Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
- Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/user/classes/privacy/ -> provider.php (source)
Differences Between: [Versions 39 and 310] [Versions 39 and 311] [Versions 39 and 400] [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Privacy class for requesting user data. 19 * 20 * @package core_user 21 * @copyright 2018 Adrian Greeve <adrian@moodle.com> 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 namespace core_user\privacy; 26 27 defined('MOODLE_INTERNAL') || die(); 28 29 use \core_privacy\local\metadata\collection; 30 use \core_privacy\local\request\transform; 31 use \core_privacy\local\request\contextlist; 32 use \core_privacy\local\request\approved_contextlist; 33 use \core_privacy\local\request\writer; 34 use core_privacy\local\request\userlist; 35 use \core_privacy\local\request\approved_userlist; 36 37 /** 38 * Privacy class for requesting user data. 39 * 40 * @package core_comment 41 * @copyright 2018 Adrian Greeve <adrian@moodle.com> 42 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 43 */ 44 class provider implements 45 \core_privacy\local\metadata\provider, 46 \core_privacy\local\request\core_userlist_provider, 47 \core_privacy\local\request\subsystem\provider { 48 49 /** 50 * Returns information about the user data stored in this component. 51 * 52 * @param collection $collection A list of information about this component 53 * @return collection The collection object filled out with information about this component. 54 */ 55 public static function get_metadata(collection $collection) : collection { 56 $userfields = [ 57 'id' => 'privacy:metadata:id', 58 'auth' => 'privacy:metadata:auth', 59 'confirmed' => 'privacy:metadata:confirmed', 60 'policyagreed' => 'privacy:metadata:policyagreed', 61 'deleted' => 'privacy:metadata:deleted', 62 'suspended' => 'privacy:metadata:suspended', 63 'mnethostid' => 'privacy:metadata:mnethostid', 64 'username' => 'privacy:metadata:username', 65 'password' => 'privacy:metadata:password', 66 'idnumber' => 'privacy:metadata:idnumber', 67 'firstname' => 'privacy:metadata:firstname', 68 'lastname' => 'privacy:metadata:lastname', 69 'email' => 'privacy:metadata:email', 70 'emailstop' => 'privacy:metadata:emailstop', 71 'icq' => 'privacy:metadata:icq', 72 'skype' => 'privacy:metadata:skype', 73 'yahoo' => 'privacy:metadata:yahoo', 74 'aim' => 'privacy:metadata:aim', 75 'msn' => 'privacy:metadata:msn', 76 'phone1' => 'privacy:metadata:phone', 77 'phone2' => 'privacy:metadata:phone', 78 'institution' => 'privacy:metadata:institution', 79 'department' => 'privacy:metadata:department', 80 'address' => 'privacy:metadata:address', 81 'city' => 'privacy:metadata:city', 82 'country' => 'privacy:metadata:country', 83 'lang' => 'privacy:metadata:lang', 84 'calendartype' => 'privacy:metadata:calendartype', 85 'theme' => 'privacy:metadata:theme', 86 'timezone' => 'privacy:metadata:timezone', 87 'firstaccess' => 'privacy:metadata:firstaccess', 88 'lastaccess' => 'privacy:metadata:lastaccess', 89 'lastlogin' => 'privacy:metadata:lastlogin', 90 'currentlogin' => 'privacy:metadata:currentlogin', 91 'lastip' => 'privacy:metadata:lastip', 92 'secret' => 'privacy:metadata:secret', 93 'picture' => 'privacy:metadata:picture', 94 'url' => 'privacy:metadata:url', 95 'description' => 'privacy:metadata:description', 96 'maildigest' => 'privacy:metadata:maildigest', 97 'maildisplay' => 'privacy:metadata:maildisplay', 98 'autosubscribe' => 'privacy:metadata:autosubscribe', 99 'trackforums' => 'privacy:metadata:trackforums', 100 'timecreated' => 'privacy:metadata:timecreated', 101 'timemodified' => 'privacy:metadata:timemodified', 102 'trustbitmask' => 'privacy:metadata:trustbitmask', 103 'imagealt' => 'privacy:metadata:imagealt', 104 'lastnamephonetic' => 'privacy:metadata:lastnamephonetic', 105 'firstnamephonetic' => 'privacy:metadata:firstnamephonetic', 106 'middlename' => 'privacy:metadata:middlename', 107 'alternatename' => 'privacy:metadata:alternatename', 108 'moodlenetprofile' => 'privacy:metadata:moodlenetprofile' 109 ]; 110 111 $passwordhistory = [ 112 'userid' => 'privacy:metadata:userid', 113 'hash' => 'privacy:metadata:hash', 114 'timecreated' => 'privacy:metadata:timecreated' 115 ]; 116 117 $lastaccess = [ 118 'userid' => 'privacy:metadata:userid', 119 'courseid' => 'privacy:metadata:courseid', 120 'timeaccess' => 'privacy:metadata:timeaccess' 121 ]; 