mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'wip-MDL-61814-master' of git://github.com/abgreeve/moodle

Browse Source
This commit is contained in:
David Monllao 2018-05-08 17:17:47 +02:00
commit 40cd9b66a6
9 changed files with 1588 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lang/en/portfolio.php
View File

@ -167,6 +167,12 @@ $string['pluginismisconfigured'] = 'Portfolio plugin is misconfigured, skipping.
$string['portfolio'] = 'Portfolio';
$string['portfolios'] = 'Portfolios';
$string['privacy:metadata'] = 'The portfolio subsystem acts as a channel, passing requests from plugins to the various portfolio plugins.';
$string['privacy:metadata:name'] = 'Name of the preference.';
$string['privacy:metadata:instance'] = 'Identifier for the portfolio.';
$string['privacy:metadata:instancesummary'] = 'This stores portfolio both instances and preferences for the portfolios user is using.';
$string['privacy:metadata:value'] = 'Value for the preference';
$string['privacy:metadata:userid'] = 'The user Identifier.';
$string['privacy:path'] = 'Portfolio instances';
$string['queuesummary'] = 'Currently queued transfers';
$string['returntowhereyouwere'] = 'Return to where you were';
$string['save'] = 'Save';
@ -184,3 +190,4 @@ $string['wait'] = 'Wait';
$string['wanttowait_high'] = 'It is not recommended that you wait for this transfer to complete, but you can if you\'re sure and know what you\'re doing';
$string['wanttowait_moderate'] = 'Do you want to wait for this transfer? It might take a few minutes';

119
lang/en/user.php Normal file
View File

@ -0,0 +1,119 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Strings for component 'user', language 'en', branch 'MOODLE_20_STABLE'
*
* @package core_user
* @copyright 2018 Adrian Greeve <adriangreeve.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['privacy:courserequestpath'] = 'Requested courses';
$string['privacy:descriptionpath'] = 'Profile description';
$string['privacy:devicespath'] = 'User devices';
$string['privacy:draftfilespath'] = 'Draft files';
$string['privacy:lastaccesspath'] = 'Last access to courses';
$string['privacy:metadata:address'] = 'The address of the user.';
$string['privacy:metadata:aim'] = 'The AIM identifier of the user.';
$string['privacy:metadata:alternatename'] = 'An alternative name for the user.';
$string['privacy:metadata:appid'] = 'The app id, usually something like com.moodle.moodlemobile';
$string['privacy:metadata:auth'] = 'The authentication plugin used for this user record.';
$string['privacy:metadata:autosubscribe'] = 'A preference as to if the user should be auto-subscribed to forums the user posts in.';
$string['privacy:metadata:calendartype'] = 'A user preference for the type of calendar to use.';
$string['privacy:metadata:category'] = 'The category identifier.';
$string['privacy:metadata:city'] = 'The city of the user.';
$string['privacy:metadata:confirmed'] = 'If this is an active user or not.';
$string['privacy:metadata:country'] = 'The country that the user is in.';
$string['privacy:metadata:courseid'] = 'An identifier for a course.';
$string['privacy:metadata:currentlogin'] = 'The current login for this user.';
$string['privacy:metadata:data'] = 'Data relating to the custom user field from the user.';
$string['privacy:metadata:deleted'] = 'A flag to show if the user has been deleted or not.';
$string['privacy:metadata:department'] = 'The department that this user can be found in.';
$string['privacy:metadata:description'] = 'General details about this user.';
$string['privacy:metadata:devicename'] = 'The device name, occam or iPhone etc..';
$string['privacy:metadata:devicetablesummary'] = 'This table stores user\'s mobile devices information in order to send PUSH notifications';
$string['privacy:metadata:email'] = 'An email address for contact.';
$string['privacy:metadata:emailstop'] = 'A preference to stop email being sent to the user.';
$string['privacy:metadata:fieldid'] = 'The ID relating to the custom user field.';
$string['privacy:metadata:filelink'] = 'There are multiple different files for the user stored in the files table.';
$string['privacy:metadata:firstaccess'] = 'The time that this user first accessed the site.';
$string['privacy:metadata:firstip'] = 'The first IP address recorded';
$string['privacy:metadata:firstname'] = 'The first name of the user.';
$string['privacy:metadata:firstnamephonetic'] = 'The phonetic details about the user\'s first name.';
$string['privacy:metadata:fullname'] = 'The fullname for this course.';
$string['privacy:metadata:hash'] = 'A hash of a previous password.';
$string['privacy:metadata:icq'] = 'The ICQ number of the user.';
$string['privacy:metadata:id'] = 'The identifier for the user.';
$string['privacy:metadata:idnumber'] = 'An identification number given by the institution.';
$string['privacy:metadata:imagealt'] = 'Alternative text for the user\'s image.';
$string['privacy:metadata:infotablesummary'] = 'Stores custom user information.';
$string['privacy:metadata:institution'] = 'The institution that this user is a member of.';
$string['privacy:metadata:lang'] = 'A user preference for the language shown.';
$string['privacy:metadata:lastaccess'] = 'The time that the user last accessed the site.';
$string['privacy:metadata:lastaccesstablesummary'] = 'Information about the last time a user accessed a course.';
$string['privacy:metadata:lastip'] = 'The last IP address for the user.';
$string['privacy:metadata:lastlogin'] = 'The last login of this user.';
$string['privacy:metadata:lastname'] = 'The surname of the user.';
$string['privacy:metadata:lastnamephonetic'] = 'The phonetic details about the user\'s surname.';
$string['privacy:metadata:maildigest'] = 'A setting for the mail digest for this user.';
$string['privacy:metadata:maildisplay'] = 'A preference for the user about displaying their email address to other users.';
$string['privacy:metadata:middlename'] = 'The middle name of the user.';
$string['privacy:metadata:mnethostid'] = 'An identifier for the mnet host if used.';
$string['privacy:metadata:model'] = 'The device name, occam or iPhone etc..';
$string['privacy:metadata:msn'] = 'The MSN identifier of the user.';
$string['privacy:metadata:password'] = 'The password for this user to log into the system.';
$string['privacy:metadata:passwordresettablesummary'] = 'A table tracking password reset confirmation tokens';
$string['privacy:metadata:passwordtablesummary'] = 'A rotating log of hashes of previously used passwords for the user.';
$string['privacy:metadata:phone'] = 'A phone number for the user.';
$string['privacy:metadata:picture'] = 'The picture details associated with this user.';
$string['privacy:metadata:platform'] = 'The device platform, Android or iOS etc';
$string['privacy:metadata:policyagreed'] = 'A flag to determine if the user has agreed to the site policy.';
$string['privacy:metadata:pushid'] = 'The device PUSH token/key/identifier/registration id';
$string['privacy:metadata:reason'] = 'The reason for requesting this course.';
$string['privacy:metadata:requester'] = 'An identifier to a user that requested this course.';
$string['privacy:metadata:requestsummary'] = 'Stores information about requests for courses that users make.';
$string['privacy:metadata:suspended'] = 'A flag to show if the user has been suspended on this system.';
$string['privacy:metadata:username'] = 'The username for this user.';
$string['privacy:metadata:secret'] = 'Secret.. not sure.';
$string['privacy:metadata:sessdata'] = 'Session content';
$string['privacy:metadata:sessiontablesummary'] = 'Database based session storage';
$string['privacy:metadata:shortname'] = 'A short name for the course.';
$string['privacy:metadata:sid'] = 'The session ID';
$string['privacy:metadata:skype'] = 'The skype identifier of the user.';
$string['privacy:metadata:state'] = '0 means a normal session';
$string['privacy:metadata:summary'] = 'A description of the course.';
$string['privacy:metadata:theme'] = 'A user preference for the theme to display.';
$string['privacy:metadata:timeaccess'] = 'The time for access to the course.';
$string['privacy:metadata:timecreated'] = 'The time this record was created.';
$string['privacy:metadata:timemodified'] = 'The time this records was modified.';
$string['privacy:metadata:timererequested'] = 'The time the user re-requested the password reset.';
$string['privacy:metadata:timerequested'] = 'The time that the user first requested this password reset';
$string['privacy:metadata:timezone'] = 'The timezone that the user resides in.';
$string['privacy:metadata:token'] = 'secret set and emailed to user';
$string['privacy:metadata:trackforums'] = 'A preference for forums and tracking them.';
$string['privacy:metadata:trustbitmask'] = 'The trust bit mask';
$string['privacy:metadata:yahoo'] = 'The yahoo identifier of the user.';
$string['privacy:metadata:url'] = 'A URL related to this user.';
$string['privacy:metadata:userid'] = 'The user ID linked to this table.';
$string['privacy:metadata:usertablesummary'] = 'This table stores the main personal data about the user.';
$string['privacy:metadata:uuid'] = 'The device vendor UUID';
$string['privacy:metadata:version'] = 'The device version, 6.1.2, 4.2.2 etc..';
$string['privacy:passwordhistorypath'] = 'Password history';
$string['privacy:passwordresetpath'] = 'Password resets';
$string['privacy:profileimagespath'] = 'Profile images';
$string['privacy:privatefilespath'] = 'Private files';
$string['privacy:sessionpath'] = 'Session data';

