owncloud / ocis-php-sdk
Requires
- php: ^8.1
- ext-curl: *
- ext-dom: *
- ext-json: *
- owncloud/libre-graph-api-php: dev-main#0e5491aa123a6db48b2f00f90e734961ee8c4aba
- sabre/dav: ^4.6
Requires (Dev)
- ext-gd: *
- friendsofphp/php-cs-fixer: ^3.26
- phan/phan: ^5.4
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.5
This package is auto-updated.
Last update: 2024-11-03 06:36:17 UTC
README
ocis-php-sdk
This SDK allows you to interact with ownCloud Infinite Scale (oCIS) storage using PHP.
Documentation
You can find a rendered version of the API documentation in our dev docs.
To render the documentation locally, use the phpDocumentor to run it in the local repo. E.g.:
docker run --rm -v ${PWD}:/data phpdoc/phpdoc:3
After that you will find the documentation inside the docs
folder.
Installation via Composer
Add "owncloud/ocis-php-sdk" to the require
block in your composer.json and then run composer install.
Warning
The ocis-php-sdk currently relies on a development version of the "owncloud/libre-graph-api-php" package. To ensure proper dependency resolution, it is necessary to set "minimum-stability": "dev" and "prefer-stable": true in your composer.json file.
{ "minimum-stability": "dev", "prefer-stable": true, "require": { "owncloud/ocis-php-sdk": "^1.0" } }
Alternatively, you can simply run the following from the command line:
composer config minimum-stability dev
composer config prefer-stable true
composer require owncloud/ocis-php-sdk
Getting started
Ocis has two types of access token, one which is used to interact with drive, group, user, shares etc.(OICD access token) and another which can be used to interact with education endpoints (education access token).
Create an Ocis object using the service Url and an OIDC access token:
$ocis = new Ocis('https://example.ocis.com', $accessToken);
Or create an Ocis object to interact with education endpoints using the service Url and an education access token:
$ocis = new Ocis('https://education.ocis.com', null, [], $educationAccessToken);
At least one access token should be provided to use the SKD.
Acquiring an OICD access token is out of scope of this SDK, but you can find examples for that below.
Also refreshing OICD tokens is not part of the SDK, but after you got a new token, you can update the Ocis object:
$ocis->setAccessToken($newAccessToken);
Education access token is set when starting the ocis graph server. You can get it using following snippet
$educationAccessToken = getenv("GRAPH_HTTP_API_TOKEN")
Drives (spaces)
Drives can be listed using the getAllDrives
or the getMyDrives
method.
The Drive class is responsible for most file/folder related actions, like listing files, creating folders, uploading files, etc.
// get the personal drive of the authorized user // `getMyDrives` returns all drives that the user is a member of // but in this example the result is filtered to only return // the personal drive (parameter 3 = DriveType::PERSONAL) $drives = $ocis->getMyDrives( DriveOrder::NAME, OrderDirection::ASC, DriveType::PERSONAL ); // get the drive id $id = $drives[0]->getId(); // get the name of the drive $name = $drives[0]->getName(); // get a link to the drive that can be opened in a browser and will lead the user to the web interface $webUrl = $drives[0]->getWebUrl(); // create a folder inside the drive $drives[0]->createFolder("/documents"); // upload a file to the drive $drives[0]->uploadFile("/documents/myfile.txt", "Hello World!"); // get an array of all resources of the "/documents" folder inside the drive $resources = $drives[0]->getResources("/documents");
Drive Permission
Users/Groups can be invited to drives by specifying permissions. The Drive class has methods to invite Users/Groups, update permission roles and expiration dates, remove users and groups, etc.
Drive invitations are only possible on project drives.
// find all users with a specific surname $users = $ocis->getUsers("einstein")[0]; // get all drives of type project $drives = $ocis->getMyDrives( DriveOrder::NAME, OrderDirection::ASC, DriveType::PROJECT ); // get the drive named 'game' foreach ($drives as $drive) { if ($drive->getName) === 'game' { $gameDrive = $drive; break; } } // get all roles that are possible for that drive $driveRoles = $gameDrive->getRoles(); // get the role that is allowed to view, download, upload, edit, add, delete and manage members foreach ($driveRoles as $role) { if ($role->getDisplayName() === 'Manager') { $managerRole = $role; break; } } // invite user einstein on project drive 'game' with manager permission $gameDrive->invite($users, $managerRole);
Notifications
Notifications can be listed using the getNotifications
method, which will return an array of Notification
objects representing all active notifications.
The Notification
object can retrieve details of the corresponding notification and mark it as read (delete).
Sharing
Given the correct permissions, an OcisResource
can be shared with a group or a user. To define the access permissions of the receiver every share has to set SharingRole
(s).
