Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Adhoc task that processes an approved data request and prepares/deletes the user's data.
  19   *
  20   * @package    tool_dataprivacy
  21   * @copyright  2018 Jun Pataleta
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace tool_dataprivacy\task;
  26  
  27  use action_link;
  28  use coding_exception;
  29  use context_system;
  30  use core\message\message;
  31  use core\task\adhoc_task;
  32  use core_user;
  33  use moodle_exception;
  34  use moodle_url;
  35  use tool_dataprivacy\api;
  36  use tool_dataprivacy\data_request;
  37  
  38  defined('MOODLE_INTERNAL') || die();
  39  
  40  /**
  41   * Class that processes an approved data request and prepares/deletes the user's data.
  42   *
  43   * Custom data accepted:
  44   * - requestid -> The ID of the data request to be processed.
  45   *
  46   * @package     tool_dataprivacy
  47   * @copyright   2018 Jun Pataleta
  48   * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  49   */
  50  class process_data_request_task extends adhoc_task {
  51  
  52      /**
  53       * Run the task to initiate the data request process.
  54       *
  55       * @throws coding_exception
  56       * @throws moodle_exception
  57       */
  58      public function execute() {
  59          global $CFG, $PAGE, $SITE;
  60  
  61          require_once($CFG->dirroot . "/{$CFG->admin}/tool/dataprivacy/lib.php");
  62  
  63          if (!isset($this->get_custom_data()->requestid)) {
  64              throw new coding_exception('The custom data \'requestid\' is required.');
  65          }
  66          $requestid = $this->get_custom_data()->requestid;
  67  
  68          $requestpersistent = new data_request($requestid);
  69          $request = $requestpersistent->to_record();
  70  
  71          // Check if this request still needs to be processed. e.g. The user might have cancelled it before this task has run.
  72          $status = $requestpersistent->get('status');
  73          if (!api::is_active($status)) {
  74              mtrace("Request {$requestid} with status {$status} doesn't need to be processed. Skipping...");
  75              return;
  76          }
  77  
  78          if (!\tool_dataprivacy\data_registry::defaults_set()) {
  79              // Warn if no site purpose is defined.
  80              mtrace('Warning: No purpose is defined at the system level. Deletion will delete all.');
  81          }
  82  
  83          // Grab the manager.
  84          // We set an observer against it to handle failures.
  85          $manager = new \core_privacy\manager();
  86          $manager->set_observer(new \tool_dataprivacy\manager_observer());
  87  
  88          // Get the user details now. We might not be able to retrieve it later if it's a deletion processing.
  89          $foruser = core_user::get_user($request->userid);
  90  
  91          // Update the status of this request as pre-processing.
  92          mtrace('Pre-processing request...');
  93          api::update_request_status($requestid, api::DATAREQUEST_STATUS_PROCESSING);
  94          $contextlistcollection = $manager->get_contexts_for_userid($requestpersistent->get('userid'));
  95  
  96          mtrace('Fetching approved contextlists from collection');
  97          $approvedclcollection = api::get_approved_contextlist_collection_for_collection(
  98                  $contextlistcollection, $foruser, $request->type);
  99  
 100          mtrace('Processing request...');
 101          $completestatus = api::DATAREQUEST_STATUS_COMPLETE;
 102          $deleteuser = false;
 103  
 104          if ($request->type == api::DATAREQUEST_TYPE_EXPORT) {
 105              // Get the user context.
 106              $usercontext = \context_user::instance($foruser->id, IGNORE_MISSING);
 107              if (!$usercontext) {
 108                  mtrace("Request {$requestid} cannot be processed due to a missing user context instance for the user
 109                      with ID {$foruser->id}. Skipping...");
 110                  return;
 111              }
 112  
 113              // Export the data.
