From c49f309204d2aa20342c9deb617915083dbab5cc Mon Sep 17 00:00:00 2001 From: Adrian Greeve Date: Sun, 1 Apr 2018 12:06:27 +0800 Subject: [PATCH 1/3] MDL-61814 core_user: Implement privacy system for user. --- lang/en/user.php | 119 +++++++ user/classes/privacy/provider.php | 505 ++++++++++++++++++++++++++++++ user/tests/privacy_test.php | 373 ++++++++++++++++++++++ 3 files changed, 997 insertions(+) create mode 100644 lang/en/user.php create mode 100644 user/classes/privacy/provider.php create mode 100644 user/tests/privacy_test.php diff --git a/lang/en/user.php b/lang/en/user.php new file mode 100644 index 00000000000..8a4d933a1ff --- /dev/null +++ b/lang/en/user.php @@ -0,0 +1,119 @@ +. + +/** + * Strings for component 'user', language 'en', branch 'MOODLE_20_STABLE' + * + * @package core_user + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +$string['privacy:courserequestpath'] = 'Requested courses'; +$string['privacy:descriptionpath'] = 'Profile description'; +$string['privacy:devicespath'] = 'User devices'; +$string['privacy:draftfilespath'] = 'Draft files'; +$string['privacy:lastaccesspath'] = 'Last access to courses'; +$string['privacy:metadata:address'] = 'The address of the user.'; +$string['privacy:metadata:aim'] = 'The AIM identifier of the user.'; +$string['privacy:metadata:alternatename'] = 'An alternative name for the user.'; +$string['privacy:metadata:appid'] = 'The app id, usually something like com.moodle.moodlemobile'; +$string['privacy:metadata:auth'] = 'The authentication plugin used for this user record.'; +$string['privacy:metadata:autosubscribe'] = 'A preference as to if the user should be auto-subscribed to forums the user posts in.'; +$string['privacy:metadata:calendartype'] = 'A user preference for the type of calendar to use.'; +$string['privacy:metadata:category'] = 'The category identifier.'; +$string['privacy:metadata:city'] = 'The city of the user.'; +$string['privacy:metadata:confirmed'] = 'If this is an active user or not.'; +$string['privacy:metadata:country'] = 'The country that the user is in.'; +$string['privacy:metadata:courseid'] = 'An identifier for a course.'; +$string['privacy:metadata:currentlogin'] = 'The current login for this user.'; +$string['privacy:metadata:data'] = 'Data relating to the custom user field from the user.'; +$string['privacy:metadata:deleted'] = 'A flag to show if the user has been deleted or not.'; +$string['privacy:metadata:department'] = 'The department that this user can be found in.'; +$string['privacy:metadata:description'] = 'General details about this user.'; +$string['privacy:metadata:devicename'] = 'The device name, occam or iPhone etc..'; +$string['privacy:metadata:devicetablesummary'] = 'This table stores user\'s mobile devices information in order to send PUSH notifications'; +$string['privacy:metadata:email'] = 'An email address for contact.'; +$string['privacy:metadata:emailstop'] = 'A preference to stop email being sent to the user.'; +$string['privacy:metadata:fieldid'] = 'The ID relating to the custom user field.'; +$string['privacy:metadata:filelink'] = 'There are multiple different files for the user stored in the files table.'; +$string['privacy:metadata:firstaccess'] = 'The time that this user first accessed the site.'; +$string['privacy:metadata:firstip'] = 'The first IP address recorded'; +$string['privacy:metadata:firstname'] = 'The first name of the user.'; +$string['privacy:metadata:firstnamephonetic'] = 'The phonetic details about the user\'s first name.'; +$string['privacy:metadata:fullname'] = 'The fullname for this course.'; +$string['privacy:metadata:hash'] = 'A hash of a previous password.'; +$string['privacy:metadata:icq'] = 'The ICQ number of the user.'; +$string['privacy:metadata:id'] = 'The identifier for the user.'; +$string['privacy:metadata:idnumber'] = 'An identification number given by the institution.'; +$string['privacy:metadata:imagealt'] = 'Alternative text for the user\'s image.'; +$string['privacy:metadata:infotablesummary'] = 'Stores custom user information.'; +$string['privacy:metadata:institution'] = 'The institution that this user is a member of.'; +$string['privacy:metadata:lang'] = 'A user preference for the language shown.'; +$string['privacy:metadata:lastaccess'] = 'The time that the user last accessed the site.'; +$string['privacy:metadata:lastaccesstablesummary'] = 'Information about the last time a user accessed a course.'; +$string['privacy:metadata:lastip'] = 'The last IP address for the user.'; +$string['privacy:metadata:lastlogin'] = 'The last login of this user.'; +$string['privacy:metadata:lastname'] = 'The surname of the user.'; +$string['privacy:metadata:lastnamephonetic'] = 'The phonetic details about the user\'s surname.'; +$string['privacy:metadata:maildigest'] = 'A setting for the mail digest for this user.'; +$string['privacy:metadata:maildisplay'] = 'A preference for the user about displaying their email address to other users.'; +$string['privacy:metadata:middlename'] = 'The middle name of the user.'; +$string['privacy:metadata:mnethostid'] = 'An identifier for the mnet host if used.'; +$string['privacy:metadata:model'] = 'The device name, occam or iPhone etc..'; +$string['privacy:metadata:msn'] = 'The MSN identifier of the user.'; +$string['privacy:metadata:password'] = 'The password for this user to log into the system.'; +$string['privacy:metadata:passwordresettablesummary'] = 'A table tracking password reset confirmation tokens'; +$string['privacy:metadata:passwordtablesummary'] = 'A rotating log of hashes of previously used passwords for the user.'; +$string['privacy:metadata:phone'] = 'A phone number for the user.'; +$string['privacy:metadata:picture'] = 'The picture details associated with this user.'; +$string['privacy:metadata:platform'] = 'The device platform, Android or iOS etc'; +$string['privacy:metadata:policyagreed'] = 'A flag to determine if the user has agreed to the site policy.'; +$string['privacy:metadata:pushid'] = 'The device PUSH token/key/identifier/registration id'; +$string['privacy:metadata:reason'] = 'The reason for requesting this course.'; +$string['privacy:metadata:requester'] = 'An identifier to a user that requested this course.'; +$string['privacy:metadata:requestsummary'] = 'Stores information about requests for courses that users make.'; +$string['privacy:metadata:suspended'] = 'A flag to show if the user has been suspended on this system.'; +$string['privacy:metadata:username'] = 'The username for this user.'; +$string['privacy:metadata:secret'] = 'Secret.. not sure.'; +$string['privacy:metadata:sessdata'] = 'Session content'; +$string['privacy:metadata:sessiontablesummary'] = 'Database based session storage'; +$string['privacy:metadata:shortname'] = 'A short name for the course.'; +$string['privacy:metadata:sid'] = 'The session ID'; +$string['privacy:metadata:skype'] = 'The skype identifier of the user.'; +$string['privacy:metadata:state'] = '0 means a normal session'; +$string['privacy:metadata:summary'] = 'A description of the course.'; +$string['privacy:metadata:theme'] = 'A user preference for the theme to display.'; +$string['privacy:metadata:timeaccess'] = 'The time for access to the course.'; +$string['privacy:metadata:timecreated'] = 'The time this record was created.'; +$string['privacy:metadata:timemodified'] = 'The time this records was modified.'; +$string['privacy:metadata:timererequested'] = 'The time the user re-requested the password reset.'; +$string['privacy:metadata:timerequested'] = 'The time that the user first requested this password reset'; +$string['privacy:metadata:timezone'] = 'The timezone that the user resides in.'; +$string['privacy:metadata:token'] = 'secret set and emailed to user'; +$string['privacy:metadata:trackforums'] = 'A preference for forums and tracking them.'; +$string['privacy:metadata:trustbitmask'] = 'The trust bit mask'; +$string['privacy:metadata:yahoo'] = 'The yahoo identifier of the user.'; +$string['privacy:metadata:url'] = 'A URL related to this user.'; +$string['privacy:metadata:userid'] = 'The user ID linked to this table.'; +$string['privacy:metadata:usertablesummary'] = 'This table stores the main personal data about the user.'; +$string['privacy:metadata:uuid'] = 'The device vendor UUID'; +$string['privacy:metadata:version'] = 'The device version, 6.1.2, 4.2.2 etc..'; +$string['privacy:passwordhistorypath'] = 'Password history'; +$string['privacy:passwordresetpath'] = 'Password resets'; +$string['privacy:profileimagespath'] = 