Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
  • Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Privacy class for requesting user data.
  19   *
  20   * @package    core_comment
  21   * @copyright  2018 Adrian Greeve <adrian@moodle.com>
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace core_comment\privacy;
  26  
  27  defined('MOODLE_INTERNAL') || die();
  28  
  29  use \core_privacy\local\metadata\collection;
  30  use \core_privacy\local\request\transform;
  31  use \core_privacy\local\request\userlist;
  32  
  33  /**
  34   * Privacy class for requesting user data.
  35   *
  36   * @package    core_comment
  37   * @copyright  2018 Adrian Greeve <adrian@moodle.com>
  38   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  39   */
  40  class provider implements
  41          \core_privacy\local\metadata\provider,
  42          \core_privacy\local\request\subsystem\plugin_provider,
  43          \core_privacy\local\request\shared_userlist_provider
  44      {
  45  
  46      /**
  47       * Returns meta data about this system.
  48       *
  49       * @param   collection     $collection The initialised collection to add items to.
  50       * @return  collection     A listing of user data stored through this system.
  51       */
  52      public static function get_metadata(collection $collection) : collection {
  53          $collection->add_database_table('comments', [
  54                  'content' => 'privacy:metadata:comment:content',
  55                  'timecreated' => 'privacy:metadata:comment:timecreated',
  56                  'userid' => 'privacy:metadata:comment:userid',
  57              ], 'privacy:metadata:comment');
  58  
  59          return $collection;
  60      }
  61  
  62      /**
  63       * Writes user data to the writer for the user to download.
  64       *
  65       * @param  \context $context The context to export data for.
  66       * @param  string $component The component that is calling this function
  67       * @param  string $commentarea The comment area related to the component
  68       * @param  int    $itemid An identifier for a group of comments
  69       * @param  array  $subcontext The sub-context in which to export this data
  70       * @param  bool   $onlyforthisuser  Only return the comments this user made.
  71       */
  72      public static function export_comments(\context $context, string $component, string $commentarea, int $itemid,
  73                                             array $subcontext, bool $onlyforthisuser = true) {
  74          global $USER, $DB;
  75          $params = [
  76              'contextid' => $context->id,
  77              'component' => $component,
  78              'commentarea' => $commentarea,
  79              'itemid' => $itemid
  80          ];
  81          $sql = "SELECT c.id, c.content, c.format, c.timecreated, c.userid
  82                    FROM {comments} c
  83                   WHERE c.contextid = :contextid AND
  84                         c.commentarea = :commentarea AND
  85                         c.itemid = :itemid AND
  86                         (c.component IS NULL OR c.component = :component)";
  87          if ($onlyforthisuser) {
  88              $sql .= " AND c.userid = :userid";
  89              $params['userid'] = $USER->id;
  90          }
  91          $sql .= " ORDER BY c.timecreated DESC";
  92  
  93          $rs = $DB->get_recordset_sql($sql, $params);
  94          $comments = [];
  95          foreach ($rs as $record) {
  96              if ($record->userid != $USER->id) {
  97                  // Clean HTML in comments that were added by other users.
  98                  $comment = ['content' => format_text($record->content, $record->format, ['context' => $context])];
  99              } else {
 100                  // Export comments made by this user as they are stored.
 101                  $comment = ['content' => $record->content, 'contentformat' => $record->format];
 102              }
 103              $comment += [
 104                  'time' => transform::datetime($record->timecreated),
 105                  'userid' => transform::user($record->userid),
 106              ];
 107              $comments[] = (object)$comment;
 108          }
 109          $rs->close();
 110  
 111          if (!empty($comments)) {
 112              $subcontext[] = get_string('commentsubcontext', 'core_comment');
 113              \core_privacy\local\request\writer::with_context($context)
 114                  ->export_data($subcontext, (object) [
 115                      'comments' => $comments,
 116                  ]);
 117          }
 118      }
 119  
 120      /**
 121       * Deletes all comments for a specified context, component, and commentarea.
 122       *
 123       * @param  \context $context Details about which context to delete comments for.
 124       * @param  string $component Component to delete.
 125       * @param  string $commentarea Comment area to delete.
 126       * @param  int $itemid The item ID for use with deletion.
 127       */
 128      public static function delete_comments_for_all_users(\context $context, string $component, string $commentarea = null,
 129              int $itemid = null) {
 130          global $DB;
 131          $params = [
 132              'contextid' => $context->id,
 133              'component' => $component
 134          ];
 135          if (isset($commentarea)) {
 136              $params['commentarea'] = $commentarea;
 137          }
 138          if (isset($itemid)) {
 139              $params['itemid'] = $itemid;
 140          }
 141          $DB->delete_records('comments', $params);
 142      }
 143  
 144      /**
 145       * Deletes all comments for a specified context, component, and commentarea.
 146       *
 147       * @param  \context $context Details about which context to delete comments for.
 148       * @param  string $component Component to delete.
 149       * @param  string $commentarea Comment area to delete.
 150       * @param  string $itemidstest an SQL fragment that the itemid must match. Used
 151       *      in the query like WHERE itemid $itemidstest. Must use named parameters,
 152       *      and may not use named parameters called contextid, component or commentarea.