102
portfolio/classes/privacy/provider.php
View File

@ -27,6 +27,8 @@ defined('MOODLE_INTERNAL') || die();
use core_privacy\local\metadata\collection;
use core_privacy\local\request\context;
use core_privacy\local\request\contextlist;
use core_privacy\local\request\approved_contextlist;
/**
* Provider for the portfolio API.
@ -35,10 +37,9 @@ use core_privacy\local\request\context;
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements
// The Portfolio subsystem does not store any data itself.
// It has no database tables, and it purely acts as a conduit to the various portfolio plugins.
// The core portfolio system stores preferences related to the other portfolio subsystems.
\core_privacy\local\metadata\provider,
\core_privacy\local\request\plugin\provider,
// The portfolio subsystem will be called by other components.
\core_privacy\local\request\subsystem\plugin_provider {
@ -49,7 +50,100 @@ class provider implements
* @return collection A listing of user data stored through this system.
*/
public static function get_metadata(collection $collection) : collection {
return $collection->add_plugintype_link('portfolio', [], 'privacy:metadata');
$collection->add_database_table('portfolio_instance_user', [
'instance' => 'privacy:metadata:instance',
'userid' => 'privacy:metadata:userid',
'name' => 'privacy:metadata:name',
'value' => 'privacy:metadata:value'
], 'privacy:metadata:instancesummary');
$collection->add_plugintype_link('portfolio', [], 'privacy:metadata');
return $collection;
}
/**
* Get the list of contexts that contain user information for the specified user.
*
* @param int $userid The user to search.
* @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
*/
public static function get_contexts_for_userid(int $userid) : contextlist {
$sql = "SELECT ctx.id
FROM {context} ctx
JOIN {portfolio_instance_user} piu ON ctx.instanceid = piu.userid AND ctx.contextlevel = :usercontext
WHERE piu.userid = :userid";
$params = ['userid' => $userid, 'usercontext' => CONTEXT_USER];
$contextlist = new contextlist();
$contextlist->add_from_sql($sql, $params);
return $contextlist;
}
/**
* Export all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts to export information for.
*/
public static function export_user_data(approved_contextlist $contextlist) {
global $DB;
if ($contextlist->get_component() != 'core_portfolio') {
return;
}
$correctusercontext = array_filter($contextlist->get_contexts(), function($context) use ($contextlist) {
if ($context->contextlevel == CONTEXT_USER && $context->instanceid == $contextlist->get_user()->id) {
return $context;
}
});
$usercontext = array_shift($correctusercontext);
$sql = "SELECT pi.name, piu.name AS preference, piu.value
FROM {portfolio_instance_user} piu
JOIN {portfolio_instance} pi ON piu.instance = pi.id
WHERE piu.userid = :userid";
$params = ['userid' => $usercontext->instanceid];
$instances = $DB->get_records_sql($sql, $params);
if (!empty($instances)) {
\core_privacy\local\request\writer::with_context($contextlist->current())->export_data(
[get_string('privacy:path', 'portfolio')], (object) $instances);
}
}
/**
* Delete all data for all users in the specified context.
*
* @param context $context The specific context to delete data for.
*/
public static function delete_data_for_all_users_in_context(\context $context) {
global $DB;
// Context could be anything, BEWARE!
if ($context->contextlevel == CONTEXT_USER) {
$DB->delete_records('portfolio_instance_user', ['userid' => $context->instanceid]);
}
}
/**
* Delete all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
*/
public static function delete_data_for_user(approved_contextlist $contextlist) {
global $DB;
if ($contextlist->get_component() != 'core_portfolio') {
return;
}
$correctusercontext = array_filter($contextlist->get_contexts(), function($context) use ($contextlist) {
if ($context->contextlevel == CONTEXT_USER && $context->instanceid == $contextlist->get_user()->id) {
return $context;
}
});
$usercontext = array_shift($correctusercontext);
$DB->delete_records('portfolio_instance_user', ['userid' => $usercontext->instanceid]);
}
/**

