Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Privacy class for requesting user data.
  19   *
  20   * @package    core_user
  21   * @copyright  2018 Adrian Greeve <adrian@moodle.com>
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace core_user\privacy;
  26  
  27  defined('MOODLE_INTERNAL') || die();
  28  
  29  use \core_privacy\local\metadata\collection;
  30  use \core_privacy\local\request\transform;
  31  use \core_privacy\local\request\contextlist;
  32  use \core_privacy\local\request\approved_contextlist;
  33  use \core_privacy\local\request\writer;
  34  use core_privacy\local\request\userlist;
  35  use \core_privacy\local\request\approved_userlist;
  36  
  37  /**
  38   * Privacy class for requesting user data.
  39   *
  40   * @package    core_comment
  41   * @copyright  2018 Adrian Greeve <adrian@moodle.com>
  42   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  43   */
  44  class provider implements
  45          \core_privacy\local\metadata\provider,
  46          \core_privacy\local\request\core_userlist_provider,
  47          \core_privacy\local\request\subsystem\provider {
  48  
  49      /**
  50       * Returns information about the user data stored in this component.
  51       *
  52       * @param  collection $collection A list of information about this component
  53       * @return collection The collection object filled out with information about this component.
  54       */
  55      public static function get_metadata(collection $collection) : collection {
  56          $userfields = [
  57              'id' => 'privacy:metadata:id',
  58              'auth' => 'privacy:metadata:auth',
  59              'confirmed' => 'privacy:metadata:confirmed',
  60              'policyagreed' => 'privacy:metadata:policyagreed',
  61              'deleted' => 'privacy:metadata:deleted',
  62              'suspended' => 'privacy:metadata:suspended',
  63              'mnethostid' => 'privacy:metadata:mnethostid',
  64              'username' => 'privacy:metadata:username',
  65              'password' => 'privacy:metadata:password',
  66              'idnumber' => 'privacy:metadata:idnumber',
  67              'firstname' => 'privacy:metadata:firstname',
  68              'lastname' => 'privacy:metadata:lastname',
  69              'email' => 'privacy:metadata:email',
  70              'emailstop' => 'privacy:metadata:emailstop',
  71              'icq' => 'privacy:metadata:icq',
  72              'skype' => 'privacy:metadata:skype',
  73              'yahoo' => 'privacy:metadata:yahoo',
  74              'aim' => 'privacy:metadata:aim',
  75              'msn' => 'privacy:metadata:msn',
  76              'phone1' => 'privacy:metadata:phone',
  77              'phone2' => 'privacy:metadata:phone',
  78              'institution' => 'privacy:metadata:institution',
  79              'department' => 'privacy:metadata:department',
  80              'address' => 'privacy:metadata:address',
  81              'city' => 'privacy:metadata:city',
  82              'country' => 'privacy:metadata:country',
  83              'lang' => 'privacy:metadata:lang',
  84              'calendartype' => 'privacy:metadata:calendartype',
  85              'theme' => 'privacy:metadata:theme',
  86              'timezone' => 'privacy:metadata:timezone',
  87              'firstaccess' => 'privacy:metadata:firstaccess',
  88              'lastaccess' => 'privacy:metadata:lastaccess',
  89              'lastlogin' => 'privacy:metadata:lastlogin',
  90              'currentlogin' => 'privacy:metadata:currentlogin',
  91              'lastip' => 'privacy:metadata:lastip',
  92              'secret' => 'privacy:metadata:secret',
  93              'picture' => 'privacy:metadata:picture',
  94              'url' => 'privacy:metadata:url',
  95              'description' => 'privacy:metadata:description',
  96              'maildigest' => 'privacy:metadata:maildigest',
  97              'maildisplay' => 'privacy:metadata:maildisplay',
  98              'autosubscribe' => 'privacy:metadata:autosubscribe',
  99              'trackforums' => 'privacy:metadata:trackforums',
 100              'timecreated' => 'privacy:metadata:timecreated',
 101              'timemodified' => 'privacy:metadata:timemodified',
 102              'trustbitmask' => 'privacy:metadata:trustbitmask',
 103              'imagealt' => 'privacy:metadata:imagealt',
 104              'lastnamephonetic' => 'privacy:metadata:lastnamephonetic',
