Merge pull request ncstate-delta#590 from jrchamp/fix/granular-scopes

release: v5.2.1

CHANGES.md

@@ -1,5 +1,16 @@
 ### Releases ###
 
+#### v5.2.1 ####
+
+- Bugfix: Set icon size to something reasonable on Moodle 4.3 #581 (thanks @haietza)
+- Bugfix: Save Zoom data (e.g. join_url) when updating instance #585 (thanks @selimmeziti)
+- Bugfix: Form sections can now toggle independently #587 (thanks @kiratskitizing)
+- Bugfix: Differentiate between multiple recording types #578 (thanks @welegionsr)
+- Bugfix: Granular OAuth scopes work now #590 (thanks @amendezinserver, @jport500, @haietza, Kohei SHIRAHAMA)
+- Code quality: Move function from view page to locallib #584
+- Code quality: Freshen GitHub Action to match moodle-plugin-ci #584
+- Code quality: Align with moodle-cs v3.4.6 #584
+
 #### v5.2.0 ####
 
 - Feature: Grading based on attendance duration #477 (thanks @fmido88)

README.md

@@ -17,7 +17,50 @@ permission is required. You should create a separate Server-to-Server OAuth app
 
 The Server-to-Server OAuth app will generate a client ID, client secret and account ID.
 
-At a minimum, the following scopes are required by this plugin:
+#### Granular scopes
+At a minimum, the following scopes are required:
+
+- meeting:read:meeting:admin (Get meeting)
+- meeting:read:invitation:admin (Get meeting invitation)
+- meeting:delete:meeting:admin (Delete meeting)
+- meeting:update:meeting:admin (Update meeting)
+- meeting:write:meeting:admin (Create meeting)
+- user:read:list_schedulers:admin (List schedulers)
+- user:read:settings:admin (Get user settings)
+- user:read:user:admin (Get user)
+
+Optional functionality can be enabled by granting additional scopes:
+
+- Meeting registrations
+    - meeting:read:list_registrants:admin (Get registrants)
+- Reports for meetings / webinars (Licensed accounts and higher)
+    - report:read:list_meeting_participants:admin
+    - report:read:list_webinar_participants:admin
+    - report:read:list_users:admin
+    - report:read:user:admin
+- Faster reports for meetings / webinars (Business accounts and higher)
+    - dashboard:read:list_meeting_participants:admin
+    - dashboard:read:list_meetings:admin
+    - dashboard:read:list_webinar_participants:admin
+    - dashboard:read:list_webinars:admin
+- Allow recordings to be viewed (zoom | viewrecordings)
+    - cloud_recording:read:list_recording_files:admin
+    - cloud_recording:read:list_user_recordings:admin
+    - cloud_recording:read:recording_settings:admin
+- Tracking fields (zoom | defaulttrackingfields)
+    - Not yet supported by Zoom
+- Recycle licenses (zoom | utmost), (zoom | recycleonjoin)
+    - user:read:list_users:admin
+    - user:update:user:admin
+- Webinars (zoom | showwebinars), (zoom | webinardefault)
+    - webinar:read:list_registrants:admin
+    - webinar:read:webinar:admin
+    - webinar:delete:webinar:admin
+    - webinar:update:webinar:admin
+    - webinar:write:webinar:admin
+
+#### Classic scopes
+At a minimum, the following scopes are required:
 
 - meeting:read:admin (Read meeting details)
 - meeting:write:admin (Create/Update meetings)

classes/task/get_meeting_reports.php

@@ -82,7 +82,6 @@ private function cmp($a, $b) {
     /**
      * Gets the meeting IDs from the queue, retrieve the information for each
      * meeting, then remove the meeting from the queue.
-     * @link https://zoom.github.io/api/#report-metric-apis
      *
      * @param string $paramstart    If passed, will find meetings starting on given date. Format is YYYY-MM-DD.
      * @param string $paramend      If passed, will find meetings ending on given date. Format is YYYY-MM-DD.
@@ -144,14 +143,24 @@ public function execute($paramstart = null, $paramend = null, $hostuuids = null)
 
         $recordedallmeetings = true;
 
+        $dashboardscopes = [
+            'dashboard_meetings:read:admin',
+            'dashboard_meetings:read:list_meetings:admin',
+            'dashboard_meetings:read:list_webinars:admin',
+        ];
+
+        $reportscopes = [
+            'report:read:admin',
+            'report:read:list_users:admin',
+        ];
+
         // Can only query on $hostuuids using Report API.
-        if (empty($hostuuids) && $this->service->has_scope('dashboard_meetings:read:admin')) {
+        if (empty($hostuuids) && $this->service->has_scope($dashboardscopes)) {
             $allmeetings = $this->get_meetings_via_dashboard($start, $end);
-        } else if ($this->service->has_scope('report:read:admin')) {
+        } else if ($this->service->has_scope($reportscopes)) {
             $allmeetings = $this->get_meetings_via_reports($start, $end, $hostuuids);
         } else {
-            $requiredscope = !empty($hostuuids) ? 'report:read:admin' : 'dashboard_meetings:read:admin or report:read:admin';
-            mtrace('Skipping task - missing required OAuth scope: ' . $requiredscope);
+            mtrace('Skipping task - missing OAuth scopes required for reports');
             return;
         }
 
@@ -406,13 +415,23 @@ public function get_meetings_via_reports($start, $end, $hostuuids) {
     public function get_meetings_via_dashboard($start, $end) {
         mtrace('Using Dashboard API');
 
+        $meetingscopes = [
+            'dashboard_meetings:read:admin',
+            'dashboard_meetings:read:list_meetings:admin',
+        ];
+
+        $webinarscopes = [
+            'dashboard_webinars:read:admin',
+            'dashboard_webinars:read:list_webinars:admin',
+        ];
+
         $meetings = [];
-        if ($this->service->has_scope('dashboard_meetings:read:admin')) {
+        if ($this->service->has_scope($meetingscopes)) {
             $meetings = $this->service->get_meetings($start, $end);
         }
 
         $webinars = [];
-        if ($this->service->has_scope('dashboard_webinars:read:admin')) {
+        if ($this->service->has_scope($webinarscopes)) {
             $webinars = $this->service->get_webinars($start, $end);
         }