122 123 $userpasswordresets = [ 124 'userid' => 'privacy:metadata:userid', 125 'timerequested' => 'privacy:metadata:timerequested', 126 'timererequested' => 'privacy:metadata:timererequested', 127 'token' => 'privacy:metadata:token' 128 ]; 129 130 $userdevices = [ 131 'userid' => 'privacy:metadata:userid', 132 'appid' => 'privacy:metadata:appid', 133 'name' => 'privacy:metadata:devicename', 134 'model' => 'privacy:metadata:model', 135 'platform' => 'privacy:metadata:platform', 136 'version' => 'privacy:metadata:version', 137 'pushid' => 'privacy:metadata:pushid', 138 'uuid' => 'privacy:metadata:uuid', 139 'timecreated' => 'privacy:metadata:timecreated', 140 'timemodified' => 'privacy:metadata:timemodified' 141 ]; 142 143 $usersessions = [ 144 'state' => 'privacy:metadata:state', 145 'sid' => 'privacy:metadata:sid', 146 'userid' => 'privacy:metadata:userid', 147 'sessdata' => 'privacy:metadata:sessdata', 148 'timecreated' => 'privacy:metadata:timecreated', 149 'timemodified' => 'privacy:metadata:timemodified', 150 'firstip' => 'privacy:metadata:firstip', 151 'lastip' => 'privacy:metadata:lastip' 152 ]; 153 154 $courserequest = [ 155 'fullname' => 'privacy:metadata:fullname', 156 'shortname' => 'privacy:metadata:shortname', 157 'summary' => 'privacy:metadata:summary', 158 'category' => 'privacy:metadata:category', 159 'reason' => 'privacy:metadata:reason', 160 'requester' => 'privacy:metadata:requester' 161 ]; 162 163 $mypages = [ 164 'userid' => 'privacy:metadata:my_pages:userid', 165 'name' => 'privacy:metadata:my_pages:name', 166 'private' => 'privacy:metadata:my_pages:private', 167 ]; 168 169 $userpreferences = [ 170 'userid' => 'privacy:metadata:user_preferences:userid', 171 'name' => 'privacy:metadata:user_preferences:name', 172 'value' => 'privacy:metadata:user_preferences:value' 173 ]; 174 175 $collection->add_database_table('user', $userfields, 'privacy:metadata:usertablesummary'); 176 $collection->add_database_table('user_password_history', $passwordhistory, 'privacy:metadata:passwordtablesummary'); 177 $collection->add_database_table('user_password_resets', $userpasswordresets, 'privacy:metadata:passwordresettablesummary'); 178 $collection->add_database_table('user_lastaccess', $lastaccess, 'privacy:metadata:lastaccesstablesummary'); 179 $collection->add_database_table('user_devices', $userdevices, 'privacy:metadata:devicetablesummary'); 180 $collection->add_database_table('course_request', $courserequest, 'privacy:metadata:requestsummary'); 181 $collection->add_database_table('sessions', $usersessions, 'privacy:metadata:sessiontablesummary'); 182 $collection->add_database_table('my_pages', $mypages, 'privacy:metadata:my_pages'); 183 $collection->add_database_table('user_preferences', $userpreferences, 'privacy:metadata:user_preferences'); 184 $collection->add_subsystem_link('core_files', [], 'privacy:metadata:filelink'); 185 186 return $collection; 187 } 188 189 /** 190 * Get the list of contexts that contain user information for the specified user. 191 * 192 * @param int $userid The user to search. 193 * @return contextlist $contextlist The contextlist containing the list of contexts used in this plugin. 194 */ 195 public static function get_contexts_for_userid(int $userid) : contextlist { 196 $params = ['userid' => $userid, 'contextuser' => CONTEXT_USER]; 197 $sql = "SELECT id 198 FROM {context} 199 WHERE instanceid = :userid and contextlevel = :contextuser"; 200 $contextlist = new contextlist(); 201 $contextlist->add_from_sql($sql, $params); 202 return $contextlist; 203 } 204 205 /** 206 * Get the list of users within a specific context. 207 * 208 * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination. 209 */ 210 public static function get_users_in_context(userlist $userlist) { 211 $context = $userlist->get_context(); 212 213 if (!$context instanceof \context_user) { 214 return; 215 } 216 217 $userlist->add_user($context->instanceid); 218 } 219 220 /** 221 * Export all user data for the specified user, in the specified contexts. 222 * 223 * @param approved_contextlist $contextlist The approved contexts to export information for. 224 */ 225 public static function export_user_data(approved_contextlist $contextlist) { 226 $context = $contextlist->current(); 227 $user = \core_user::get_user($contextlist->get_user()->id); 228 static::export_user($user, $context); 229 static::export_password_history($user->id, $context); 230 static::export_password_resets($user->id, $context); 231 static::export_lastaccess($user->id, $context); 232 static::export_course_requests($user->id, $context); 233 static::export_user_devices($user->id, $context); 234 static::export_user_session_data($user->id, $context); 235 } 236 237 /** 238 * Delete all data for all users in the specified context. 