Add "Link to the file" and "Create an access controlled link to the file" options when adding files using repository_office365 plugin

Author: weilai-irl

local/o365/classes/rest/unified.php

@@ -1830,6 +1830,163 @@ public function get_sharing_link(string $fileid, string $o365userid): string {
         return $response['link']['webUrl'];
     }
 
+    /**
+     * Upload a file to OneDrive using createUploadSession API.
+     *
+     * @param string $o365userid The user's O365 user ID.
+     * @param string $filepath The local path to the file to upload.
+     * @param string $filename The name of the new file.
+     * @param string $parentid The parent folder ID (optional, defaults to root).
+     * @return string The uploaded file's ID.
+     * @throws moodle_exception
+     */
+    public function upload_file_with_session(
+        string $o365userid,
+        string $filepath,
+        string $filename,
+        string $parentid = ''
+    ): string {
+        // Create upload session.
+        $endpoint = "/users/$o365userid/drive/";
+        if (!empty($parentid)) {
+            $endpoint .= "items/$parentid:/" . urlencode($filename) . ":/createUploadSession";
+        } else {
+            $endpoint .= "root:/" . urlencode($filename) . ":/createUploadSession";
+        }
+
+        $behaviour = ['item' => ['@microsoft.graph.conflictBehavior' => 'rename']];
+        $sessionresponse = $this->apicall('post', $endpoint, json_encode($behaviour));
+        $session = $this->process_apicall_response($sessionresponse, ['uploadUrl' => null]);
+
+        if (empty($session['uploadUrl'])) {
+            throw new moodle_exception('errorwhilesharing', 'repository_office365');
+        }
+
+        // Upload the file content.
+        $filesize = filesize($filepath);
+        if ($filesize === false) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Prepare curl clients - one without auth, one with auth.
+        $curl = new \curl();
+        $authcurl = new \curl();
+        $authcurl->setHeader(['Authorization: Bearer ' . $this->token->get_token()]);
+
+        $options = ['file' => $filepath];
+
+        // Try each curl class in turn until we succeed.
+        // First attempt an upload with no auth headers (will work for personal onedrive accounts).
+        // If that fails, try an upload with the auth headers (will work for work onedrive accounts).
+        $curls = [$curl, $authcurl];
+        $response = null;
+        foreach ($curls as $curlinstance) {
+            $curlinstance->setHeader('Content-Length: ' . $filesize);
+            $curlinstance->setHeader('Content-Range: bytes 0-' . ($filesize - 1) . '/' . $filesize);
+            $response = $curlinstance->put($session['uploadUrl'], $options);
+            if ($curlinstance->errno == 0) {
+                $response = json_decode($response, true);
+            }
+            if (is_array($response) && !empty($response['id'])) {
+                // We can stop now - there is a valid file returned.
+                return $response['id'];
+            }
+        }
+
+        // If we get here, neither curl attempt succeeded.
+        throw new moodle_exception('errorwhilesharing', 'repository_office365');
+    }
+
+    /**
+     * Copy a OneDrive file by downloading and re-uploading it.
+     *
+     * @param string $fileid The source file id.
+     * @param string $o365userid The user's O365 user ID (for destination).
+     * @param string $newname The new file name (optional, defaults to original name with " - Shared" suffix).
+     * @param string $parentid The parent folder ID (optional, defaults to root).
+     * @return string The new file's ID.
+     * @throws moodle_exception
+     */
+    public function copy_file(string $fileid, string $o365userid, string $newname = '', string $parentid = ''): string {
+        // Get file metadata including download URL.
+        $fileinfo = $this->get_file_metadata($fileid, $o365userid);
+
+        if (empty($fileinfo['@microsoft.graph.downloadUrl'])) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Use original filename if no new name specified.
+        if (empty($newname)) {
+            $newname = $fileinfo['name'];
+        }
+
+        // Download the file to a temporary location.
+        $tmpfilename = clean_param($fileid, PARAM_PATH);
+        $temppath = make_request_directory() . $tmpfilename;
+
+        // Download without auth headers (as per Graph API requirements).
+        $curl = new \curl();
+        $options = ['filepath' => $temppath, 'timeout' => 60, 'followlocation' => true, 'maxredirs' => 5];
+        $result = $curl->download_one($fileinfo['@microsoft.graph.downloadUrl'], null, $options);
+
+        if (!$result) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Upload to the destination.
+        $newfileid = $this->upload_file_with_session($o365userid, $temppath, $newname, $parentid);
+
+        // Clean up temp file.
+        @unlink($temppath);
+
+        return $newfileid;
+    }
+
+    /**
+     * Copy a group OneDrive file to a user's OneDrive by downloading and re-uploading it.
+     *
+     * @param string $groupid The group's O365 group ID.
+     * @param string $fileid The source file id in the group.
+     * @param string $o365userid The user's O365 user ID (for destination).
+     * @param string $newname The new file name (optional, defaults to original name).
+     * @return string The new file's ID in the user's OneDrive.
+     * @throws moodle_exception
+     */
+    public function copy_group_file_to_user(string $groupid, string $fileid, string $o365userid, string $newname = ''): string {
+        // Get file metadata including download URL.
+        $fileinfo = $this->get_group_file_metadata($groupid, $fileid);
+
+        if (empty($fileinfo['@microsoft.graph.downloadUrl'])) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Use original filename if no new name specified.
+        if (empty($newname)) {
+            $newname = $fileinfo['name'];
+        }
+
+        // Download the file to a temporary location.
+        $tmpfilename = clean_param($fileid, PARAM_PATH);
+        $temppath = make_request_directory() . $tmpfilename;
+
+        // Download without auth headers (as per Graph API requirements).
+        $curl = new \curl();
+        $options = ['filepath' => $temppath, 'timeout' => 60, 'followlocation' => true, 'maxredirs' => 5];
+        $result = $curl->download_one($fileinfo['@microsoft.graph.downloadUrl'], null, $options);
+
+        if (!$result) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Upload to the user's OneDrive root.
+        $newfileid = $this->upload_file_with_session($o365userid, $temppath, $newname, '');
+
+        // Clean up temp file.
+        @unlink($temppath);
+
+        return $newfileid;
+    }
+
     /**
      * Get a specific user's information.
      *

