src/Platform/SecurityBundle/Listeners/OneRoster/OneRosterPrepareSubscriber.php line 168

Open in your IDE?
  1. <?php
  3. namespace Platform\SecurityBundle\Listeners\OneRoster;
  5. use Cms\CoreBundle\Entity\AbstractOneRosterEntity;
  6. use Cms\CoreBundle\Entity\OneRosterSync;
  7. use Cms\CoreBundle\Events\OneRosterEvents;
  8. use Cms\CoreBundle\Model\Interfaces\OneRosterable\AbstractOneRosterableSubscriber;
  9. use Doctrine\Common\Util\ClassUtils;
  10. use Platform\QueueBundle\Event\AsyncEvent;
  11. use Platform\SecurityBundle\Entity\Identity\Account;
  12. use Platform\SecurityBundle\Entity\Identity\Group;
  14. /**
  15.  * Class OneRosterPrepareSubscriber
  16.  * @package Platform\SecurityBundle\Listeners\OneRoster
  17.  */
  18. final class OneRosterPrepareSubscriber extends AbstractOneRosterableSubscriber
  19. {
  20.     // TODO: before running one roster sync, need to change these in the database
  21.     const NAME_FORMAT 'campussuite.platform.security.groups.fixed.one_roster.%s';
  22.     const NAMES = [
  23.         AbstractOneRosterEntity::ENUMS__ROLE_TYPE__ADMINISTRATOR,
  24.         AbstractOneRosterEntity::ENUMS__ROLE_TYPE__AIDE,
  25.         AbstractOneRosterEntity::ENUMS__ROLE_TYPE__PROCTOR,
  26.         AbstractOneRosterEntity::ENUMS__ROLE_TYPE__TEACHER,
  27.         AbstractOneRosterEntity::ENUMS__ROLE_TYPE__STAFF,
  28.     ];
  29.     // NEW
  30.     const ALIASES = [
  31.         'oneroster.global.all' => [
  32.             AbstractOneRosterEntity::ENUMS__ROLE_TYPE__ADMINISTRATOR,
  33.             AbstractOneRosterEntity::ENUMS__ROLE_TYPE__AIDE,
  34.             AbstractOneRosterEntity::ENUMS__ROLE_TYPE__PROCTOR,
  35.             AbstractOneRosterEntity::ENUMS__ROLE_TYPE__TEACHER,
  36.             AbstractOneRosterEntity::ENUMS__ROLE_TYPE__STAFF,
  37.         ],
  38.         'oneroster.global.'.AbstractOneRosterEntity::ENUMS__ROLE_TYPE__ADMINISTRATOR => [AbstractOneRosterEntity::ENUMS__ROLE_TYPE__ADMINISTRATOR],
  39.         'oneroster.global.'.AbstractOneRosterEntity::ENUMS__ROLE_TYPE__AIDE => [AbstractOneRosterEntity::ENUMS__ROLE_TYPE__AIDE],
  40.         'oneroster.global.'.AbstractOneRosterEntity::ENUMS__ROLE_TYPE__PROCTOR => [AbstractOneRosterEntity::ENUMS__ROLE_TYPE__PROCTOR],
  41.         'oneroster.global.'.AbstractOneRosterEntity::ENUMS__ROLE_TYPE__TEACHER => [AbstractOneRosterEntity::ENUMS__ROLE_TYPE__TEACHER],
  42.         'oneroster.global.'.AbstractOneRosterEntity::ENUMS__ROLE_TYPE__STAFF => [AbstractOneRosterEntity::ENUMS__ROLE_TYPE__STAFF],
  43.     ];
  45.     /**
  46.      * {@inheritdoc}
  47.      */
  48.     static public function getSubscribedEvents(): array
  49.     {
  50.         return [
  51.             OneRosterEvents::EVENT__PREPARE => [
  52.                 ['groupsSync'0],
  53.                 ['deactivateMissing'0],
  54.             ],
  55.         ];
  56.     }
  58.     /**
  59.      * @param AsyncEvent $event
  60.      */
  61.     public function groupsSync(AsyncEvent $event): void
  62.     {
  63.         // data should be an array with an id of a sync
  64.         $job $this->loadJob($event);
  66.         // DEBUGGING
  67.         $event->getOutput()->writeln(sprintf(
  68.             'Sync #%s loaded',
  69.             $job->getIdentifier()
  70.         ));
  72.         // ensure we are meant to process this
  73.         if ( ! $this->checkTypes($job->getSync(), [
  74.             OneRosterSync::STRATEGIES__SSO,
  75.         ])) {
  76.             return;
  77.         }
  79.         // holder for groups to make
  80.         $groups = [];
  82.         // loop over all the groups we need to make
  83.         foreach (self::NAMES as $name) {
  85.             // fix the name
  86.             $name sprintf(
  87.                 self::NAME_FORMAT,
  88.                 $name
  89.             );
  91.             // attempt to load the group by name
  92.             $group $this->em->getRepository(Group::class)->findOneBy([
  93.                 'name' => $this->translator->trans($name),
  94.             ]);
  96.             // now if null, we need to make a new one