'Profile images'; +$string['privacy:privatefilespath'] = 'Private files'; +$string['privacy:sessionpath'] = 'Session data'; diff --git a/user/classes/privacy/provider.php b/user/classes/privacy/provider.php new file mode 100644 index 00000000000..1619f5c151b --- /dev/null +++ b/user/classes/privacy/provider.php @@ -0,0 +1,505 @@ +. + +/** + * Privacy class for requesting user data. + * + * @package core_user + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +namespace core_user\privacy; + +defined('MOODLE_INTERNAL') || die(); + +use \core_privacy\local\metadata\collection; +use \core_privacy\local\request\transform; +use \core_privacy\local\request\contextlist; +use \core_privacy\local\request\approved_contextlist; +use \core_privacy\local\request\writer; + +/** + * Privacy class for requesting user data. + * + * @package core_comment + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ +class provider implements \core_privacy\local\metadata\provider, \core_privacy\local\request\subsystem\provider { + + /** + * Returns information about the user data stored in this component. + * + * @param collection $collection A list of information about this component + * @return collection The collection object filled out with information about this component. + */ + public static function get_metadata(collection $collection) : collection { + $userfields = [ + 'id' => 'privacy:metadata:id', + 'auth' => 'privacy:metadata:auth', + 'confirmed' => 'privacy:metadata:confirmed', + 'policyagreed' => 'privacy:metadata:policyagreed', + 'deleted' => 'privacy:metadata:deleted', + 'suspended' => 'privacy:metadata:suspended', + 'mnethostid' => 'privacy:metadata:mnethostid', + 'username' => 'privacy:metadata:username', + 'password' => 'privacy:metadata:password', + 'idnumber' => 'privacy:metadata:idnumber', + 'firstname' => 'privacy:metadata:firstname', + 'lastname' => 'privacy:metadata:lastname', + 'email' => 'privacy:metadata:email', + 'emailstop' => 'privacy:metadata:emailstop', + 'icq' => 'privacy:metadata:icq', + 'skype' => 'privacy:metadata:skype', + 'yahoo' => 'privacy:metadata:yahoo', + 'aim' => 'privacy:metadata:aim', + 'msn' => 'privacy:metadata:msn', + 'phone1' => 'privacy:metadata:phone', + 'phone2' => 'privacy:metadata:phone', + 'institution' => 'privacy:metadata:institution', + 'department' => 'privacy:metadata:department', + 'address' => 'privacy:metadata:address', + 'city' => 'privacy:metadata:city', + 'country' => 'privacy:metadata:country', + 'lang' => 'privacy:metadata:lang', + 'calendartype' => 'privacy:metadata:calendartype', + 'theme' => 'privacy:metadata:theme', + 'timezone' => 'privacy:metadata:timezone', + 'firstaccess' => 'privacy:metadata:firstaccess', + 'lastaccess' => 'privacy:metadata:lastaccess', + 'lastlogin' => 'privacy:metadata:lastlogin', + 'currentlogin' => 'privacy:metadata:currentlogin', + 'lastip' => 'privacy:metadata:lastip', + 'secret' => 'privacy:metadata:secret', + 'picture' => 'privacy:metadata:picture', + 'url' => 'privacy:metadata:url', + 'description' => 'privacy:metadata:description', + 'maildigest' => 'privacy:metadata:maildigest', + 'maildisplay' => 'privacy:metadata:maildisplay', + 'autosubscribe' => 'privacy:metadata:autosubscribe', + 'trackforums' => 'privacy:metadata:trackforums', + 'timecreated' => 'privacy:metadata:timecreated', + 'timemodified' => 'privacy:metadata:timemodified', + 'trustbitmask' => 'privacy:metadata:trustbitmask', + 'imagealt' => 'privacy:metadata:imagealt', + 'lastnamephonetic' => 'privacy:metadata:lastnamephonetic', + 'firstnamephonetic' => 'privacy:metadata:firstnamephonetic', + 'middlename' => 'privacy:metadata:middlename', + 'alternatename' => 'privacy:metadata:alternatename' + ]; + + $passwordhistory = [ + 'userid' => 'privacy:metadata:userid', + 'hash' => 'privacy:metadata:hash', + 'timecreated' => 'privacy:metadata:timecreated' + ]; + + $lastaccess = [ + 'userid' => 'privacy:metadata:userid', + 'courseid' => 'privacy:metadata:courseid', + 'timeaccess' => 'privacy:metadata:timeaccess' + ]; + + $userpasswordresets = [ + 'userid' => 'privacy:metadata:userid', + 'timerequested' => 'privacy:metadata:timerequested', + 'timererequested' => 'privacy:metadata:timererequested', + 'token' => 'privacy:metadata:token' + ]; + + $userdevices = [ + 'userid' => 'privacy:metadata:userid', + 'appid' => 'privacy:metadata:appid', + 'name' => 'privacy:metadata:devicename', + 'model' => 'privacy:metadata:model', + 'platform' => 'privacy:metadata:platform', + 'version' => 'privacy:metadata:version', + 'pushid' => 'privacy:metadata:pushid', + 'uuid' => 'privacy:metadata:uuid', + 'timecreated' => 'privacy:metadata:timecreated', + 'timemodified' => 'privacy:metadata:timemodified' + ]; + + $usersessions = [ + 'state' => 'privacy:metadata:state', + 'sid' => 'privacy:metadata:sid', + 'userid' => 'privacy:metadata:userid', + 'sessdata' => 'privacy:metadata:sessdata', + 'timecreated' => 'privacy:metadata:timecreated', + 'timemodified' => 'privacy:metadata:timemodified', + 'firstip' => 'privacy:metadata:firstip', + 'lastip' => 'privacy:metadata:lastip' + ]; + + $courserequest = [ + 'fullname' => 'privacy:metadata:fullname', + 'shortname' => 'privacy:metadata:shortname', + 'summary' => 'privacy:metadata:summary', + 'category' => 'privacy:metadata:category', + 'reason' => 'privacy:metadata:reason', + 'requester' => 'privacy:metadata:requester' + ]; + + $collection->add_database_table('user', $userfields, 'privacy:metadata:usertablesummary'); + $collection->add_database_table('user_password_history', $passwordhistory, 'privacy:metadata:passwordtablesummary'); + $collection->add_database_table('user_password_resets', $userpasswordresets, 'privacy:metadata:passwordresettablesummary'); + $collection->add_database_table('user_lastaccess', $lastaccess, 'privacy:metadata:lastaccesstablesummary'); + $collection->add_database_table('user_devices', $userdevices, 'privacy:metadata:devicetablesummary'); + $collection->add_database_table('course_request', $courserequest, 'privacy:metadata:requestsummary'); + $collection->add_database_table('sessions', $usersessions, 'privacy:metadata:sessiontablesummary'); + $collection->add_subsystem_link('core_files', [], 'privacy:metadata:filelink'); + + return $collection; + } + + /** + * Get the list of contexts that contain user information for the specified user. + * + * @param int $userid The user to search. + * @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin. + */ + public static function get_contexts_for_userid(int $userid) : contextlist { + $params = ['userid' => $userid, 'contextuser' => CONTEXT_USER]; + $sql = "SELECT id + FROM {context} + WHERE instanceid = :userid and contextlevel = :contextuser"; + $contextlist = new contextlist(); + $contextlist->add_from_sql($sql, $params); + return $contextlist; + } + + /** + * Export all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts to export information for. + */ + public static function export_user_data(approved_contextlist $contextlist) { + $context = $contextlist->current(); + $user = \core_user::get_user($contextlist->get_user()->id); + static::export_user($user, $context); + static::export_password_history($user->id, $context); + static::export_password_resets($user->id, $context); + static::export_lastaccess($user->id, $context); + static::export_course_requests($user->id, $context); + static::export_user_devices($user->id, $context); + static::export_user_session_data($user->id, $context); + } + + /** + * Delete all data for all users in the specified context. + * + * @param context $context The specific context to delete data for. + */ + public static function delete_data_for_all_users_in_context(\context $context) { + // Only delete data for a user context. + if ($context->contextlevel == CONTEXT_USER) { + static::delete_user_data($context->instanceid, $context); + } + } + + /** + * Delete all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts and user information to delete information for. + */ + public static function delete_data_for_user(approved_contextlist $contextlist) { + foreach ($contextlist as $context) { + // Let's be super certain that we have the right information for this user here. + if ($context->contextlevel == CONTEXT_USER && $contextlist->get_user()->id == $context->instanceid) { + static::delete_user_data($contextlist->get_user()->id, $contextlist->current()); + } + } + } + + /** + * Deletes non vital information about a user. + * + * @param int $userid The user ID to delete + * @param \context $context The user context + */ + protected static function delete_user_data(int $userid, \context $context) { + global $DB; + + // Delete password history. + $DB->delete_records('user_password_history', ['userid' => $userid]); + // Delete last access. + $DB->delete_records('user_lastaccess', ['userid' => $userid]); + // Delete password resets. + $DB->delete_records('user_password_resets', ['userid' => $userid]); + // Delete user devices. + $DB->delete_records('user_devices', ['userid' => $userid]); + // Delete user course requests. + $DB->delete_records('course_request', ['requester' => $userid]); + // Delete sessions. + $DB->delete_records('sessions', ['userid' => $userid]); + // Do I delete user preferences? Seems like the right place to do it. + $DB->delete_records('user_preferences', ['userid' => $userid]); + + // Delete all of the files for this user. + $fs = get_file_storage(); + $fs->delete_area_files($context->id, 'user'); + + // For the user record itself we only want to remove unnecessary data. We still need the core data to keep as a record + // that we actually did follow the request to be forgotten. + $user = \core_user::get_user($userid); + // Update fields we wish to change to nothing. + $user->deleted = 1; + $user->idnumber = ''; + $user->emailstop = 0; + $user->icq = ''; + $user->skype = ''; + $user->yahoo = ''; + $user->aim = ''; + $user->msn = ''; + $user->phone1 = ''; + $user->phone2 = ''; + $user->institution = ''; + $user->department = ''; + $user->address = ''; + $user->city = ''; + $user->country = ''; + $user->lang = ''; + $user->calendartype = ''; + $user->theme = ''; + $user->timezone = ''; + $user->firstaccess = 0; + $user->lastaccess = 0; + $user->lastlogin = 0; + $user->currentlogin = 0; + $user->lastip = 0; + $user->secret = ''; + $user->picture = ''; + $user->url = ''; + $user->description = ''; + $user->descriptionformat = 0; + $user->mailformat = 0; + $user->maildigest = 0; + $user->maildisplay = 0; + $user->autosubscribe = 0; + $user->trackforums = 0; + $user->timecreated = 0; + $user->timemodified = 0; + $user->trustbitmask = 0; + $user->imagealt = ''; + $user->lastnamephonetic = ''; + $user->firstnamephonetic = ''; + $user->middlename = ''; + $user->alternatename = ''; + $DB->update_record('user', $user); + } + + /** + * Export core user data. + * + * @param \stdClass $user The user object. + * @param \context $context The user context. + */ + protected static function export_user(\stdClass $user, \context $context) { + $data = (object) [ + 'auth' => $user->auth, + 'confirmed' => transform::yesno($user->confirmed), + 'policyagreed' => transform::yesno($user->policyagreed), + 'deleted' => transform::yesno($user->deleted), + 'suspended' => transform::yesno($user->suspended), + 'username' => $user->username, + 'idnumber' => $user->idnumber, + 'firstname' => format_string($user->firstname, true, ['context' => $context]), + 'lastname' => format_string($user->lastname, true, ['context' => $context]), + 'email' => $user->email, + 'emailstop' => transform::yesno($user->emailstop), + 'icq' => format_string($user->icq, true, ['context' => $context]), + 'skype' => format_string($user->skype, true, ['context' => $context]), + 'yahoo' => format_string($user->yahoo, true, ['context' => $context]), + 'aim' => format_string($user->aim, true, ['context' => $context]), + 'msn' => format_string($user->msn, true, ['context' => $context]), + 'phone1' => format_string($user->phone1, true, ['context' => $context]), + 'phone2' => format_string($user->phone2, true, ['context' => $context]), + 'institution' => format_string($user->institution, true, ['context' => $context]), + 'department' => format_string($user->department, true, ['context' => $context]), + 'address' => format_string($user->address, true, ['context' => $context]), + 'city' => format_string($user->city, true, ['context' => $context]), + 'country' => format_string($user->country, true, ['context' => $context]), + 'lang' => $user->lang, + 'calendartype' => $user->calendartype, + 'theme' => $user->theme, + 'timezone' => $user->timezone, + 'firstaccess' => transform::datetime($user->firstaccess), + 'lastaccess' => transform::datetime($user->lastaccess), + 'lastlogin' => transform::datetime($user->lastlogin), + 'currentlogin' => $user->currentlogin, + 'lastip' => $user->lastip, + 'secret' => $user->secret, + 'picture' => $user->picture, + 'url' => $user->url, + 'description' => format_text($user->description, $user->descriptionformat, ['context' => $context]), + 'maildigest' => transform::yesno($user->maildigest), + 'maildisplay' => $user->maildisplay, + 'autosubscribe' => transform::yesno($user->autosubscribe), + 'trackforums' => transform::yesno($user->trackforums), + 'timecreated' => transform::datetime($user->timecreated), + 'timemodified' => transform::datetime($user->timemodified), + 'imagealt' => format_string($user->imagealt, true, ['context' => $context]), + 'lastnamephonetic' => format_string($user->lastnamephonetic, true, ['context' => $context]), + 'firstnamephonetic' => format_string($user->firstnamephonetic, true, ['context' => $context]), + 'middlename' => format_string($user->middlename, true, ['context' => $context]), + 'alternatename' => format_string($user->alternatename, true, ['context' => $context]) + ]; + if (isset($data->description)) { + $data->description = writer::with_context($context)->rewrite_pluginfile_urls( + [get_string('privacy:descriptionpath', 'user')], 'user', 'profile', '', $data->description); + } + writer::with_context($context)->export_area_files([], 'user', 'profile', 0) + ->export_data([], $data); + // Export profile images. + writer::with_context($context)->export_area_files([get_string('privacy:profileimagespath', 'user')], 'user', 'icon', 0); + // Export private files. + writer::with_context($context)->export_area_files([get_string('privacy:privatefilespath', 'user')], 'user', 'private', 0); + // Export draft files. + writer::with_context($context)->export_area_files([get_string('privacy:draftfilespath', 'user')], 'user', 'draft', false); + } + + /** + * Export information about the last time a user accessed a course. + * + * @param int $userid The user ID. + * @param \context $context The user context. + */ + protected static function export_lastaccess(int $userid, \context $context) { + global $DB; + $sql = "SELECT c.id, c.fullname, ul.timeaccess + FROM {user_lastaccess} ul + JOIN {course} c ON c.id = ul.courseid + WHERE ul.userid = :userid"; + $params = ['userid' => $userid]; + $records = $DB->get_records_sql($sql, $params); + if (!empty($records)) { + $lastaccess = (object) array_map(function($record) use ($context) { + return [ + 'course_name' => format_string($record->fullname, true, ['context' => $context]), + 'timeaccess' => transform::datetime($record->timeaccess) + ]; + }, $records); + writer::with_context($context)->export_data([get_string('privacy:lastaccesspath', 'user')], $lastaccess); + } + } + + /** + * Exports information about password resets. + * + * @param int $userid The user ID + * @param \context $context Context for this user. + */ + protected static function export_password_resets(int $userid, \context $context) { + global $DB; + $records = $DB->get_records('user_password_resets', ['userid' => $userid]); + if (!empty($records)) { + $passwordresets = (object) array_map(function($record) { + return [ + 'timerequested' => transform::datetime($record->timerequested), + 'timererequested' => transform::datetime($record->timererequested) + ]; + }, $records); + writer::with_context($context)->export_data([get_string('privacy:passwordresetpath', 'user')], $passwordresets); + } + } + + /** + * Exports information about the user's mobile devices. + * + * @param int $userid The user ID. + * @param \context $context Context for this user. + */ + protected static function export_user_devices(int $userid, \context $context) { + global $DB; + $records = $DB->get_records('user_devices', ['userid' => $userid]); + if (!empty($records)) { + $userdevices = (object) array_map(function($record) { + return [ + 'appid' => $record->appid, + 'name' => $record->name, + 'model' => $record->model, + 'platform' => $record->platform, + 'version' => $record->version, + 'timecreated' => transform::datetime($record->timecreated), + 'timemodified' => transform::datetime($record->timemodified) + ]; + }, $records); + writer::with_context($context)->export_data([get_string('privacy:devicespath', 'user')], $userdevices); + } + } + + /** + * Exports