101
portfolio/tests/privacy_provider_test.php
View File

@ -32,15 +32,110 @@ defined('MOODLE_INTERNAL') || die();
*/
class portfolio_privacy_provider_test extends \core_privacy\tests\provider_testcase {
protected function create_portfolio_data($plugin, $name, $user, $preference, $value) {
global $DB;
$portfolioinstance = (object) [
'plugin' => $plugin,
'name' => $name,
'visible' => 1
];
$portfolioinstance->id = $DB->insert_record('portfolio_instance', $portfolioinstance);
$userinstance = (object) [
'instance' => $portfolioinstance->id,
'userid' => $user->id,
'name' => $preference,
'value' => $value
];
$DB->insert_record('portfolio_instance_user', $userinstance);
}
/**
* Verify that a collection of metadata is returned for this component and that it just links to the plugintype 'portfolio'.
* Verify that a collection of metadata is returned for this component and that it just returns the righ types for 'portfolio'.
*/
public function test_get_metadata() {
$collection = new \core_privacy\local\metadata\collection('core_portfolio');
$collection = \core_portfolio\privacy\provider::get_metadata($collection);
$this->assertNotEmpty($collection);
$items = $collection->get_collection();
$this->assertEquals(1, count($items));
$this->assertInstanceOf(\core_privacy\local\metadata\types\plugintype_link::class, $items[0]);
$this->assertEquals(2, count($items));
$this->assertInstanceOf(\core_privacy\local\metadata\types\database_table::class, $items[0]);
$this->assertInstanceOf(\core_privacy\local\metadata\types\plugintype_link::class, $items[1]);
}
/**
* Test that the export for a user id returns a user context.
*/
public function test_get_contexts_for_userid() {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
$context = context_user::instance($user->id);
$this->create_portfolio_data('googledocs', 'Google Docs', $user, 'visible', 1);
$contextlist = \core_portfolio\privacy\provider::get_contexts_for_userid($user->id);
$this->assertEquals($context->id, $contextlist->current()->id);
}
/**
* Test that exporting user data works as expected.
*/
public function test_export_user_data() {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
$context = context_user::instance($user->id);
$this->create_portfolio_data('googledocs', 'Google Docs', $user, 'visible', 1);
$contextlist = new \core_privacy\local\request\approved_contextlist($user, 'core_portfolio', [$context->id]);
\core_portfolio\privacy\provider::export_user_data($contextlist);
$writer = \core_privacy\local\request\writer::with_context($context);
$portfoliodata = $writer->get_data([get_string('privacy:path', 'portfolio')]);
$this->assertEquals('Google Docs', $portfoliodata->{'Google Docs'}->name);
}
/**
* Test that deleting only results in the one context being removed.
*/
public function test_delete_data_for_all_users_in_context() {
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$this->create_portfolio_data('googledocs', 'Google Docs', $user1, 'visible', 1);
$this->create_portfolio_data('onedrive', 'Microsoft onedrive', $user2, 'visible', 1);
// Check a system context sent through.
$systemcontext = context_system::instance();
\core_portfolio\privacy\provider::delete_data_for_all_users_in_context($systemcontext);
$records = $DB->get_records('portfolio_instance_user');
$this->assertCount(2, $records);
$context = context_user::instance($user1->id);
\core_portfolio\privacy\provider::delete_data_for_all_users_in_context($context);
$records = $DB->get_records('portfolio_instance_user');
// Only one entry should remain for user 2.
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertEquals($user2->id, $data->userid);
}
/**
* Test that deleting only results in one user's data being removed.
*/
public function test_delete_data_for_user() {
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$this->create_portfolio_data('googledocs', 'Google Docs', $user1, 'visible', 1);
$this->create_portfolio_data('onedrive', 'Microsoft onedrive', $user2, 'visible', 1);
$records = $DB->get_records('portfolio_instance_user');
$this->assertCount(2, $records);
$context = context_user::instance($user1->id);
$contextlist = new \core_privacy\local\request\approved_contextlist($user1, 'core_portfolio', [$context->id]);
\core_portfolio\privacy\provider::delete_data_for_user($contextlist);
$records = $DB->get_records('portfolio_instance_user');
// Only one entry should remain for user 2.
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertEquals($user2->id, $data->userid);
}
}

179
report/stats/classes/privacy/provider.php
View File

@ -26,21 +26,184 @@ namespace report_stats\privacy;
defined('MOODLE_INTERNAL') || die();
use \core_privacy\local\metadata\collection;
use \core_privacy\local\request\contextlist;
use \core_privacy\local\request\approved_contextlist;
/**
* Privacy Subsystem for report_stats implementing null_provider.
* Privacy Subsystem for report_stats implementing provider.
*
* @copyright 2018 Zig Tan <zig@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\null_provider {
class provider implements \core_privacy\local\metadata\provider, \core_privacy\local\request\subsystem\provider{
/**
* Get the language string identifier with the component's language
* file to explain why this plugin stores no data.
* Returns information about the user data stored in this component.
*
* @return string
* @param collection $collection A list of information about this component
* @return collection The collection object filled out with information about this component.
*/
public static function get_reason() : string {
return 'privacy:metadata';
public static function get_metadata(collection $collection) : collection {
