Develop/bespoke

.gitignore

@@ -1,3 +1,10 @@
 node_modules/
 vendor/
-/.vs
+/.vs
+
+# Compiled CSS files
+css/*.min.css
+css/*.min.css.map
+
+# Ignore the entire build folder
+/amd/build/

ajax/search_suggestions.php

@@ -0,0 +1,111 @@
+<?php
+require_once(__DIR__ . '/../../../config.php');
+require_once($CFG->libdir . '/filelib.php'); 
+require_login(); // Ensures full session context, like in core_renderer
+
+header('Content-Type: application/json');
+
+// Function to handle JSON error response and exit.
+// This centralizes error handling and ensures consistent output.
+function send_json_error($message, $status = 'error', $http_status_code = 500) {
+    error_log("theme_nhse: send_json_error - Status: " . $status . ", Message: " . $message);
+    http_response_code($http_status_code);
+    echo json_encode(['status' => $status, 'message' => $message]);
+    exit;
+}
+
+try {
+    global $USER, $DB;
+    $theme_identifier = 'theme_nhse';       
+
+    // Get the .NET application base URL theme property
+    $dotnet_base_url = get_config($theme_identifier, 'dotnet_base_url');
+    // Ensure the .NET application base URL ends with a slash if it's not empty
+    if (!empty($dotnet_base_url) && substr($dotnet_base_url, -1) !== '/') {
+        $dotnet_base_url .= '/';
+    }
+
+    // Get the API Base URL theme property
+    $api_base_url = get_config($theme_identifier, 'api_base_url');
+    // Ensure the API base URL ends with a slash if it's not empty
+    if (empty($api_base_url)) {        
+        send_json_error('API Base URL is not configured in theme settings.', 'error', 400);
+    }
+    if (substr($api_base_url, -1) !== '/') {
+        $api_base_url .= '/';
+    }
+
+    // Retrieve the OIDC token
+    $accesstoken = null; 
+    $token_record = $DB->get_record('auth_oidc_token', ['username' => $USER->username]);
+    // IMPORTANT: Only access $token->token if $token is not false (i.e., a record was found)
+    if ($token_record) {
+        $accesstoken = $token_record->token; // Assuming the actual token is in the 'token' column      
+    } else {
+        send_json_error(
+        'No OIDC token found for user.', // The message for the client and log
+        'error',                           // The status field in the JSON response
+        500                                // The HTTP status code (e.g., 500 Internal Server Error)
+        );
+        exit; // Exit if no token is found and you want to indicate an error
+    }
+
+} catch (Throwable $e) {    
+    send_json_error(
+        'An unexpected error occurred: ' . $e->getMessage(),
+        'exception_error',
+        500
+    );
+    exit;
+}
+
+$searchterm = optional_param('query', '', PARAM_TEXT); 
+
+$api_endpoint_path = 'Search/GetAutoSuggestionResult/';
+$url_for_search = $api_base_url . $api_endpoint_path . urlencode($searchterm);
+
+
+try 
+    {
+    $curl = new \curl(); 
+        // Set Authorization header
+    $options = [
+        'HTTPHEADER' => [
+            'Authorization: Bearer ' . $accesstoken,
+            'Accept: application/json'
+        ]
+    ];
+    $response = $curl->get($url_for_search, null, $options);
+    $result = json_decode($response, true);    
+
+    if (json_last_error() !== JSON_ERROR_NONE) {
+        $json_error_msg = json_last_error_msg();
+        error_log("theme_nhse: JSON decoding error: " . $json_error_msg);       
+        send_json_error(
+            'API response could not be decoded: ' . $json_error_msg,
+            'json_decode_error',
+            500 // Internal Server Error as the server received unparseable data
+        );        
+    }
+
+    echo json_encode([
+        'status' => 'ok',
+        'test_url' => $url_for_search,
+        'accesstoken' => $accesstoken,
+        'api_raw_response' => $response, // Add the raw string response
+        'api_decoded_result' => $result  // Add the decoded array/object response
+    ]);
+    exit; 
+
+
+} catch (Exception $e) {       
+    error_log("theme_nhse: CURL Exception caught for URL: " . $url_for_search . " Message: " . $e->getMessage()); // Use $url_for_search for clarity
+    send_json_error(
+        'Failed to connect to API: ' . $e->getMessage(), // Message for client and log
+        'curl_error',                                    // Specific status for cURL issues
+        500                                              // HTTP 500 Internal Server Error for network/server-side issues
+    );
+}
+
+
+

classes/output/core_renderer.php

@@ -36,6 +36,257 @@
  */
 class core_renderer extends \theme_boost\output\core_renderer
 {
+
+    // You can declare it explicitly for IDE clarity, but the parent usually does this.
