Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Prints the contact form to the site's Data Protection Officer
 *
 * @copyright 2018 onwards Jun Pataleta
 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
 * @package tool_dataprivacy
 */

require_once('../../../config.php');
require_once('lib.php');
require_once('createdatarequest_form.php');

$manage = optional_param('manage', 0, PARAM_INT);
$requesttype = optional_param('type', \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT, PARAM_INT);

$url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage, 'type' => $requesttype]);

$PAGE->set_url($url);

require_login();
if (isguestuser()) {
    print_error('noguest');
}

// Return URL and context.
if ($manage) {
    // For the case where DPO creates data requests on behalf of another user.
    $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php');
    $context = context_system::instance();
    // Make sure the user has the proper capability.
    require_capability('tool/dataprivacy:managedatarequests', $context);
    navigation_node::override_active_url($returnurl);
} else {
    // For the case where a user makes request for themselves (or for their children if they are the parent).
    $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php');
    $context = context_user::instance($USER->id);
}

$PAGE->set_context($context);

if (!$manage && $profilenode = $PAGE->settingsnav->find('myprofile', null)) {
    $profilenode->make_active();
}

$title = get_string('createnewdatarequest', 'tool_dataprivacy');
$PAGE->navbar->add($title);

// If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page.
// That is, unless you have sufficient capabilities to perform this on behalf of a user.
if (!$manage && !\tool_dataprivacy\api::can_contact_dpo()) {
    redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), 0, \core\output\notification::NOTIFY_ERROR);
}

$mform = new tool_dataprivacy_data_request_form($url->out(false), ['manage' => !empty($manage),
    'persistent' => new \tool_dataprivacy\data_request(0, (object) ['type' => $requesttype])]);

// Data request cancelled.
if ($mform->is_cancelled()) {
    redirect($returnurl);
}

// Data request submitted.
if ($data = $mform->get_data()) {
    if ($data->userid != $USER->id) {
        if (!\tool_dataprivacy\api::can_manage_data_requests($USER->id)) {
            // If not a DPO, only users with the capability to make data requests for the user should be allowed.
            // (e.g. users with the Parent role, etc).
            \tool_dataprivacy\api::require_can_create_data_request_for_user($data->userid);
        }
    }

    if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE) {
        if ($data->userid == $USER->id) {
            if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_self()) {
                throw new moodle_exception('nopermissions', 'error', '',
                    get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy'));
            }
        } else if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_other()
            && !\tool_dataprivacy\api::can_create_data_deletion_request_for_children($data->userid)) {
            throw new moodle_exception('nopermissions', 'error', '',
                get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy'));
        }
> } else if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT) { } > if ($data->userid == $USER->id && !\tool_dataprivacy\api::can_create_data_download_request_for_self()) { > throw new moodle_exception('nopermissions', 'error', '', \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments); > get_string('errorcannotrequestexportforself', 'tool_dataprivacy')); > }
if ($manage) { $foruser = core_user::get_user($data->userid); $redirectmessage = get_string('datarequestcreatedforuser', 'tool_dataprivacy', fullname($foruser)); } else if (\tool_dataprivacy\api::is_automatic_request_approval_on($data->type)) { // Let the user know that the request has been submitted and will be processed soon. $redirectmessage = get_string('approvedrequestsubmitted', 'tool_dataprivacy'); } else { // Let the user know that the request has been submitted to the privacy officer. $redirectmessage = get_string('requestsubmitted', 'tool_dataprivacy'); } redirect($returnurl, $redirectmessage); } $PAGE->set_heading($SITE->fullname); $PAGE->set_title($title); echo $OUTPUT->header(); echo $OUTPUT->heading($title); echo $OUTPUT->box_start('createrequestform'); $mform->display(); echo $OUTPUT->box_end(); echo $OUTPUT->footer();