Merge branch 'wip-84365-m39' into MOODLE_39_STABLE

# Conflicts: # local/o365/scripts/Moodle-AzureAD-Powershell.zip
microsoft · Jun 16, 2022 · 644c934 · 644c934
2 parents 74e1499 + 1033af5
commit 644c934
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 17 deletions.
diff --git a/local/o365/classes/rest/o365api.php b/local/o365/classes/rest/o365api.php
@@ -364,6 +364,7 @@ public function get_required_permissions($api = null) {
                     'Files.ReadWrite.All' => [],
                     'Notes.ReadWrite.All' => [],
                     'Calendars.ReadWrite' => [],
+                    'Domain.Read.All' => ['Domain.ReadWrite.All', 'Directory.Read.All'],
                     'User.Read' => [],
                     'openid' => [],
                     'offline_access' => [],

diff --git a/local/o365/classes/rest/unified.php b/local/o365/classes/rest/unified.php
@@ -1686,9 +1686,10 @@ public function get_graph_required_permissions() {
                 $graphperms = $allperms['graph']['requiredDelegatedPermissions'];
             }
 
-            return array_keys($graphperms);
+            return $graphperms;
+        } else {
+            return [];
         }
-        return [];
     }
 
     /**
@@ -1699,10 +1700,10 @@ public function get_graph_required_permissions() {
     public function get_graph_required_apponly_permissions() {
         $allperms = $this->get_required_permissions();
         if (isset($allperms['graph'])) {
-            $graphperms = $allperms['graph']['requiredAppPermissions'];
-            return array_keys($graphperms);
+            return $allperms['graph']['requiredAppPermissions'];
+        } else {
+            return [];
         }
-        return [];
     }
 
     /**
@@ -1716,17 +1717,45 @@ public function check_graph_apponly_permissions() {
         $currentperms = $this->get_graph_current_apponly_permissions();
         $availableperms = $this->get_graph_available_apponly_permissions();
 
-        $requiredperms = array_flip($requiredperms);
-        $missingperms = array_diff_key($requiredperms, $currentperms);
-        $missingperminfo = [];
-        foreach ($missingperms as $permname => $index) {
-            if (isset($availableperms[$permname])) {
-                $missingperminfo[$permname] = $availableperms[$permname]['displayName'];
+        $missingperms = [];
+
+        foreach ($requiredperms as $requiredperm => $alternativeperms) {
+            $haspermission = false;
+            if (array_key_exists($requiredperm, $currentperms)) {
+                $haspermission = true;
             } else {
-                $missingperminfo[$permname] = $permname;
+                foreach ($alternativeperms as $alternativeperm) {
+                    if (array_key_exists($alternativeperm, $currentperms)) {
+                        $haspermission = true;
+                        break;
+                    }
+                }
+            }
+
+            if (!$haspermission) {
+                $missingperms[] = $requiredperm;
             }
         }
-        return $missingperminfo;
+
+        if (empty($missingperms)) {
+            return [];
+        }
+
+        // Assemble friendly names for permissions.
+        $permnames = [];
+        foreach ($availableperms as $perminfo) {
+            if (!isset($perminfo['value']) || !isset($perminfo['adminConsentDisplayName'])) {
+                continue;
+            }
+            $permnames[$perminfo['value']] = $perminfo['adminConsentDisplayName'];
+        }
+
+        $missingpermsreturn = [];
+        foreach ($missingperms as $missingperm) {
+            $missingpermsreturn[$missingperm] = (isset($permnames[$missingperm])) ? $permnames[$missingperm] : $missingperm;
+        }
+
+        return $missingpermsreturn;
     }
 
     /**
@@ -1737,17 +1766,33 @@ public function check_graph_apponly_permissions() {
     public function check_graph_delegated_permissions() {
         $this->token->refresh();
         $currentperms = $this->get_unified_api_permissions();
-        $neededperms = $this->get_graph_required_permissions();
+        $requiredperms = $this->get_graph_required_permissions();
         $availableperms = $this->get_available_permissions();
 
         if ($currentperms === null || $availableperms === null) {
             return null;
         }
 
-        sort($currentperms);
-        sort($neededperms);
+        $missingperms = [];
+
+        foreach ($requiredperms as $requiredperm => $alternativeperms) {
+            $haspermission = false;
+            if (in_array($requiredperm, $currentperms)) {
+                $haspermission = true;
+            } else {
+                foreach ($alternativeperms as $alternativeperm) {
+                    if (in_array($alternativeperm, $currentperms)) {
+                        $haspermission = true;
+                        break;
+                    }
+                }
+            }
+
+            if (!$haspermission) {
+                $missingperms[] = $requiredperm;
+            }
+        }
 
-        $missingperms = array_diff($neededperms, $currentperms);
         if (empty($missingperms)) {
             return [];
         }

diff --git a/local/o365/scripts/Moodle-AzureAD-Powershell.zip b/local/o365/scripts/Moodle-AzureAD-Powershell.zip