$statsuserdaily = [
'courseid' => 'privacy:metadata:courseid',
'userid' => 'privacy:metadata:userid',
'roleid' => 'privacy:metadata:roleid',
'timeend' => 'privacy:metadata:timeend',
'statsreads' => 'privacy:metadata:statsreads',
'statswrites' => 'privacy:metadata:statswrites',
'stattype' => 'privacy:metadata:stattype'
];
$statsuserweekly = [
'courseid' => 'privacy:metadata:courseid',
'userid' => 'privacy:metadata:userid',
'roleid' => 'privacy:metadata:roleid',
'timeend' => 'privacy:metadata:timeend',
'statsreads' => 'privacy:metadata:statsreads',
'statswrites' => 'privacy:metadata:statswrites',
'stattype' => 'privacy:metadata:stattype'
];
$statsusermonthly = [
'courseid' => 'privacy:metadata:courseid',
'userid' => 'privacy:metadata:userid',
'roleid' => 'privacy:metadata:roleid',
'timeend' => 'privacy:metadata:timeend',
'statsreads' => 'privacy:metadata:statsreads',
'statswrites' => 'privacy:metadata:statswrites',
'stattype' => 'privacy:metadata:stattype'
];
$collection->add_database_table('stats_user_daily', $statsuserdaily, 'privacy:metadata:statssummary');
$collection->add_database_table('stats_user_weekly', $statsuserweekly, 'privacy:metadata:statssummary');
$collection->add_database_table('stats_user_monthly', $statsusermonthly, 'privacy:metadata:statssummary');
return $collection;
}
}
/**
* Get the list of contexts that contain user information for the specified user.
*
* @param int $userid The user to search.
* @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
*/
public static function get_contexts_for_userid(int $userid) : contextlist {
$params = ['dailyuser' => $userid, 'weeklyuser' => $userid, 'monthlyuser' => $userid, 'contextcourse' => CONTEXT_COURSE];
$sql = "SELECT ctx.id
FROM {context} ctx
LEFT JOIN {stats_user_daily} sud ON sud.courseid = ctx.instanceid
LEFT JOIN {stats_user_weekly} suw ON suw.courseid = ctx.instanceid
LEFT JOIN {stats_user_monthly} sum ON sum.courseid = ctx.instanceid
WHERE ctx.contextlevel = :contextcourse
AND (sud.userid = :dailyuser OR suw.userid = :weeklyuser OR sum.userid = :monthlyuser)";
$contextlist = new contextlist();
$contextlist->add_from_sql($sql, $params);
return $contextlist;
}
/**
* Export all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts to export information for.
*/
public static function export_user_data(approved_contextlist $contextlist) {
global $DB;
// Some sneeky person might have sent us the wrong context list. We should check.
if ($contextlist->get_component() != 'report_stats') {
return;
}
// Got to check that someone hasn't foolishly added a context between creating the context list and then filtering down
// to an approved context.
$contexts = array_filter($contextlist->get_contexts(), function($context) {
if ($context->contextlevel == CONTEXT_COURSE) {
return $context;
}
});
$tables = [
'stats_user_daily' => get_string('privacy:dailypath', 'report_stats'),
'stats_user_weekly' => get_string('privacy:weeklypath', 'report_stats'),
'stats_user_monthly' => get_string('privacy:monthlypath', 'report_stats')
];
$courseids = array_map(function($context) {
return $context->instanceid;
}, $contexts);
foreach ($tables as $table => $path) {
list($insql, $params) = $DB->get_in_or_equal($courseids, SQL_PARAMS_NAMED);
$sql = "SELECT s.id, c.fullname, s.roleid, s.timeend, s.statsreads, s.statswrites, s.stattype, c.id as courseid
FROM {" . $table . "} s
JOIN {course} c ON s.courseid = c.id
WHERE s.userid = :userid AND c.id $insql
ORDER BY c.id ASC";
$params['userid'] = $contextlist->get_user()->id;
$records = $DB->get_records_sql($sql, $params);
$statsrecords = [];
foreach ($records as $record) {
$context = \context_course::instance($record->courseid);
if (!isset($statsrecords[$record->courseid])) {
$statsrecords[$record->courseid] = new \stdClass();
$statsrecords[$record->courseid]->context = $context;
}
$statsrecords[$record->courseid]->entries[] = [
'course' => format_string($record->fullname, true, ['context' => $context]),
'roleid' => $record->roleid,
'timeend' => \core_privacy\local\request\transform::datetime($record->timeend),
'statsreads' => $record->statsreads,
'statswrites' => $record->statswrites,
'stattype' => $record->stattype
];
}
foreach ($statsrecords as $coursestats) {
\core_privacy\local\request\writer::with_context($coursestats->context)->export_data([$path],
(object) $coursestats->entries);
}
}
}
/**
* Delete all data for all users in the specified context.
*
* @param context $context The specific context to delete data for.
*/
public static function delete_data_for_all_users_in_context(\context $context) {
// Check that this context is a course context.
if ($context->contextlevel == CONTEXT_COURSE) {
static::delete_stats($context->instanceid);
}
}
/**
* Delete all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
*/
public static function delete_data_for_user(approved_contextlist $contextlist) {
if ($contextlist->get_component() != 'report_stats') {
return;
}
foreach ($contextlist->get_contexts() as $context) {
if ($context->contextlevel == CONTEXT_COURSE) {
static::delete_stats($context->instanceid, $contextlist->get_user()->id);
}
}
}
/**
* Deletes stats for a given course.
*
* @param int $courseid The course ID to delete the stats for.
* @param int $userid Optionally a user id to delete records with.
*/
protected static function delete_stats(int $courseid, int $userid = null) {
global $DB;
$params = (isset($userid)) ? ['courseid' => $courseid, 'userid' => $userid] : ['courseid' => $courseid];
$DB->delete_records('stats_user_daily', $params);
$DB->delete_records('stats_user_weekly', $params);
$DB->delete_records('stats_user_monthly', $params);
}
}

