Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  namespace auth_lti\privacy;
  18  
  19  use core_privacy\local\metadata\collection;
  20  use core_privacy\local\request\approved_contextlist;
  21  use core_privacy\local\request\approved_userlist;
  22  use core_privacy\local\request\context;
  23  use core_privacy\local\request\contextlist;
  24  use core_privacy\local\request\transform;
  25  use core_privacy\local\request\userlist;
  26  use core_privacy\local\request\writer;
  27  
  28  /**
  29   * Privacy Subsystem for auth_lti implementing null_provider.
  30   *
  31   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  32   * @package    auth_lti
  33   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  34   */
  35  class provider implements
  36      \core_privacy\local\metadata\provider,
  37      \core_privacy\local\request\plugin\provider,
  38      \core_privacy\local\request\core_userlist_provider {
  39  
  40      /**
  41       * Get all contexts contain user information for the given user.
  42       *
  43       * @param int $userid the id of the user.
  44       * @return contextlist the list of contexts containing user information.
  45       */
  46      public static function get_contexts_for_userid(int $userid): contextlist {
  47          $sql = "SELECT ctx.id
  48                    FROM {auth_lti_linked_login} ll
  49                    JOIN {context} ctx ON ctx.instanceid = ll.userid AND ctx.contextlevel = :contextlevel
  50                   WHERE ll.userid = :userid";
  51          $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
  52          $contextlist = new contextlist();
  53          $contextlist->add_from_sql($sql, $params);
  54  
  55          return $contextlist;
  56      }
  57  
  58      /**
  59       * Export all user data for the user in the identified contexts.
  60       *
  61       * @param approved_contextlist $contextlist the list of approved contexts for the user.
  62       */
  63      public static function export_user_data(approved_contextlist $contextlist) {
  64          global $DB;
  65  
  66          $user = $contextlist->get_user();
  67  
  68          $linkedlogins = $DB->get_records('auth_lti_linked_login', ['userid' => $user->id], '',
  69              'issuer, issuer256, sub, sub256, timecreated, timemodified');
  70          foreach ($linkedlogins as $login) {
  71              $data = (object)[
  72                  'timecreated' => transform::datetime($login->timecreated),
  73                  'timemodified' => transform::datetime($login->timemodified),
  74                  'issuer' => $login->issuer,
  75                  'issuer256' => $login->issuer256,
  76                  'sub' => $login->sub,
  77                  'sub256' => $login->sub256
  78              ];
  79              writer::with_context(\context_user::instance($user->id))->export_data([
  80                  get_string('privacy:metadata:auth_lti', 'auth_lti'), $login->issuer
  81              ], $data);
  82          }
  83  
  84      }
  85  
  86      /**
  87       * Delete all user data for this context.
  88       *
  89       * @param  \context $context The context to delete data for.
  90       */
  91      public static function delete_data_for_all_users_in_context(\context $context) {
  92          if ($context->contextlevel != CONTEXT_USER) {
  93              return;
  94          }
  95          static::delete_user_data($context->instanceid);
  96      }
  97  
  98      /**
  99       * Delete user data in the list of given contexts.
 100       *
 101       * @param approved_contextlist $contextlist the list of contexts.
 102       */
 103      public static function delete_data_for_user(approved_contextlist $contextlist) {
 104          if (empty($contextlist->count())) {
 105              return;
 106          }
 107          $userid = $contextlist->get_user()->id;
 108          foreach ($contextlist->get_contexts() as $context) {
 109              if ($context->contextlevel != CONTEXT_USER) {
 110                  continue;
 111              }
 112              if ($context->instanceid == $userid) {
 113                  static::delete_user_data($context->instanceid);
 114              }
 115          }
 116      }
 117  
 118      /**
 119       * Get the list of users within a specific context.
 120       *
 121       * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
 122       */
 123      public static function get_users_in_context(userlist $userlist) {
 124          $context = $userlist->get_context();
 125  
 126          if (!$context instanceof \context_user) {
 127              return;
 128          }
 129  
 130          $sql = "SELECT userid
 131                    FROM {auth_lti_linked_login}
 132                   WHERE userid = ?";
 133          $params = [$context->instanceid];
 134          $userlist->add_from_sql('userid', $sql, $params);
 135      }
 136  
 137      /**
 138       * Delete multiple users within a single context.
 139       *
 140       * @param approved_userlist $userlist The approved context and user information to delete information for.
 141       */
 142      public static function delete_data_for_users(approved_userlist $userlist) {
 143          $context = $userlist->get_context();
 144  
 145          if ($context instanceof \context_user) {
 146              static::delete_user_data($context->instanceid);
 147          }
 148      }
 149  
 150      /**
 151       * Description of the metadata stored for users in auth_lti.
 152       *
 153       * @param collection $collection a collection to add to.
 154       * @return collection the collection, with relevant metadata descriptions for auth_lti added.
 155       */
 156      public static function get_metadata(collection $collection): collection {
 157          $authfields = [
 158              'userid' => 'privacy:metadata:auth_lti:userid',
 159              'issuer' => 'privacy:metadata:auth_lti:issuer',
 160              'issuer256' => 'privacy:metadata:auth_lti:issuer256',
 161              'sub' => 'privacy:metadata:auth_lti:sub',
 162              'sub256' => 'privacy:metadata:auth_lti:sub256',
 163              'timecreated' => 'privacy:metadata:auth_lti:timecreated',
 164              'timemodified' => 'privacy:metadata:auth_lti:timemodified'
 165          ];
 166  
 167          $collection->add_database_table('auth_lti_linked_login', $authfields, 'privacy:metadata:auth_lti:tableexplanation');
 168          $collection->link_subsystem('core_auth', 'privacy:metadata:auth_lti:authsubsystem');
 169  
 170          return $collection;
 171      }
 172  
 173      /**
 174       * Delete user data for the user.
 175       *
 176       * @param  int $userid The id of the user.
 177       */
 178      protected static function delete_user_data(int $userid) {
 179          global $DB;
 180  
 181          // Because we only use user contexts the instance ID is the user ID.
 182          $DB->delete_records('auth_lti_linked_login', ['userid' => $userid]);
 183      }
 184  }