// get the resources of a subfolder inside a drive $resources = $drive->getResources("/documents"); // get all roles that are possible for that particular resource $roles = $resources[0]->getRoles(); // find the role that is allowed to read and write the shared file or folder for ($roles as $role) { if ($role->getDisplayName() === 'Can edit') { $editorRole = $role; break; } } // find all users with a specific surname $users = $ocis->getUsers("einstein")[0]; // share the resource with the users $resources[0]->invite($users, $editorRole);
Education User
Education Users can only be created, listed and deleted using education access token. If you want to use other APIs you need to use the OICD access token.
// create education user $educationUsers = $ocis->createEducationUser() // list all education user $educationUsers = $ocis->getEducationUsers() // list education user by id $educationUsers = $ocis->getEducationUserById() // delete education user $educationUser[0]->delete()
Requirements
- PHP 8.1 or higher
- oCIS 5.0.0 or higher
Acquiring an Access Token
For an easier experience in acquiring an access token, several PHP OIDC client libraries are available. The following code snippet showcases how to retrieve an access token with the facile-it/php-openid-client
library.
Install PHP dependencies
You can install the facile-it/php-openid-client library using composer:
composer require facile-it/php-openid-client
composer require nyholm/psr7
Required PHP Libraries
- php-bcmath
- php-gmp
Code Snippet to Fetch an Access Token
<?php require __DIR__ . '/path/to/vendor/autoload.php'; use Facile\OpenIDClient\Client\ClientBuilder; use Facile\OpenIDClient\Issuer\IssuerBuilder; use Facile\OpenIDClient\Client\Metadata\ClientMetadata; use Facile\OpenIDClient\Service\Builder\AuthorizationServiceBuilder; use Nyholm\Psr7\ServerRequest; $issuer = (new IssuerBuilder()) ->build('https://example.ocis.com'); $clientMetadata = ClientMetadata::fromArray([ 'client_id' => 'client_id', 'client_secret' => 'client_secret', 'redirect_uris' => [ 'http://url-of-this-file', ], ]); $client = (new ClientBuilder()) ->setIssuer($issuer) ->setClientMetadata($clientMetadata) ->build(); $authorizationService = (new AuthorizationServiceBuilder())->build(); $redirectAuthorizationUri = $authorizationService->getAuthorizationUri( $client, ['scope'=>'openid profile email offline_access'] ); if(!isset($_REQUEST["code"])) { header('Location: ' . $redirectAuthorizationUri); } else { $serverRequest = new ServerRequest('GET', $_SERVER['REQUEST_URI']); $callbackParams = $authorizationService->getCallbackParams($serverRequest, $client); $tokenSet = $authorizationService->callback($client, $callbackParams); // store access and refresh token in database $accessToken = $tokenSet->getAccessToken(); echo 'AccessToken : ' . $accessToken; echo '<hr>'; $refreshToken = $tokenSet->getRefreshToken(); echo 'RefreshToken : ' . $refreshToken; echo '<hr>'; // use this code to get new access token when expired $tokenSet = $authorizationService->refresh($client, $refreshToken); $accessToken = $tokenSet->getAccessToken(); echo 'NewAccessToken : ' . $accessToken; }
If you're working in a development environment where you might need to bypass SSL verification (though this is not advised for production environments), here's how:
<?php ... use Facile\OpenIDClient\Issuer\Metadata\Provider\MetadataProviderBuilder; use Facile\JoseVerifier\JWK\JwksProviderBuilder; use Symfony\Component\HttpClient\Psr18Client; use Symfony\Component\HttpClient\CurlHttpClient; $symHttpClient = new CurlHttpClient([ 'verify_peer' => false, 'verify_host' => false ]); $httpClient = new Psr18Client($symHttpClient); $metadataProviderBuilder = (new MetadataProviderBuilder()) ->setHttpClient($httpClient); $jwksProviderBuilder = (new JwksProviderBuilder()) ->setHttpClient($httpClient); $issuer = (new IssuerBuilder()) ->setMetadataProviderBuilder($metadataProviderBuilder) ->setJwksProviderBuilder($jwksProviderBuilder) ->build('https://example.ocis.com'); ... $client = (new ClientBuilder()) ->setHttpClient($httpClient) ->setIssuer($issuer) ->setClientMetadata($clientMetadata) ->build(); $authorizationService = (new AuthorizationServiceBuilder()) ->setHttpClient($httpClient) ->build(); ...
To test, simply open a browser and head to http://url-of-this-file.
Development
Integration tests
To run the tests locally
-
Install and setup
docker
(min version 24) anddocker compose
(min version 2.21). -
Ensure that the following php dependencies are installed for executing the integration tests:
- php-curl - php-dom - php-phpdbg - php-mbstring - php-ast
-
add these lines to your
/etc/hosts
file:127.0.0.1 ocis.owncloud.test 127.0.0.1 keycloak.owncloud.test
-
run whole tests
make test-php-integration // start a full oCIS server with keycloak and other services using docker before running tests
-
run single test
make test-php-integration testGetResources // start a full oCIS server with keycloak and other services using docker before running single test
If something goes wrong, use
make clean
to clean the created containers and volumes.