 153       * @param array $params any query params used by $itemidstest.
 154       */
 155      public static function delete_comments_for_all_users_select(\context $context, string $component, string $commentarea,
 156              $itemidstest, $params = []) {
 157          global $DB;
 158          $params += ['contextid' => $context->id, 'component' => $component, 'commentarea' => $commentarea];
 159          $DB->delete_records_select('comments',
 160              'contextid = :contextid AND component = :component AND commentarea = :commentarea AND itemid ' . $itemidstest,
 161              $params);
 162      }
 163  
 164      /**
 165       * Deletes all records for a user from a list of approved contexts.
 166       *
 167       * @param  \core_privacy\local\request\approved_contextlist $contextlist Contains the user ID and a list of contexts to be
 168       * deleted from.
 169       * @param  string $component Component to delete from.
 170       * @param  string $commentarea Area to delete from.
 171       * @param  int $itemid The item id to delete from.
 172       */
 173      public static function delete_comments_for_user(\core_privacy\local\request\approved_contextlist $contextlist,
 174              string $component, string $commentarea = null, int $itemid = null) {
 175          global $DB;
 176  
 177          $userid = $contextlist->get_user()->id;
 178          $contextids = implode(',', $contextlist->get_contextids());
 179          $params = [
 180              'userid' => $userid,
 181              'component' => $component,
 182          ];
 183          $areasql = '';
 184          if (isset($commentarea)) {
 185              $params['commentarea'] = $commentarea;
 186              $areasql = 'AND commentarea = :commentarea';
 187          }
 188          $itemsql = '';
 189          if (isset($itemid)) {
 190              $params['itemid'] = $itemid;
 191              $itemsql = 'AND itemid = :itemid';
 192          }
 193          list($insql, $inparams) = $DB->get_in_or_equal($contextlist->get_contextids(), SQL_PARAMS_NAMED);
 194          $params += $inparams;
 195  
 196          $select = "userid = :userid AND component = :component $areasql $itemsql AND contextid $insql";
 197          $DB->delete_records_select('comments', $select, $params);
 198      }
 199  
 200      /**
 201       * Deletes all records for a context from a list of approved users.
 202       *
 203       * @param  \core_privacy\local\request\approved_userlist $userlist Contains the list of users and
 204       * a context to be deleted from.
 205       * @param  string $component Component to delete from.
 206       * @param  string $commentarea Area to delete from.
 207       * @param  int $itemid The item id to delete from.
 208       */
 209      public static function delete_comments_for_users(\core_privacy\local\request\approved_userlist $userlist,
 210              string $component, string $commentarea = null, int $itemid = null) {
 211          global $DB;
 212  
 213          $context = $userlist->get_context();
 214          $params = [
 215              'contextid' => $context->id,
 216              'component' => $component,
 217          ];
 218          $areasql = '';
 219          if (isset($commentarea)) {
 220              $params['commentarea'] = $commentarea;
 221              $areasql = 'AND commentarea = :commentarea';
 222          }
 223          $itemsql = '';
 224          if (isset($itemid)) {
 225              $params['itemid'] = $itemid;
 226              $itemsql = 'AND itemid = :itemid';
 227          }
 228          list($insql, $inparams) = $DB->get_in_or_equal($userlist->get_userids(), SQL_PARAMS_NAMED);
 229          $params += $inparams;
 230  
 231          $select = "contextid = :contextid AND component = :component {$areasql} {$itemsql} AND userid {$insql}";
 232          $DB->delete_records_select('comments', $select, $params);
 233      }
 234  
 235      /**
 236       * Add the list of users who have commented in the specified constraints.
 237       *
 238       * @param   userlist    $userlist The userlist to add the users to.
 239       * @param   string      $alias An alias prefix to use for comment selects to avoid interference with your own sql.
 240       * @param   string      $component The component to check.
 241       * @param   string      $area The comment area to check.
 242       * @param   int         $contextid The context id.
 243       * @param   string      $insql The SQL to use in a sub-select for the itemid query.
 244       * @param   array       $params The params required for the insql.
 245       */
 246      public static function get_users_in_context_from_sql(
 247                  userlist $userlist, string $alias, string $component, string $area, int $contextid = null, string $insql = '',
 248                  array $params = []) {
 249  
 250          if ($insql != '') {
 251              $insql = "AND {$alias}.itemid {$insql}";
 252          }
 253          $contextsql = '';
 254          if (isset($contextid)) {
 255              $contextsql = "AND {$alias}.contextid = :{$alias}contextid";
 256              $params["{$alias}contextid"] = $contextid;
 257          }
 258  
 259          // Comment authors.
 260          $sql = "SELECT {$alias}.userid
 261                    FROM {comments} {$alias}
 262                   WHERE {$alias}.component = :{$alias}component
 263                     AND {$alias}.commentarea = :{$alias}commentarea
 264                     $contextsql $insql";
 265  
 266          $params["{$alias}component"] = $component;
 267          $params["{$alias}commentarea"] = $area;
 268  
 269          $userlist->add_from_sql('userid', $sql, $params);
 270      }
 271  }