12
report/stats/lang/en/report_stats.php
View File

@ -32,3 +32,15 @@ $string['page-report-stats-index'] = 'Course statistics report';
$string['page-report-stats-user'] = 'User course statistics report';
$string['stats:view'] = 'View course statistics report';
$string['privacy:metadata'] = 'The Statistics plugin does not store any personal data.';
$string['privacy:metadata:courseid'] = 'An identifier for a course.';
$string['privacy:metadata:userid'] = 'The user ID linked to this table.';
$string['privacy:metadata:roleid'] = 'The role ID of the user.';
$string['privacy:metadata:timeend'] = 'End time of logs view';
$string['privacy:metadata:statsreads'] = 'Views of content';
$string['privacy:metadata:statswrites'] = 'Content made in the course.';
$string['privacy:metadata:stattype'] = 'The type of stat being recorded';
$string['privacy:metadata:statssummary'] = 'Records basic statistics about user interaction in courses.';
$string['privacy:weeklypath'] = 'Stats weekly';
$string['privacy:dailypath'] = 'Stats daily';
$string['privacy:monthlypath'] = 'Stats monthly';

205
report/stats/tests/privacy_test.php Normal file
View File

@ -0,0 +1,205 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Tests for privacy functions.
*
* @package report_stats
* @copyright 2018 Adrian Greeve <adriangreeve.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
*/
defined('MOODLE_INTERNAL') || die();
/**
* Class report_stats_privacy_testcase
*
* @package report_stats
* @copyright 2018 Adrian Greeve <adriangreeve.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later.
*/
class report_stats_privacy_testcase extends advanced_testcase {
/**
* Convenience function to create stats.
*
* @param int $courseid Course ID for this record.
* @param int $userid User ID for this record.
* @param string $table Stat table to insert into.
*/
protected function create_stats($courseid, $userid, $table) {
global $DB;
$data = (object) [
'courseid' => $courseid,
'userid' => $userid,
'roleid' => 0,
'timeend' => time(),
'statsreads' => rand(1, 50),
'statswrites' => rand(1, 50),
'stattype' => 'activity'
];
$DB->insert_record($table, $data);
}
/**
* Get all of the contexts related to a user and stat tables.
*/
public function test_get_contexts_for_userid() {
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$user3 = $this->getDataGenerator()->create_user();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$course3 = $this->getDataGenerator()->create_course();
$context1 = context_course::instance($course1->id);
$context2 = context_course::instance($course2->id);
$context3 = context_course::instance($course3->id);
$this->create_stats($course1->id, $user1->id, 'stats_user_daily');
$this->create_stats($course2->id, $user1->id, 'stats_user_monthly');
$this->create_stats($course1->id, $user2->id, 'stats_user_weekly');
$contextlist = \report_stats\privacy\provider::get_contexts_for_userid($user1->id);
$this->assertCount(2, $contextlist->get_contextids());
foreach ($contextlist->get_contexts() as $context) {
$this->assertEquals(CONTEXT_COURSE, $context->contextlevel);
$this->assertNotEquals($context3, $context);
}
$contextlist = \report_stats\privacy\provider::get_contexts_for_userid($user2->id);
$this->assertCount(1, $contextlist->get_contextids());
$this->assertEquals($context1, $contextlist->current());
}
/**
* Test that stat data is exported as required.
*/
public function test_export_user_data() {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$context1 = context_course::instance($course1->id);
$context2 = context_course::instance($course2->id);
$this->create_stats($course1->id, $user->id, 'stats_user_daily');
$this->create_stats($course1->id, $user->id, 'stats_user_daily');
$this->create_stats($course2->id, $user->id, 'stats_user_weekly');
$this->create_stats($course2->id, $user->id, 'stats_user_monthly');
$this->create_stats($course1->id, $user->id, 'stats_user_monthly');
$approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'report_stats', [$context1->id, $context2->id]);
\report_stats\privacy\provider::export_user_data($approvedlist);
$writer = \core_privacy\local\request\writer::with_context($context1);
$dailystats = (array) $writer->get_data([get_string('privacy:dailypath', 'report_stats')]);
$this->assertCount(2, $dailystats);
$monthlystats = (array) $writer->get_data([get_string('privacy:monthlypath', 'report_stats')]);
$this->assertCount(1, $monthlystats);
$data = array_shift($monthlystats);
$this->assertEquals($course1->fullname, $data['course']);
$writer = \core_privacy\local\request\writer::with_context($context2);
$monthlystats = (array) $writer->get_data([get_string('privacy:monthlypath', 'report_stats')]);
$this->assertCount(1, $monthlystats);
$data = array_shift($monthlystats);
$this->assertEquals($course2->fullname, $data['course']);
$weeklystats = (array) $writer->get_data([get_string('privacy:weeklypath', 'report_stats')]);
$this->assertCount(1, $weeklystats);
$data = array_shift($weeklystats);
$this->assertEquals($course2->fullname, $data['course']);
}
/**
* Test that stat data is deleted for a whole context.
*/
public function test_delete_data_for_all_users_in_context() {
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$context1 = context_course::instance($course1->id);
$context2 = context_course::instance($course2->id);
$this->create_stats($course1->id, $user1->id, 'stats_user_daily');
$this->create_stats($course1->id, $user1->id, 'stats_user_daily');
$this->create_stats($course1->id, $user1->id, 'stats_user_monthly');
$this->create_stats($course1->id, $user2->id, 'stats_user_weekly');
$this->create_stats($course2->id, $user2->id, 'stats_user_daily');
$this->create_stats($course2->id, $user2->id, 'stats_user_weekly');
$this->create_stats($course2->id, $user2->id, 'stats_user_monthly');
$dailyrecords = $DB->get_records('stats_user_daily');
$this->assertCount(3, $dailyrecords);
$weeklyrecords = $DB->get_records('stats_user_weekly');
$this->assertCount(2, $weeklyrecords);
$monthlyrecords = $DB->get_records('stats_user_monthly');
$this->assertCount(2, $monthlyrecords);
// Delete all user data for course 1.
\report_stats\privacy\provider::delete_data_for_all_users_in_context($context1);
$dailyrecords = $DB->get_records('stats_user_daily');
$this->assertCount(1, $dailyrecords);
$weeklyrecords = $DB->get_records('stats_user_weekly');
$this->assertCount(1, $weeklyrecords);
$monthlyrecords = $DB->get_records('stats_user_monthly');
$this->assertCount(1, $monthlyrecords);
}
/**
* Test that stats are deleted for one user.
*/
public function test_delete_data_for_user() {
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$context1 = context_course::instance($course1->id);
$context2 = context_course::instance($course2->id);
$this->create_stats($course1->id, $user1->id, 'stats_user_daily');
$this->create_stats($course1->id, $user1->id, 'stats_user_daily');
$this->create_stats($course1->id, $user1->id, 'stats_user_monthly');
$this->create_stats($course1->id, $user2->id, 'stats_user_weekly');
$this->create_stats($course2->id, $user2->id, 'stats_user_daily');
$this->create_stats($course2->id, $user2->id, 'stats_user_weekly');
$this->create_stats($course2->id, $user2->id, 'stats_user_monthly');
$dailyrecords = $DB->get_records('stats_user_daily');
$this->assertCount(3, $dailyrecords);
$weeklyrecords = $DB->get_records('stats_user_weekly');
$this->assertCount(2, $weeklyrecords);
$monthlyrecords = $DB->get_records('stats_user_monthly');
$this->assertCount(2, $monthlyrecords);
// Delete all user data for course 1.
$approvedlist = new \core_privacy\local\request\approved_contextlist($user1, 'report_stats', [$context1->id]);
\report_stats\privacy\provider::delete_data_for_user($approvedlist);
$dailyrecords = $DB->get_records('stats_user_daily');
$this->assertCount(1, $dailyrecords);
$weeklyrecords = $DB->get_records('stats_user_weekly');
$this->assertCount(2, $weeklyrecords);
$monthlyrecords = $DB->get_records('stats_user_monthly');
$this->assertCount(1, $monthlyrecords);
}
}

