privacy/classes/manager.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * This file contains the core_privacy\manager class.
  19  *
  20  * @package core_privacy
  21  * @copyright 2018 Jake Dallimore <jrhdallimore@gmail.com>
  22  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24 namespace core_privacy;
  25 use core_privacy\local\metadata\collection;
  26 use core_privacy\local\metadata\null_provider;
  27 use core_privacy\local\request\context_aware_provider;
  28 use core_privacy\local\request\contextlist_collection;
  29 use core_privacy\local\request\core_user_data_provider;
  30 use core_privacy\local\request\data_provider;
  31 use core_privacy\local\request\user_preference_provider;
  32 use \core_privacy\local\metadata\provider as metadata_provider;
  33
  34 defined('MOODLE_INTERNAL') || die();
  35
  36 /**
  37  * The core_privacy\manager class, providing a facade to describe, export and delete personal data across Moodle and its components.
  38  *
  39  * This class is responsible for communicating with and collating privacy data from all relevant components, where relevance is
  40  * determined through implementations of specific marker interfaces. These marker interfaces describe the responsibilities (in terms
  41  * of personal data storage) as well as the relationship between the component and the core_privacy subsystem.
  42  *
  43  * The interface hierarchy is as follows:
  44  * ├── local\metadata\null_provider
  45  * ├── local\metadata\provider
  46  * ├── local\request\data_provider
  47  *     └── local\request\core_data_provider
  48  *         └── local\request\core_user_data_provider
  49  *             └── local\request\plugin\provider
  50  *             └── local\request\subsystem\provider
  51  *         └── local\request\user_preference_provider
  52  *     └── local\request\shared_data_provider
  53  *         └── local\request\plugin\subsystem_provider
  54  *         └── local\request\plugin\subplugin_provider
  55  *         └── local\request\subsystem\plugin_provider
  56  *
  57  * Describing personal data:
  58  * -------------------------
  59  * All components must state whether they store personal data (and DESCRIBE it) by implementing one of the metadata providers:
  60  * - local\metadata\null_provider (indicating they don't store personal data)
  61  * - local\metadata\provider (indicating they do store personal data, and describing it)
  62  *
  63  * The manager requests metadata for all Moodle components implementing the local\metadata\provider interface.
  64  *
  65  * Export and deletion of personal data:
  66  * -------------------------------------
  67  * Those components storing personal data need to provide EXPORT and DELETION of this data by implementing a request provider.
  68  * Which provider implementation depends on the nature of the component; whether it's a sub-component and which components it
  69  * stores data for.
  70  *
  71  * Export and deletion for sub-components (or any component storing data on behalf of another component) is managed by the parent
  72  * component. If a component contains sub-components, it must ask those sub-components to provide the relevant data. Only certain
  73  * 'core provider' components are called directly from the manager and these must provide the personal data stored by both
  74  * themselves, and by all sub-components. Because of this hierarchical structure, the core_privacy\manager needs to know which
  75  * components are to be called directly by core: these are called core data providers. The providers implemented by sub-components
  76  * are called shared data providers.
  77  *
  78  * The following are interfaces are not implemented directly, but are marker interfaces uses to classify components by nature:
  79  * - local\request\data_provider:
  80  *      Not implemented directly. Used to classify components storing personal data of some kind. Includes both components storing
  81  *      personal data for themselves and on behalf of other components.
  82  *      Include: local\request\core_data_provider and local\request\shared_data_provider.
  83  * - local\request\core_data_provider:
  84  *      Not implemented directly. Used to classify components storing personal data for themselves and which are to be called by the
  85  *      core_privacy subsystem directly.
  86  *      Includes: local\request\core_user_data_provider and local\request\user_preference_provider.
  87  * - local\request\core_user_data_provider:
  88  *      Not implemented directly. Used to classify components storing personal data for themselves, which are either a plugin or
  89  *      subsystem and which are to be called by the core_privacy subsystem directly.
  90  *      Includes: local\request\plugin\provider and local\request\subsystem\provider.
  91  * - local\request\shared_data_provider:
  92  *      Not implemented directly. Used to classify components storing personal data on behalf of other components and which are
  93  *      called by the owning component directly.
  94  *      Includes: local\request\plugin\subsystem_provider, local\request\plugin\subplugin_provider and local\request\subsystem\plugin_provider
  95  *
  96  * The manager only requests the export or deletion of personal data for components implementing the local\request\core_data_provider
  97  * interface or one of its descendants; local\request\plugin\provider, local\request\subsystem\provider or local\request\user_preference_provider.
  98  * Implementing one of these signals to the core_privacy subsystem that the component must be queried directly from the manager.
  99  *
 100  * Any component using another component to store personal data on its behalf, is responsible for making the relevant call to
 101  * that component's relevant shared_data_provider class.
 102  *
 103  * For example:
 104  * The manager calls a core_data_provider component (e.g. mod_assign) which, in turn, calls relevant subplugins or subsystems
 105  * (which assign uses to store personal data) to get that data. All data for assign and its sub-components is aggregated by assign
 106  * and returned to the core_privacy subsystem.