 105              'firstnamephonetic' => 'privacy:metadata:firstnamephonetic',
 106              'middlename' => 'privacy:metadata:middlename',
 107              'alternatename' => 'privacy:metadata:alternatename',
 108              'moodlenetprofile' => 'privacy:metadata:moodlenetprofile'
 109          ];
 110  
 111          $passwordhistory = [
 112              'userid' => 'privacy:metadata:userid',
 113              'hash' => 'privacy:metadata:hash',
 114              'timecreated' => 'privacy:metadata:timecreated'
 115          ];
 116  
 117          $lastaccess = [
 118              'userid' => 'privacy:metadata:userid',
 119              'courseid' => 'privacy:metadata:courseid',
 120              'timeaccess' => 'privacy:metadata:timeaccess'
 121          ];
 122  
 123          $userpasswordresets = [
 124              'userid' => 'privacy:metadata:userid',
 125              'timerequested' => 'privacy:metadata:timerequested',
 126              'timererequested' => 'privacy:metadata:timererequested',
 127              'token' => 'privacy:metadata:token'
 128          ];
 129  
 130          $userdevices = [
 131              'userid' => 'privacy:metadata:userid',
 132              'appid' => 'privacy:metadata:appid',
 133              'name' => 'privacy:metadata:devicename',
 134              'model' => 'privacy:metadata:model',
 135              'platform' => 'privacy:metadata:platform',
 136              'version' => 'privacy:metadata:version',
 137              'pushid' => 'privacy:metadata:pushid',
 138              'uuid' => 'privacy:metadata:uuid',
 139              'timecreated' => 'privacy:metadata:timecreated',
 140              'timemodified' => 'privacy:metadata:timemodified'
 141          ];
 142  
 143          $usersessions = [
 144              'state' => 'privacy:metadata:state',
 145              'sid' => 'privacy:metadata:sid',
 146              'userid' => 'privacy:metadata:userid',
 147              'sessdata' => 'privacy:metadata:sessdata',
 148              'timecreated' => 'privacy:metadata:timecreated',
 149              'timemodified' => 'privacy:metadata:timemodified',
 150              'firstip' => 'privacy:metadata:firstip',
 151              'lastip' => 'privacy:metadata:lastip'
 152          ];
 153  
 154          $courserequest = [
 155              'fullname' => 'privacy:metadata:fullname',
 156              'shortname' => 'privacy:metadata:shortname',
 157              'summary' => 'privacy:metadata:summary',
 158              'category' => 'privacy:metadata:category',
 159              'reason' => 'privacy:metadata:reason',
 160              'requester' => 'privacy:metadata:requester'
 161          ];
 162  
 163          $mypages = [
 164              'userid' => 'privacy:metadata:my_pages:userid',
 165              'name' => 'privacy:metadata:my_pages:name',
 166              'private' => 'privacy:metadata:my_pages:private',
 167          ];
 168  
 169          $userpreferences = [
 170              'userid' => 'privacy:metadata:user_preferences:userid',
 171              'name' => 'privacy:metadata:user_preferences:name',
 172              'value' => 'privacy:metadata:user_preferences:value'
 173          ];
 174  
 175          $collection->add_database_table('user', $userfields, 'privacy:metadata:usertablesummary');
 176          $collection->add_database_table('user_password_history', $passwordhistory, 'privacy:metadata:passwordtablesummary');
 177          $collection->add_database_table('user_password_resets', $userpasswordresets, 'privacy:metadata:passwordresettablesummary');
 178          $collection->add_database_table('user_lastaccess', $lastaccess, 'privacy:metadata:lastaccesstablesummary');
 179          $collection->add_database_table('user_devices', $userdevices, 'privacy:metadata:devicetablesummary');
 180          $collection->add_database_table('course_request', $courserequest, 'privacy:metadata:requestsummary');
 181          $collection->add_database_table('sessions', $usersessions, 'privacy:metadata:sessiontablesummary');
 182          $collection->add_database_table('my_pages', $mypages, 'privacy:metadata:my_pages');
 183          $collection->add_database_table('user_preferences', $userpreferences, 'privacy:metadata:user_preferences');
 184          $collection->add_subsystem_link('core_files', [], 'privacy:metadata:filelink');
 185  
 186          return $collection;
 187      }
 188  
 189      /**
 190       * Get the list of contexts that contain user information for the specified user.
