admin_help'] = 'The group ID for session admins. Si ce champ est laissé vide, aucun utilisateur ne sera créé en tant qu\'administrateur de sessions.';
+$strings['group_id_teacher'] = 'ID du groupe enseignant';
+$strings['group_id_teacher_help'] = 'The group ID for teachers. Si ce champ est laissé vide, aucun utilisateur ne sera créé en tant qu\'enseignant.';

plugin/azure_active_directory/lang/spanish.php

@@ -28,3 +28,9 @@ $strings['ManagementLogin'] = 'Login de gestión';
 $strings['InvalidId'] = 'Problema en el login - nombre de usuario o contraseña incorrecto. Errocode: AZMNF';
 $strings['provisioning'] = 'Creación automatizada';
 $strings['provisioning_help'] = 'Crear usuarios automáticamente (como alumnos) desde Azure si no existen en Chamilo todavía.';
+$strings['group_id_admin'] = 'ID de grupo administrador';
+$strings['group_id_admin_help'] = 'El ID de grupo se encuentra en los detalles del grupo en Azure, y parece a: ae134eef-cbd4-4a32-ba99-49898a1314b6. Si deja este campo vacío, ningún usuario será creado como administrador.';
+$strings['group_id_session_admin'] = 'ID de grupo admin de sesiones';
+$strings['group_id_session_admin_help'] = 'El ID de grupo para administradores de sesiones. Si deja este campo vacío, ningún usuario será creado como administrador de sesiones.';
+$strings['group_id_teacher'] = 'ID de grupo profesor';
+$strings['group_id_teacher_help'] = 'El ID de grupo para profesores. Si deja este campo vacío, ningún usuario será creado como profesor.';

plugin/azure_active_directory/src/AzureActiveDirectory.php

@@ -20,6 +20,9 @@ class AzureActiveDirectory extends Plugin
     const SETTING_MANAGEMENT_LOGIN_ENABLE = 'management_login_enable';
     const SETTING_MANAGEMENT_LOGIN_NAME = 'management_login_name';
     const SETTING_PROVISION_USERS = 'provisioning';
+    const SETTING_GROUP_ID_ADMIN = 'group_id_admin';
+    const SETTING_GROUP_ID_SESSION_ADMIN = 'group_id_session_admin';
+    const SETTING_GROUP_ID_TEACHER = 'group_id_teacher';
 
     const URL_TYPE_AUTHORIZE = 'login';
     const URL_TYPE_LOGOUT = 'logout';
@@ -41,9 +44,12 @@ class AzureActiveDirectory extends Plugin
             self::SETTING_MANAGEMENT_LOGIN_ENABLE => 'boolean',
             self::SETTING_MANAGEMENT_LOGIN_NAME => 'text',
             self::SETTING_PROVISION_USERS => 'boolean',
+            self::SETTING_GROUP_ID_ADMIN => 'text',
+            self::SETTING_GROUP_ID_SESSION_ADMIN => 'text',
+            self::SETTING_GROUP_ID_TEACHER => 'text',
         ];
 
-        parent::__construct('2.2', 'Angel Fernando Quiroz Campos', $settings);
+        parent::__construct('2.3', 'Angel Fernando Quiroz Campos, Yannick Warnier', $settings);
     }
 
     /**

plugin/azure_active_directory/src/callback.php

@@ -77,11 +77,37 @@ try {
     if (empty($userId)) {
         // If we didn't find the user
         if ($plugin->get(AzureActiveDirectory::SETTING_PROVISION_USERS) === 'true') {
+            // Get groups info, if any
+            $groups = $provider->get('me/memberOf', $token);
+            if (empty($me)) {
+                throw new Exception('Groups info not found.');
+            }
+            // If any specific group ID has been defined for a specific role, use that
+            // ID to give the user the right role
+            $givenAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_ADMIN);
+            $givenSessionAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_SESSION_ADMIN);
+            $givenTeacherGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_TEACHER);
+            $userRole = STUDENT;
+            $isAdmin = false;
+            foreach ($groups as $group) {
+                if ($isAdmin) {
+                    break;
+                }
+                if ($givenAdminGroup == $group['objectId']) {
+                    $userRole = COURSEMANAGER;
+                    $isAdmin = true;
+                } elseif (!$isAdmin && $givenSessionAdminGroup == $group['objectId']) {
+                    $userRole = SESSIONADMIN;
+                } elseif (!$isAdmin && $userRole != SESSIONADMIN && $givenTeacherGroup == $group['objectId']) {
+                    $userRole = COURSEMANAGER;
+                }
+            }
+
             // If the option is set to create users, create it
             $userId = UserManager::create_user(
                 $me['givenName'],
                 $me['surname'],
-                STUDENT,
+                $userRole,
                 $me['mail'],
                 $me['mailNickname'],
                 '',
@@ -96,7 +122,10 @@ try {
                 [
                     'extra_'.AzureActiveDirectory::EXTRA_FIELD_ORGANISATION_EMAIL => $me['mail'],
                     'extra_'.AzureActiveDirectory::EXTRA_FIELD_AZURE_ID => $me['mailNickname'],
-                ]
+                ],
+                null,
+                null,
+                $isAdmin
             );
             if (!$userId) {
                 throw new Exception(get_lang('UserNotAdded').' '.$me['mailNickname']);
@@ -108,6 +137,8 @@ try {
 
     $userInfo = api_get_user_info($userId);
 
+    //TODO add user update management for groups
+
     if (empty($userInfo)) {
         throw new Exception('User '.$userId.' not found.');
     }