+    // protected $page;
+
+    public function __construct(\moodle_page $page, $target) {
+        // This line is CRUCIAL. It calls the parent constructor,
+        // which sets up $this->page for the current renderer instance.
+        parent::__construct($page, $target);
+    }
+
+    /**
+     * Returns the data context for the global theme header, fetching from API.
+     * This method is called by {{# output.get_global_header_data }} in Mustache.
+     *
+     * @return \stdClass An object containing data for the header.
+     */
+    public function get_global_header_data() {
+        global $PAGE; // Keep $PAGE just in case for future use/context, though not strictly needed for this API call
+        global $DB, $USER; // Declare $DB and $USER as global
+        global $SESSION;
+
+        $context = new \stdClass();
+        $context->customnavigation = []; // Default to empty array in case of API issues
+
+        // Fetch token for current user
+        $token = null; // Initialize to null
+        $tokenNew = null; // Initialize to null
+        $accesstoken  = null; // Initialize to null
+        $response_content = false; // Initialize to false
+
+        // --- NEW: Get the configured .NET application base URL ---
+        $dotnet_base_url = get_config('theme_nhse', 'dotnet_base_url');
+
+        if (!empty($dotnet_base_url) && substr($dotnet_base_url, -1) !== '/') {
+            $dotnet_base_url .= '/';
+        }
+
+        // Add dotnet_base_url to the context for Mustache template ---
+        $context->dotnet_base_url = $dotnet_base_url;
+        error_log("DEBUG NHSE: get_global_header_data: dotnet_base_url = " . $context->dotnet_base_url); // ADD THIS LINE
+        // Add sesskey to the context for Mustache template ---
+        $context->sessionKey = sesskey();
+
+        // --- NEW: Get the configured API Base URL ---
+        $api_base_url = get_config('theme_nhse', 'api_base_url');
+        // Ensure the API base URL ends with a slash if it's not empty
+        if (!empty($api_base_url) && substr($api_base_url, -1) !== '/') {
+            $api_base_url .= '/';
+        }
+
+        if (empty($api_base_url)) {
+            // Log an error and return early if the API URL is not configured
+            error_log("theme_nhse: ERROR: LH OpenAPI Base URL is not configured in theme settings. Cannot fetch navigation data.");
+            return $context; // Return empty context if API URL is missing
+        }
+
+        // --- NEW: Add login status to the context ---
+        // isloggedin() is a Moodle core function that returns true if a user is logged in.