 191       *
 192       * @param   int $userid The user to search.
 193       * @return  contextlist $contextlist The contextlist containing the list of contexts used in this plugin.
 194       */
 195      public static function get_contexts_for_userid(int $userid) : contextlist {
 196          $params = ['userid' => $userid, 'contextuser' => CONTEXT_USER];
 197          $sql = "SELECT id
 198                    FROM {context}
 199                   WHERE instanceid = :userid and contextlevel = :contextuser";
 200          $contextlist = new contextlist();
 201          $contextlist->add_from_sql($sql, $params);
 202          return $contextlist;
 203      }
 204  
 205      /**
 206       * Get the list of users within a specific context.
 207       *
 208       * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
 209       */
 210      public static function get_users_in_context(userlist $userlist) {
 211          $context = $userlist->get_context();
 212  
 213          if (!$context instanceof \context_user) {
 214              return;
 215          }
 216  
 217          $userlist->add_user($context->instanceid);
 218      }
 219  
 220      /**
 221       * Export all user data for the specified user, in the specified contexts.
 222       *
 223       * @param approved_contextlist $contextlist The approved contexts to export information for.
 224       */
 225      public static function export_user_data(approved_contextlist $contextlist) {
 226          $context = $contextlist->current();
 227          $user = \core_user::get_user($contextlist->get_user()->id);
 228          static::export_user($user, $context);
 229          static::export_password_history($user->id, $context);
 230          static::export_password_resets($user->id, $context);
 231          static::export_lastaccess($user->id, $context);
 232          static::export_course_requests($user->id, $context);
 233          static::export_user_devices($user->id, $context);
 234          static::export_user_session_data($user->id, $context);
 235      }
 236  
 237      /**
 238       * Delete all data for all users in the specified context.
 239       *
 240       * @param context $context The specific context to delete data for.
 241       */
 242      public static function delete_data_for_all_users_in_context(\context $context) {
 243          // Only delete data for a user context.
 244          if ($context->contextlevel == CONTEXT_USER) {
 245              static::delete_user_data($context->instanceid, $context);
 246          }
 247      }
 248  
 249      /**
 250       * Delete multiple users within a single context.
 251       *
 252       * @param approved_userlist $userlist The approved context and user information to delete information for.
 253       */
 254      public static function delete_data_for_users(approved_userlist $userlist) {
 255  
 256          $context = $userlist->get_context();
 257  
 258          if ($context instanceof \context_user) {
 259              static::delete_user_data($context->instanceid, $context);
 260          }
 261      }
 262  
 263      /**
 264       * Delete all user data for the specified user, in the specified contexts.
 265       *
 266       * @param approved_contextlist $contextlist The approved contexts and user information to delete information for.
 267       */
 268      public static function delete_data_for_user(approved_contextlist $contextlist) {
 269          foreach ($contextlist as $context) {
 270              // Let's be super certain that we have the right information for this user here.
 271              if ($context->contextlevel == CONTEXT_USER && $contextlist->get_user()->id == $context->instanceid) {
 272                  static::delete_user_data($contextlist->get_user()->id, $contextlist->current());
 273              }
 274          }
 275      }
 276  
 277      /**
 278       * Deletes non vital information about a user.
 279       *
 280       * @param  int      $userid  The user ID to delete
 281       * @param  \context $context The user context
 282       */
 283      protected static function delete_user_data(int $userid, \context $context) {
 284          global $DB;
 285  
 286          // Delete password history.
