Add "Link to the file" and "Create an access controlled link to the file" options when adding files using repository_office365 plugin

Author: weilai-irl

local/o365/classes/rest/unified.php

@@ -1830,6 +1830,163 @@ public function get_sharing_link(string $fileid, string $o365userid): string {
         return $response['link']['webUrl'];
     }
 
+    /**
+     * Upload a file to OneDrive using createUploadSession API.
+     *
+     * @param string $o365userid The user's O365 user ID.
+     * @param string $filepath The local path to the file to upload.
+     * @param string $filename The name of the new file.
+     * @param string $parentid The parent folder ID (optional, defaults to root).
+     * @return string The uploaded file's ID.
+     * @throws moodle_exception
+     */
+    public function upload_file_with_session(
+        string $o365userid,
+        string $filepath,
+        string $filename,
+        string $parentid = ''
+    ): string {
+        // Create upload session.
+        $endpoint = "/users/$o365userid/drive/";
+        if (!empty($parentid)) {
+            $endpoint .= "items/$parentid:/" . urlencode($filename) . ":/createUploadSession";
+        } else {
+            $endpoint .= "root:/" . urlencode($filename) . ":/createUploadSession";
+        }
+
+        $behaviour = ['item' => ['@microsoft.graph.conflictBehavior' => 'rename']];
+        $sessionresponse = $this->apicall('post', $endpoint, json_encode($behaviour));
+        $session = $this->process_apicall_response($sessionresponse, ['uploadUrl' => null]);
+
+        if (empty($session['uploadUrl'])) {
+            throw new moodle_exception('errorwhilesharing', 'repository_office365');
+        }
+
+        // Upload the file content.
+        $filesize = filesize($filepath);
+        if ($filesize === false) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Prepare curl clients - one without auth, one with auth.
+        $curl = new \curl();
+        $authcurl = new \curl();
+        $authcurl->setHeader(['Authorization: Bearer ' . $this->token->get_token()]);
+
+        $options = ['file' => $filepath];
+
+        // Try each curl class in turn until we succeed.
+        // First attempt an upload with no auth headers (will work for personal onedrive accounts).
+        // If that fails, try an upload with the auth headers (will work for work onedrive accounts).
+        $curls = [$curl, $authcurl];
+        $response = null;
+        foreach ($curls as $curlinstance) {
+            $curlinstance->setHeader('Content-Length: ' . $filesize);
+            $curlinstance->setHeader('Content-Range: bytes 0-' . ($filesize - 1) . '/' . $filesize);
+            $response = $curlinstance->put($session['uploadUrl'], $options);
+            if ($curlinstance->errno == 0) {
+                $response = json_decode($response, true);
+            }
+            if (is_array($response) && !empty($response['id'])) {
+                // We can stop now - there is a valid file returned.
+                return $response['id'];
+            }
+        }
+
+        // If we get here, neither curl attempt succeeded.
+        throw new moodle_exception('errorwhilesharing', 'repository_office365');
+    }
+
+    /**
+     * Copy a OneDrive file by downloading and re-uploading it.
+     *
+     * @param string $fileid The source file id.
+     * @param string $o365userid The user's O365 user ID (for destination).
+     * @param string $newname The new file name (optional, defaults to original name with " - Shared" suffix).
+     * @param string $parentid The parent folder ID (optional, defaults to root).
+     * @return string The new file's ID.
+     * @throws moodle_exception
+     */
+    public function copy_file(string $fileid, string $o365userid, string $newname = '', string $parentid = ''): string {
+        // Get file metadata including download URL.
+        $fileinfo = $this->get_file_metadata($fileid, $o365userid);
+
+        if (empty($fileinfo['@microsoft.graph.downloadUrl'])) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Use original filename if no new name specified.
+        if (empty($newname)) {
+            $newname = $fileinfo['name'];
+        }
+
+        // Download the file to a temporary location.
+        $tmpfilename = clean_param($fileid, PARAM_PATH);
+        $temppath = make_request_directory() . $tmpfilename;
+
+        // Download without auth headers (as per Graph API requirements).
+        $curl = new \curl();
+        $options = ['filepath' => $temppath, 'timeout' => 60, 'followlocation' => true, 'maxredirs' => 5];
+        $result = $curl->download_one($fileinfo['@microsoft.graph.downloadUrl'], null, $options);
+
+        if (!$result) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Upload to the destination.
+        $newfileid = $this->upload_file_with_session($o365userid, $temppath, $newname, $parentid);
+
+        // Clean up temp file.
+        @unlink($temppath);
+
+        return $newfileid;
+    }
+
+    /**
+     * Copy a group OneDrive file to a user's OneDrive by downloading and re-uploading it.
+     *
+     * @param string $groupid The group's O365 group ID.
+     * @param string $fileid The source file id in the group.
+     * @param string $o365userid The user's O365 user ID (for destination).
+     * @param string $newname The new file name (optional, defaults to original name).
+     * @return string The new file's ID in the user's OneDrive.
+     * @throws moodle_exception
+     */
+    public function copy_group_file_to_user(string $groupid, string $fileid, string $o365userid, string $newname = ''): string {
+        // Get file metadata including download URL.
+        $fileinfo = $this->get_group_file_metadata($groupid, $fileid);
+
+        if (empty($fileinfo['@microsoft.graph.downloadUrl'])) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Use original filename if no new name specified.
+        if (empty($newname)) {
+            $newname = $fileinfo['name'];
+        }
+
+        // Download the file to a temporary location.
+        $tmpfilename = clean_param($fileid, PARAM_PATH);
+        $temppath = make_request_directory() . $tmpfilename;
+
+        // Download without auth headers (as per Graph API requirements).
+        $curl = new \curl();
+        $options = ['filepath' => $temppath, 'timeout' => 60, 'followlocation' => true, 'maxredirs' => 5];
+        $result = $curl->download_one($fileinfo['@microsoft.graph.downloadUrl'], null, $options);
+
+        if (!$result) {
+            throw new moodle_exception('errorwhiledownload', 'repository_office365');
+        }
+
+        // Upload to the user's OneDrive root.
+        $newfileid = $this->upload_file_with_session($o365userid, $temppath, $newname, '');
+
+        // Clean up temp file.
+        @unlink($temppath);
+
+        return $newfileid;
+    }
+
     /**
      * Get a specific user's information.
      *