239 * 240 * @param context $context The specific context to delete data for. 241 */ 242 public static function delete_data_for_all_users_in_context(\context $context) { 243 // Only delete data for a user context. 244 if ($context->contextlevel == CONTEXT_USER) { 245 static::delete_user_data($context->instanceid, $context); 246 } 247 } 248 249 /** 250 * Delete multiple users within a single context. 251 * 252 * @param approved_userlist $userlist The approved context and user information to delete information for. 253 */ 254 public static function delete_data_for_users(approved_userlist $userlist) { 255 256 $context = $userlist->get_context(); 257 258 if ($context instanceof \context_user) { 259 static::delete_user_data($context->instanceid, $context); 260 } 261 } 262 263 /** 264 * Delete all user data for the specified user, in the specified contexts. 265 * 266 * @param approved_contextlist $contextlist The approved contexts and user information to delete information for. 267 */ 268 public static function delete_data_for_user(approved_contextlist $contextlist) { 269 foreach ($contextlist as $context) { 270 // Let's be super certain that we have the right information for this user here. 271 if ($context->contextlevel == CONTEXT_USER && $contextlist->get_user()->id == $context->instanceid) { 272 static::delete_user_data($contextlist->get_user()->id, $contextlist->current()); 273 } 274 } 275 } 276 277 /** 278 * Deletes non vital information about a user. 279 * 280 * @param int $userid The user ID to delete 281 * @param \context $context The user context 282 */ 283 protected static function delete_user_data(int $userid, \context $context) { 284 global $DB; 285 286 // Delete password history. 287 $DB->delete_records('user_password_history', ['userid' => $userid]); 288 // Delete last access. 289 $DB->delete_records('user_lastaccess', ['userid' => $userid]); 290 // Delete password resets. 291 $DB->delete_records('user_password_resets', ['userid' => $userid]); 292 // Delete user devices. 293 $DB->delete_records('user_devices', ['userid' => $userid]); 294 // Delete user course requests. 295 $DB->delete_records('course_request', ['requester' => $userid]); 296 // Delete sessions. 297 $DB->delete_records('sessions', ['userid' => $userid]); 298 // Do I delete user preferences? Seems like the right place to do it. 299 $DB->delete_records('user_preferences', ['userid' => $userid]); 300 301 // Delete all of the files for this user. 302 $fs = get_file_storage(); 303 $fs->delete_area_files($context->id, 'user'); 304 305 // For the user record itself we only want to remove unnecessary data. We still need the core data to keep as a record 306 // that we actually did follow the request to be forgotten. 307 $user = \core_user::get_user($userid); 308 // Update fields we wish to change to nothing. 309 $user->deleted = 1; 310 $user->idnumber = ''; 311 $user->emailstop = 0; 312 $user->icq = ''; 313 $user->skype = ''; 314 $user->yahoo = ''; 315 $user->aim = ''; 316 $user->msn = ''; 317 $user->phone1 = ''; 318 $user->phone2 = ''; 319 $user->institution = ''; 320 $user->department = ''; 321 $user->address = ''; 322 $user->city = ''; 323 $user->country = ''; 324 $user->lang = ''; 325 $user->calendartype = ''; 326 $user->theme = ''; 327 $user->timezone = ''; 328 $user->firstaccess = 0; 329 $user->lastaccess = 0; 330 $user->lastlogin = 0; 331 $user->currentlogin = 0; 332 $user->lastip = 0; 333 $user->secret = ''; 334 $user->picture = ''; 335 $user->url = ''; 336 $user->description = ''; 337 $user->descriptionformat = 0; 338 $user->mailformat = 0; 339 $user->maildigest = 0; 340 $user->maildisplay = 0; 341 $user->autosubscribe = 0; 342 $user->trackforums = 0; 343 $user->timecreated = 0; 344 $user->timemodified = 0; 345 $user->trustbitmask = 0; 346 $user->imagealt = ''; 347 $user->lastnamephonetic = ''; 348 $user->firstnamephonetic = ''; 349 $user->middlename = ''; 350 $user->alternatename = ''; 351 $DB->update_record('user', $user); 352 } 353 354 /** 355 * Export core user data. 356 * 357 * @param \stdClass $user The user object. 