PageRenderTime 53ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/tool/dataprivacy/lib.php

https://github.com/lazydaisy/moodle
PHP | 277 lines | 144 code | 39 blank | 94 comment | 25 complexity | dbf9bcfc9ffb31d7ca513ad4e4f1dbe7 MD5 | raw file
    

  1. <?php
    2. 

  2. // This file is part of Moodle - http://moodle.org/
    3. 

  3. //
    4. 

  4. // Moodle is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // Moodle is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU General Public License
    15. 

  15. // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. /**
    18. 

  18.  * Data privacy plugin library
    19. 

  19.  * @package   tool_dataprivacy
    20. 

  20.  * @copyright 2018 onwards Jun Pataleta
    21. 

  21.  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
    22. 

  22.  */
    23. 

  23. 

  24. use core_user\output\myprofile\tree;
    25. 

  25. 

  26. defined('MOODLE_INTERNAL') || die();
    27. 

  27. 

  28. /**
    29. 

  29.  * Add nodes to myprofile page.
    30. 

  30.  *
    31. 

  31.  * @param tree $tree Tree object
    32. 

  32.  * @param stdClass $user User object
    33. 

  33.  * @param bool $iscurrentuser
    34. 

  34.  * @param stdClass $course Course object
    35. 

  35.  * @return bool
    36. 

  36.  * @throws coding_exception
    37. 

  37.  * @throws dml_exception
    38. 

  38.  * @throws moodle_exception
    39. 

  39.  */
    40. 

  40. function tool_dataprivacy_myprofile_navigation(tree $tree, $user, $iscurrentuser, $course) {
    41. 

  41.     global $PAGE, $USER;
    42. 

  42. 

  43.     // Get the Privacy and policies category.
    44. 

  44.     if (!array_key_exists('privacyandpolicies', $tree->__get('categories'))) {
    45. 

  45.         // Create the category.
    46. 

  46.         $categoryname = get_string('privacyandpolicies', 'admin');
    47. 

  47.         $category = new core_user\output\myprofile\category('privacyandpolicies', $categoryname, 'contact');
    48. 

  48.         $tree->add_category($category);
    49. 

  49.     } else {
    50. 

  50.         // Get the existing category.
    51. 

  51.         $category = $tree->__get('categories')['privacyandpolicies'];
    52. 

  52.     }
    53. 

  53. 

  54.     // Contact data protection officer link.
    55. 

  55.     if (\tool_dataprivacy\api::can_contact_dpo() && $iscurrentuser) {
    56. 

  56.         $renderer = $PAGE->get_renderer('tool_dataprivacy');
    57. 

  57.         $content = $renderer->render_contact_dpo_link($USER->email);
    58. 

  58.         $node = new core_user\output\myprofile\node('privacyandpolicies', 'contactdpo', null, null, null, $content);
    59. 

  59.         $category->add_node($node);
    60. 

  60.         $PAGE->requires->js_call_amd('tool_dataprivacy/myrequestactions', 'init');
    61. 

  61. 

  62.         $url = new moodle_url('/admin/tool/dataprivacy/mydatarequests.php');
    63. 

  63.         $node = new core_user\output\myprofile\node('privacyandpolicies', 'datarequests',
    64. 

  64.             get_string('datarequests', 'tool_dataprivacy'), null, $url);
    65. 

  65.         $category->add_node($node);
    66. 

  66. 

  67.         // Check if the user has an ongoing data export request.
    68. 

  68.         $hasexportrequest = \tool_dataprivacy\api::has_ongoing_request($user->id, \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT);
    69. 

  69.         // Show data export link only if the user doesn't have an ongoing data export request.
    70. 

  70.         if (!$hasexportrequest) {
    71. 

  71.             $exportparams = ['type' => \tool_dataprivacy\api::DATAREQUEST_TYPE_EXPORT];
    72. 

  72.             $exporturl = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', $exportparams);
    73. 

  73.             $exportnode = new core_user\output\myprofile\node('privacyandpolicies', 'requestdataexport',
    74. 

  74.                 get_string('requesttypeexport', 'tool_dataprivacy'), null, $exporturl);
    75. 

  75.             $category->add_node($exportnode);
    76. 

  76.         }
    77. 

  77. 

  78.         // Check if the user has an ongoing data deletion request.
    79. 

  79.         $hasdeleterequest = \tool_dataprivacy\api::has_ongoing_request($user->id, \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE);
    80. 

  80.         // Show data deletion link only if the user doesn't have an ongoing data deletion request.
    81. 

  81.         if (!$hasdeleterequest) {
    82. 

  82.             $deleteparams = ['type' => \tool_dataprivacy\api::DATAREQUEST_TYPE_DELETE];
    83. 

  83.             $deleteurl = new moodle_url('/admin/tool/dataprivacy/createdatarequest.php', $deleteparams);
    84. 

  84.             $deletenode = new core_user\output\myprofile\node('privacyandpolicies', 'requestdatadeletion',
    85. 