 114              $exportedcontent = $manager->export_user_data($approvedclcollection);
 115  
 116              $fs = get_file_storage();
 117              $filerecord = new \stdClass;
 118              $filerecord->component = 'tool_dataprivacy';
 119              $filerecord->contextid = $usercontext->id;
 120              $filerecord->userid    = $foruser->id;
 121              $filerecord->filearea  = 'export';
 122              $filerecord->filename  = 'export.zip';
 123              $filerecord->filepath  = '/';
 124              $filerecord->itemid    = $requestid;
 125              $filerecord->license   = $CFG->sitedefaultlicense;
 126              $filerecord->author    = fullname($foruser);
 127              // Save somewhere.
 128              $thing = $fs->create_file_from_pathname($filerecord, $exportedcontent);
 129              $completestatus = api::DATAREQUEST_STATUS_DOWNLOAD_READY;
 130          } else if ($request->type == api::DATAREQUEST_TYPE_DELETE) {
 131              // Delete the data for users other than the primary admin, which is rejected.
 132              if (is_primary_admin($foruser->id)) {
 133                  $completestatus = api::DATAREQUEST_STATUS_REJECTED;
 134              } else {
 135                  $manager = new \core_privacy\manager();
 136                  $manager->set_observer(new \tool_dataprivacy\manager_observer());
 137  
 138                  $manager->delete_data_for_user($approvedclcollection);
 139                  $completestatus = api::DATAREQUEST_STATUS_DELETED;
 140                  $deleteuser = !$foruser->deleted;
 141              }
 142          }
 143  
 144          // When the preparation of the metadata finishes, update the request status to awaiting approval.
 145          api::update_request_status($requestid, $completestatus);
 146          mtrace('The processing of the user data request has been completed...');
 147  
 148          // Create message to notify the user regarding the processing results.
 149          $message = new message();
 150          $message->courseid = $SITE->id;
 151          $message->component = 'tool_dataprivacy';
 152          $message->name = 'datarequestprocessingresults';
 153          if (empty($request->dpo)) {
 154              // Use the no-reply user as the sender if the privacy officer is not set. This is the case for automatically
 155              // approved requests.
 156              $fromuser = core_user::get_noreply_user();
 157          } else {
 158              $fromuser = core_user::get_user($request->dpo);
 159              $message->replyto = $fromuser->email;
 160              $message->replytoname = fullname($fromuser);
 161          }
 162          $message->userfrom = $fromuser;
 163  
 164          $typetext = null;
 165          // Prepare the context data for the email message body.
 166          $messagetextdata = [
 167              'username' => fullname($foruser)
 168          ];
 169  
 170          $output = $PAGE->get_renderer('tool_dataprivacy');
 171          $emailonly = false;
 172          $notifyuser = true;
 173          switch ($request->type) {
 174              case api::DATAREQUEST_TYPE_EXPORT:
 175                  // Check if the user is allowed to download their own export. (This is for
 176                  // institutions which centrally co-ordinate subject access request across many
 177                  // systems, not just one Moodle instance, so we don't want every instance emailing
 178                  // the user.)
 179                  if (!api::can_download_data_request_for_user($request->userid, $request->requestedby, $request->userid)) {
 180                      $notifyuser = false;
 181                  }
 182  
 183                  $typetext = get_string('requesttypeexport', 'tool_dataprivacy');
 184                  // We want to notify the user in Moodle about the processing results.
 185                  $message->notification = 1;
 186                  $datarequestsurl = new moodle_url('/admin/tool/dataprivacy/mydatarequests.php');
 187                  $message->contexturl = $datarequestsurl;
 188                  $message->contexturlname = get_string('datarequests', 'tool_dataprivacy');
 189                  // Message to the recipient.
 190                  $messagetextdata['message'] = get_string('resultdownloadready', 'tool_dataprivacy',
 191                      format_string($SITE->fullname, true, ['context' => context_system::instance()]));
 192                  // Prepare download link.
 193                  $downloadurl = moodle_url::make_pluginfile_url($usercontext->id, 'tool_dataprivacy', 'export', $thing->get_itemid(),
 194                      $thing->get_filepath(), $thing->get_filename(), true);
 195                  $downloadlink = new action_link($downloadurl, get_string('download', 'tool_dataprivacy'));
 196                  $messagetextdata['downloadlink'] = $downloadlink->export_for_template($output);
 197                  break;
 198              case api::DATAREQUEST_TYPE_DELETE:
 199                  $typetext = get_string('requesttypedelete', 'tool_dataprivacy');
 200                  // No point notifying a deleted user in Moodle.
