mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 00:12:56 +02:00
Code Issues Projects Releases Wiki Activity

MDL-61307 core_rating: Add implementation of Privacy API

Browse Source
This commit is contained in:
Andrew Nicols 2018-03-01 09:27:32 +08:00
parent e4f6c0c29a
commit cbc6325253
4 changed files with 569 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lang/en/rating.php
View File

@ -54,4 +54,9 @@ $string['ratingtime'] = 'Restrict ratings to items with dates in this range:';
$string['ratings'] = 'Ratings';
$string['rolewarning'] = 'Roles with permission to rate';
$string['rolewarning_help'] = 'To submit ratings users require the moodle/rating:rate capability and any module specific capabilities. Users assigned the following roles should be able to rate items. The list of roles may be amended via the permissions link in the administration block.';
$string['scaleselectionrequired'] = 'When selecting a ratings aggregate type you must also select to use either a scale or set a maximum points.';
$string['scaleselectionrequired'] = 'When selecting a ratings aggregate type you must also select to use either a scale or set a maximum points.';
$string['privacy:metadata:rating'] = 'The user-entered rating is stored alongside a mapping of the item which was rated.';
$string['privacy:metadata:rating:userid'] = 'The user who made the rating.';
$string['privacy:metadata:rating:rating'] = 'The numeric rating that the user entered.';
$string['privacy:metadata:rating:timecreated'] = 'The time that the rating was first made.';
$string['privacy:metadata:rating:timemodified'] = 'The time that the rating was last updated.';

135
rating/classes/phpunit/privacy_helper.php Normal file
View File

@ -0,0 +1,135 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Helpers for the core_rating subsystem implementation of privacy.
*
* @package core_rating
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core_rating\phpunit;
defined('MOODLE_INTERNAL') || die();
use \core_privacy\tests\request\content_writer;
global $CFG;
/**
* Helpers for the core_rating subsystem implementation of privacy.
*
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
trait privacy_helper {
/**
* Fetch all ratings on a subcontext.
*
* @param \context $context The context being stored.
* @param array $subcontext The subcontext path to check.
* @return array
*/
protected function get_ratings_on_subcontext(\context $context, array $subcontext) {
$writer = \core_privacy\local\request\writer::with_context($context);
return $writer->get_related_data($subcontext, 'rating');
}
/**
* Check that all included ratings belong to the specified user.
*
* @param int $userid The ID of the user being stored.
* @param \context $context The context being stored.
* @param array $subcontext The subcontext path to check.
* @param string $component The component being stored.
* @param string $ratingarea The rating area to store results for.
* @param int $itemid The itemid to store.
*/
protected function assert_all_own_ratings_on_context(
int $userid,
\context $context,
array $subcontext,
$component,
$ratingarea,
$itemid
) {
$writer = \core_privacy\local\request\writer::with_context($context);
$rm = new \rating_manager();
$dbratings = $rm->get_all_ratings_for_item((object) [
'context' => $context,
'component' => $component,
'ratingarea' => $ratingarea,
'itemid' => $itemid,
]);
$exportedratings = $this->get_ratings_on_subcontext($context, $subcontext);
foreach ($exportedratings as $ratingid => $rating) {
$this->assertTrue(isset($dbratings[$ratingid]));
$this->assertEquals($userid, $rating->author);
$this->assert_rating_matches($dbratings[$ratingid], $rating);
}
foreach ($dbratings as $rating) {
if ($rating->userid == $userid) {
$this->assertEquals($rating->id, $ratingid);
}
}
}
/**
* Check that all included ratings are valid. They may belong to any user.
*
* @param \context $context The context being stored.
* @param array $subcontext The subcontext path to check.
* @param string $component The component being stored.
* @param string $ratingarea The rating area to store results for.
* @param int $itemid The itemid to store.
*/
protected function assert_all_ratings_on_context(\context $context, array $subcontext, $component, $ratingarea, $itemid) {
$writer = \core_privacy\local\request\writer::with_context($context);
$rm = new \rating_manager();
$dbratings = $rm->get_all_ratings_for_item((object) [
'context' => $context,
'component' => $component,
'ratingarea' => $ratingarea,
'itemid' => $itemid,
]);
$exportedratings = $this->get_ratings_on_subcontext($context, $subcontext);
foreach ($exportedratings as $ratingid => $rating) {
$this->assertTrue(isset($dbratings[$ratingid]));
$this->assert_rating_matches($dbratings[$ratingid], $rating);
}
foreach ($dbratings as $rating) {
$this->assertTrue(isset($exportedratings[$rating->id]));
}
}
/**
* Assert that the rating matches.
*
* @param \stdClass $expected The expected rating structure
* @param \stdClass $stored The actual rating structure
*/
protected function assert_rating_matches($expected, $stored) {
$this->assertEquals($expected->rating, $stored->rating);
$this->assertEquals($expected->userid, $stored->author);
}
}