local/o365/version.php

@@ -26,7 +26,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version = 2022112850;
+$plugin->version = 2022112850.01;
 $plugin->requires = 2022112800;
 $plugin->release = '4.1.11';
 $plugin->component = 'local_o365';

repository/office365/lang/en/repository_office365.php

@@ -27,6 +27,53 @@
 $string['configplugin'] = 'Configure Microsoft 365 Repository';
 $string['coursegroup'] = 'Disable Groups (Courses) folder in file picker';
 $string['defaultgroupsfolder'] = 'Course Files';
+$string['disableanonymousshare'] = 'Disable "{$a}" option';
+$string['disableanonymousshare_help'] = 'When unchecked (default), users can choose to create a copy of a file and share it with everyone in the organization. The copy is stored in the user\'s OneDrive and shared with all organization members.
+
+**How It Works:**
+* Creates a copy of the selected file with a " - Shared" suffix.
+* The copy is saved to the user\'s OneDrive (not the original location).
+* An organization-scoped sharing link is created for the copy.
+* The original file remains unchanged with its existing permissions.
+
+**Access Control:**
+* Only members of your Microsoft 365 organization can access the fil.e
+* Anyone in the organization with the link can VIEW the file.
+* External users and anonymous users CANNOT access the file.
+* The link does not expire automatically.
+* The file owner can manage or revoke sharing from their OneDrive.
+
+**When to Use:**
+* You want to share a file with all organization members.
+* You want to protect the original file from accidental changes.
+* Storage space in Moodle is a concern.
+* The file content is appropriate for organization-wide access.
+
+**Important Notes:**
+* The copy operation may take a few seconds for large files.
+* Users should ensure the file content is appropriate for organization-wide sharing.
+* The copied file will appear in the user\'s OneDrive with " - Shared" suffix.
+* Changes made to the original file will NOT be reflected in the shared copy, and vice versa.
+
+Check this box to disable this option and prevent users from creating organization-shared copies.';
+$string['disableanonymoussharewarning'] = '<div class="alert alert-info"><strong>Note:</strong> When using the "{$a}" option, a copy of the original file is created and shares with all organization members. The original file remains unchanged. Users should ensure the file content is appropriate for organization-wide access.</div>';
+$string['disabledirectlink'] = 'Disable "{$a}" option';
+$string['disabledirectlink_help'] = 'When unchecked (default), users can add a direct link to a file in their OneDrive instead of copying it to Moodle. The file remains in OneDrive and Moodle stores only a reference link.
+
+**Important Access Control Considerations:**
+* The file\'s existing OneDrive permissions are NOT changed.
+* Users accessing the link must have appropriate permissions in OneDrive to view the file.
+* It is the responsibility of the user adding the link to ensure proper access permissions.
+* If OneDrive permissions are not set correctly, other users may be unable to access the file.
+
+**When to use this option:**
+* Files are already shared with the intended audience in Microsoft 365.
+* You want to maintain a single source of truth in OneDrive.
+* Storage space in Moodle is a concern.
+* Edits to the OneDrive file should be reflected in Moodle.
+
+Check this box to disable this option and require all files to be copied to Moodle.';
+$string['disabledirectlinkwarning'] = '<div class="alert alert-info"><strong>Note:</strong> When using the "{$a}" option, no sharing setting changes are made to the OneDrive file. Users adding the file must ensure that file permissions in OneDrive are set correctly.</div>';
 
 $string['erroraccessdenied'] = 'Access denied';
 $string['errorauthoidcnotconfig'] = 'Please configure the OpenID Connect authentication plugin before attempting to use the Microsoft 365 repository.';
@@ -35,13 +82,18 @@
 $string['errorcoursenotfound'] = 'Course not found';
 $string['erroro365required'] = 'This file is currently only available to Microsoft 365 users.';
 $string['errorwhiledownload'] = 'An error occurred while downloading the file';
+$string['errorwhilesharing'] = 'An error occurred while creating a sharable link';
 
 $string['file'] = 'File';
+$string['filelinkingheader'] = 'File linking options';
 $string['groups'] = 'Groups (Courses)';
 $string['myfiles'] = 'My OneDrive';
 $string['notconfigured'] = '<p class="error">To use this plugin, you must first configure the <a href="{$a}/admin/settings.php?section=local_o365">Microsoft 365 plugins</a></p>';
 $string['office365:view'] = 'View Microsoft 365 repository';
 $string['onedrivegroup'] = 'Disable My OneDrive folder in file picker';
+$string['controlledsharelinkdesc'] = 'Shared copy (organization members only)';
+$string['copiedfile'] = 'Copy of file';
+$string['directlinkdesc'] = 'Direct link (existing permissions)';
 $string['pluginname'] = 'Microsoft 365';
 $string['pluginname_help'] = 'A Microsoft 365 Repository';
 $string['privacy:metadata'] = 'This plugin communicates with the Microsoft 365 OneDrive API as the current user. Any files uploaded will be sent to the remote server';