  85.                 get_string('deletemyaccount', 'tool_dataprivacy'), null, $deleteurl);
    86. 

  86.             $category->add_node($deletenode);
    87. 

  87.         }
    88. 

  88.     }
    89. 

  89. 

  90.     // A returned 0 means that the setting was set and disabled, false means that there is no value for the provided setting.
    91. 

  91.     $showsummary = get_config('tool_dataprivacy', 'showdataretentionsummary');
    92. 

  92.     if ($showsummary === false) {
    93. 

  93.         // This means that no value is stored in db. We use the default value in this case.
    94. 

  94.         $showsummary = true;
    95. 

  95.     }
    96. 

  96. 

  97.     if ($showsummary) {
    98. 

  98.         $summaryurl = new moodle_url('/admin/tool/dataprivacy/summary.php');
    99. 

  99.         $summarynode = new core_user\output\myprofile\node('privacyandpolicies', 'retentionsummary',
    100. 

  100.             get_string('dataretentionsummary', 'tool_dataprivacy'), null, $summaryurl);
    101. 

  101.         $category->add_node($summarynode);
    102. 

  102.     }
    103. 

  103. 

  104.     // Add the Privacy category to the tree if it's not empty and it doesn't exist.
    105. 

  105.     $nodes = $category->nodes;
    106. 

  106.     if (!empty($nodes)) {
    107. 

  107.         if (!array_key_exists('privacyandpolicies', $tree->__get('categories'))) {
    108. 

  108.             $tree->add_category($category);
    109. 

  109.         }
    110. 

  110.         return true;
    111. 

  111.     }
    112. 

  112. 

  113.     return false;
    114. 

  114. }
    115. 

  115. 

  116. /**
    117. 

  117.  * Callback to add footer elements.
    118. 

  118.  *
    119. 

  119.  * @return string HTML footer content
    120. 

  120.  */
    121. 

  121. function tool_dataprivacy_standard_footer_html() {
    122. 

  122.     $output = '';
    123. 

  123. 

  124.     // A returned 0 means that the setting was set and disabled, false means that there is no value for the provided setting.
    125. 

  125.     $showsummary = get_config('tool_dataprivacy', 'showdataretentionsummary');
    126. 

  126.     if ($showsummary === false) {
    127. 

  127.         // This means that no value is stored in db. We use the default value in this case.
    128. 

  128.         $showsummary = true;
    129. 

  129.     }
    130. 

  130. 

  131.     if ($showsummary) {
    132. 

  132.         $url = new moodle_url('/admin/tool/dataprivacy/summary.php');
    133. 

  133.         $output = html_writer::link($url, get_string('dataretentionsummary', 'tool_dataprivacy'));
    134. 

  134.         $output = html_writer::div($output, 'tool_dataprivacy');
    135. 

  135.     }
    136. 

  136.     return $output;
    137. 

  137. }
    138. 

  138. 

  139. /**
    140. 

  140.  * Fragment to add a new purpose.
    141. 

  141.  *
    142. 

  142.  * @param array $args The fragment arguments.
    143. 

  143.  * @return string The rendered mform fragment.
    144. 

  144.  */
    145. 

  145. function tool_dataprivacy_output_fragment_addpurpose_form($args) {
    146. 

  146. 

  147.     $formdata = [];
    148. 

  148.     if (!empty($args['jsonformdata'])) {
    149. 

  149.         $serialiseddata = json_decode($args['jsonformdata']);
    150. 

  150.         parse_str($serialiseddata, $formdata);
    151. 

  151.     }
    152. 

  152. 

  153.     $persistent = new \tool_dataprivacy\purpose();
    154. 

  154.     $mform = new \tool_dataprivacy\form\purpose(null, ['persistent' => $persistent],
    155. 

  155.         'post', '', null, true, $formdata);
    156. 

  156. 

  157.     if (!empty($args['jsonformdata'])) {
    158. 

  158.         // Show errors if data was received.
    159. 

  159.         $mform->is_validated();
    160. 

  160.     }
    161. 

  161. 

  162.     return $mform->render();
    163. 

  163. }
    164. 

  164. 

  165. /**
    166. 

  166.  * Fragment to add a new category.
    167. 

  167.  *
    168. 

  168.  * @param array $args The fragment arguments.
    169. 

  169.  * @return string The rendered mform fragment.
    170. 

  170.  */
    171. 

  171. function tool_dataprivacy_output_fragment_addcategory_form($args) {
    172. 

  172. 

  173.     $formdata = [];
    174. 

  174.     if (!empty($args['jsonformdata'])) {
    175. 

  175.         $serialiseddata = json_decode($args['jsonformdata']);
    176. 

  176.         parse_str($serialiseddata, $formdata);
    177. 

  177.     }
    178. 

  178. 

  179.     $persistent = new \tool_dataprivacy\category();
    180. 

  180.     $mform = new \tool_dataprivacy\form\category(null, ['persistent' => $persistent],
    181. 