505
user/classes/privacy/provider.php Normal file
View File

@ -0,0 +1,505 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy class for requesting user data.
*
* @package core_user
* @copyright 2018 Adrian Greeve <adrian@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core_user\privacy;
defined('MOODLE_INTERNAL') || die();
use \core_privacy\local\metadata\collection;
use \core_privacy\local\request\transform;
use \core_privacy\local\request\contextlist;
use \core_privacy\local\request\approved_contextlist;
use \core_privacy\local\request\writer;
/**
* Privacy class for requesting user data.
*
* @package core_comment
* @copyright 2018 Adrian Greeve <adrian@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\provider, \core_privacy\local\request\subsystem\provider {
/**
* Returns information about the user data stored in this component.
*
* @param collection $collection A list of information about this component
* @return collection The collection object filled out with information about this component.
*/
public static function get_metadata(collection $collection) : collection {
$userfields = [
'id' => 'privacy:metadata:id',
'auth' => 'privacy:metadata:auth',
'confirmed' => 'privacy:metadata:confirmed',
'policyagreed' => 'privacy:metadata:policyagreed',
'deleted' => 'privacy:metadata:deleted',
'suspended' => 'privacy:metadata:suspended',
'mnethostid' => 'privacy:metadata:mnethostid',
'username' => 'privacy:metadata:username',
'password' => 'privacy:metadata:password',
'idnumber' => 'privacy:metadata:idnumber',
'firstname' => 'privacy:metadata:firstname',
'lastname' => 'privacy:metadata:lastname',
'email' => 'privacy:metadata:email',
'emailstop' => 'privacy:metadata:emailstop',
'icq' => 'privacy:metadata:icq',
'skype' => 'privacy:metadata:skype',
'yahoo' => 'privacy:metadata:yahoo',
'aim' => 'privacy:metadata:aim',
'msn' => 'privacy:metadata:msn',
'phone1' => 'privacy:metadata:phone',
'phone2' => 'privacy:metadata:phone',
'institution' => 'privacy:metadata:institution',
'department' => 'privacy:metadata:department',
'address' => 'privacy:metadata:address',
'city' => 'privacy:metadata:city',
'country' => 'privacy:metadata:country',
'lang' => 'privacy:metadata:lang',
'calendartype' => 'privacy:metadata:calendartype',
'theme' => 'privacy:metadata:theme',
'timezone' => 'privacy:metadata:timezone',
'firstaccess' => 'privacy:metadata:firstaccess',
'lastaccess' => 'privacy:metadata:lastaccess',
'lastlogin' => 'privacy:metadata:lastlogin',
'currentlogin' => 'privacy:metadata:currentlogin',
'lastip' => 'privacy:metadata:lastip',
'secret' => 'privacy:metadata:secret',
'picture' => 'privacy:metadata:picture',
'url' => 'privacy:metadata:url',
'description' => 'privacy:metadata:description',
'maildigest' => 'privacy:metadata:maildigest',
'maildisplay' => 'privacy:metadata:maildisplay',
'autosubscribe' => 'privacy:metadata:autosubscribe',
'trackforums' => 'privacy:metadata:trackforums',
'timecreated' => 'privacy:metadata:timecreated',
'timemodified' => 'privacy:metadata:timemodified',
'trustbitmask' => 'privacy:metadata:trustbitmask',
'imagealt' => 'privacy:metadata:imagealt',
'lastnamephonetic' => 'privacy:metadata:lastnamephonetic',
'firstnamephonetic' => 'privacy:metadata:firstnamephonetic',
'middlename' => 'privacy:metadata:middlename',
'alternatename' => 'privacy:metadata:alternatename'
];
$passwordhistory = [
'userid' => 'privacy:metadata:userid',
'hash' => 'privacy:metadata:hash',
'timecreated' => 'privacy:metadata:timecreated'
];
$lastaccess = [
'userid' => 'privacy:metadata:userid',
'courseid' => 'privacy:metadata:courseid',
'timeaccess' => 'privacy:metadata:timeaccess'
];
$userpasswordresets = [
'userid' => 'privacy:metadata:userid',
'timerequested' => 'privacy:metadata:timerequested',
'timererequested' => 'privacy:metadata:timererequested',
'token' => 'privacy:metadata:token'
];
$userdevices = [
'userid' => 'privacy:metadata:userid',
'appid' => 'privacy:metadata:appid',
'name' => 'privacy:metadata:devicename',
'model' => 'privacy:metadata:model',
'platform' => 'privacy:metadata:platform',
'version' => 'privacy:metadata:version',
'pushid' => 'privacy:metadata:pushid',
'uuid' => 'privacy:metadata:uuid',
'timecreated' => 'privacy:metadata:timecreated',
'timemodified' => 'privacy:metadata:timemodified'
];
$usersessions = [
'state' => 'privacy:metadata:state',
'sid' => 'privacy:metadata:sid',
'userid' => 'privacy:metadata:userid',
'sessdata' => 'privacy:metadata:sessdata',
'timecreated' => 'privacy:metadata:timecreated',
'timemodified' => 'privacy:metadata:timemodified',
'firstip' => 'privacy:metadata:firstip',
'lastip' => 'privacy:metadata:lastip'
];
$courserequest = [
'fullname' => 'privacy:metadata:fullname',
'shortname' => 'privacy:metadata:shortname',
'summary' => 'privacy:metadata:summary',
'category' => 'privacy:metadata:category',
'reason' => 'privacy:metadata:reason',
'requester' => 'privacy:metadata:requester'
];
$collection->add_database_table('user', $userfields, 'privacy:metadata:usertablesummary');
$collection->add_database_table('user_password_history', $passwordhistory, 'privacy:metadata:passwordtablesummary');
$collection->add_database_table('user_password_resets', $userpasswordresets, 'privacy:metadata:passwordresettablesummary');
$collection->add_database_table('user_lastaccess', $lastaccess, 'privacy:metadata:lastaccesstablesummary');
$collection->add_database_table('user_devices', $userdevices, 'privacy:metadata:devicetablesummary');
$collection->add_database_table('course_request', $courserequest, 'privacy:metadata:requestsummary');
$collection->add_database_table('sessions', $usersessions, 'privacy:metadata:sessiontablesummary');
$collection->add_subsystem_link('core_files', [], 'privacy:metadata:filelink');
return $collection;
}
/**
* Get the list of contexts that contain user information for the specified user.
*
* @param int $userid The user to search.
* @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
*/
public static function get_contexts_for_userid(int $userid) : contextlist {
$params = ['userid' => $userid, 'contextuser' => CONTEXT_USER];
$sql = "SELECT id
FROM {context}
WHERE instanceid = :userid and contextlevel = :contextuser";
$contextlist = new contextlist();
$contextlist->add_from_sql($sql, $params);
return $contextlist;
}
/**
* Export all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts to export information for.
*/
public static function export_user_data(approved_contextlist $contextlist) {
$context = $contextlist->current();
$user = \core_user::get_user($contextlist->get_user()->id);
static::export_user($user, $context);
static::export_password_history($user->id, $context);
static::export_password_resets($user->id, $context);
static::export_lastaccess($user->id, $context);
static::export_course_requests($user->id, $context);
static::export_user_devices($user->id, $context);
static::export_user_session_data($user->id, $context);
}
/**
* Delete all data for all users in the specified context.
*
* @param context $context The specific context to delete data for.
*/
public static function delete_data_for_all_users_in_context(\context $context) {
// Only delete data for a user context.
if ($context->contextlevel == CONTEXT_USER) {
static::delete_user_data($context->instanceid, $context);
}
}
/**
* Delete all user data for the specified user, in the specified contexts.
*
* @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
*/
public static function delete_data_for_user(approved_contextlist $contextlist) {
foreach ($contextlist as $context) {
// Let's be super certain that we have the right information for this user here.
if ($context->contextlevel == CONTEXT_USER && $contextlist->get_user()->id == $context->instanceid) {
static::delete_user_data($contextlist->get_user()->id, $contextlist->current());
}
}
}
/**
* Deletes non vital information about a user.
*
* @param int $userid The user ID to delete
* @param \context $context The user context
*/
protected static function delete_user_data(int $userid, \context $context) {
global $DB;
// Delete password history.
$DB->delete_records('user_password_history', ['userid' => $userid]);
// Delete last access.
$DB->delete_records('user_lastaccess', ['userid' => $userid]);
// Delete password resets.
$DB->delete_records('user_password_resets', ['userid' => $userid]);
// Delete user devices.
$DB->delete_records('user_devices', ['userid' => $userid]);
// Delete user course requests.
$DB->delete_records('course_request', ['requester' => $userid]);
// Delete sessions.
$DB->delete_records('sessions', ['userid' => $userid]);
// Do I delete user preferences? Seems like the right place to do it.
$DB->delete_records('user_preferences', ['userid' => $userid]);
// Delete all of the files for this user.
$fs = get_file_storage();
$fs->delete_area_files($context->id, 'user');
// For the user record itself we only want to remove unnecessary data. We still need the core data to keep as a record
// that we actually did follow the request to be forgotten.
$user = \core_user::get_user($userid);
