Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Prints the contact form to the site's Data Protection Officer
  19   *
  20   * @copyright 2018 onwards Jun Pataleta
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  22   * @package tool_dataprivacy
  23   */
  24  
  25  require_once('../../../config.php');
  26  require_once ('lib.php');
  27  require_once ('createdatarequest_form.php');
  28  
  29  $manage = optional_param('manage', 0, PARAM_INT);
  30  $requesttype = optional_param('type', \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT, PARAM_INT);
  31  
  32  $url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage, 'type' => $requesttype]);
  33  
  34  $PAGE->set_url($url);
  35  
  36  require_login();
  37  if (isguestuser()) {
  38      throw new \moodle_exception('noguest');
  39  }
  40  
  41  // Return URL and context.
  42  if ($manage) {
  43      // For the case where DPO creates data requests on behalf of another user.
  44      $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php');
  45      $context = context_system::instance();
  46      // Make sure the user has the proper capability.
  47      require_capability('tool/dataprivacy:managedatarequests', $context);
  48      navigation_node::override_active_url($returnurl);
  49  } else {
  50      // For the case where a user makes request for themselves (or for their children if they are the parent).
  51      $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php');
  52      $context = context_user::instance($USER->id);
  53  }
  54  
  55  $PAGE->set_context($context);
  56  
  57  if (!$manage && $profilenode = $PAGE->settingsnav->find('myprofile', null)) {
  58      $profilenode->make_active();
  59  }
  60  
  61  $title = get_string('createnewdatarequest', 'tool_dataprivacy');
  62  $PAGE->navbar->add($title);
  63  
  64  // If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page.
  65  // That is, unless you have sufficient capabilities to perform this on behalf of a user.
  66  if (!$manage && !\tool_dataprivacy\api::can_contact_dpo()) {
  67      redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), 0, \core\output\notification::NOTIFY_ERROR);
  68  }
  69  
  70  $mform = new tool_dataprivacy_data_request_form($url->out(false), ['manage' => !empty($manage),
  71      'persistent' => new \tool_dataprivacy\data_request(0, (object) ['type' => $requesttype])]);
  72  
  73  // Data request cancelled.
  74  if ($mform->is_cancelled()) {
  75      redirect($returnurl);
  76  }
  77  
  78  // Data request submitted.
  79  if ($data = $mform->get_data()) {
  80      if ($data->userid != $USER->id) {
  81          if (!\tool_dataprivacy\api::can_manage_data_requests($USER->id)) {
  82              // If not a DPO, only users with the capability to make data requests for the user should be allowed.
  83              // (e.g. users with the Parent role, etc).
  84              \tool_dataprivacy\api::require_can_create_data_request_for_user($data->userid);
  85          }
  86      }
  87  
  88      if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE) {
  89          if ($data->userid == $USER->id) {
  90              if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_self()) {
  91                  throw new moodle_exception('nopermissions', 'error', '',
  92                      get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy'));
  93              }
  94          } else if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_other()
  95              && !\tool_dataprivacy\api::can_create_data_deletion_request_for_children($data->userid)) {
  96              throw new moodle_exception('nopermissions', 'error', '',
  97                  get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy'));
  98          }
  99      } else if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT) {
 100          if ($data->userid == $USER->id && !\tool_dataprivacy\api::can_create_data_download_request_for_self()) {
 101              throw new moodle_exception('nopermissions', 'error', '',
 102                  get_string('errorcannotrequestexportforself', 'tool_dataprivacy'));
 103          }
 104      }
 105  
 106      \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments);
 107  
 108      if ($manage) {
 109          $foruser = core_user::get_user($data->userid);
 110          $redirectmessage = get_string('datarequestcreatedforuser', 'tool_dataprivacy', fullname($foruser));
 111      } else if (\tool_dataprivacy\api::is_automatic_request_approval_on($data->type)) {
 112          // Let the user know that the request has been submitted and will be processed soon.
 113          $redirectmessage = get_string('approvedrequestsubmitted', 'tool_dataprivacy');
 114      } else {
 115          // Let the user know that the request has been submitted to the privacy officer.
 116          $redirectmessage = get_string('requestsubmitted', 'tool_dataprivacy');
 117      }
 118      redirect($returnurl, $redirectmessage);
 119  }
 120  
 121  $PAGE->set_heading($SITE->fullname);
 122  $PAGE->set_title($title);
 123  echo $OUTPUT->header();
 124  echo $OUTPUT->heading($title);
 125  
 126  echo $OUTPUT->box_start('createrequestform');
 127  $mform->display();
 128  echo $OUTPUT->box_end();
 129  
 130  echo $OUTPUT->footer();