 287          $DB->delete_records('user_password_history', ['userid' => $userid]);
 288          // Delete last access.
 289          $DB->delete_records('user_lastaccess', ['userid' => $userid]);
 290          // Delete password resets.
 291          $DB->delete_records('user_password_resets', ['userid' => $userid]);
 292          // Delete user devices.
 293          $DB->delete_records('user_devices', ['userid' => $userid]);
 294          // Delete user course requests.
 295          $DB->delete_records('course_request', ['requester' => $userid]);
 296          // Delete sessions.
 297          $DB->delete_records('sessions', ['userid' => $userid]);
 298          // Do I delete user preferences? Seems like the right place to do it.
 299          $DB->delete_records('user_preferences', ['userid' => $userid]);
 300  
 301          // Delete all of the files for this user.
 302          $fs = get_file_storage();
 303          $fs->delete_area_files($context->id, 'user');
 304  
 305          // For the user record itself we only want to remove unnecessary data. We still need the core data to keep as a record
 306          // that we actually did follow the request to be forgotten.
 307          $user = \core_user::get_user($userid);
 308          // Update fields we wish to change to nothing.
 309          $user->deleted = 1;
 310          $user->idnumber = '';
 311          $user->emailstop = 0;
 312          $user->icq = '';
 313          $user->skype = '';
 314          $user->yahoo = '';
 315          $user->aim = '';
 316          $user->msn = '';
 317          $user->phone1 = '';
 318          $user->phone2 = '';
 319          $user->institution = '';
 320          $user->department = '';
 321          $user->address = '';
 322          $user->city = '';
 323          $user->country = '';
 324          $user->lang = '';
 325          $user->calendartype = '';
 326          $user->theme = '';
 327          $user->timezone = '';
 328          $user->firstaccess = 0;
 329          $user->lastaccess = 0;
 330          $user->lastlogin = 0;
 331          $user->currentlogin = 0;
 332          $user->lastip = 0;
 333          $user->secret = '';
 334          $user->picture = '';
 335          $user->url = '';
 336          $user->description = '';
 337          $user->descriptionformat = 0;
 338          $user->mailformat = 0;
 339          $user->maildigest = 0;
 340          $user->maildisplay = 0;
 341          $user->autosubscribe = 0;
 342          $user->trackforums = 0;
 343          $user->timecreated = 0;
 344          $user->timemodified = 0;
 345          $user->trustbitmask = 0;
 346          $user->imagealt = '';
 347          $user->lastnamephonetic = '';
 348          $user->firstnamephonetic = '';
 349          $user->middlename = '';
 350          $user->alternatename = '';
 351          $DB->update_record('user', $user);
 352      }
 353  
 354      /**
 355       * Export core user data.
 356       *
 357       * @param  \stdClass $user The user object.
 358       * @param  \context $context The user context.
 359       */
 360      protected static function export_user(\stdClass $user, \context $context) {
 361          $data = (object) [
 362              'auth' => $user->auth,
 363              'confirmed' => transform::yesno($user->confirmed),
 364              'policyagreed' => transform::yesno($user->policyagreed),
 365              'deleted' => transform::yesno($user->deleted),
 366              'suspended' => transform::yesno($user->suspended),
 367              'username' => $user->username,
 368              'idnumber' => $user->idnumber,
 369              'firstname' => format_string($user->firstname, true, ['context' => $context]),
 370              'lastname' => format_string($user->lastname, true, ['context' => $context]),
 371              'email' => $user->email,
 372              'emailstop' => transform::yesno($user->emailstop),
 373              'icq' => format_string($user->icq, true, ['context' => $context]),
 374              'skype' => format_string($user->skype, true, ['context' => $context]),
 375              'yahoo' => format_string($user->yahoo, true, ['context' => $context]),
 376              'aim' => format_string($user->aim, true, ['context' => $context]),
 377              'msn' => format_string($user->msn, true, ['context' => $context]),
 378              'phone1' => format_string($user->phone1, true, ['context' => $context]),
 379              'phone2' => format_string($user->phone2, true, ['context' => $context]),
 380              'institution' => format_string($user->institution, true, ['context' => $context]),
