forked from projectestac/moodle-local_oauth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcourse_info.php
60 lines (46 loc) · 2.41 KB
/
course_info.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require_once '../../config.php';
require_once __DIR__ . '/lib.php';
\core\session\manager::write_close();
$server = oauth_get_server();
$request = OAuth2\Request::createFromGlobals();
if (!$server->verifyResourceRequest($request)) {
return send_invalid_response(400, array('other' => array('cause' => 'invalid_approval')));
}
$token = $server->getAccessTokenData($request);
if (!isset($token['user_id']) || empty($token['user_id'])) {
return send_invalid_response(401, array('other' => array('cause' => 'invalid_token')));
}
$userid = $token['user_id'];
// Validate scope is correct
if (!$server->verifyResourceRequest($request, $response, 'course_info')) {
return send_invalid_response(403, array('relateduserid' => $userid, 'other' => array('cause' => 'insufficient_scope')));
}
// Validate user exists
$user = $DB->get_record_sql('SELECT id FROM {user} WHERE id=:user_id', ['user_id' => $userid]);
if (!$user) {
return send_invalid_response(404, array('other' => array('cause' => 'user_not_found')));
}
$course_id = $request->query('course_id');
$external_url = $request->query('external_url');
if ($course_id == null && $external_url == null) {
return send_invalid_response(400, array('other' => array('cause' => 'missing_course_id')));
}
// Get course information from external_url
$course = $course_id != null ?
$DB->get_record_sql('SELECT id, fullname, shortname FROM {course} WHERE id=:course_id', ['course_id' => $course_id]) :
$DB->get_record_sql('SELECT c.id as id, c.fullname as fullname, c.shortname as shortname FROM {course} as c INNER JOIN {url} as u on c.id=u.course WHERE '.$DB->sql_like('externalurl', ':external_url'), ['external_url' => $external_url]);
$course_id = $course->id;
// Ensure user is enrolled in course
$course_enrollment = $DB->get_record_sql(
'SELECT u.id, c.id FROM {user} AS u INNER JOIN {user_enrolments} AS ue ON ue.userid=u.id INNER JOIN {enrol} AS e ON e.id=ue.enrolid INNER JOIN {course} AS c ON e.courseid=c.id WHERE u.id=:user_id AND c.id=:course_id', ['user_id' => $userid, 'course_id' => $course_id]
);
if (!$course_enrollment) {
return send_invalid_response(404, array('other' => array('cause' => 'user_not_enrolled_in_course')));
}
// Log user details
$logparams = array('userid' => $userid);
$event = \local_oauth\event\user_info_request::create($logparams);
$event->trigger();
header('Content-Type: application/json; charset=utf-8');
echo json_encode($course);