in classes/feature/usersync/main.php [1481:1567]
public function suspend_users(array $aadusers, bool $delete = false) {
global $CFG, $DB;
$apiclient = $this->construct_user_api();
try {
$deletedusersids = [];
$deleteduserresults = $apiclient->list_deleted_users();
$deletedusers = $deleteduserresults['value'];
while (!empty($deleteduserresults['@odata.nextLink'])) {
$nextlink = parse_url($deleteduserresults['@odata.nextLink']);
if (isset($nextlink['query'])) {
$query = [];
parse_str($nextlink['query'], $query);
if (isset($query['$skiptoken'])) {
$deleteduserresults = $apiclient->list_deleted_users($query['$skiptoken']);
$deletedusers = array_merge($deletedusers, $deleteduserresults['value']);
}
}
}
foreach ($deletedusers as $deleteduser) {
if (!empty($deleteduser) && isset($deleteduser['id'])) {
// Check for synced user.
$sql = 'SELECT u.*
FROM {user} u
JOIN {local_o365_objects} obj ON obj.type = ? AND obj.moodleid = u.id
WHERE u.mnethostid = ?
AND u.deleted = ?
AND u.suspended = ?
AND u.auth = ?
AND obj.objectid = ? ';
$params = ['user', $CFG->mnet_localhost_id, '0', '0', 'oidc', $deleteduser['id']];
$synceduser = $DB->get_record_sql($sql, $params);
if (!empty($synceduser)) {
$synceduser->suspended = 1;
user_update_user($synceduser, false);
$this->mtrace($synceduser->username . ' was deleted in Azure, the matching account is suspended.');
}
$deletedusersids[] = $deleteduser['id'];
}
}
$existingsql = 'SELECT u.*, obj.objectid
FROM {user} u
JOIN {local_o365_objects} obj ON obj.type = ? AND obj.moodleid = u.id
WHERE u.mnethostid = ?
AND u.deleted = ?
AND u.auth = ? ';
$existingsqlparams = ['user', $CFG->mnet_localhost_id, '0', 'oidc'];
if ($deletedusersids) {
// Check if all Moodle users with oidc authentication and matching records are still existing users in Azure.
[$objectidsql, $objectidparams] = $DB->get_in_or_equal($deletedusersids, SQL_PARAMS_QM, 'param', false);
$existingsql .= ' AND obj.objectid ' . $objectidsql;
$existingsqlparams = array_merge($existingsqlparams, $objectidparams);
}
$existingusers = $DB->get_records_sql($existingsql, $existingsqlparams);
$validaaduserids = [];
foreach ($aadusers as $aaduser) {
$validaaduserids[] = $aaduser['id'];
}
foreach ($existingusers as $existinguser) {
if (!in_array($existinguser->objectid, $validaaduserids)) {
if ($existinguser->suspended) {
if ($delete) {
$this->mtrace('Could not find suspended user ' . $existinguser->username .
' in Azure AD. Deleting user...');
unset($existinguser->objectid);
delete_user($existinguser);
}
} else if (!$existinguser->suspended) {
$this->mtrace('Could not find user ' . $existinguser->username . ' in Azure AD. Suspending user...');
$existinguser->suspended = 1;
unset($existinguser->objectid);
user_update_user($existinguser, false);
}
}
}
return true;
} catch (\Exception $e) {
utils::debug('Could not delete users', 'suspend_users', $e);
return false;
}
}