// Update fields we wish to change to nothing.
$user->deleted = 1;
$user->idnumber = '';
$user->emailstop = 0;
$user->icq = '';
$user->skype = '';
$user->yahoo = '';
$user->aim = '';
$user->msn = '';
$user->phone1 = '';
$user->phone2 = '';
$user->institution = '';
$user->department = '';
$user->address = '';
$user->city = '';
$user->country = '';
$user->lang = '';
$user->calendartype = '';
$user->theme = '';
$user->timezone = '';
$user->firstaccess = 0;
$user->lastaccess = 0;
$user->lastlogin = 0;
$user->currentlogin = 0;
$user->lastip = 0;
$user->secret = '';
$user->picture = '';
$user->url = '';
$user->description = '';
$user->descriptionformat = 0;
$user->mailformat = 0;
$user->maildigest = 0;
$user->maildisplay = 0;
$user->autosubscribe = 0;
$user->trackforums = 0;
$user->timecreated = 0;
$user->timemodified = 0;
$user->trustbitmask = 0;
$user->imagealt = '';
$user->lastnamephonetic = '';
$user->firstnamephonetic = '';
$user->middlename = '';
$user->alternatename = '';
$DB->update_record('user', $user);
}
/**
* Export core user data.
*
* @param \stdClass $user The user object.
* @param \context $context The user context.
*/
protected static function export_user(\stdClass $user, \context $context) {
$data = (object) [
'auth' => $user->auth,
'confirmed' => transform::yesno($user->confirmed),
'policyagreed' => transform::yesno($user->policyagreed),
'deleted' => transform::yesno($user->deleted),
'suspended' => transform::yesno($user->suspended),
'username' => $user->username,
'idnumber' => $user->idnumber,
'firstname' => format_string($user->firstname, true, ['context' => $context]),
'lastname' => format_string($user->lastname, true, ['context' => $context]),
'email' => $user->email,
'emailstop' => transform::yesno($user->emailstop),
'icq' => format_string($user->icq, true, ['context' => $context]),
'skype' => format_string($user->skype, true, ['context' => $context]),
'yahoo' => format_string($user->yahoo, true, ['context' => $context]),
'aim' => format_string($user->aim, true, ['context' => $context]),
'msn' => format_string($user->msn, true, ['context' => $context]),
'phone1' => format_string($user->phone1, true, ['context' => $context]),
'phone2' => format_string($user->phone2, true, ['context' => $context]),
'institution' => format_string($user->institution, true, ['context' => $context]),
'department' => format_string($user->department, true, ['context' => $context]),
'address' => format_string($user->address, true, ['context' => $context]),
'city' => format_string($user->city, true, ['context' => $context]),
'country' => format_string($user->country, true, ['context' => $context]),
'lang' => $user->lang,
'calendartype' => $user->calendartype,
'theme' => $user->theme,
'timezone' => $user->timezone,
'firstaccess' => transform::datetime($user->firstaccess),
'lastaccess' => transform::datetime($user->lastaccess),
'lastlogin' => transform::datetime($user->lastlogin),
'currentlogin' => $user->currentlogin,
'lastip' => $user->lastip,
'secret' => $user->secret,
'picture' => $user->picture,
'url' => $user->url,
'description' => format_text($user->description, $user->descriptionformat, ['context' => $context]),
'maildigest' => transform::yesno($user->maildigest),
'maildisplay' => $user->maildisplay,
'autosubscribe' => transform::yesno($user->autosubscribe),
'trackforums' => transform::yesno($user->trackforums),
'timecreated' => transform::datetime($user->timecreated),
'timemodified' => transform::datetime($user->timemodified),
'imagealt' => format_string($user->imagealt, true, ['context' => $context]),
'lastnamephonetic' => format_string($user->lastnamephonetic, true, ['context' => $context]),
'firstnamephonetic' => format_string($user->firstnamephonetic, true, ['context' => $context]),
'middlename' => format_string($user->middlename, true, ['context' => $context]),
'alternatename' => format_string($user->alternatename, true, ['context' => $context])
];
if (isset($data->description)) {
$data->description = writer::with_context($context)->rewrite_pluginfile_urls(
[get_string('privacy:descriptionpath', 'user')], 'user', 'profile', '', $data->description);
}
writer::with_context($context)->export_area_files([], 'user', 'profile', 0)
->export_data([], $data);
// Export profile images.
writer::with_context($context)->export_area_files([get_string('privacy:profileimagespath', 'user')], 'user', 'icon', 0);
// Export private files.
writer::with_context($context)->export_area_files([get_string('privacy:privatefilespath', 'user')], 'user', 'private', 0);
// Export draft files.
writer::with_context($context)->export_area_files([get_string('privacy:draftfilespath', 'user')], 'user', 'draft', false);
}
/**
* Export information about the last time a user accessed a course.
*
* @param int $userid The user ID.
* @param \context $context The user context.
*/
protected static function export_lastaccess(int $userid, \context $context) {
global $DB;
$sql = "SELECT c.id, c.fullname, ul.timeaccess
FROM {user_lastaccess} ul
JOIN {course} c ON c.id = ul.courseid
WHERE ul.userid = :userid";
$params = ['userid' => $userid];
$records = $DB->get_records_sql($sql, $params);
if (!empty($records)) {
$lastaccess = (object) array_map(function($record) use ($context) {
return [
'course_name' => format_string($record->fullname, true, ['context' => $context]),
'timeaccess' => transform::datetime($record->timeaccess)
];
}, $records);
writer::with_context($context)->export_data([get_string('privacy:lastaccesspath', 'user')], $lastaccess);
}
}
/**
* Exports information about password resets.
*
* @param int $userid The user ID
* @param \context $context Context for this user.
*/
protected static function export_password_resets(int $userid, \context $context) {
global $DB;
$records = $DB->get_records('user_password_resets', ['userid' => $userid]);
if (!empty($records)) {
$passwordresets = (object) array_map(function($record) {
return [
'timerequested' => transform::datetime($record->timerequested),
'timererequested' => transform::datetime($record->timererequested)
];
}, $records);
writer::with_context($context)->export_data([get_string('privacy:passwordresetpath', 'user')], $passwordresets);
}
}
/**
* Exports information about the user's mobile devices.
*
* @param int $userid The user ID.
* @param \context $context Context for this user.
*/
protected static function export_user_devices(int $userid, \context $context) {
global $DB;
$records = $DB->get_records('user_devices', ['userid' => $userid]);
if (!empty($records)) {
$userdevices = (object) array_map(function($record) {
return [
'appid' => $record->appid,
'name' => $record->name,
'model' => $record->model,
'platform' => $record->platform,
'version' => $record->version,
'timecreated' => transform::datetime($record->timecreated),
'timemodified' => transform::datetime($record->timemodified)
];
}, $records);
writer::with_context($context)->export_data([get_string('privacy:devicespath', 'user')], $userdevices);
}
}
/**
* Exports information about course requests this user made.
*
* @param int $userid The user ID.
* @param \context $context The context object
*/
protected static function export_course_requests(int $userid, \context $context) {
global $DB;
$sql = "SELECT cr.shortname, cr.fullname, cr.summary, cc.name AS category, cr.reason
FROM {course_request} cr
JOIN {course_categories} cc ON cr.category = cc.id
WHERE cr.requester = :userid";
$params = ['userid' => $userid];
$records = $DB->get_records_sql($sql, $params);
if ($records) {
writer::with_context($context)->export_data([get_string('privacy:courserequestpath', 'user')], (object) $records);
}
}
/**
* Get details about the user's password history.
*
* @param int $userid The user ID that we are getting the password history for.
* @param \context $context the user context.
*/
protected static function export_password_history(int $userid, \context $context) {
global $DB;
// Just provide a count of how many entries we have.
$recordcount = $DB->count_records('user_password_history', ['userid' => $userid]);
if ($recordcount) {
$passwordhistory = (object) ['password_history_count' => $recordcount];
writer::with_context($context)->export_data([get_string('privacy:passwordhistorypath', 'user')], $passwordhistory);
}
}
/**
* Exports information about the user's session.
*
* @param int $userid The user ID.
* @param \context $context The context for this user.
*/
protected static function export_user_session_data(int $userid, \context $context) {
global $DB, $SESSION;
$records = $DB->get_records('sessions', ['userid' => $userid]);
if (!empty($records)) {
$sessiondata = (object) array_map(function($record) {
return [
'state' => $record->state,
'sessdata' => base64_decode($record->sessdata),
'timecreated' => transform::datetime($record->timecreated),
'timemodified' => transform::datetime($record->timemodified),
'firstip' => $record->firstip,
'lastip' => $record->lastip
];
}, $records);
writer::with_context($context)->export_data([get_string('privacy:sessionpath', 'user')], $sessiondata);
}
}
}

