system.app.post.post_process.php

<?php //< Exclude this when assigning code to user.session.post_process handler
/// Application, when added _after_ user is registered, should assign 'registered' relation to all existing user records, that's by design
///

//var_dump('$event[response]', $event['response']);

/// Success checking
function isStatusSuccess($status)
{
  return !empty($status) && 200 <= $status && $status < 300;
}

/// Return up to $count of non-admin existing user ids, starting from $offset
/// On error, or if no more records available, return null
function nonAdminUsersGet($api, $count, $offset)
{
  $get = $api->get;

  $result = $get( 
    'system/user?fields=id&filter='.rawurlencode('is_sys_admin=0').'&limit='.$count.'&offset='.$offset
  );

  if( !isStatusSuccess( $result['status_code'] ) )
    return null;
  
  $result = $result['content']['resource'];
  //var_dump("nonAdminUsersGet(count=$count, offset=$offset) =>", $result);
  
  if( empty($result) )
    return null;
  
  return $result;
}

/// Return role id by role name, if no role with given name exists, return null
function roleIdGetByName($api, $name)
{
  $get = $api->get;
  $result = $get(
      'system/role?'.
      'fields=id&filter='.
      rawurlencode(
        '(name='.$name.') AND (is_active=1)'
      )
    );

  if( !isStatusSuccess( $result['status_code'] ) )
    return null;
 
  //var_dump("roleIdGetByName($name)=", $result);
  
  $result = $result['content']['resource'];
  if( empty($result) )
    return null;
  
  return $result[0]['id'];
}

/// Assign appId relation for all users in collection
function registeredRelationAssignForAppIdUsers($api, $appId, $roleId, $userIds)
{
  if( empty($appId) || empty($roleId) || empty($userIds) )
    return false;
  
  $get = $api->get;
  $put = $api->put;
 
  foreach($userIds as $userId)
  {
    $userId = $userId['id'];
    // Returned is user record + attached array of user-to-app-to-role relations.
    // We want only id from user record, so restrict main fields 
    $relations = $get(
        'system/user/'.$userId.'?related=user_to_app_to_role_by_user_id&fields=id'
      );
    
    if( !isStatusSuccess( $relations['status_code'] ) )
      return false;

    $relations = $relations['content']['user_to_app_to_role_by_user_id'];
    $found = false;
    foreach($relations as $relation)
    {
      if( $appId == $relation['app_id'] && 
          $userId == $relation['user_id'] &&
          $roleId == $relation['role_id']
      )
      {
        $found = true;
        break;
      }  
    }
    
    if( !$found )
    {
      $result = $put(
        'system/user/'.$userId.'?related=user_to_app_to_role_by_user_id',
        [ 'user_to_app_to_role_by_user_id' => 
          [
            [
              'user_id' => $userId,
              'app_id' => $appId,
              'role_id' => $roleId
            ]
          ]    
        ]
      );  

      if( !isStatusSuccess( $result['status_code'] ) )
        return false;      
    }
  }

  return true;  
}

// ------------------------------------------------------------------------------
/// Retrieve non-admin users and assign 'registered' role for new appId
if( isStatusSuccess( $event['response']['status_code'] ) )
{
  // Cache api services
  $api = $platform['api'];
  
  // Get ID for 'registered' role
  $roleId = roleIdGetByName($api, 'registered');

  if( !empty($roleId) )
  {
    $count = 500;
    $offs = 0;
    
    $appId = $event['response']['content']['resource'][0]['id'];
    
    while(true)
    {
      $userIds = nonAdminUsersGet($api, $count, $offs);
      if( empty($userIds) )
        break;
      
      if( true !== registeredRelationAssignForAppIdUsers(
          $api, 
          $appId,
          $roleId,
          $userIds
        )
      )
      {
        //var_dump('Could not assign new app id \'registered\' relation for all existing users');
        break;        
      }
      
      $offs += $count;
    }
  }
}