 381              'department' => format_string($user->department, true, ['context' => $context]),
 382              'address' => format_string($user->address, true, ['context' => $context]),
 383              'city' => format_string($user->city, true, ['context' => $context]),
 384              'country' => format_string($user->country, true, ['context' => $context]),
 385              'lang' => $user->lang,
 386              'calendartype' => $user->calendartype,
 387              'theme' => $user->theme,
 388              'timezone' => $user->timezone,
 389              'firstaccess' => $user->firstaccess ? transform::datetime($user->firstaccess) : null,
 390              'lastaccess' => $user->lastaccess ? transform::datetime($user->lastaccess) : null,
 391              'lastlogin' => $user->lastlogin ? transform::datetime($user->lastlogin) : null,
 392              'currentlogin' => $user->currentlogin ? transform::datetime($user->currentlogin) : null,
 393              'lastip' => $user->lastip,
 394              'secret' => $user->secret,
 395              'picture' => $user->picture,
 396              'url' => $user->url,
 397              'description' => format_text(
 398                  writer::with_context($context)->rewrite_pluginfile_urls(
 399                      [],
 400                      'user',
 401                      'profile',
 402                      '',
 403                      $user->description
 404                  ), $user->descriptionformat, ['context' => $context]),
 405              'maildigest' => transform::yesno($user->maildigest),
 406              'maildisplay' => $user->maildisplay,
 407              'autosubscribe' => transform::yesno($user->autosubscribe),
 408              'trackforums' => transform::yesno($user->trackforums),
 409              'timecreated' => transform::datetime($user->timecreated),
 410              'timemodified' => transform::datetime($user->timemodified),
 411              'imagealt' => format_string($user->imagealt, true, ['context' => $context]),
 412              'lastnamephonetic' => format_string($user->lastnamephonetic, true, ['context' => $context]),
 413              'firstnamephonetic' => format_string($user->firstnamephonetic, true, ['context' => $context]),
 414              'middlename' => format_string($user->middlename, true, ['context' => $context]),
 415              'alternatename'  => format_string($user->alternatename, true, ['context' => $context])
 416          ];
 417  
 418          writer::with_context($context)->export_area_files([], 'user', 'profile', 0)
 419                  ->export_data([], $data);
 420          // Export profile images.
 421          writer::with_context($context)->export_area_files([get_string('privacy:profileimagespath', 'user')], 'user', 'icon', 0);
 422          // Export private files.
 423          writer::with_context($context)->export_area_files([get_string('privacy:privatefilespath', 'user')], 'user', 'private', 0);
 424          // Export draft files.
 425          writer::with_context($context)->export_area_files([get_string('privacy:draftfilespath', 'user')], 'user', 'draft', false);
 426      }
 427  
 428      /**
 429       * Export information about the last time a user accessed a course.
 430       *
 431       * @param  int $userid The user ID.
 432       * @param  \context $context The user context.
 433       */
 434      protected static function export_lastaccess(int $userid, \context $context) {
 435          global $DB;
 436          $sql = "SELECT c.id, c.fullname, ul.timeaccess
 437                    FROM {user_lastaccess} ul
 438                    JOIN {course} c ON c.id = ul.courseid
 439                   WHERE ul.userid = :userid";
 440          $params = ['userid' => $userid];
 441          $records = $DB->get_records_sql($sql, $params);
 442          if (!empty($records)) {
 443              $lastaccess = (object) array_map(function($record) use ($context) {
 444                  return [
 445                      'course_name' => format_string($record->fullname, true, ['context' => $context]),
 446                      'timeaccess' => transform::datetime($record->timeaccess)
 447                  ];
 448              }, $records);
 449              writer::with_context($context)->export_data([get_string('privacy:lastaccesspath', 'user')], $lastaccess);
 450          }
 451      }
 452  
 453      /**
 454       * Exports information about password resets.
 455       *
 456       * @param  int $userid The user ID
 457       * @param  \context $context Context for this user.