information about course requests this user made. + * + * @param int $userid The user ID. + * @param \context $context The context object + */ + protected static function export_course_requests(int $userid, \context $context) { + global $DB; + $sql = "SELECT cr.shortname, cr.fullname, cr.summary, cc.name AS category, cr.reason + FROM {course_request} cr + JOIN {course_categories} cc ON cr.category = cc.id + WHERE cr.requester = :userid"; + $params = ['userid' => $userid]; + $records = $DB->get_records_sql($sql, $params); + if ($records) { + writer::with_context($context)->export_data([get_string('privacy:courserequestpath', 'user')], (object) $records); + } + } + + /** + * Get details about the user's password history. + * + * @param int $userid The user ID that we are getting the password history for. + * @param \context $context the user context. + */ + protected static function export_password_history(int $userid, \context $context) { + global $DB; + + // Just provide a count of how many entries we have. + $recordcount = $DB->count_records('user_password_history', ['userid' => $userid]); + if ($recordcount) { + $passwordhistory = (object) ['password_history_count' => $recordcount]; + writer::with_context($context)->export_data([get_string('privacy:passwordhistorypath', 'user')], $passwordhistory); + } + } + + /** + * Exports information about the user's session. + * + * @param int $userid The user ID. + * @param \context $context The context for this user. + */ + protected static function export_user_session_data(int $userid, \context $context) { + global $DB, $SESSION; + + $records = $DB->get_records('sessions', ['userid' => $userid]); + if (!empty($records)) { + $sessiondata = (object) array_map(function($record) { + return [ + 'state' => $record->state, + 'sessdata' => base64_decode($record->sessdata), + 'timecreated' => transform::datetime($record->timecreated), + 'timemodified' => transform::datetime($record->timemodified), + 'firstip' => $record->firstip, + 'lastip' => $record->lastip + ]; + }, $records); + writer::with_context($context)->export_data([get_string('privacy:sessionpath', 'user')], $sessiondata); + } + } +} diff --git a/user/tests/privacy_test.php b/user/tests/privacy_test.php new file mode 100644 index 00000000000..bdd6643b036 --- /dev/null +++ b/user/tests/privacy_test.php @@ -0,0 +1,373 @@ +. +/** + * Privacy tests for core_user. + * + * @package core_user + * @category test + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +defined('MOODLE_INTERNAL') || die(); +global $CFG; + +use \core_privacy\tests\provider_testcase; + +require_once($CFG->dirroot . "/user/lib.php"); + +/** + * Unit tests for core_user. + * + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ +class core_user_privacy_testcase extends provider_testcase { + + /** + * Check that context information is returned correctly. + */ + public function test_get_contexts_for_userid() { + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user(); + // Create some other users as well. + $user2 = $this->getDataGenerator()->create_user(); + $user3 = $this->getDataGenerator()->create_user(); + + $context = context_user::instance($user->id); + $contextlist = \core_user\privacy\provider::get_contexts_for_userid($user->id); + $this->assertSame($context, $contextlist->current()); + } + + /** + * Test that data is exported as expected for a user. + */ + public function test_export_user_data() { + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user(); + $course = $this->getDataGenerator()->create_course(); + $context = \context_user::instance($user->id); + + $this->create_data_for_user($user, $course); + + $approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', [$context->id]); + + $writer = \core_privacy\local\request\writer::with_context($context); + \core_user\privacy\provider::export_user_data($approvedlist); + + // Make sure that the password history only returns a count. + $history = $writer->get_data([get_string('privacy:passwordhistorypath', 'user')]); + $objectcount = new ArrayObject($history); + // This object should only have one property. + $this->assertCount(1, $objectcount); + $this->assertEquals(1, $history->password_history_count); + + // Password resets should have two fields - timerequested and timererequested. + $resetarray = (array) $writer->get_data([get_string('privacy:passwordresetpath', 'user')]); + $detail = array_shift($resetarray); + $this->assertTrue(array_key_exists('timerequested', $detail)); + $this->assertTrue(array_key_exists('timererequested', $detail)); + + // Last access to course. + $lastcourseaccess = (array) $writer->get_data([get_string('privacy:lastaccesspath', 'user')]); + $entry = array_shift($lastcourseaccess); + $this->assertEquals($course->fullname, $entry['course_name']); + $this->assertTrue(array_key_exists('timeaccess', $entry)); + + // User devices. + $userdevices = (array) $writer->get_data([get_string('privacy:devicespath', 'user')]); + $entry = array_shift($userdevices); + $this->assertEquals('com.moodle.moodlemobile', $entry['appid']); + // Make sure these fields are not exported. + $this->assertFalse(array_key_exists('pushid', $entry)); + $this->assertFalse(array_key_exists('uuid', $entry)); + + // Session data. + $sessiondata = (array) $writer->get_data([get_string('privacy:sessionpath', 'user')]); + $entry = array_shift($sessiondata); + // Make sure that the sid is not exported. + $this->assertFalse(array_key_exists('sid', $entry)); + // Check that some of the other fields are present. + $this->assertTrue(array_key_exists('state', $entry)); + $this->assertTrue(array_key_exists('sessdata', $entry)); + $this->assertTrue(array_key_exists('timecreated', $entry)); + + // Course requests + $courserequestdata = (array) $writer->get_data([get_string('privacy:courserequestpath', 'user')]); + $entry = array_shift($courserequestdata); + // Make sure that the password is not exported. + $this->assertFalse(array_key_exists('password', $entry)); + // Check that some of the other fields are present. + $this->assertTrue(array_key_exists('fullname', $entry)); + $this->assertTrue(array_key_exists('shortname', $entry)); + $this->assertTrue(array_key_exists('summary', $entry)); + + // User details. + $userdata = (array) $writer->get_data([]); + // Check that the password is not exported. + $this->assertFalse(array_key_exists('password', $userdata)); + // Check that some critical fields exist. + $this->assertTrue(array_key_exists('firstname', $userdata)); + $this->assertTrue(array_key_exists('lastname', $userdata)); + $this->assertTrue(array_key_exists('email', $userdata)); + } + + /** + * Test that user data is deleted for one user. + */ + public function test_delete_data_for_all_users_in_context() { + global $DB; + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user([ + 'idnumber' => 'A0023', + 'emailstop' => 1, + 'icq' => 'aksdjf98', + 'phone1' => '555 3257', + 'institution' => 'test', + 'department' => 'Science', + 'city' => 'Perth', + 'country' => 'au' + ]); + $user2 = $this->getDataGenerator()->create_user(); + $course = $this->getDataGenerator()->create_course(); + + $this->create_data_for_user($user, $course); + $this->create_data_for_user($user2, $course); + + \core_user\privacy\provider::delete_data_for_all_users_in_context(context_user::instance($user->id)); + + // These tables should not have any user data for $user. Only for $user2. + $records = $DB->get_records('user_password_history'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_password_resets'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_lastaccess'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_devices'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + + // Now check that there is still a record for the deleted user, but that non-critical information is removed. + $record = $DB->get_record('user', ['id' => $user->id]); + $this->assertEmpty($record->idnumber); + $this->assertEmpty($record->emailstop); + $this->assertEmpty($record->icq); + $this->assertEmpty($record->phone1); + $this->assertEmpty($record->institution); + $this->assertEmpty($record->department); + $this->assertEmpty($record->city); + $this->assertEmpty($record->country); + $this->assertEmpty($record->timezone); + $this->assertEmpty($record->timecreated); + $this->assertEmpty($record->timemodified); + $this->assertEmpty($record->firstnamephonetic); + // Check for critical fields. + // Deleted should now be 