  181.         'post', '', null, true, $formdata);
    182. 

  182. 

  183.     if (!empty($args['jsonformdata'])) {
    184. 

  184.         // Show errors if data was received.
    185. 

  185.         $mform->is_validated();
    186. 

  186.     }
    187. 

  187. 

  188.     return $mform->render();
    189. 

  189. }
    190. 

  190. 

  191. /**
    192. 

  192.  * Fragment to edit a context purpose and category.
    193. 

  193.  *
    194. 

  194.  * @param array $args The fragment arguments.
    195. 

  195.  * @return string The rendered mform fragment.
    196. 

  196.  */
    197. 

  197. function tool_dataprivacy_output_fragment_context_form($args) {
    198. 

  198.     global $PAGE;
    199. 

  199. 

  200.     $contextid = $args[0];
    201. 

  201. 

  202.     $context = \context_helper::instance_by_id($contextid);
    203. 

  203.     $customdata = \tool_dataprivacy\form\context_instance::get_context_instance_customdata($context);
    204. 

  204. 

  205.     if (!empty($customdata['purposeretentionperiods'])) {
    206. 

  206.         $PAGE->requires->js_call_amd('tool_dataprivacy/effective_retention_period', 'init',
    207. 

  207.             [$customdata['purposeretentionperiods']]);
    208. 

  208.     }
    209. 

  209.     $mform = new \tool_dataprivacy\form\context_instance(null, $customdata);
    210. 

  210.     return $mform->render();
    211. 

  211. }
    212. 

  212. 

  213. /**
    214. 

  214.  * Fragment to edit a contextlevel purpose and category.
    215. 

  215.  *
    216. 

  216.  * @param array $args The fragment arguments.
    217. 

  217.  * @return string The rendered mform fragment.
    218. 

  218.  */
    219. 

  219. function tool_dataprivacy_output_fragment_contextlevel_form($args) {
    220. 

  220.     global $PAGE;
    221. 

  221. 

  222.     $contextlevel = $args[0];
    223. 

  223.     $customdata = \tool_dataprivacy\form\contextlevel::get_contextlevel_customdata($contextlevel);
    224. 

  224. 

  225.     if (!empty($customdata['purposeretentionperiods'])) {
    226. 

  226.         $PAGE->requires->js_call_amd('tool_dataprivacy/effective_retention_period', 'init',
    227. 

  227.             [$customdata['purposeretentionperiods']]);
    228. 

  228.     }
    229. 

  229. 

  230.     $mform = new \tool_dataprivacy\form\contextlevel(null, $customdata);
    231. 

  231.     return $mform->render();
    232. 

  232. }
    233. 

  233. 

  234. /**
    235. 

  235.  * Serves any files associated with the data privacy settings.
    236. 

  236.  *
    237. 

  237.  * @param stdClass $course Course object
    238. 

  238.  * @param stdClass $cm Course module object
    239. 

  239.  * @param context $context Context
    240. 

  240.  * @param string $filearea File area for data privacy
    241. 

  241.  * @param array $args Arguments
    242. 

  242.  * @param bool $forcedownload If we are forcing the download
    243. 

  243.  * @param array $options More options
    244. 

  244.  * @return bool Returns false if we don't find a file.
    245. 

  245.  */
    246. 

  246. function tool_dataprivacy_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array()) {
    247. 

  247.     if ($context->contextlevel == CONTEXT_USER) {
    248. 

  248.         // Make sure the user is logged in.
    249. 

  249.         require_login(null, false);
    250. 

  250. 

  251.         // Get the data request ID. This should be the first element of the $args array.
    252. 

  252.         $itemid = $args[0];
    253. 

  253.         // Fetch the data request object. An invalid ID will throw an exception.
    254. 

  254.         $datarequest = new \tool_dataprivacy\data_request($itemid);
    255. 

  255. 

  256.         // Check if user is allowed to download it.
    257. 

  257.         if (!\tool_dataprivacy\api::can_download_data_request_for_user($context->instanceid, $datarequest->get('requestedby'))) {
    258. 

  258.             return false;
    259. 

  259.         }
    260. 

  260. 

  261.         // Make the file unavailable if it has expired.
    262. 

  262.         if (\tool_dataprivacy\data_request::is_expired($datarequest)) {
    263. 

  263.             send_file_not_found();
    264. 

  264.         }
    265. 

  265. 

  266.         // All good. Serve the exported data.
    267. 

  267.         $fs = get_file_storage();
    268. 

  268.         $relativepath = implode('/', $args);
    269. 

  269.         $fullpath = "/$context->id/tool_dataprivacy/$filearea/$relativepath";
    270. 

  270.         if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
    271. 

  271.             return false;
    272. 

  272.         }
    273. 

  273.         send_stored_file($file, 0, 0, $forcedownload, $options);
    274. 

  274.     } else {
    275. 

  275.         send_file_not_found();
    276. 

  276.     }
    277. 

  277. }
    278. 

  278.