+        $context->is_user_logged_in = isloggedin();
+
+          // --- NEW: Add 'Site Administration' link if user is an admin ---
+        // Check if the user has the capability to configure the site (i.e., is an admin)
+        if (has_capability('moodle/site:config', \context_system::instance())) {
+            $admin_link = new \stdClass();            
+            $admin_link->title = "Site administration";
+            $admin_link->url = new \moodle_url('/admin/search.php'); // Use the observed URL
+            $admin_link->hasnotification = false;
+            $admin_link->notificationcount = 0;
+            $admin_link->openInNewTab = false; 
+
+            // Add this admin link to your customnavigation array
+            // This ensures it gets rendered by your {{#customnavigation}} block in Mustache
+            $context->customnavigation[] = $admin_link;
+            error_log("theme_nhse: Added Site Administration link to custom navigation.");
+        }
+
+
+        if (isloggedin()) { // Only try to fetch token if a user is logged in
+            $token = $DB->get_record('auth_oidc_token', ['username' => $USER->username]);           
+            if ($token) {
+                error_log("theme_nhse: Found OIDC token for user {$USER->username}.");
+                // You would then use $token->accesstoken to construct your bearer token
+                 $accesstoken = $token->token;
+                 error_log("theme_nhse: accesstoken {$accesstoken}");
+
+            } else {
+                error_log("theme_nhse: No OIDC token found for user {$USER->username}.");
+            }
+        } else {
+            error_log("theme_nhse: User not logged in, skipping OIDC token fetch.");
+        }
+
+        // --- The rest of your existing API call logic ---
+        $api_endpoint_path = 'User/GetLHUserNavigation';
+        $url = $api_base_url . $api_endpoint_path;
+
+
+
+         try 
+         {
+            $curl = new \curl();
+             // Set Authorization header
+            $options = [
+                'HTTPHEADER' => [
+                    'Authorization: Bearer ' . $accesstoken,
+                    'Accept: application/json'
+                ]
+            ];
+            $response = $curl->get($url, null, $options);
+            $result = json_decode($response, true);
+             // Log the raw response and the decoded result
+            error_log("theme_nhse: API Response (raw): " . $response);
+            error_log("theme_nhse: API Response (decoded): " . print_r($result, true));
+            // Check for JSON decoding errors
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                error_log("theme_nhse: JSON decoding error: " . json_last_error_msg());
+            }
+          } catch (Exception $e) 
+          {
+            debugging('CURL error: ' . $e->getMessage(), DEBUG_DEVELOPER);
+            error_log("theme_nhse: CURL Exception caught for URL: " . $url . " Message: " . $e->getMessage());
+          }
+
+        // --- Conditional Block for Processing Response (after try-catch) ---
+        // We use $result here, which will be null if there was an API error or JSON decoding issue.
+        if (is_array($result) && !empty($result)) {
+            // JSON decoded successfully and is an array with content
+            error_log("theme_nhse: JSON decoded successfully. Processing " . count($result) . " items.");
+            $processed_links = [];
+            foreach ($result as $item) {
+                // Check 'visible' property from API (only include if true or not set)
+                // Assuming 'visible' being absent or true means it should be shown
+
+                 // --- NEW: Skip item if title is "Sign Out" ---
+                // We use trim() to handle any potential leading/trailing whitespace.
+                if (isset($item['title']) && trim($item['title']) === 'Sign Out') {
+                    error_log("theme_nhse: Skipping 'Sign Out' link from API response.");
+                    continue; // Skip to the next item in the loop
+                }
+
+
+                if (!isset($item['visible']) || $item['visible'] === true) {
+                    $processed_item = new \stdClass();
+                    $processed_item->title = $item['title'] ?? 'Untitled'; // Default title if missing
+                    $processed_item->openInNewTab = $item['openInNewTab'] ?? false; 
+                    // Handle URLs - convert to moodle_url if internal, keep as string if external
+                    if (isset($item['url']) && !empty($item['url'])) {
+                        $item_url_path = $item['url']; // Store the raw URL from the API       
+                        // --- NEW: Override URL for 'Admin' link with theme setting ---
+                        if (trim($processed_item->title) === 'Admin') {
+                            $admin_url = get_config('theme_nhse', 'admin_url');
+                            if (!empty($admin_url)) {
+                                $processed_item->url = $admin_url;
+                                $processed_item->openInNewTab = true;
+                                error_log("theme_nhse: Overriding 'Admin' URL with theme setting: {$processed_item->url}");
+                            } else {
+                                // Fallback to original logic if theme setting is not configured
+                                error_log("theme_nhse: Admin URL theme setting not found, falling back to API URL.");
+                            }
+                        // Check if it's an absolute URL (starts with http/s or //)
+                        } else if (strpos($item_url_path, 'http') === 0 || strpos($item_url_path, '//') === 0) {
+                            $processed_item->url = $item_url_path; // Use the absolute URL as is
+                            error_log("theme_nhse: Processing absolute URL: {$processed_item->url}");
+                        } 
+                        // If it's a relative URL AND we have a configured .NET base URL, prepend it
+                        else if (!empty($dotnet_base_url)) {
+                            // Prepend .NET base URL, ensuring no double slashes by trimming leading slash from item_url_path
+                            $processed_item->url = $dotnet_base_url . ltrim($item_url_path, '/'); 
+                            error_log("theme_nhse: Redirecting relative link '{$item_url_path}' to .NET domain: {$processed_item->url}");
+                        }
+                        // Fallback: If it's a relative URL but no .NET base URL is configured,
+                        // treat it as a Moodle internal URL.