1. + $this->assertEquals(1, $record->deleted); + $this->assertEquals($user->id, $record->id); + $this->assertEquals($user->username, $record->username); + $this->assertEquals($user->password, $record->password); + $this->assertEquals($user->firstname, $record->firstname); + $this->assertEquals($user->lastname, $record->lastname); + $this->assertEquals($user->email, $record->email); + } + + /** + * Test that user data is deleted for one user. + */ + public function test_delete_data_for_user() { + global $DB; + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user([ + 'idnumber' => 'A0023', + 'emailstop' => 1, + 'icq' => 'aksdjf98', + 'phone1' => '555 3257', + 'institution' => 'test', + 'department' => 'Science', + 'city' => 'Perth', + 'country' => 'au' + ]); + $user2 = $this->getDataGenerator()->create_user(); + $course = $this->getDataGenerator()->create_course(); + + $this->create_data_for_user($user, $course); + $this->create_data_for_user($user2, $course); + + // Provide multiple different context to check that only the correct user is deleted. + $contexts = [context_user::instance($user->id)->id, context_user::instance($user2->id)->id, context_system::instance()->id]; + $approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'core_user', $contexts); + + \core_user\privacy\provider::delete_data_for_user($approvedlist); + + // These tables should not have any user data for $user. Only for $user2. + $records = $DB->get_records('user_password_history'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_password_resets'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_lastaccess'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + $records = $DB->get_records('user_devices'); + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertNotEquals($user->id, $data->userid); + $this->assertEquals($user2->id, $data->userid); + + // Now check that there is still a record for the deleted user, but that non-critical information is removed. + $record = $DB->get_record('user', ['id' => $user->id]); + $this->assertEmpty($record->idnumber); + $this->assertEmpty($record->emailstop); + $this->assertEmpty($record->icq); + $this->assertEmpty($record->phone1); + $this->assertEmpty($record->institution); + $this->assertEmpty($record->department); + $this->assertEmpty($record->city); + $this->assertEmpty($record->country); + $this->assertEmpty($record->timezone); + $this->assertEmpty($record->timecreated); + $this->assertEmpty($record->timemodified); + $this->assertEmpty($record->firstnamephonetic); + // Check for critical fields. + // Deleted should now be 1. + $this->assertEquals(1, $record->deleted); + $this->assertEquals($user->id, $record->id); + $this->assertEquals($user->username, $record->username); + $this->assertEquals($user->password, $record->password); + $this->assertEquals($user->firstname, $record->firstname); + $this->assertEquals($user->lastname, $record->lastname); + $this->assertEquals($user->email, $record->email); + } + + /** + * Create user data for a user. + * + * @param stdClass $user A user object. + * @param stdClass $course A course. + */ + protected function create_data_for_user($user, $course) { + global $DB; + $this->resetAfterTest(); + // Last course access. + $lastaccess = (object) [ + 'userid' => $user->id, + 'courseid' => $course->id, + 'timeaccess' => time() - DAYSECS + ]; + $DB->insert_record('user_lastaccess', $lastaccess); + + // Password history. + $history = (object) [ + 'userid' => $user->id, + 'hash' => 'HID098djJUU', + 'timecreated' => time() + ]; + $DB->insert_record('user_password_history', $history); + + // Password resets. + $passwordreset = (object) [ + 'userid' => $user->id, + 'timerequested' => time(), + 'timererequested' => time(), + 'token' => $this->generate_random_string() + ]; + $DB->insert_record('user_password_resets', $passwordreset); + + // User mobile devices. + $userdevices = (object) [ + 'userid' => $user->id, + 'appid' => 'com.moodle.moodlemobile', + 'name' => 'occam', + 'model' => 'Nexus 4', + 'platform' => 'Android', + 'version' => '4.2.2', + 'pushid' => 'kishUhd', + 'uuid' => 'KIhud7s', + 'timecreated' => time(), + 'timemodified' => time() + ]; + $DB->insert_record('user_devices', $userdevices); + + // Course request. + $courserequest = (object) [ + 'fullname' => 'Test Course', + 'shortname' => 'TC', + 'summary' => 'Summary of course', + 'summaryformat' => 1, + 'category' => 1, + 'reason' => 'Because it would be nice.', + 'requester' => $user->id, + 'password' => '' + ]; + $DB->insert_record('course_request', $courserequest); + + // User session table data. + $usersessions = (object) [ + 'state' => 0, + 'sid' => $this->generate_random_string(), // Needs a unique id. + 'userid' => $user->id, + 'sessdata' => 'Nothing', + 'timecreated' => time(), + 'timemodified' => time(), + 'firstip' => '0.0.0.0', + 'lastip' => '0.0.0.0' + ]; + $DB->insert_record('sessions', $usersessions); + } + + /** + * Create a random string. + * + * @param integer $length length of the string to generate. + * @return string A random string. + */ + protected function generate_random_string($length = 6) { + $response = ''; + $source = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + + if ($length > 0) { + + $response = ''; + $source = str_split($source, 1); + + for ($i = 1; $i <= $length; $i++) { + $num = mt_rand(1, count($source)); + $response .= $source[$num - 1]; + } + } + + return $response; + } +} From ab78499bbd8daad4c7ea146399ee04fe9384bcc4 Mon Sep 17 00:00:00 2001 From: Adrian Greeve Date: Mon, 23 Apr 2018 15:35:04 +0800 Subject: [PATCH 2/3] MDL-61814 core_portfolio: Update to portfolio provider. --- lang/en/portfolio.php | 7 ++ portfolio/classes/privacy/provider.php | 102 +++++++++++++++++++++- portfolio/tests/privacy_provider_test.php | 101 ++++++++++++++++++++- 3 files changed, 203 insertions(+), 7 deletions(-) diff --git a/lang/en/portfolio.php b/lang/en/portfolio.php index 7e18f50f7f5..e2c0810334b 100644 --- a/lang/en/portfolio.php +++ b/lang/en/portfolio.php @@ -167,6 +167,12 @@ $string['pluginismisconfigured'] = 'Portfolio plugin is misconfigured, skipping. $string['portfolio'] = 'Portfolio'; $string['portfolios'] = 'Portfolios'; $string['privacy:metadata'] = 'The portfolio subsystem acts as a channel, passing requests from plugins to the various portfolio plugins.'; +$string['privacy:metadata:name'] = 'Name of the preference.'; +$string['privacy:metadata:instance'] = 'Identifier for the portfolio.'; +$string['privacy:metadata:instancesummary'] = 'This stores portfolio both instances and preferences for the portfolios user is using.'; +$string['privacy:metadata:value'] = 'Value for the preference'; +$string['privacy:metadata:userid'] = 'The user Identifier.'; +$string['privacy:path'] = 'Portfolio instances'; $string['queuesummary'] = 'Currently queued transfers'; $string['returntowhereyouwere'] = 'Return to where you were'; $string['save'] = 'Save'; @@ -184,3 +190,4 @@ $string['wait'] = 'Wait'; $string['wanttowait_high'] = 'It is not recommended that you wait for this transfer to complete, but you can if you\'re sure and know what you\'re doing'; $string['wanttowait_moderate'] = 'Do you want to wait for this transfer? It might take a few minutes'; + diff --git a/portfolio/classes/privacy/provider.php b/portfolio/classes/privacy/provider.php index f9686d4bf05..3f1b7951a4a 100644 --- a/portfolio/classes/privacy/provider.php +++ b/portfolio/classes/privacy/provider.php @@ -27,6 +27,8 @@ defined('MOODLE_INTERNAL') || die(); use core_privacy\local\metadata\collection; use core_privacy\local\request\context; +use core_privacy\local\request\contextlist; +use core_privacy\local\request\approved_contextlist; /** * Provider for the portfolio API. @@ -35,10 +37,9 @@ use core_privacy\local\request\context; * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class provider implements - // The Portfolio subsystem does not store any data itself. - // It has no database tables, and it purely acts as a conduit to the various portfolio plugins. + // The core portfolio system stores preferences related to the other portfolio subsystems. \core_privacy\local\metadata\provider, - + \core_privacy\local\request\plugin\provider, // The portfolio subsystem will be called by other components. \core_privacy\local\request\subsystem\plugin_provider { @@ -49,7 +50,100 @@ class provider implements * @return collection A listing of user data stored through this system. */ public static function get_metadata(collection $collection) : collection { - return $collection->add_plugintype_link('portfolio', [], 