 458       */
 459      protected static function export_password_resets(int $userid, \context $context) {
 460          global $DB;
 461          $records = $DB->get_records('user_password_resets', ['userid' => $userid]);
 462          if (!empty($records)) {
 463              $passwordresets = (object) array_map(function($record) {
 464                  return [
 465                      'timerequested' => transform::datetime($record->timerequested),
 466                      'timererequested' => transform::datetime($record->timererequested)
 467                  ];
 468              }, $records);
 469              writer::with_context($context)->export_data([get_string('privacy:passwordresetpath', 'user')], $passwordresets);
 470          }
 471      }
 472  
 473      /**
 474       * Exports information about the user's mobile devices.
 475       *
 476       * @param  int $userid The user ID.
 477       * @param  \context $context Context for this user.
 478       */
 479      protected static function export_user_devices(int $userid, \context $context) {
 480          global $DB;
 481          $records = $DB->get_records('user_devices', ['userid' => $userid]);
 482          if (!empty($records)) {
 483              $userdevices = (object) array_map(function($record) {
 484                  return [
 485                      'appid' => $record->appid,
 486                      'name' => $record->name,
 487                      'model' => $record->model,
 488                      'platform' => $record->platform,
 489                      'version' => $record->version,
 490                      'timecreated' => transform::datetime($record->timecreated),
 491                      'timemodified' => transform::datetime($record->timemodified)
 492                  ];
 493              }, $records);
 494              writer::with_context($context)->export_data([get_string('privacy:devicespath', 'user')], $userdevices);
 495          }
 496      }
 497  
 498      /**
 499       * Exports information about course requests this user made.
 500       *
 501       * @param  int    $userid  The user ID.
 502       * @param  \context $context The context object
 503       */
 504      protected static function export_course_requests(int $userid, \context $context) {
 505          global $DB;
 506          $sql = "SELECT cr.shortname, cr.fullname, cr.summary, cc.name AS category, cr.reason
 507                    FROM {course_request} cr
 508                    JOIN {course_categories} cc ON cr.category = cc.id
 509                   WHERE cr.requester = :userid";
 510          $params = ['userid' => $userid];
 511          $records = $DB->get_records_sql($sql, $params);
 512          if ($records) {
 513              writer::with_context($context)->export_data([get_string('privacy:courserequestpath', 'user')], (object) $records);
 514          }
 515      }
 516  
 517      /**
 518       * Get details about the user's password history.
 519       *
 520       * @param int $userid The user ID that we are getting the password history for.
 521       * @param \context $context the user context.
 522       */
 523      protected static function export_password_history(int $userid, \context $context) {
 524          global $DB;
 525  
 526          // Just provide a count of how many entries we have.
 527          $recordcount = $DB->count_records('user_password_history', ['userid' => $userid]);
 528          if ($recordcount) {
 529              $passwordhistory = (object) ['password_history_count' => $recordcount];
 530              writer::with_context($context)->export_data([get_string('privacy:passwordhistorypath', 'user')], $passwordhistory);
 531          }
 532      }
 533  
 534      /**
 535       * Exports information about the user's session.
 536       *
 537       * @param  int $userid The user ID.
 538       * @param  \context $context The context for this user.
 539       */
 540      protected static function export_user_session_data(int $userid, \context $context) {
 541          global $DB, $SESSION;
 542  
 543          $records = $DB->get_records('sessions', ['userid' => $userid]);
 544          if (!empty($records)) {
 545              $sessiondata = (object) array_map(function($record) {
 546                  return [
 547                      'state' => $record->state,
 548                      'sessdata' => base64_decode($record->sessdata),
 549                      'timecreated' => transform::datetime($record->timecreated),
 550                      'timemodified' => transform::datetime($record->timemodified),
 551                      'firstip' => $record->firstip,
 552                      'lastip' => $record->lastip
 553                  ];
 554              }, $records);
 555              writer::with_context($context)->export_data([get_string('privacy:sessionpath', 'user')], $sessiondata);
 556          }
 557      }
 558  }