373
user/tests/privacy_test.php Normal file
View File

@ -0,0 +1,373 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy tests for core_user.
*
* @package core_user
* @category test
* @copyright 2018 Adrian Greeve <adrian@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
global $CFG;
use \core_privacy\tests\provider_testcase;
require_once($CFG->dirroot . "/user/lib.php");
/**
* Unit tests for core_user.
*
* @copyright 2018 Adrian Greeve <adrian@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class core_user_privacy_testcase extends provider_testcase {
/**
* Check that context information is returned correctly.
*/
public function test_get_contexts_for_userid() {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
// Create some other users as well.
$user2 = $this->getDataGenerator()->create_user();
$user3 = $this->getDataGenerator()->create_user();
$context = context_user::instance($user->id);
$contextlist = \core_user\privacy\provider::get_contexts_for_userid($user->id);
$this->assertSame($context, $contextlist->current());
}
/**
* Test that data is exported as expected for a user.
*/
public function test_export_user_data() {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
$course = $this->getDataGenerator()->create_course();
$context = \context_user::instance($user->id);
$this->create_data_for_user($user, $course);
$approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', [$context->id]);
$writer = \core_privacy\local\request\writer::with_context($context);
\core_user\privacy\provider::export_user_data($approvedlist);
// Make sure that the password history only returns a count.
$history = $writer->get_data([get_string('privacy:passwordhistorypath', 'user')]);
$objectcount = new ArrayObject($history);
// This object should only have one property.
$this->assertCount(1, $objectcount);
$this->assertEquals(1, $history->password_history_count);
// Password resets should have two fields - timerequested and timererequested.
$resetarray = (array) $writer->get_data([get_string('privacy:passwordresetpath', 'user')]);
$detail = array_shift($resetarray);
$this->assertTrue(array_key_exists('timerequested', $detail));
$this->assertTrue(array_key_exists('timererequested', $detail));
// Last access to course.
$lastcourseaccess = (array) $writer->get_data([get_string('privacy:lastaccesspath', 'user')]);
$entry = array_shift($lastcourseaccess);
$this->assertEquals($course->fullname, $entry['course_name']);
$this->assertTrue(array_key_exists('timeaccess', $entry));
// User devices.
$userdevices = (array) $writer->get_data([get_string('privacy:devicespath', 'user')]);
$entry = array_shift($userdevices);
$this->assertEquals('com.moodle.moodlemobile', $entry['appid']);
// Make sure these fields are not exported.
$this->assertFalse(array_key_exists('pushid', $entry));
$this->assertFalse(array_key_exists('uuid', $entry));
// Session data.
$sessiondata = (array) $writer->get_data([get_string('privacy:sessionpath', 'user')]);
$entry = array_shift($sessiondata);
// Make sure that the sid is not exported.
$this->assertFalse(array_key_exists('sid', $entry));
// Check that some of the other fields are present.
$this->assertTrue(array_key_exists('state', $entry));
$this->assertTrue(array_key_exists('sessdata', $entry));
$this->assertTrue(array_key_exists('timecreated', $entry));
// Course requests
$courserequestdata = (array) $writer->get_data([get_string('privacy:courserequestpath', 'user')]);
$entry = array_shift($courserequestdata);
// Make sure that the password is not exported.
$this->assertFalse(array_key_exists('password', $entry));
// Check that some of the other fields are present.
$this->assertTrue(array_key_exists('fullname', $entry));
$this->assertTrue(array_key_exists('shortname', $entry));
$this->assertTrue(array_key_exists('summary', $entry));
// User details.
$userdata = (array) $writer->get_data([]);
// Check that the password is not exported.
$this->assertFalse(array_key_exists('password', $userdata));
// Check that some critical fields exist.
$this->assertTrue(array_key_exists('firstname', $userdata));
$this->assertTrue(array_key_exists('lastname', $userdata));
$this->assertTrue(array_key_exists('email', $userdata));
}
/**
* Test that user data is deleted for one user.
*/
public function test_delete_data_for_all_users_in_context() {
global $DB;
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user([
'idnumber' => 'A0023',
'emailstop' => 1,
'icq' => 'aksdjf98',
'phone1' => '555 3257',
'institution' => 'test',
'department' => 'Science',
'city' => 'Perth',
'country' => 'au'
]);
$user2 = $this->getDataGenerator()->create_user();
$course = $this->getDataGenerator()->create_course();
$this->create_data_for_user($user, $course);
$this->create_data_for_user($user2, $course);
\core_user\privacy\provider::delete_data_for_all_users_in_context(context_user::instance($user->id));
// These tables should not have any user data for $user. Only for $user2.
$records = $DB->get_records('user_password_history');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_password_resets');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_lastaccess');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_devices');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
// Now check that there is still a record for the deleted user, but that non-critical information is removed.
$record = $DB->get_record('user', ['id' => $user->id]);
$this->assertEmpty($record->idnumber);
$this->assertEmpty($record->emailstop);
$this->assertEmpty($record->icq);
$this->assertEmpty($record->phone1);
$this->assertEmpty($record->institution);
$this->assertEmpty($record->department);
$this->assertEmpty($record->city);
$this->assertEmpty($record->country);
$this->assertEmpty($record->timezone);
$this->assertEmpty($record->timecreated);
$this->assertEmpty($record->timemodified);
$this->assertEmpty($record->firstnamephonetic);
// Check for critical fields.
// Deleted should now be 1.
$this->assertEquals(1, $record->deleted);
$this->assertEquals($user->id, $record->id);
$this->assertEquals($user->username, $record->username);
$this->assertEquals($user->password, $record->password);
$this->assertEquals($user->firstname, $record->firstname);
$this->assertEquals($user->lastname, $record->lastname);
$this->assertEquals($user->email, $record->email);
}
/**
* Test that user data is deleted for one user.
*/
public function test_delete_data_for_user() {
global $DB;
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user([
'idnumber' => 'A0023',
'emailstop' => 1,
'icq' => 'aksdjf98',
'phone1' => '555 3257',
'institution' => 'test',
'department' => 'Science',
'city' => 'Perth',
'country' => 'au'
]);
$user2 = $this->getDataGenerator()->create_user();
$course = $this->getDataGenerator()->create_course();
$this->create_data_for_user($user, $course);
$this->create_data_for_user($user2, $course);
// Provide multiple different context to check that only the correct user is deleted.
$contexts = [context_user::instance($user->id)->id, context_user::instance($user2->id)->id, context_system::instance()->id];
$approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', $contexts);
\core_user\privacy\provider::delete_data_for_user($approvedlist);
// These tables should not have any user data for $user. Only for $user2.
$records = $DB->get_records('user_password_history');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_password_resets');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_lastaccess');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
$records = $DB->get_records('user_devices');
$this->assertCount(1, $records);
$data = array_shift($records);
$this->assertNotEquals($user->id, $data->userid);
$this->assertEquals($user2->id, $data->userid);
// Now check that there is still a record for the deleted user, but that non-critical information is removed.
$record = $DB->get_record('user', ['id' => $user->id]);
$this->assertEmpty($record->idnumber);
$this->assertEmpty($record->emailstop);
$this->assertEmpty($record->icq);
$this->assertEmpty($record->phone1);
$this->assertEmpty($record->institution);
$this->assertEmpty($record->department);
$this->assertEmpty($record->city);
$this->assertEmpty($record->country);
$this->assertEmpty($record->timezone);
$this->assertEmpty($record->timecreated);
$this->assertEmpty($record->timemodified);
$this->assertEmpty($record->firstnamephonetic);
// Check for critical fields.
// Deleted should now be 1.
$this->assertEquals(1, $record->deleted);
$this->assertEquals($user->id, $record->id);
$this->assertEquals($user->username, $record->username);
$this->assertEquals($user->password, $record->password);
$this->assertEquals($user->firstname, $record->firstname);
$this->assertEquals($user->lastname, $record->lastname);
$this->assertEquals($user->email, $record->email);
}
/**
* Create user data for a user.
*
* @param stdClass $user A user object.
* @param stdClass $course A course.
*/
protected function create_data_for_user($user, $course) {
global $DB;
$this->resetAfterTest();
// Last course access.
$lastaccess = (object) [
'userid' => $user->id,
'courseid' => $course->id,
'timeaccess' => time() - DAYSECS
];
$DB->insert_record('user_lastaccess', $lastaccess);
// Password history.
$history = (object) [
'userid' => $user->id,
'hash' => 'HID098djJUU',
'timecreated' => time()
];
$DB->insert_record('user_password_history', $history);
// Password resets.
$passwordreset = (object) [
'userid' => $user->id,
'timerequested' => time(),
'timererequested' => time(),
'token' => $this->generate_random_string()
];
$DB->insert_record('user_password_resets', $passwordreset);
// User mobile devices.
$userdevices = (object) [
'userid' => $user->id,
'appid' => 'com.moodle.moodlemobile',
'name' => 'occam',
'model' => 'Nexus 4',
'platform' => 'Android',
'version' => '4.2.2',
'pushid' => 'kishUhd',
'uuid' => 'KIhud7s',
'timecreated' => time(),
'timemodified' => time()
];
$DB->insert_record('user_devices', $userdevices);
// Course request.
$courserequest = (object) [
'fullname' => 'Test Course',
'shortname' => 'TC',
'summary' => 'Summary of course',
'summaryformat' => 1,
'category' => 1,
'reason' => 'Because it would be nice.',
'requester' => $user->id,
'password' => ''
];
$DB->insert_record('course_request', $courserequest);
// User session table data.
$usersessions = (object) [
'state' => 0,
'sid' => $this->generate_random_string(), // Needs a unique id.
'userid' => $user->id,
'sessdata' => 'Nothing',
'timecreated' => time(),
'timemodified' => time(),
'firstip' => '0.0.0.0',
'lastip' => '0.0.0.0'
];
$DB->insert_record('sessions', $usersessions);
}
/**
* Create a random string.
*
* @param integer $length length of the string to generate.
* @return string A random string.
*/
protected function generate_random_string($length = 6) {
$response = '';
$source = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
if ($length > 0) {
$response = '';
$source = str_split($source, 1);
for ($i = 1; $i <= $length; $i++) {
$num = mt_rand(1, count($source));
$response .= $source[$num - 1];
}
}
return $response;
}
}