 201                  $message->notification = 0;
 202                  // Message to the recipient.
 203                  $messagetextdata['message'] = get_string('resultdeleted', 'tool_dataprivacy',
 204                      format_string($SITE->fullname, true, ['context' => context_system::instance()]));
 205                  // Message will be sent to the deleted user via email only.
 206                  $emailonly = true;
 207                  break;
 208              default:
 209                  throw new moodle_exception('errorinvalidrequesttype', 'tool_dataprivacy');
 210          }
 211  
 212          $subject = get_string('datarequestemailsubject', 'tool_dataprivacy', $typetext);
 213          $message->subject           = $subject;
 214          $message->fullmessageformat = FORMAT_HTML;
 215          $message->userto = $foruser;
 216  
 217          // Render message email body.
 218          $messagehtml = $output->render_from_template('tool_dataprivacy/data_request_results_email', $messagetextdata);
 219          $message->fullmessage = html_to_text($messagehtml);
 220          $message->fullmessagehtml = $messagehtml;
 221  
 222          // Send message to the user involved.
 223          if ($notifyuser) {
 224              $messagesent = false;
 225              if ($emailonly) {
 226                  // Do not sent an email if the user has been deleted. The user email has been previously deleted.
 227                  if (!$foruser->deleted) {
 228                      $messagesent = email_to_user($foruser, $fromuser, $subject, $message->fullmessage, $messagehtml);
 229                  }
 230              } else {
 231                  $messagesent = message_send($message);
 232              }
 233  
 234              if ($messagesent) {
 235                  mtrace('Message sent to user: ' . $messagetextdata['username']);
 236              }
 237          }
 238  
 239          // Send to requester as well in some circumstances.
 240          if ($foruser->id != $request->requestedby) {
 241              $sendtorequester = false;
 242              switch ($request->type) {
 243                  case api::DATAREQUEST_TYPE_EXPORT:
 244                      // Send to the requester as well if they can download it, unless they are the
 245                      // DPO. If we didn't notify the user themselves (because they can't download)
 246                      // then send to requester even if it is the DPO, as in that case the requester
 247                      // needs to take some action.
 248                      if (api::can_download_data_request_for_user($request->userid, $request->requestedby, $request->requestedby)) {
 249                          $sendtorequester = !$notifyuser || !api::is_site_dpo($request->requestedby);
 250                      }
 251                      break;
 252                  case api::DATAREQUEST_TYPE_DELETE:
 253                      // Send to the requester if they are not the DPO and if they are allowed to
 254                      // create data requests for the user (e.g. Parent).
 255                      $sendtorequester = !api::is_site_dpo($request->requestedby) &&
 256                              api::can_create_data_request_for_user($request->userid, $request->requestedby);
 257                      break;
 258                  default:
 259                      throw new moodle_exception('errorinvalidrequesttype', 'tool_dataprivacy');
 260              }
 261  
 262              // Ensure the requester has the capability to make data requests for this user.
 263              if ($sendtorequester) {
 264                  $requestedby = core_user::get_user($request->requestedby);
 265                  $message->userto = $requestedby;
 266                  $messagetextdata['username'] = fullname($requestedby);
 267                  // Render message email body.
 268                  $messagehtml = $output->render_from_template('tool_dataprivacy/data_request_results_email', $messagetextdata);
 269                  $message->fullmessage = html_to_text($messagehtml);
 270                  $message->fullmessagehtml = $messagehtml;
 271  
 272                  // Send message.
 273                  if ($emailonly) {
 274                      email_to_user($requestedby, $fromuser, $subject, $message->fullmessage, $messagehtml);
 275                  } else {
 276                      message_send($message);
 277                  }
 278                  mtrace('Message sent to requester: ' . $messagetextdata['username']);
 279              }
 280          }
 281  
 282          if ($deleteuser) {
 283              // Delete the user.
 284              delete_user($foruser);
 285          }
 286      }
 287  }