local/o365/version.php

@@ -26,7 +26,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version = 2024100710;
+$plugin->version = 2024100710.01;
 $plugin->requires = 2024100700;
 $plugin->release = '4.5.2';
 $plugin->component = 'local_o365';

repository/office365/lang/en/repository_office365.php

@@ -28,20 +28,74 @@
 $string['coursegroup'] = 'Disable Groups (Courses) folder in file picker';
 $string['defaultgroupsfolder'] = 'Course Files';
 
+$string['enableanonymousshare'] = 'Disable "Create an access controlled link to the file" option';
+$string['enableanonymousshare_help'] = 'When unchecked (default), users can choose to create a copy of a file and share it with everyone in the organization. The copy is stored in the user\'s OneDrive and shared with all organization members.
+
+**How It Works:**
+* Creates a copy of the selected file with a " - Shared" suffix.
+* The copy is saved to the user\'s OneDrive (not the original location).
+* An organization-scoped sharing link is created for the copy.
+* The original file remains unchanged with its existing permissions.
+
+**Access Control:**
+* Only members of your Microsoft 365 organization can access the fil.e
+* Anyone in the organization with the link can VIEW the file.
+* External users and anonymous users CANNOT access the file.
+* The link does not expire automatically.
+* The file owner can manage or revoke sharing from their OneDrive.
+
+**When to Use:**
+* You want to share a file with all organization members.
+* You want to protect the original file from accidental changes.
+* Storage space in Moodle is a concern.
+* The file content is appropriate for organization-wide access.
+
+**Important Notes:**
+* The copy operation may take a few seconds for large files.
+* Users should ensure the file content is appropriate for organization-wide sharing.
+* The copied file will appear in the user\'s OneDrive with " - Shared" suffix.
+* Changes made to the original file will NOT be reflected in the shared copy, and vice versa.
+
+Check this box to disable this option and prevent users from creating organization-shared copies.';
+$string['enableanonymoussharewarning'] = '<div class="alert alert-info"><strong>Note:</strong> When using the "Create an access controlled link to the file" option, a copy of the original file is created and shares with all organization members. The original file remains unchanged. Users should ensure the file content is appropriate for organization-wide access.</div>';
+
+$string['enabledirectlink'] = 'Disable "Link to the file" option';
+$string['enabledirectlink_help'] = 'When unchecked (default), users can add a direct link to a file in their OneDrive instead of copying it to Moodle. The file remains in OneDrive and Moodle stores only a reference link.
+
+**Important Access Control Considerations:**
+* The file\'s existing OneDrive permissions are NOT changed.
+* Users accessing the link must have appropriate permissions in OneDrive to view the file.
+* It is the responsibility of the user adding the link to ensure proper access permissions.
+* If OneDrive permissions are not set correctly, other users may be unable to access the file.
+
+**When to use this option:**
+* Files are already shared with the intended audience in Microsoft 365.
+* You want to maintain a single source of truth in OneDrive.
+* Storage space in Moodle is a concern.
+* Edits to the OneDrive file should be reflected in Moodle.
+
+Check this box to disable this option and require all files to be copied to Moodle.';
+$string['enabledirectlinkwarning'] = '<div class="alert alert-info"><strong>Note:</strong> When using the "Link to the file" option, no sharing setting changes are made to the OneDrive file. Users adding the file must ensure that file permissions in OneDrive are set correctly.</div>';
+
 $string['erroraccessdenied'] = 'Access denied';
 $string['errorauthoidcnotconfig'] = 'Please configure the OpenID Connect authentication plugin before attempting to use the Microsoft 365 repository.';
 $string['errorbadclienttype'] = 'Invalid client type.';
 $string['errorbadpath'] = 'Bad Path';
 $string['errorcoursenotfound'] = 'Course not found';
 $string['erroro365required'] = 'This file is currently only available to Microsoft 365 users.';
 $string['errorwhiledownload'] = 'An error occurred while downloading the file';
+$string['errorwhilesharing'] = 'An error occurred while creating a sharable link';
 
 $string['file'] = 'File';
+$string['filelinkingheader'] = 'File Linking Options';
 $string['groups'] = 'Groups (Courses)';
 $string['myfiles'] = 'My OneDrive';
 $string['notconfigured'] = '<p class="error">To use this plugin, you must first configure the <a href="{$a}/admin/settings.php?section=local_o365">Microsoft 365 plugins</a></p>';
 $string['office365:view'] = 'View Microsoft 365 repository';
 $string['onedrivegroup'] = 'Disable My OneDrive folder in file picker';
+$string['controlledsharelinkdesc'] = 'Shared copy (organization members only)';
+$string['copiedfile'] = 'Copy of file';
+$string['directlinkdesc'] = 'Direct link (existing permissions)';
 $string['pluginname'] = 'Microsoft 365';
 $string['pluginname_help'] = 'A Microsoft 365 Repository';
 $string['privacy:metadata'] = 'This plugin communicates with the Microsoft 365 OneDrive API as the current user. Any files uploaded will be sent to the remote server';