+                        else {
+                            $processed_item->url = new \moodle_url($item_url_path);
+                            error_log("theme_nhse: .NET base URL not configured, processing relative link '{$item_url_path}' as Moodle internal.");
+                        }
+                    } else {
+                        // Default to Moodle home if URL is missing or empty
+                        $processed_item->url = new \moodle_url('/');
+                        error_log("theme_nhse: Item has empty or missing URL, defaulting to Moodle home.");
+                    }
+                    $processed_item->hasnotification = $item['hasNotification'] ?? false;
+                    $processed_item->notificationcount = $item['notificationCount'] ?? 0;                    
+
+                    $processed_links[] = $processed_item;
+                } else {
+                    // Log items that are not visible
+                    error_log("theme_nhse: Item not visible and filtered out: " . ($item['title'] ?? 'N/A') . " (visible: " . ($item['visible'] ? 'true' : 'false') . ")");
+                }
+            }
+
+              // Add API processed links AFTER the static admin link, so it appears first if you want.
+            // If you want admin link to appear last, change this to array_unshift or prepend it.
+            $context->customnavigation = array_merge($context->customnavigation, $processed_links);
+            //$context->customnavigation = array_unshift($context->customnavigation, $processed_links);
+
+            error_log("theme_nhse: Processed links for display: " . print_r($context->customnavigation, true));
+
+
+            // Log the final processed links (for debugging)
+            error_log("theme_nhse: Processed links for display: " . print_r($processed_links, true));
+        } else {
+            // This block handles cases where:
+            // 1. $result is null (due to JSON decoding error or CURL exception)
+            // 2. $result is not an array (e.g., API returned a non-array JSON like a string or object)
+            // 3. $result is an empty array
+            $json_error_msg = (json_last_error() !== JSON_ERROR_NONE) ? json_last_error_msg() : 'N/A';
+            error_log("theme_nhse: Failed to process API response. Response was empty, not an array, or an error occurred. JSON Error: " . $json_error_msg);
+            error_log("theme_nhse: Raw API response (if available): " . ($response ?: 'No response content'));
+        }
+
+        // NEW: Require your autosuggest JavaScript module
+        $this->page->requires->js_call_amd('theme_nhse/autosuggest', 'init');
+
+        // You can remove this for now, or keep it, it won't hurt
+        // $this->page->requires->js_init_call('M.cfg.userid = ' . $USER->id . ';');
+
+
+        return $context; 
+    }
+
+    public function get_footer_data(): \stdClass {
+        $context = new \stdClass();
+
+        $dotnet_base_url = get_config('theme_nhse', 'dotnet_base_url');
+        if (!empty($dotnet_base_url) && substr($dotnet_base_url, -1) !== '/') {
+            $dotnet_base_url .= '/';
+        }
+
+        $context->dotnet_base_url = $dotnet_base_url;
+
+        return $context;
+
+    }
+
+    public function standard_head_html() {
+        $output = parent::standard_head_html();
+
+        // Inject dotnet_base_url into M.cfg globally
+        $dotnet_base_url = get_config('theme_nhse', 'dotnet_base_url');
+
+        if (!empty($dotnet_base_url)) {
+            $output .= '<script>';
+            $output .= 'M.cfg.dotnet_base_url = ' . json_encode($dotnet_base_url) . ';';
+            $output .= '</script>';
+        }
+
+        return $output;
+    }
+
+
     /**
      * Wrapper for header elements.
      *