358 * @param \context $context The user context. 359 */ 360 protected static function export_user(\stdClass $user, \context $context) { 361 $data = (object) [ 362 'auth' => $user->auth, 363 'confirmed' => transform::yesno($user->confirmed), 364 'policyagreed' => transform::yesno($user->policyagreed), 365 'deleted' => transform::yesno($user->deleted), 366 'suspended' => transform::yesno($user->suspended), 367 'username' => $user->username, 368 'idnumber' => $user->idnumber, 369 'firstname' => format_string($user->firstname, true, ['context' => $context]), 370 'lastname' => format_string($user->lastname, true, ['context' => $context]), 371 'email' => $user->email, 372 'emailstop' => transform::yesno($user->emailstop), 373 'icq' => format_string($user->icq, true, ['context' => $context]), 374 'skype' => format_string($user->skype, true, ['context' => $context]), 375 'yahoo' => format_string($user->yahoo, true, ['context' => $context]), 376 'aim' => format_string($user->aim, true, ['context' => $context]), 377 'msn' => format_string($user->msn, true, ['context' => $context]), 378 'phone1' => format_string($user->phone1, true, ['context' => $context]), 379 'phone2' => format_string($user->phone2, true, ['context' => $context]), 380 'institution' => format_string($user->institution, true, ['context' => $context]), 381 'department' => format_string($user->department, true, ['context' => $context]), 382 'address' => format_string($user->address, true, ['context' => $context]), 383 'city' => format_string($user->city, true, ['context' => $context]), 384 'country' => format_string($user->country, true, ['context' => $context]), 385 'lang' => $user->lang, 386 'calendartype' => $user->calendartype, 387 'theme' => $user->theme, 388 'timezone' => $user->timezone, 389 'firstaccess' => $user->firstaccess ? transform::datetime($user->firstaccess) : null, 390 'lastaccess' => $user->lastaccess ? transform::datetime($user->lastaccess) : null, 391 'lastlogin' => $user->lastlogin ? transform::datetime($user->lastlogin) : null, 392 'currentlogin' => $user->currentlogin ? transform::datetime($user->currentlogin) : null, 393 'lastip' => $user->lastip, 394 'secret' => $user->secret, 395 'picture' => $user->picture, 396 'url' => $user->url, 397 'description' => format_text($user->description, $user->descriptionformat, ['context' => $context]), 398 'maildigest' => transform::yesno($user->maildigest), 399 'maildisplay' => $user->maildisplay, 400 'autosubscribe' => transform::yesno($user->autosubscribe), 401 'trackforums' => transform::yesno($user->trackforums), 402 'timecreated' => transform::datetime($user->timecreated), 403 'timemodified' => transform::datetime($user->timemodified), 404 'imagealt' => format_string($user->imagealt, true, ['context' => $context]), 405 'lastnamephonetic' => format_string($user->lastnamephonetic, true, ['context' => $context]), 406 'firstnamephonetic' => format_string($user->firstnamephonetic, true, ['context' => $context]), 407 'middlename' => format_string($user->middlename, true, ['context' => $context]), 408 'alternatename' => format_string($user->alternatename, true, ['context' => $context]) 409 ]; 410 if (isset($data->description)) { 411 $data->description = writer::with_context($context)->rewrite_pluginfile_urls( 412 [get_string('privacy:descriptionpath', 'user')], 'user', 'profile', '', $data->description); 413 } 414 writer::with_context($context)->export_area_files([], 'user', 'profile', 0) 415 ->export_data([], $data); 416 // Export profile images. 417 writer::with_context($context)->export_area_files([get_string('privacy:profileimagespath', 'user')], 'user', 'icon', 0); 418 // Export private files. 419 writer::with_context($context)->export_area_files([get_string('privacy:privatefilespath', 'user')], 'user', 'private', 0); 420 // Export draft files. 421 writer::with_context($context)->export_area_files([get_string('privacy:draftfilespath', 'user')], 'user', 'draft', false); 422 } 423 424 /** 425 * Export information about the last time a user accessed a course. 426 * 427 * @param int $userid The user ID. 428 * @param \context $context The user context. 