  97.             if (empty($group)) {
  98.                 $group = new Group();
  99.             }
  101.             // update fields on the account
  102.             $group
  103.                 ->setName($this->translator->trans($name))
  104.                 ->setAlias($name)
  105.                 ->setFixed(true)
  106.                 ->setOneRosterId($job->getSync()->getDistrictId())
  107.             ;
  109.             // attach to array of things to save
  110.             $groups[] = $group;
  112.         }
  114.         // NEW: loop over all the groups we need to make
  115.         foreach (array_keys(self::ALIASES) as $alias) {
  117.             // attempt to load the group by alias
  118.             $group $this->em->getRepository(Group::class)->findOneBy([
  119.                 'alias' => $alias,
  120.             ]);
  122.             // now if null, we need to make a new one
  123.             if (empty($group)) {
  124.                 $group = new Group();
  125.             }
  127.             // update fields on the account
  128.             $group
  129.                 ->setName($this->translator->trans(sprintf(
  130.                     'campussuite.platform.security.groups.aliases.%s',
  131.                     $alias
  132.                 )))
  133.                 ->setAlias($alias)
  134.                 ->setFixed(true)
  135.                 ->setOneRosterId($job->getSync()->getDistrictId())
  136.             ;
  138.             // attach to array of things to save
  139.             $groups[] = $group;
  141.         }
  143.         // cache the output
  144.         $output array_map(
  145.             function (Group $grp) {
  146.                 return sprintf(
  147.                     '    %s    %s    (%s | %s | %s)',
  148.                     ((empty($grp->getId())) ? 'Generating' 'Updating'),
  149.                     ClassUtils::getClass($grp),
  150.                     $grp->getName(),
  151.                     $grp->getOneRosterId(),
  152.                     $grp->getId() ?: '-'
  153.                 );
  154.             },
  155.             $groups
  156.         );
  158.         // let's save the groups
  159.         $this->em->saveAll($groups);
  161.         // DEBUGGING
  162.         $event->getOutput()->writeln($output);
  163.     }
  165.     /**
  166.      * @param AsyncEvent $event
  167.      */
  168.     public function deactivateMissing(AsyncEvent $event): void
  169.     {
  170.         // data should be an array with an id of a sync
  171.         $job $this->loadJob($event);
  173.         // run bulk query
  174.         // any account that has oneroster id that does not exist needs to be deactivated
  175.         $changes $this->em->createQueryBuilder()
  176.             ->update(Account::class, 'accounts')
  177.             ->set('accounts.active'':active')
  178.             ->setParameter('active'false)
  179.             ->andWhere('accounts.tenant = :tenant')// filter by tenant
  180.             ->setParameter('tenant'$job->getTenant()->getId())
  181.             ->andWhere('accounts.onerosterId IS NOT NULL')// for performance, only update ones not already without oneroster hooks
  182.             ->andWhere($this->em->getExpressionBuilder()->notIn(
  183.                 'accounts.onerosterId',
  184.                 $this->em->createQueryBuilder()
  185.                     ->select('objects.sourcedId')
  186.                     ->from(AbstractOneRosterEntity::class, 'objects')
  187.                     ->andWhere('objects.tenant = :tenant')// we are making a string subquery, so the tenant var in the other qb will be used here eventually
  188.                     ->getDQL()
  189.             ))// only match objects that are missing from stashed objects
  190.             ->getQuery()
  191.             ->execute();
  193.         // DEBUGGING
  194.         $event->getOutput()->writeln(sprintf(
  195.             'Deactivated %s accounts for sync #%s',
  196.             $changes,
  197.             $job->getIdentifier()
  198.         ));
  199.     }
  200. }