'privacy:metadata'); + $collection->add_database_table('portfolio_instance_user', [ + 'instance' => 'privacy:metadata:instance', + 'userid' => 'privacy:metadata:userid', + 'name' => 'privacy:metadata:name', + 'value' => 'privacy:metadata:value' + ], 'privacy:metadata:instancesummary'); + $collection->add_plugintype_link('portfolio', [], 'privacy:metadata'); + return $collection; + } + + /** + * Get the list of contexts that contain user information for the specified user. + * + * @param int $userid The user to search. + * @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin. + */ + public static function get_contexts_for_userid(int $userid) : contextlist { + $sql = "SELECT ctx.id + FROM {context} ctx + JOIN {portfolio_instance_user} piu ON ctx.instanceid = piu.userid AND ctx.contextlevel = :usercontext + WHERE piu.userid = :userid"; + $params = ['userid' => $userid, 'usercontext' => CONTEXT_USER]; + $contextlist = new contextlist(); + $contextlist->add_from_sql($sql, $params); + return $contextlist; + } + + /** + * Export all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts to export information for. + */ + public static function export_user_data(approved_contextlist $contextlist) { + global $DB; + + if ($contextlist->get_component() != 'core_portfolio') { + return; + } + + $correctusercontext = array_filter($contextlist->get_contexts(), function($context) use ($contextlist) { + if ($context->contextlevel == CONTEXT_USER && $context->instanceid == $contextlist->get_user()->id) { + return $context; + } + }); + + $usercontext = array_shift($correctusercontext); + + + $sql = "SELECT pi.name, piu.name AS preference, piu.value + FROM {portfolio_instance_user} piu + JOIN {portfolio_instance} pi ON piu.instance = pi.id + WHERE piu.userid = :userid"; + $params = ['userid' => $usercontext->instanceid]; + $instances = $DB->get_records_sql($sql, $params); + if (!empty($instances)) { + \core_privacy\local\request\writer::with_context($contextlist->current())->export_data( + [get_string('privacy:path', 'portfolio')], (object) $instances); + } + } + + /** + * Delete all data for all users in the specified context. + * + * @param context $context The specific context to delete data for. + */ + public static function delete_data_for_all_users_in_context(\context $context) { + global $DB; + // Context could be anything, BEWARE! + if ($context->contextlevel == CONTEXT_USER) { + $DB->delete_records('portfolio_instance_user', ['userid' => $context->instanceid]); + } + } + + /** + * Delete all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts and user information to delete information for. + */ + public static function delete_data_for_user(approved_contextlist $contextlist) { + global $DB; + + if ($contextlist->get_component() != 'core_portfolio') { + return; + } + + $correctusercontext = array_filter($contextlist->get_contexts(), function($context) use ($contextlist) { + if ($context->contextlevel == CONTEXT_USER && $context->instanceid == $contextlist->get_user()->id) { + return $context; + } + }); + + $usercontext = array_shift($correctusercontext); + + $DB->delete_records('portfolio_instance_user', ['userid' => $usercontext->instanceid]); } /** diff --git a/portfolio/tests/privacy_provider_test.php b/portfolio/tests/privacy_provider_test.php index bc237966246..93ffb98167c 100644 --- a/portfolio/tests/privacy_provider_test.php +++ b/portfolio/tests/privacy_provider_test.php @@ -32,15 +32,110 @@ defined('MOODLE_INTERNAL') || die(); */ class portfolio_privacy_provider_test extends \core_privacy\tests\provider_testcase { + protected function create_portfolio_data($plugin, $name, $user, $preference, $value) { + global $DB; + $portfolioinstance = (object) [ + 'plugin' => $plugin, + 'name' => $name, + 'visible' => 1 + ]; + $portfolioinstance->id = $DB->insert_record('portfolio_instance', $portfolioinstance); + $userinstance = (object) [ + 'instance' => $portfolioinstance->id, + 'userid' => $user->id, + 'name' => $preference, + 'value' => $value + ]; + $DB->insert_record('portfolio_instance_user', $userinstance); + } + /** - * Verify that a collection of metadata is returned for this component and that it just links to the plugintype 'portfolio'. + * Verify that a collection of metadata is returned for this component and that it just returns the righ types for 'portfolio'. */ public function test_get_metadata() { $collection = new \core_privacy\local\metadata\collection('core_portfolio'); $collection = \core_portfolio\privacy\provider::get_metadata($collection); $this->assertNotEmpty($collection); $items = $collection->get_collection(); - $this->assertEquals(1, count($items)); - $this->assertInstanceOf(\core_privacy\local\metadata\types\plugintype_link::class, $items[0]); + $this->assertEquals(2, count($items)); + $this->assertInstanceOf(\core_privacy\local\metadata\types\database_table::class, $items[0]); + $this->assertInstanceOf(\core_privacy\local\metadata\types\plugintype_link::class, $items[1]); + } + + /** + * Test that the export for a user id returns a user context. + */ + public function test_get_contexts_for_userid() { + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user(); + $context = context_user::instance($user->id); + $this->create_portfolio_data('googledocs', 'Google Docs', $user, 'visible', 1); + $contextlist = \core_portfolio\privacy\provider::get_contexts_for_userid($user->id); + $this->assertEquals($context->id, $contextlist->current()->id); + } + + /** + * Test that exporting user data works as expected. + */ + public function test_export_user_data() { + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user(); + $context = context_user::instance($user->id); + $this->create_portfolio_data('googledocs', 'Google Docs', $user, 'visible', 1); + $contextlist = new \core_privacy\local\request\approved_contextlist($user, 'core_portfolio', [$context->id]); + \core_portfolio\privacy\provider::export_user_data($contextlist); + $writer = \core_privacy\local\request\writer::with_context($context); + $portfoliodata = $writer->get_data([get_string('privacy:path', 'portfolio')]); + $this->assertEquals('Google Docs', $portfoliodata->{'Google Docs'}->name); + } + + /** + * Test that deleting only results in the one context being removed. + */ + public function test_delete_data_for_all_users_in_context() { + global $DB; + + $this->resetAfterTest(); + $user1 = $this->getDataGenerator()->create_user(); + $user2 = $this->getDataGenerator()->create_user(); + $this->create_portfolio_data('googledocs', 'Google Docs', $user1, 'visible', 1); + $this->create_portfolio_data('onedrive', 'Microsoft onedrive', $user2, 'visible', 1); + // Check a system context sent through. + $systemcontext = context_system::instance(); + \core_portfolio\privacy\provider::delete_data_for_all_users_in_context($systemcontext); + $records = $DB->get_records('portfolio_instance_user'); + $this->assertCount(2, $records); + $context = context_user::instance($user1->id); + \core_portfolio\privacy\provider::delete_data_for_all_users_in_context($context); + $records = $DB->get_records('portfolio_instance_user'); + // Only one entry should remain for user 2. + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertEquals($user2->id, $data->userid); + } + + /** + * Test that deleting only results in one user's data being removed. + */ + public function test_delete_data_for_user() { + global $DB; + + $this->resetAfterTest(); + $user1 = $this->getDataGenerator()->create_user(); + $user2 = $this->getDataGenerator()->create_user(); + $this->create_portfolio_data('googledocs', 'Google Docs', $user1, 'visible', 1); + $this->create_portfolio_data('onedrive', 'Microsoft onedrive', $user2, 'visible', 1); + + $records = $DB->get_records('portfolio_instance_user'); + $this->assertCount(2, $records); + + $context = context_user::instance($user1->id); + $contextlist = new \core_privacy\local\request\approved_contextlist($user1, 'core_portfolio', [$context->id]); + \core_portfolio\privacy\provider::delete_data_for_user($contextlist); + $records = $DB->get_records('portfolio_instance_user'); + // Only one entry should remain for user 2. + $this->assertCount(1, $records); + $data = array_shift($records); + $this->assertEquals($user2->id, $data->userid); } } From b781f58e9107b8b776ccba741bbdd6793e54d411 Mon Sep 17 00:00:00 2001 From: Adrian Greeve Date: Thu, 26 Apr 2018 13:14:41 +0800 Subject: [PATCH 3/3] MDL-61814 report_stats: Update to be a full privacy provider. --- report/stats/classes/privacy/provider.php | 179 ++++++++++++++++++- report/stats/lang/en/report_stats.php | 12 ++ report/stats/tests/privacy_test.php | 205 ++++++++++++++++++++++ 3 files changed, 388 insertions(+), 8 deletions(-) create mode 100644 report/stats/tests/privacy_test.php diff --git a/report/stats/classes/privacy/provider.php b/report/stats/classes/privacy/provider.php index b77263fd550..7dc8b837f6a 100644 --- a/report/stats/classes/privacy/provider.php +++ b/report/stats/classes/privacy/provider.php @@ -26,21 +26,184 @@ namespace report_stats\privacy; defined('MOODLE_INTERNAL') || die(); +use \core_privacy\local\metadata\collection; +use \core_privacy\local\request\contextlist; +use \core_privacy\local\request\approved_contextlist; + /** - * Privacy Subsystem for report_stats implementing null_provider. + * Privacy Subsystem for report_stats implementing provider. * * @copyright 2018 Zig Tan * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ -class provider implements \core_privacy\local\metadata\null_provider { +class provider implements \core_privacy\local\metadata\provider, \core_privacy\local\request\subsystem\provider{ /** - * Get the language string identifier with the component's language - * file to explain why this plugin stores no data. + * Returns information about the user data stored in this component. * - * @return string + * @param collection $collection A list of information about this component + * @return collection The collection object filled out with information about this component. */ - public static function get_reason() : string { - return 'privacy:metadata'; + public static function get_metadata(collection $collection) : collection { + $statsuserdaily = [ + 'courseid' => 'privacy:metadata:courseid', + 'userid' => 'privacy:metadata:userid', + 'roleid' => 'privacy:metadata:roleid', + 'timeend' => 'privacy:metadata:timeend', + 'statsreads' => 'privacy:metadata:statsreads', + 'statswrites' => 'privacy:metadata:statswrites', + 'stattype' => 'privacy:metadata:stattype' + ]; + + $statsuserweekly = [ + 'courseid' => 'privacy:metadata:courseid', + 'userid' => 'privacy:metadata:userid', + 'roleid' => 'privacy:metadata:roleid', + 'timeend' => 'privacy:metadata:timeend', + 'statsreads' => 'privacy:metadata:statsreads', + 'statswrites' => 'privacy:metadata:statswrites', + 'stattype' => 'privacy:metadata:stattype' + ]; + + $statsusermonthly = [ + 'courseid' => 'privacy:metadata:courseid', + 'userid' => 'privacy:metadata:userid', + 'roleid' => 'privacy:metadata:roleid', + 'timeend' => 'privacy:metadata:timeend', + 'statsreads' => 'privacy:metadata:statsreads', + 'statswrites' => 'privacy:metadata:statswrites', + 'stattype' => 'privacy:metadata:stattype' + ]; + $collection->add_database_table('stats_user_daily', $statsuserdaily, 'privacy:metadata:statssummary'); + $collection->add_database_table('stats_user_weekly', $statsuserweekly, 'privacy:metadata:statssummary'); + $collection->add_database_table('stats_user_monthly', $statsusermonthly, 'privacy:metadata:statssummary'); + return $collection; } -} \ No newline at end of file + + /** + * Get the list of contexts that contain user information for the specified user. + * + * @param int $userid The user to search. + * @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin. + */ + public static function get_contexts_for_userid(int $userid) : contextlist { + $params = ['dailyuser' => $userid, 'weeklyuser' => $userid, 'monthlyuser' => $userid, 'contextcourse' => CONTEXT_COURSE]; + $sql = "SELECT ctx.id + FROM {context} ctx + LEFT JOIN {stats_user_daily} sud ON sud.courseid = ctx.instanceid + LEFT JOIN {stats_user_weekly} suw ON suw.courseid = ctx.instanceid + LEFT JOIN {stats_user_monthly} sum ON sum.courseid = ctx.instanceid + WHERE ctx.contextlevel = :contextcourse + AND (sud.userid = :dailyuser OR suw.userid = :weeklyuser OR sum.userid = :monthlyuser)"; + $contextlist = new contextlist(); + $contextlist->add_from_sql($sql, $params); + return $contextlist; + } + + /** + * Export all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts to export information for. + */ + public static function export_user_data(approved_contextlist $contextlist) { + global $DB; + + // Some sneeky person might have sent us the wrong context list. We should check. + if ($contextlist->get_component() != 'report_stats') { + return; + } + + // Got to check that someone hasn't foolishly added a context between creating the context list and then filtering down + // to an approved context. + $contexts = array_filter($contextlist->get_contexts(), function($context) { + if ($context->contextlevel == CONTEXT_COURSE) { + return $context; + } + }); + + $tables = [ + 'stats_user_daily' => get_string('privacy:dailypath', 'report_stats'), + 'stats_user_weekly' => get_string('privacy:weeklypath', 'report_stats'), + 'stats_user_monthly' => get_string('privacy:monthlypath', 'report_stats') + ]; + + $courseids = array_map(function($context) { + return $context->instanceid; + }, $contexts); + + foreach ($tables as $table => $path) { + + list($insql, $params) = $DB->get_in_or_equal($courseids, SQL_PARAMS_NAMED); + $sql = "SELECT s.id, c.fullname, s.roleid, s.timeend, s.statsreads, s.statswrites, s.stattype, c.id as courseid + FROM {" . $table . "} s + JOIN {course} c ON s.courseid = c.id + WHERE s.userid = :userid AND c.id $insql + ORDER BY c.id ASC"; + $params['userid'] = $contextlist->get_user()->id; + $records = $DB->get_records_sql($sql, $params); + + $statsrecords = []; + foreach ($records as $record) { + $context = \context_course::instance($record->courseid); + if (!isset($statsrecords[$record->courseid])) { + $statsrecords[$record->courseid] = new \stdClass(); + $statsrecords[$record->courseid]->context = $context; + } + $statsrecords[$record->courseid]->entries[] = [ + 'course' => format_string($record->fullname, true, ['context' => $context]), + 'roleid' => $record->roleid, + 'timeend' => \core_privacy\local\request\transform::datetime($record->timeend), + 'statsreads' => $record->statsreads, + 'statswrites' => $record->statswrites, + 'stattype' => $record->stattype + ]; + } + foreach ($statsrecords as $coursestats) { + \core_privacy\local\request\writer::with_context($coursestats->context)->export_data([$path], + (object) $coursestats->entries); + } + } + } + + /** + * Delete all data for all users in the specified context. + * + * @param context $context The specific context to delete data for. + */ + public static function delete_data_for_all_users_in_context(\context $context) { + // Check that this context is a course context. + if ($context->contextlevel == CONTEXT_COURSE) { + static::delete_stats($context->instanceid); + } + } + + /** + * Delete all user data for the specified user, in the specified contexts. + * + * @param approved_contextlist $contextlist The approved contexts and user information to delete information for. + */ + public static function delete_data_for_user(approved_contextlist $contextlist) { + if ($contextlist->get_component() != 'report_stats') { + return; + } + foreach ($contextlist->get_contexts() as $context) { + if ($context->contextlevel == CONTEXT_COURSE) { + static::delete_stats($context->instanceid, $contextlist->get_user()->id); + } + } + } + + /** + * Deletes stats for a given course. + * + * @param int $courseid The course ID to delete the stats for. + * @param int $userid Optionally a user id to delete records with. + */ + protected static function delete_stats(int $courseid, int $userid = null) { + global $DB; + $params = (isset($userid)) ? ['courseid' => $courseid, 'userid' => $userid] : ['courseid' => $courseid]; + $DB->delete_records('stats_user_daily', $params); + $DB->delete_records('stats_user_weekly', $params); + $DB->delete_records('stats_user_monthly', $params); + } +} diff --git a/report/stats/lang/en/report_stats.php b/report/stats/lang/en/report_stats.php index c0dc7f4b476..ee050a7cc2f 100644 --- a/report/stats/lang/en/report_stats.php +++ b/report/stats/lang/en/report_stats.php @@ -32,3 +32,15 @@ $string['page-report-stats-index'] = 'Course statistics report'; $string['page-report-stats-user'] = 'User course statistics report'; $string['stats:view'] = 'View course statistics report'; $string['privacy:metadata'] = 'The Statistics plugin does not store any personal data.'; + +$string['privacy:metadata:courseid'] = 'An identifier for a course.'; +$string['privacy:metadata:userid'] = 'The user ID linked to this table.'; +$string['privacy:metadata:roleid'] = 'The role ID of the user.'; +$string['privacy:metadata:timeend'] = 