162
rating/classes/privacy/provider.php Normal file
View File

@ -0,0 +1,162 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy Subsystem implementation for core_ratings.
*
* @package core_rating
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core_rating\privacy;
use \core_privacy\local\metadata\collection;
defined('MOODLE_INTERNAL') || die();
require_once($CFG->dirroot . '/rating/lib.php');
/**
* Privacy Subsystem implementation for core_ratings.
*
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements
// The ratings subsystem contains data.
\core_privacy\local\metadata\provider,
// The ratings subsystem is only ever used to store data for other components.
// It does not store any data of its own and does not need to implement the \core_privacy\local\request\subsystem\provider
// as a result.
// The ratings subsystem provides a data service to other components.
\core_privacy\local\request\subsystem\plugin_provider {
/**
* Returns metadata about the ratings subsystem.
*
* @param collection $collection The initialised collection to add items to.
* @return collection A listing of user data stored through the subsystem.
*/
public static function get_metadata(collection $collection) : collection {
// The table 'rating' cotains data that a user has entered.
// It stores the user-entered rating alongside a mapping to describe what was mapped.
$collection->add_database_table('rating', [
'rating' => 'privacy:metadata:rating:rating',
'userid' => 'privacy:metadata:rating:userid',
'timecreated' => 'privacy:metadata:rating:timecreated',
'timemodified' => 'privacy:metadata:rating:timemodified',
], 'privacy:metadata:rating');
return $collection;
}
/**
* Export all ratings which match the specified component, areaid, and itemid.
*
* If requesting ratings for a users own content, and you wish to include all ratings of that content, specify
* $onlyuser as false.
*
* When requesting ratings for another users content, you should only export the ratings that the specified user
* made themselves.
*
* @param int $userid The user whose information is to be exported
* @param \context $context The context being stored.
* @param array $subcontext The subcontext within the context to export this information
* @param string $component The component to fetch data from
* @param string $ratingarea The ratingarea that the data was stored in within the component
* @param int $itemid The itemid within that ratingarea
* @param bool $onlyuser Whether to only export ratings that the current user has made, or all ratings
*/
public static function export_area_ratings(
int $userid,
\context $context,
array $subcontext,
string $component,
string $ratingarea,
int $itemid,
bool $onlyuser = true
) {
global $DB;
$rm = new \rating_manager();
$ratings = $rm->get_all_ratings_for_item((object) [
'context' => $context,
'component' => $component,
'ratingarea' => $ratingarea,
'itemid' => $itemid,
]);
if ($onlyuser) {
$ratings = array_filter($ratings, function($rating) use ($userid){
return ($rating->userid == $userid);
});
}
if (empty($ratings)) {
return;
}
$toexport = array_map(function($rating) {
return (object) [
'rating' => $rating->rating,
'author' => $rating->userid,
];
}, $ratings);
$writer = \core_privacy\local\request\writer::with_context($context)
->export_related_data($subcontext, 'rating', $toexport);
}
/**
* Get the SQL required to find all submission items where this user has had any involvements.
*
* @param string $alias The name of the table alias to use.
* @param string $component The na eof the component to fetch ratings for.
* @param string $ratingarea The rating area to fetch results for.
* @param string $itemidjoin The right-hand-side of the JOIN ON clause.
* @param int $userid The ID of the user being stored.
* @return \stdClass
*/
public static function get_sql_join($alias, $component, $ratingarea, $itemidjoin, $userid) {
static $count = 0;
$count++;
// Join the rating table with the specified alias and the relevant join params.
$join = "LEFT JOIN {rating} {$alias} ON ";
$join .= "{$alias}.component = :ratingcomponent{$count} AND ";
$join .= "{$alias}.ratingarea = :ratingarea{$count} AND ";
$join .= "{$alias}.itemid = {$itemidjoin}";
// Match against the specified user.
$userwhere = "{$alias}.userid = :ratinguserid{$count}";
$params = [
'ratingcomponent' . $count => $component,
'ratingarea' . $count => $ratingarea,
'ratinguserid' . $count => $userid,
];
$return = (object) [
'join' => $join,
'params' => $params,
'userwhere' => $userwhere,
];
return $return;
}
}

