Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Prints the contact form to the site's Data Protection Officer 19 * 20 * @copyright 2018 onwards Jun Pataleta 21 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License 22 * @package tool_dataprivacy 23 */ 24 25 require_once('../../../config.php'); 26 require_once ('lib.php'); 27 require_once ('createdatarequest_form.php'); 28 29 $manage = optional_param('manage', 0, PARAM_INT); 30 $requesttype = optional_param('type', \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT, PARAM_INT); 31 32 $url = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', ['manage' => $manage, 'type' => $requesttype]); 33 34 $PAGE->set_url($url); 35 36 require_login(); 37 if (isguestuser()) { 38 throw new \moodle_exception('noguest'); 39 } 40 41 // Return URL and context. 42 if ($manage) { 43 // For the case where DPO creates data requests on behalf of another user. 44 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/datarequests.php'); 45 $context = context_system::instance(); 46 // Make sure the user has the proper capability. 47 require_capability('tool/dataprivacy:managedatarequests', $context); 48 navigation_node::override_active_url($returnurl); 49 } else { 50 // For the case where a user makes request for themselves (or for their children if they are the parent). 51 $returnurl = new moodle_url($CFG->wwwroot . '/admin/tool/dataprivacy/mydatarequests.php'); 52 $context = context_user::instance($USER->id); 53 } 54 55 $PAGE->set_context($context); 56 57 if (!$manage && $profilenode = $PAGE->settingsnav->find('myprofile', null)) { 58 $profilenode->make_active(); 59 } 60 61 $title = get_string('createnewdatarequest', 'tool_dataprivacy'); 62 $PAGE->navbar->add($title); 63 64 // If contactdataprotectionofficer is disabled, send the user back to the profile page, or the privacy policy page. 65 // That is, unless you have sufficient capabilities to perform this on behalf of a user. 66 if (!$manage && !\tool_dataprivacy\api::can_contact_dpo()) { 67 redirect($returnurl, get_string('contactdpoviaprivacypolicy', 'tool_dataprivacy'), 0, \core\output\notification::NOTIFY_ERROR); 68 } 69 70 $mform = new tool_dataprivacy_data_request_form($url->out(false), ['manage' => !empty($manage), 71 'persistent' => new \tool_dataprivacy\data_request(0, (object) ['type' => $requesttype])]); 72 73 // Data request cancelled. 74 if ($mform->is_cancelled()) { 75 redirect($returnurl); 76 } 77 78 // Data request submitted. 79 if ($data = $mform->get_data()) { 80 if ($data->userid != $USER->id) { 81 if (!\tool_dataprivacy\api::can_manage_data_requests($USER->id)) { 82 // If not a DPO, only users with the capability to make data requests for the user should be allowed. 83 // (e.g. users with the Parent role, etc). 84 \tool_dataprivacy\api::require_can_create_data_request_for_user($data->userid); 85 } 86 } 87 88 if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE) { 89 if ($data->userid == $USER->id) { 90 if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_self()) { 91 throw new moodle_exception('nopermissions', 'error', '', 92 get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy')); 93 } 94 } else if (!\tool_dataprivacy\api::can_create_data_deletion_request_for_other() 95 && !\tool_dataprivacy\api::can_create_data_deletion_request_for_children($data->userid)) { 96 throw new moodle_exception('nopermissions', 'error', '', 97 get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy')); 98 } 99 } else if ($data->type == \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT) { 100 if ($data->userid == $USER->id && !\tool_dataprivacy\api::can_create_data_download_request_for_self()) { 101 throw new moodle_exception('nopermissions', 'error', '', 102 get_string('errorcannotrequestexportforself', 'tool_dataprivacy')); 103 } 104 } 105 106 \tool_dataprivacy\api::create_data_request($data->userid, $data->type, $data->comments); 107 108 if ($manage) { 109 $foruser = core_user::get_user($data->userid); 110 $redirectmessage = get_string('datarequestcreatedforuser', 'tool_dataprivacy', fullname($foruser)); 111 } else if (\tool_dataprivacy\api::is_automatic_request_approval_on($data->type)) { 112 // Let the user know that the request has been submitted and will be processed soon. 113 $redirectmessage = get_string('approvedrequestsubmitted', 'tool_dataprivacy'); 114 } else { 115 // Let the user know that the request has been submitted to the privacy officer. 116 $redirectmessage = get_string('requestsubmitted', 'tool_dataprivacy'); 117 } 118 redirect($returnurl, $redirectmessage); 119 } 120 121 $PAGE->set_heading($SITE->fullname); 122 $PAGE->set_title($title); 123 echo $OUTPUT->header(); 124 echo $OUTPUT->heading($title); 125 126 echo $OUTPUT->box_start('createrequestform'); 127 $mform->display(); 128 echo $OUTPUT->box_end(); 129 130 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body