'End time of logs view'; +$string['privacy:metadata:statsreads'] = 'Views of content'; +$string['privacy:metadata:statswrites'] = 'Content made in the course.'; +$string['privacy:metadata:stattype'] = 'The type of stat being recorded'; +$string['privacy:metadata:statssummary'] = 'Records basic statistics about user interaction in courses.'; +$string['privacy:weeklypath'] = 'Stats weekly'; +$string['privacy:dailypath'] = 'Stats daily'; +$string['privacy:monthlypath'] = 'Stats monthly'; diff --git a/report/stats/tests/privacy_test.php b/report/stats/tests/privacy_test.php new file mode 100644 index 00000000000..982030ff4f9 --- /dev/null +++ b/report/stats/tests/privacy_test.php @@ -0,0 +1,205 @@ +. + +/** + * Tests for privacy functions. + * + * @package report_stats + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later. + */ + +defined('MOODLE_INTERNAL') || die(); + +/** + * Class report_stats_privacy_testcase + * + * @package report_stats + * @copyright 2018 Adrian Greeve + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later. + */ +class report_stats_privacy_testcase extends advanced_testcase { + + /** + * Convenience function to create stats. + * + * @param int $courseid Course ID for this record. + * @param int $userid User ID for this record. + * @param string $table Stat table to insert into. + */ + protected function create_stats($courseid, $userid, $table) { + global $DB; + + $data = (object) [ + 'courseid' => $courseid, + 'userid' => $userid, + 'roleid' => 0, + 'timeend' => time(), + 'statsreads' => rand(1, 50), + 'statswrites' => rand(1, 50), + 'stattype' => 'activity' + ]; + $DB->insert_record($table, $data); + } + + /** + * Get all of the contexts related to a user and stat tables. + */ + public function test_get_contexts_for_userid() { + $this->resetAfterTest(); + $user1 = $this->getDataGenerator()->create_user(); + $user2 = $this->getDataGenerator()->create_user(); + $user3 = $this->getDataGenerator()->create_user(); + + $course1 = $this->getDataGenerator()->create_course(); + $course2 = $this->getDataGenerator()->create_course(); + $course3 = $this->getDataGenerator()->create_course(); + + $context1 = context_course::instance($course1->id); + $context2 = context_course::instance($course2->id); + $context3 = context_course::instance($course3->id); + + $this->create_stats($course1->id, $user1->id, 'stats_user_daily'); + $this->create_stats($course2->id, $user1->id, 'stats_user_monthly'); + $this->create_stats($course1->id, $user2->id, 'stats_user_weekly'); + + $contextlist = \report_stats\privacy\provider::get_contexts_for_userid($user1->id); + $this->assertCount(2, $contextlist->get_contextids()); + foreach ($contextlist->get_contexts() as $context) { + $this->assertEquals(CONTEXT_COURSE, $context->contextlevel); + $this->assertNotEquals($context3, $context); + } + $contextlist = \report_stats\privacy\provider::get_contexts_for_userid($user2->id); + $this->assertCount(1, $contextlist->get_contextids()); + $this->assertEquals($context1, $contextlist->current()); + } + + /** + * Test that stat data is exported as required. + */ + public function test_export_user_data() { + $this->resetAfterTest(); + $user = $this->getDataGenerator()->create_user(); + $course1 = $this->getDataGenerator()->create_course(); + $course2 = $this->getDataGenerator()->create_course(); + $context1 = context_course::instance($course1->id); + $context2 = context_course::instance($course2->id); + $this->create_stats($course1->id, $user->id, 'stats_user_daily'); + $this->create_stats($course1->id, $user->id, 'stats_user_daily'); + $this->create_stats($course2->id, $user->id, 'stats_user_weekly'); + $this->create_stats($course2->id, $user->id, 'stats_user_monthly'); + $this->create_stats($course1->id, $user->id, 'stats_user_monthly'); + + $approvedlist = new \core_privacy\local\request\approved_contextlist($user, 'report_stats', [$context1->id, $context2->id]); + + \report_stats\privacy\provider::export_user_data($approvedlist); + $writer = \core_privacy\local\request\writer::with_context($context1); + $dailystats = (array) $writer->get_data([get_string('privacy:dailypath', 'report_stats')]); + $this->assertCount(2, $dailystats); + $monthlystats = (array) $writer->get_data([get_string('privacy:monthlypath', 'report_stats')]); + $this->assertCount(1, $monthlystats); + $data = array_shift($monthlystats); + $this->assertEquals($course1->fullname, $data['course']); + $writer = \core_privacy\local\request\writer::with_context($context2); + $monthlystats = (array) $writer->get_data([get_string('privacy:monthlypath', 'report_stats')]); + $this->assertCount(1, $monthlystats); + $data = array_shift($monthlystats); + $this->assertEquals($course2->fullname, $data['course']); + $weeklystats = (array) $writer->get_data([get_string('privacy:weeklypath', 'report_stats')]); + $this->assertCount(1, $weeklystats); + $data = array_shift($weeklystats); + $this->assertEquals($course2->fullname, $data['course']); + } + + /** + * Test that stat data is deleted for a whole context. + */ + public function test_delete_data_for_all_users_in_context() { + global $DB; + + $this->resetAfterTest(); + $user1 = $this->getDataGenerator()->create_user(); + $user2 = $this->getDataGenerator()->create_user(); + + $course1 = $this->getDataGenerator()->create_course(); + $course2 = $this->getDataGenerator()->create_course(); + $context1 = context_course::instance($course1->id); + $context2 = context_course::instance($course2->id); + $this->create_stats($course1->id, $user1->id, 'stats_user_daily'); + $this->create_stats($course1->id, $user1->id, 'stats_user_daily'); + $this->create_stats($course1->id, $user1->id, 'stats_user_monthly'); + $this->create_stats($course1->id, $user2->id, 'stats_user_weekly'); + $this->create_stats($course2->id, $user2->id, 'stats_user_daily'); + $this->create_stats($course2->id, $user2->id, 'stats_user_weekly'); + $this->create_stats($course2->id, $user2->id, 'stats_user_monthly'); + + $dailyrecords = $DB->get_records('stats_user_daily'); + $this->assertCount(3, $dailyrecords); + $weeklyrecords = $DB->get_records('stats_user_weekly'); + $this->assertCount(2, $weeklyrecords); + $monthlyrecords = $DB->get_records('stats_user_monthly'); + $this->assertCount(2, $monthlyrecords); + + // Delete all user data for course 1. + \report_stats\privacy\provider::delete_data_for_all_users_in_context($context1); + $dailyrecords = $DB->get_records('stats_user_daily'); + $this->assertCount(1, $dailyrecords); + $weeklyrecords = $DB->get_records('stats_user_weekly'); + $this->assertCount(1, $weeklyrecords); + $monthlyrecords = $DB->get_records('stats_user_monthly'); + $this->assertCount(1, $monthlyrecords); + } + + /** + * Test that stats are deleted for one user. + */ + public function test_delete_data_for_user() { + global $DB; + + $this->resetAfterTest(); + $user1 = $this->getDataGenerator()->create_user(); + $user2 = $this->getDataGenerator()->create_user(); + + $course1 = $this->getDataGenerator()->create_course(); + $course2 = $this->getDataGenerator()->create_course(); + $context1 = context_course::instance($course1->id); + $context2 = context_course::instance($course2->id); + $this->create_stats($course1->id, $user1->id, 'stats_user_daily'); + $this->create_stats($course1->id, $user1->id, 'stats_user_daily'); + $this->create_stats($course1->id, $user1->id, 'stats_user_monthly'); + $this->create_stats($course1->id, $user2->id, 'stats_user_weekly'); + $this->create_stats($course2->id, $user2->id, 'stats_user_daily'); + $this->create_stats($course2->id, $user2->id, 'stats_user_weekly'); + $this->create_stats($course2->id, $user2->id, 'stats_user_monthly'); + + $dailyrecords = $DB->get_records('stats_user_daily'); + $this->assertCount(3, $dailyrecords); + $weeklyrecords = $DB->get_records('stats_user_weekly'); + $this->assertCount(2, $weeklyrecords); + $monthlyrecords = $DB->get_records('stats_user_monthly'); + $this->assertCount(2, $monthlyrecords); + + // Delete all user data for course 1. + $approvedlist = new \core_privacy\local\request\approved_contextlist($user1, 'report_stats', [$context1->id]); + \report_stats\privacy\provider::delete_data_for_user($approvedlist); + $dailyrecords = $DB->get_records('stats_user_daily'); + $this->assertCount(1, $dailyrecords); + $weeklyrecords = $DB->get_records('stats_user_weekly'); + $this->assertCount(2, $weeklyrecords); + $monthlyrecords = $DB->get_records('stats_user_monthly'); + $this->assertCount(1, $monthlyrecords); + } +}