admin/tool/dataprivacy/classes/task/initiate_data_request_task.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Adhoc task that processes a data request and prepares the user's relevant contexts for review.
  19  *
  20  * @package    tool_dataprivacy
  21  * @copyright  2018 Jun Pataleta
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 namespace tool_dataprivacy\task;
  26
  27 use coding_exception;
  28 use core\task\adhoc_task;
  29 use moodle_exception;
  30 use tool_dataprivacy\api;
  31 use tool_dataprivacy\contextlist_context;
  32 use tool_dataprivacy\data_request;
  33
  34 defined('MOODLE_INTERNAL') || die();
  35
  36 /**
  37  * Class that processes a data request and prepares the user's relevant contexts for review.
  38  *
  39  * Custom data accepted:
  40  * - requestid -> The ID of the data request to be processed.
  41  *
  42  * @package     tool_dataprivacy
  43  * @copyright   2018 Jun Pataleta
  44  * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  45  */
  46 class initiate_data_request_task extends adhoc_task {
  47
  48     /**
  49      * Run the task to initiate the data request process.
  50      *
  51      * @throws coding_exception
  52      * @throws moodle_exception
  53      */
  54     public function execute() {
  55         global $CFG;
  56
  57         require_once($CFG->dirroot . '/admin/tool/dataprivacy/lib.php');
  58
  59         if (!isset($this->get_custom_data()->requestid)) {
  60             throw new coding_exception('The custom data \'requestid\' is required.');
  61         }
  62         $requestid = $this->get_custom_data()->requestid;
  63
  64         $datarequest = new data_request($requestid);
  65
  66         // Check if this request still needs to be processed. e.g. The user might have cancelled it before this task has run.
  67         $status = $datarequest->get('status');
  68         if (!api::is_active($status)) {
  69             mtrace('Request ' . $requestid . ' with status ' . $status . ' doesn\'t need to be processed. Skipping...');
  70             return;
  71         }
  72
  73         $requestedby = $datarequest->get('requestedby');
  74         $valid = true;
  75         $comment = '';
  76         $foruser = $datarequest->get('userid');
  77         if ($foruser != $requestedby) {
  78             if (!$valid = api::can_create_data_request_for_user($foruser, $requestedby)) {
  79                 $params = (object)[
  80                     'requestedby' => $requestedby,
  81                     'userid' => $foruser
  82                 ];
  83                 $comment = get_string('errornocapabilitytorequestforothers', 'tool_dataprivacy', $params);
  84                 mtrace($comment);
  85             }
  86         }
  87         // Reject the request outright if it's invalid.
  88         if (!$valid) {
  89             $dpo = $datarequest->get('dpo');
  90             api::update_request_status($requestid, api::DATAREQUEST_STATUS_REJECTED, $dpo, $comment);
  91             return;
  92         }
  93
  94         // Update the status of this request as pre-processing.
  95         mtrace('Generating the contexts containing personal data for the user...');
  96         api::update_request_status($requestid, api::DATAREQUEST_STATUS_PREPROCESSING);
  97
  98         // Add the list of relevant contexts to the request, and mark all as pending approval.
  99         $privacymanager = new \core_privacy\manager();
 100         $privacymanager->set_observer(new \tool_dataprivacy\manager_observer());
 101
 102         $contextlistcollection = $privacymanager->get_contexts_for_userid($datarequest->get('userid'));
 103         api::add_request_contexts_with_status($contextlistcollection, $requestid, contextlist_context::STATUS_PENDING);
 104
 105         // When the preparation of the contexts finishes, update the request status to awaiting approval.
 106         api::update_request_status($requestid, api::DATAREQUEST_STATUS_AWAITING_APPROVAL);
 107         mtrace('Context generation complete...');
 108
 109         // Get the list of the site Data Protection Officers.
 110         $dpos = api::get_site_dpos();
 111
 112         // Email the data request to the Data Protection Officer(s)/Admin(s).
 113         foreach ($dpos as $dpo) {
 114             $dponame = fullname($dpo);
 115             if (api::notify_dpo($dpo, $datarequest)) {
 116                 mtrace('Message sent to DPO: ' . $dponame);
 117             } else {
 118                 mtrace('A problem was encountered while sending the message to the DPO: ' . $dponame);
 119             }
 120         }
 121     }
 122 }