266
rating/tests/privacy_provider_test.php Normal file
View File

@ -0,0 +1,266 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Unit tests for the core_rating implementation of the Privacy API.
*
* @package core_rating
* @category test
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/rating/lib.php');
use \core_rating\privacy\provider;
use \core_privacy\local\request\writer;
/**
* Unit tests for the core_rating implementation of the Privacy API.
*
* @copyright 2018 Andrew Nicols <andrew@nicols.co.uk>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class core_rating_privacy_testcase extends \core_privacy\tests\provider_testcase {
/**
* Rate something as a user.
*
* @param int $userid
* @param string $component
* @param string $ratingarea
* @param int $itemid
* @param \context $context
* @param string $score
*/
protected function rate_as_user($userid, $component, $ratingarea, $itemid, $context, $score) {
// Rate the courses.
$rm = new rating_manager();
$ratingoptions = (object) [
'component' => $component,
'ratingarea' => $ratingarea,
'scaleid' => 100,
];
// Rate all courses as u1, and the course category too..
$ratingoptions->itemid = $itemid;
$ratingoptions->userid = $userid;
$ratingoptions->context = $context;
$rating = new \rating($ratingoptions);
$rating->update_rating($score);
}
/**
* Ensure that the get_sql_join function returns valid SQL which returns the correct list of rated itemids.
*/
public function test_get_sql_join() {
global $DB;
$this->resetAfterTest();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$course3 = $this->getDataGenerator()->create_course();
$u1 = $this->getDataGenerator()->create_user();
$u2 = $this->getDataGenerator()->create_user();
$u3 = $this->getDataGenerator()->create_user();
// Rate the courses.
$rm = new rating_manager();
$ratingoptions = (object) [
'component' => 'core_course',
'ratingarea' => 'course',
'scaleid' => 100,
];
// Rate all courses as u1, and something else in the same context.
$this->rate_as_user($u1->id, 'core_course', 'course', $course1->id, \context_course::instance($course1->id), 25);
$this->rate_as_user($u1->id, 'core_course', 'course', $course2->id, \context_course::instance($course2->id), 50);
$this->rate_as_user($u1->id, 'core_course', 'course', $course3->id, \context_course::instance($course3->id), 75);
$this->rate_as_user($u1->id, 'core_course', 'files', $course3->id, \context_course::instance($course3->id), 99);
// Rate course2 as u2, and something else in a different context/component..
$this->rate_as_user($u2->id, 'core_course', 'course', $course2->id, \context_course::instance($course2->id), 90);
$this->rate_as_user($u2->id, 'user', 'user', $u3->id, \context_user::instance($u3->id), 10);
// Return any course which the u1 has rated.
// u1 rated all three courses.
$ratingquery = provider::get_sql_join('r', 'core_course', 'course', 'c.id', $u1->id);
$sql = "SELECT c.id FROM {course} c {$ratingquery->join} WHERE {$ratingquery->userwhere}";
$courses = $DB->get_records_sql($sql, $ratingquery->params);
$this->assertCount(3, $courses);
$this->assertTrue(isset($courses[$course1->id]));
$this->assertTrue(isset($courses[$course2->id]));
$this->assertTrue(isset($courses[$course3->id]));
// User u1 rated files in course 3 only.
$ratingquery = provider::get_sql_join('r', 'core_course', 'files', 'c.id', $u1->id);
$sql = "SELECT c.id FROM {course} c {$ratingquery->join} WHERE {$ratingquery->userwhere}";
$courses = $DB->get_records_sql($sql, $ratingquery->params);
$this->assertCount(1, $courses);
$this->assertFalse(isset($courses[$course1->id]));
$this->assertFalse(isset($courses[$course2->id]));
$this->assertTrue(isset($courses[$course3->id]));
// Return any course which the u2 has rated.
// User u2 rated only course 2.
$ratingquery = provider::get_sql_join('r', 'core_course', 'course', 'c.id', $u2->id);
$sql = "SELECT c.id FROM {course} c {$ratingquery->join} WHERE {$ratingquery->userwhere}";
$courses = $DB->get_records_sql($sql, $ratingquery->params);
$this->assertCount(1, $courses);
$this->assertFalse(isset($courses[$course1->id]));
$this->assertTrue(isset($courses[$course2->id]));
$this->assertFalse(isset($courses[$course3->id]));
// User u2 rated u3.
$ratingquery = provider::get_sql_join('r', 'user', 'user', 'u.id', $u2->id);
$sql = "SELECT u.id FROM {user} u {$ratingquery->join} WHERE {$ratingquery->userwhere}";
$users = $DB->get_records_sql($sql, $ratingquery->params);
$this->assertCount(1, $users);
$this->assertFalse(isset($users[$u1->id]));
$this->assertFalse(isset($users[$u2->id]));
$this->assertTrue(isset($users[$u3->id]));
// Return any course which the u3 has rated.
// User u3 did not rate anything.
$ratingquery = provider::get_sql_join('r', 'core_course', 'course', 'c.id', $u3->id);