429 */ 430 protected static function export_lastaccess(int $userid, \context $context) { 431 global $DB; 432 $sql = "SELECT c.id, c.fullname, ul.timeaccess 433 FROM {user_lastaccess} ul 434 JOIN {course} c ON c.id = ul.courseid 435 WHERE ul.userid = :userid"; 436 $params = ['userid' => $userid]; 437 $records = $DB->get_records_sql($sql, $params); 438 if (!empty($records)) { 439 $lastaccess = (object) array_map(function($record) use ($context) { 440 return [ 441 'course_name' => format_string($record->fullname, true, ['context' => $context]), 442 'timeaccess' => transform::datetime($record->timeaccess) 443 ]; 444 }, $records); 445 writer::with_context($context)->export_data([get_string('privacy:lastaccesspath', 'user')], $lastaccess); 446 } 447 } 448 449 /** 450 * Exports information about password resets. 451 * 452 * @param int $userid The user ID 453 * @param \context $context Context for this user. 454 */ 455 protected static function export_password_resets(int $userid, \context $context) { 456 global $DB; 457 $records = $DB->get_records('user_password_resets', ['userid' => $userid]); 458 if (!empty($records)) { 459 $passwordresets = (object) array_map(function($record) { 460 return [ 461 'timerequested' => transform::datetime($record->timerequested), 462 'timererequested' => transform::datetime($record->timererequested) 463 ]; 464 }, $records); 465 writer::with_context($context)->export_data([get_string('privacy:passwordresetpath', 'user')], $passwordresets); 466 } 467 } 468 469 /** 470 * Exports information about the user's mobile devices. 471 * 472 * @param int $userid The user ID. 473 * @param \context $context Context for this user. 474 */ 475 protected static function export_user_devices(int $userid, \context $context) { 476 global $DB; 477 $records = $DB->get_records('user_devices', ['userid' => $userid]); 478 if (!empty($records)) { 479 $userdevices = (object) array_map(function($record) { 480 return [ 481 'appid' => $record->appid, 482 'name' => $record->name, 483 'model' => $record->model, 484 'platform' => $record->platform, 485 'version' => $record->version, 486 'timecreated' => transform::datetime($record->timecreated), 487 'timemodified' => transform::datetime($record->timemodified) 488 ]; 489 }, $records); 490 writer::with_context($context)->export_data([get_string('privacy:devicespath', 'user')], $userdevices); 491 } 492 } 493 494 /** 495 * Exports information about course requests this user made. 496 * 497 * @param int $userid The user ID. 498 * @param \context $context The context object 499 */ 500 protected static function export_course_requests(int $userid, \context $context) { 501 global $DB; 502 $sql = "SELECT cr.shortname, cr.fullname, cr.summary, cc.name AS category, cr.reason 503 FROM {course_request} cr 504 JOIN {course_categories} cc ON cr.category = cc.id 505 WHERE cr.requester = :userid"; 506 $params = ['userid' => $userid]; 507 $records = $DB->get_records_sql($sql, $params); 508 if ($records) { 509 writer::with_context($context)->export_data([get_string('privacy:courserequestpath', 'user')], (object) $records); 510 } 511 } 512 513 /** 514 * Get details about the user's password history. 515 * 516 * @param int $userid The user ID that we are getting the password history for. 517 * @param \context $context the user context. 518 */ 519 protected static function export_password_history(int $userid, \context $context) { 520 global $DB; 521 522 // Just provide a count of how many entries we have. 523 $recordcount = $DB->count_records('user_password_history', ['userid' => $userid]); 524 if ($recordcount) { 525 $passwordhistory = (object) ['password_history_count' => $recordcount]; 526 writer::with_context($context)->export_data([get_string('privacy:passwordhistorypath', 'user')], $passwordhistory); 527 } 528 } 529 530 /** 531 * Exports information about the user's session. 532 * 533 * @param int $userid The user ID. 534 * @param \context $context The context for this user. 535 */ 536 protected static function export_user_session_data(int $userid, \context $context) { 537 global $DB, $SESSION; 538 539 $records = $DB->get_records('sessions', ['userid' => $userid]); 540 if (!empty($records)) { 541 $sessiondata = (object) array_map(function($record) { 542 return [ 543 'state' => $record->state, 544 'sessdata' => base64_decode($record->sessdata), 545 'timecreated' => transform::datetime($record->timecreated), 546 'timemodified' => transform::datetime($record->timemodified), 547 'firstip' => $record->firstip, 548 'lastip' => $record->lastip 549 ]; 550 }, $records); 551 writer::with_context($context)->export_data([get_string('privacy:sessionpath', 'user')], $sessiondata); 552 } 553 } 554 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
