Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * The contact form to the site's Data Protection Officer
  19   *
  20   * @copyright 2018 onwards Jun Pataleta
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  22   * @package tool_dataprivacy
  23   */
  24  
  25  use tool_dataprivacy\api;
  26  use tool_dataprivacy\data_request;
  27  use tool_dataprivacy\local\helper;
  28  
  29  defined('MOODLE_INTERNAL') || die();
  30  
  31  require_once($CFG->libdir.'/formslib.php');
  32  
  33  /**
  34   * The contact form to the site's Data Protection Officer
  35   *
  36   * @copyright 2018 onwards Jun Pataleta
  37   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  38   * @package tool_dataprivacy
  39   */
  40  class tool_dataprivacy_data_request_form extends \core\form\persistent {
  41  
  42      /** @var string Name of the persistent class. */
  43      protected static $persistentclass = data_request::class;
  44  
  45      /** @var bool Flag to indicate whether this form is being rendered for managing data requests or for regular requests. */
  46      protected $manage = false;
  47  
  48      /**
  49       * Form definition.
  50       *
  51       * @throws coding_exception
  52       * @throws dml_exception
  53       */
  54      public function definition() {
  55          global $USER;
  56          $mform =& $this->_form;
  57  
  58          $this->manage = $this->_customdata['manage'];
  59          if ($this->manage) {
  60              $options = [
  61                  'ajax' => 'tool_dataprivacy/form-user-selector',
  62                  'valuehtmlcallback' => function($value) {
  63                      global $OUTPUT;
  64  
  65                      $allusernames = get_all_user_name_fields(true);
  66                      $fields = 'id, email, ' . $allusernames;
  67                      $user = \core_user::get_user($value, $fields);
  68                      $useroptiondata = [
  69                          'fullname' => fullname($user),
  70                          'email' => $user->email
  71                      ];
  72                      return $OUTPUT->render_from_template('tool_dataprivacy/form-user-selector-suggestion', $useroptiondata);
  73                  }
  74              ];
  75              $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), [], $options);
  76              $mform->addRule('userid', null, 'required', null, 'client');
  77  
  78          } else {
  79              // Get users whom you are being a guardian to if your role has the capability to make data requests for children.
  80              if ($children = helper::get_children_of_user($USER->id)) {
  81                  $useroptions = [
  82                      $USER->id => fullname($USER)
  83                  ];
  84                  foreach ($children as $key => $child) {
  85                      $useroptions[$key] = fullname($child);
  86                  }
  87                  $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), $useroptions);
  88                  $mform->addRule('userid', null, 'required', null, 'client');
  89  
  90              } else {
  91                  // Requesting for self.
  92                  $mform->addElement('hidden', 'userid', $USER->id);
  93              }
  94          }
  95  
  96          $mform->setType('userid', PARAM_INT);
  97  
  98          // Subject access request type.
  99          $options = [
 100              api::DATAREQUEST_TYPE_EXPORT => get_string('requesttypeexport', 'tool_dataprivacy'),
 101              api::DATAREQUEST_TYPE_DELETE => get_string('requesttypedelete', 'tool_dataprivacy')
 102          ];
 103  
 104          $mform->addElement('select', 'type', get_string('requesttype', 'tool_dataprivacy'), $options);
 105          $mform->addHelpButton('type', 'requesttype', 'tool_dataprivacy');
 106  
 107          // Request comments text area.
 108          $textareaoptions = ['cols' => 60, 'rows' => 10];
 109          $mform->addElement('textarea', 'comments', get_string('requestcomments', 'tool_dataprivacy'), $textareaoptions);
 110          $mform->addHelpButton('comments', 'requestcomments', 'tool_dataprivacy');
 111  
 112          // Action buttons.
 113          $this->add_action_buttons();
 114  
 115          $shouldfreeze = false;
 116          if ($this->manage) {
 117              $shouldfreeze = !api::can_create_data_deletion_request_for_other();
 118          } else {
 119              $shouldfreeze = !api::can_create_data_deletion_request_for_self();
 120              if ($shouldfreeze && !empty($useroptions)) {
 121                  foreach ($useroptions as $userid => $useroption) {
 122                      if (api::can_create_data_deletion_request_for_children($userid)) {
 123                          $shouldfreeze = false;
 124                          break;
 125                      }
 126                  }
 127              }
 128          }
 129  
 130          if ($shouldfreeze) {
 131              $mform->freeze('type');
 132          }
 133      }
 134  
 135      /**
 136       * Get the default data. Unset the default userid if managing data requests
 137       *
 138       * @return stdClass
 139       */
 140      protected function get_default_data() {
 141          $data = parent::get_default_data();
 142          if ($this->manage) {
 143              unset($data->userid);
 144          }
 145  
 146          return $data;
 147      }
 148  
 149      /**
 150       * Form validation.
 151       *
 152       * @param stdClass $data
 153       * @param array $files
 154       * @param array $errors
 155       * @return array
 156       * @throws coding_exception
 157       * @throws dml_exception
 158       */
 159      public function extra_validation($data, $files, array &$errors) {
 160          global $USER;
 161  
 162          $validrequesttypes = [
 163              api::DATAREQUEST_TYPE_EXPORT,
 164              api::DATAREQUEST_TYPE_DELETE
 165          ];
 166          if (!in_array($data->type, $validrequesttypes)) {
 167              $errors['type'] = get_string('errorinvalidrequesttype', 'tool_dataprivacy');
 168          }
 169  
 170          $userid = $data->userid;
 171  
 172          if (api::has_ongoing_request($userid, $data->type)) {
 173              $errors['type'] = get_string('errorrequestalreadyexists', 'tool_dataprivacy');
 174          }
 175  
 176          // Check if current user can create data deletion request.
 177          if ($data->type == api::DATAREQUEST_TYPE_DELETE) {
 178              if ($userid == $USER->id) {
 179                  if (!api::can_create_data_deletion_request_for_self()) {
 180                      $errors['type'] = get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy');
 181                  }
 182              } else if (!api::can_create_data_deletion_request_for_other()
 183                  && !api::can_create_data_deletion_request_for_children($userid)) {
 184                  $errors['type'] = get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy');
 185              }
 186          }
 187  
 188          return $errors;
 189      }
 190  }