You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 lines
6.4 KiB
173 lines
6.4 KiB
2 years ago
|
<?php
|
||
|
// This file is part of Moodle - http://moodle.org/
|
||
|
//
|
||
|
// Moodle is free software: you can redistribute it and/or modify
|
||
|
// it under the terms of the GNU General Public License as published by
|
||
|
// the Free Software Foundation, either version 3 of the License, or
|
||
|
// (at your option) any later version.
|
||
|
//
|
||
|
// Moodle is distributed in the hope that it will be useful,
|
||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
// GNU General Public License for more details.
|
||
|
//
|
||
|
// You should have received a copy of the GNU General Public License
|
||
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
||
|
|
||
|
/**
|
||
|
* The contact form to the site's Data Protection Officer
|
||
|
*
|
||
|
* @copyright 2018 onwards Jun Pataleta
|
||
|
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
|
||
|
* @package tool_dataprivacy
|
||
|
*/
|
||
|
|
||
|
use tool_dataprivacy\api;
|
||
|
use tool_dataprivacy\local\helper;
|
||
|
|
||
|
defined('MOODLE_INTERNAL') || die();
|
||
|
|
||
|
require_once($CFG->libdir.'/formslib.php');
|
||
|
|
||
|
/**
|
||
|
* The contact form to the site's Data Protection Officer
|
||
|
*
|
||
|
* @copyright 2018 onwards Jun Pataleta
|
||
|
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
|
||
|
* @package tool_dataprivacy
|
||
|
*/
|
||
|
class tool_dataprivacy_data_request_form extends moodleform {
|
||
|
|
||
|
/** @var bool Flag to indicate whether this form is being rendered for managing data requests or for regular requests. */
|
||
|
protected $manage = false;
|
||
|
|
||
|
/**
|
||
|
* Form definition.
|
||
|
*
|
||
|
* @throws coding_exception
|
||
|
* @throws dml_exception
|
||
|
*/
|
||
|
public function definition() {
|
||
|
global $USER;
|
||
|
$mform =& $this->_form;
|
||
|
|
||
|
$this->manage = $this->_customdata['manage'];
|
||
|
if ($this->manage) {
|
||
|
$options = [
|
||
|
'ajax' => 'tool_dataprivacy/form-user-selector',
|
||
|
'valuehtmlcallback' => function($value) {
|
||
|
global $OUTPUT;
|
||
|
|
||
|
$allusernames = get_all_user_name_fields(true);
|
||
|
$fields = 'id, email, ' . $allusernames;
|
||
|
$user = \core_user::get_user($value, $fields);
|
||
|
$useroptiondata = [
|
||
|
'fullname' => fullname($user),
|
||
|
'email' => $user->email
|
||
|
];
|
||
|
return $OUTPUT->render_from_template('tool_dataprivacy/form-user-selector-suggestion', $useroptiondata);
|
||
|
}
|
||
|
];
|
||
|
$mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), [], $options);
|
||
|
$mform->addRule('userid', null, 'required', null, 'client');
|
||
|
|
||
|
} else {
|
||
|
// Get users whom you are being a guardian to if your role has the capability to make data requests for children.
|
||
|
if ($children = helper::get_children_of_user($USER->id)) {
|
||
|
$useroptions = [
|
||
|
$USER->id => fullname($USER)
|
||
|
];
|
||
|
foreach ($children as $key => $child) {
|
||
|
$useroptions[$key] = fullname($child);
|
||
|
}
|
||
|
$mform->addElement('autocomplete', 'userid', get_string('requestfor', 'tool_dataprivacy'), $useroptions);
|
||
|
$mform->addRule('userid', null, 'required', null, 'client');
|
||
|
|
||
|
} else {
|
||
|
// Requesting for self.
|
||
|
$mform->addElement('hidden', 'userid', $USER->id);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$mform->setType('userid', PARAM_INT);
|
||
|
|
||
|
// Subject access request type.
|
||
|
$options = [
|
||
|
api::DATAREQUEST_TYPE_EXPORT => get_string('requesttypeexport', 'tool_dataprivacy'),
|
||
|
api::DATAREQUEST_TYPE_DELETE => get_string('requesttypedelete', 'tool_dataprivacy')
|
||
|
];
|
||
|
$mform->addElement('select', 'type', get_string('requesttype', 'tool_dataprivacy'), $options);
|
||
|
$mform->setType('type', PARAM_INT);
|
||
|
$mform->addHelpButton('type', 'requesttype', 'tool_dataprivacy');
|
||
|
|
||
|
// Request comments text area.
|
||
|
$textareaoptions = ['cols' => 60, 'rows' => 10];
|
||
|
$mform->addElement('textarea', 'comments', get_string('requestcomments', 'tool_dataprivacy'), $textareaoptions);
|
||
|
$mform->setType('type', PARAM_ALPHANUM);
|
||
|
$mform->addHelpButton('comments', 'requestcomments', 'tool_dataprivacy');
|
||
|
|
||
|
// Action buttons.
|
||
|
$this->add_action_buttons();
|
||
|
|
||
|
$shouldfreeze = false;
|
||
|
if ($this->manage) {
|
||
|
$shouldfreeze = !api::can_create_data_deletion_request_for_other();
|
||
|
} else {
|
||
|
$shouldfreeze = !api::can_create_data_deletion_request_for_self();
|
||
|
if ($shouldfreeze && !empty($useroptions)) {
|
||
|
foreach ($useroptions as $userid => $useroption) {
|
||
|
if (api::can_create_data_deletion_request_for_children($userid)) {
|
||
|
$shouldfreeze = false;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($shouldfreeze) {
|
||
|
$mform->freeze('type');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Form validation.
|
||
|
*
|
||
|
* @param array $data
|
||
|
* @param array $files
|
||
|
* @return array
|
||
|
* @throws coding_exception
|
||
|
* @throws dml_exception
|
||
|
*/
|
||
|
public function validation($data, $files) {
|
||
|
global $USER;
|
||
|
$errors = [];
|
||
|
|
||
|
$validrequesttypes = [
|
||
|
api::DATAREQUEST_TYPE_EXPORT,
|
||
|
api::DATAREQUEST_TYPE_DELETE
|
||
|
];
|
||
|
if (!in_array($data['type'], $validrequesttypes)) {
|
||
|
$errors['type'] = get_string('errorinvalidrequesttype', 'tool_dataprivacy');
|
||
|
}
|
||
|
|
||
|
if (api::has_ongoing_request($data['userid'], $data['type'])) {
|
||
|
$errors['type'] = get_string('errorrequestalreadyexists', 'tool_dataprivacy');
|
||
|
}
|
||
|
|
||
|
// Check if current user can create data deletion request.
|
||
|
$userid = $data['userid'];
|
||
|
if ($data['type'] == api::DATAREQUEST_TYPE_DELETE) {
|
||
|
if ($userid == $USER->id) {
|
||
|
if (!api::can_create_data_deletion_request_for_self()) {
|
||
|
$errors['type'] = get_string('errorcannotrequestdeleteforself', 'tool_dataprivacy');
|
||
|
}
|
||
|
} else if (!api::can_create_data_deletion_request_for_other()
|
||
|
&& !api::can_create_data_deletion_request_for_children($userid)) {
|
||
|
$errors['type'] = get_string('errorcannotrequestdeleteforother', 'tool_dataprivacy');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return $errors;
|
||
|
}
|
||
|
}
|