$sql = "SELECT c.id FROM {course} c {$ratingquery->join} WHERE {$ratingquery->userwhere}";
$courses = $DB->get_records_sql($sql, $ratingquery->params);
$this->assertCount(0, $courses);
$this->assertFalse(isset($courses[$course1->id]));
$this->assertFalse(isset($courses[$course2->id]));
$this->assertFalse(isset($courses[$course3->id]));
}
/**
* Ensure that export_area_ratings exports all ratings that a user has made, and all ratings for a users own content.
*/
public function test_export_area_ratings() {
global $DB;
$this->resetAfterTest();
$course1 = $this->getDataGenerator()->create_course();
$course2 = $this->getDataGenerator()->create_course();
$course3 = $this->getDataGenerator()->create_course();
$u1 = $this->getDataGenerator()->create_user();
$u2 = $this->getDataGenerator()->create_user();
$u3 = $this->getDataGenerator()->create_user();
// Rate the courses.
$rm = new rating_manager();
$ratingoptions = (object) [
'component' => 'core_course',
'ratingarea' => 'course',
'scaleid' => 100,
];
// Rate all courses as u1, and something else in the same context.
$this->rate_as_user($u1->id, 'core_course', 'course', $course1->id, \context_course::instance($course1->id), 25);
$this->rate_as_user($u1->id, 'core_course', 'course', $course2->id, \context_course::instance($course2->id), 50);
$this->rate_as_user($u1->id, 'core_course', 'course', $course3->id, \context_course::instance($course3->id), 75);
$this->rate_as_user($u1->id, 'core_course', 'files', $course3->id, \context_course::instance($course3->id), 99);
$this->rate_as_user($u1->id, 'user', 'user', $u3->id, \context_user::instance($u3->id), 10);
// Rate course2 as u2, and something else in a different context/component..
$this->rate_as_user($u2->id, 'core_course', 'course', $course2->id, \context_course::instance($course2->id), 90);
$this->rate_as_user($u2->id, 'user', 'user', $u3->id, \context_user::instance($u3->id), 20);
// Test exports.
// User 1 rated all three courses, and the core_course, and user 3.
// User 1::course1 is stored in [] subcontext.
$context = \context_course::instance($course1->id);
$subcontext = [];
provider::export_area_ratings($u1->id, $context, $subcontext, 'core_course', 'course', $course1->id, true);
$writer = writer::with_context($context);
$this->assertTrue($writer->has_any_data());
$rating = $writer->get_related_data($subcontext, 'rating');
$this->assert_has_rating($u1, 25, $rating);
// User 1::course2 is stored in ['foo'] subcontext.
$context = \context_course::instance($course2->id);
$subcontext = ['foo'];
provider::export_area_ratings($u1->id, $context, $subcontext, 'core_course', 'course', $course2->id, true);
$writer = writer::with_context($context);
$this->assertTrue($writer->has_any_data());
$result = $writer->get_related_data($subcontext, 'rating');
$this->assertCount(1, $result);
$this->assert_has_rating($u1, 50, $result);
// User 1::course3 is stored in ['foo'] subcontext.
$context = \context_course::instance($course3->id);
$subcontext = ['foo'];
provider::export_area_ratings($u1->id, $context, $subcontext, 'core_course', 'course', $course3->id, true);
$writer = writer::with_context($context);
$this->assertTrue($writer->has_any_data());
$result = $writer->get_related_data($subcontext, 'rating');
$this->assertCount(1, $result);
$this->assert_has_rating($u1, 75, $result);
// User 1::course3::files is stored in ['foo', 'files'] subcontext.
$context = \context_course::instance($course3->id);
$subcontext = ['foo', 'files'];
provider::export_area_ratings($u1->id, $context, $subcontext, 'core_course', 'files', $course3->id, true);
$writer = writer::with_context($context);
$this->assertTrue($writer->has_any_data());
$result = $writer->get_related_data($subcontext, 'rating');
$this->assertCount(1, $result);
$this->assert_has_rating($u1, 99, $result);
// Both users 1 and 2 rated user 3.
// Exporting the data for user 3 should include both of those ratings.
$context = \context_user::instance($u3->id);
$subcontext = ['user'];
provider::export_area_ratings($u3->id, $context, $subcontext, 'user', 'user', $u3->id, false);
$writer = writer::with_context($context);
$this->assertTrue($writer->has_any_data());
$result = $writer->get_related_data($subcontext, 'rating');
$this->assertCount(2, $result);
$this->assert_has_rating($u1, 10, $result);
$this->assert_has_rating($u2, 20, $result);
}
/**
* Assert that a user has the correct rating.
*
* @param \stdClass $author The user with the rating
* @param int $score The rating that was given
* @param \stdClass[] The ratings which were found
*/
protected function assert_has_rating($author, $score, $actual) {
$found = false;
foreach ($actual as $rating) {
if ($author->id == $rating->author) {
$found = true;
$this->assertEquals($score, $rating->rating);
}
}
$this->assertTrue($found);
}
}