Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * The contact form to the site's Data Protection Officer
  19   *
  20   * @copyright 2018 onwards Jun Pataleta
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  22   * @package tool_dataprivacy
  23   */
  24  
  25  use tool_dataprivacy\api;
  26  use tool_dataprivacy\data_request;
  27  use tool_dataprivacy\local\helper;
  28  
  29  defined('MOODLE_INTERNAL') || die();
  30  
  31  require_once($CFG->libdir.'/formslib.php');
  32  
  33  /**
  34   * The contact form to the site's Data Protection Officer
  35   *
  36   * @copyright 2018 onwards Jun Pataleta
  37   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  38   * @package tool_dataprivacy
  39   */
  40  class tool_dataprivacy_data_request_form extends \core\form\persistent {
  41  
  42      /** @var string Name of the persistent class. */
  43      protected static $persistentclass = data_request::class;
  44  
  45      /** @var bool Flag to indicate whether this form is being rendered for managing data requests or for regular requests. */
  46      protected $manage = false;
  47  
  48      /**
  49       * Form definition.
  50       *
  51       * @throws coding_exception
  52       * @throws dml_exception
  53       */
  54      public function definition() {
  55          global $USER;
  56          $mform =& $this->_form;
  57  
  58          $this->manage = $this->_customdata['manage'];
  59          if ($this->manage) {
  60              $options = [
  61                  'ajax' => 'tool_dataprivacy/form-user-selector',
  62                  'valuehtmlcallback' => function($value) {
  63                      global $OUTPUT;
  64  
  65                      $userfieldsapi = \core_user\fields::for_name();
  66                      $allusernames = $userfieldsapi->get_sql('', false, '', '', false)->selects;
  67                      $fields = 'id, email, ' . $allusernames;
  68                      $user = \core_user::get_user($value, $fields);
  69                      $useroptiondata = [
  70                          'fullname' => fullname($user),
  71                          'email' => $user->email
  72                      ];
  73                      return $OUTPUT->render_from_template('tool_dataprivacy/form-user-selector-suggestion', $useroptiondata);
  74                  }
  75              ];
  76              $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), [], $options);
  77              $mform->addRule('userid', null, 'required', null, 'client');
  78  
  79          } else {
  80              // Get users whom you are being a guardian to if your role has the capability to make data requests for children.
  81              if ($children = helper::get_children_of_user($USER->id)) {
  82                  $useroptions = [
  83                      $USER->id => fullname($USER)
  84                  ];
  85                  foreach ($children as $key => $child) {
  86                      $useroptions[$key] = fullname($child);
  87                  }
  88                  $mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), $useroptions);
  89                  $mform->addRule('userid', null, 'required', null, 'client');
  90  
  91              } else {
  92                  // Requesting for self.
  93                  $mform->addElement('hidden', 'userid', $USER->id);
  94              }
  95          }
  96  
  97          $mform->setType('userid', PARAM_INT);
  98  
  99          // Subject access request type.
 100          $options = [];
 101          if ($this->manage || api::can_create_data_download_request_for_self()) {
 102              $options[api::DATAREQUEST_TYPE_EXPORT] = get_string('requesttypeexport', 'tool_dataprivacy');
 103          }
 104          $options[api::DATAREQUEST_TYPE_DELETE] = get_string('requesttypedelete', 'tool_dataprivacy');
 105  
 106          $mform->addElement('select', 'type', get_string('requesttype', 'tool_dataprivacy'), $options);
 107          $mform->addHelpButton('type', 'requesttype', 'tool_dataprivacy');
 108  
 109          // Request comments text area.
 110          $textareaoptions = ['cols' => 60, 'rows' => 10];
 111          $mform->addElement('textarea', 'comments', get_string('requestcomments', 'tool_dataprivacy'), $textareaoptions);
 112          $mform->addHelpButton('comments', 'requestcomments', 'tool_dataprivacy');
 113  
 114          // Action buttons.
 115          $this->add_action_buttons();
 116  
 117          $shouldfreeze = false;
 118          if ($this->manage) {
 119              $shouldfreeze = !api::can_create_data_deletion_request_for_other();
 120          } else {
 121              $shouldfreeze = !api::can_create_data_deletion_request_for_self();
 122              if ($shouldfreeze && !empty($useroptions)) {
 123                  foreach ($useroptions as $userid => $useroption) {
 124                      if (api::can_create_data_deletion_request_for_children($userid)) {
 125                          $shouldfreeze = false;
 126                          break;
 127                      }
 128                  }
 129              }
 130          }
 131  
 132          if ($shouldfreeze) {
 133              $mform->freeze('type');
 134          }
 135      }
 136  
 137      /**
 138       * Get the default data. Unset the default userid if managing data requests
 139       *
 140       * @return stdClass
 141       */
 142      protected function get_default_data() {
 143          $data = parent::get_default_data();
 144          if ($this->manage) {
 145              unset($data->userid);
 146          }
 147  
 148          return $data;
 149      }
 150  
 151      /**
 152       * Form validation.
 153       *
 154       * @param stdClass $data
 155       * @param array $files
 156       * @param array $errors
 157       * @return array
 158       * @throws coding_exception
 159       * @throws dml_exception
 160       */
 161      public function extra_validation($data, $files, array &$errors) {
 162          global $USER;
 163  
 164          $validrequesttypes = [
 165              api::DATAREQUEST_TYPE_EXPORT,
 166              api::DATAREQUEST_TYPE_DELETE
 167          ];
 168          if (!in_array($data->type, $validrequesttypes)) {
 169              $errors['type'] = get_string('errorinvalidrequesttype', 'tool_dataprivacy');
 170          }
 171  
 172          $userid = $data->userid;
 173  
 174          if (api::has_ongoing_request($userid, $data->type)) {
 175              $errors['type'] = get_string('errorrequestalreadyexists', 'tool_dataprivacy');
 176          }
 177  
 178          // Check if current user can create data requests.
 179          if ($data->type == api::DATAREQUEST_TYPE_DELETE) {
 180              if ($userid == $USER->id) {
 181                  if (!api::can_create_data_deletion_request_for_self()) {
 182                      $errors['type'] = get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy');
 183                  }
 184              } else if (!api::can_create_data_deletion_request_for_other()
 185                  && !api::can_create_data_deletion_request_for_children($userid)) {
 186                  $errors['type'] = get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy');
 187              }
 188          } else if ($data->type == api::DATAREQUEST_TYPE_EXPORT) {
 189              if ($userid == $USER->id && !api::can_create_data_download_request_for_self()) {
 190                  $errors['type'] = get_string('errorcannotrequestexportforself', 'tool_dataprivacy');
 191              }
 192          }
 193  
 194          return $errors;
 195      }
 196  }