 107  *
 108  * @copyright 2018 Jake Dallimore <jrhdallimore@gmail.com>
 109  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 110  */
 111 class manager {
 112
 113     /**
 114      * @var manager_observer Observer.
 115      */
 116     protected $observer;
 117
 118     /**
 119      * Set the failure handler.
 120      *
 121      * @param   manager_observer $observer
 122      */
 123     public function set_observer(manager_observer $observer) {
 124         $this->observer = $observer;
 125     }
 126
 127     /**
 128      * Checks whether the given component is compliant with the core_privacy API.
 129      * To be considered compliant, a component must declare whether (and where) it stores personal data.
 130      *
 131      * Components which do store personal data must:
 132      * - Have implemented the core_privacy\local\metadata\provider interface (to describe the data it stores) and;
 133      * - Have implemented the core_privacy\local\request\data_provider interface (to facilitate export of personal data)
 134      * - Have implemented the core_privacy\local\request\deleter interface
 135      *
 136      * Components which do not store personal data must:
 137      * - Have implemented the core_privacy\local\metadata\null_provider interface to signal that they don't store personal data.
 138      *
 139      * @param string $component frankenstyle component name, e.g. 'mod_assign'
 140      * @return bool true if the component is compliant, false otherwise.
 141      */
 142     public function component_is_compliant(string $component) : bool {
 143         // Components which don't store user data need only implement the null_provider.
 144         if ($this->component_implements($component, null_provider::class)) {
 145             return true;
 146         }
 147
 148         if (static::is_empty_subsystem($component)) {
 149             return true;
 150         }
 151
 152         // Components which store user data must implement the local\metadata\provider and the local\request\data_provider.
 153         if ($this->component_implements($component, metadata_provider::class) &&
 154             $this->component_implements($component, data_provider::class)) {
 155             return true;
 156         }
 157
 158         return false;
 159     }
 160
 161     /**
 162      * Retrieve the reason for implementing the null provider interface.
 163      *
 164      * @param  string $component Frankenstyle component name.
 165      * @return string The key to retrieve the language string for the null provider reason.
 166      */
 167     public function get_null_provider_reason(string $component) : string {
 168         if ($this->component_implements($component, null_provider::class)) {
 169             $reason = $this->handled_component_class_callback($component, null_provider::class, 'get_reason', []);
 170             return empty($reason) ? 'privacy:reason' : $reason;
 171         } else {
 172             throw new \coding_exception('Call to undefined method', 'Please only call this method on a null provider.');
 173         }
 174     }
 175
 176     /**
 177      * Return whether this is an 'empty' subsystem - that is, a subsystem without a directory.
 178      *
 179      * @param  string $component Frankenstyle component name.
 180      * @return string The key to retrieve the language string for the null provider reason.
 181      */
 182     public static function is_empty_subsystem($component) {
 183         if (strpos($component, 'core_') === 0) {
 184             if (null === \core_component::get_subsystem_directory(substr($component, 5))) {
 185                 // This is a subsystem without a directory.
 186                 return true;
 187             }
 188         }
 189
 190         return false;
 191     }
 192
 193     /**
 194      * Get the privacy metadata for all components.
 195      *
 196      * @return collection[] The array of collection objects, indexed by frankenstyle component name.
 197      */
 198     public function get_metadata_for_components() : array {
 199         // Get the metadata, and put into an assoc array indexed by component name.
 200         $metadata = [];
 201         foreach ($this->get_component_list() as $component) {
 202             $componentmetadata = $this->handled_component_class_callback($component, metadata_provider::class,
 203                 'get_metadata', [new collection($component)]);
 204             if ($componentmetadata !== null) {
 205                 $metadata[$component] = $componentmetadata;
 206             }
 207         }
 208         return $metadata;
 209     }
 210
 211     /**
 212      * Gets a collection of resultset objects for all components.
 213      *
 214      *
 215      * @param int $userid the id of the user we're fetching contexts for.
 216      * @return contextlist_collection the collection of contextlist items for the respective components.
 217      */
 218     public function get_contexts_for_userid(int $userid) : contextlist_collection {
 219         $progress = static::get_log_tracer();
 220
 221         $components = $this->get_component_list();
 222         $a = (object) [
 223             'total' => count($components),
 224             'progress' => 0,
 225             'component' => '',
 226             'datetime' => userdate(time()),
 227         ];
 228         $clcollection = new contextlist_collection($userid);
 229
 230         $progress->output(get_string('trace:fetchcomponents', 'core_privacy', $a), 1);
 231         foreach ($components as $component) {
 232             $a->component = $component;
 233             $a->progress++;
 234             $a->datetime = userdate(time());
 235             $progress->output(get_string('trace:processingcomponent', 'core_privacy', $a), 2);
 236             $contextlist = $this->handled_component_class_callback($component, core_user_data_provider::class,
 237                 'get_contexts_for_userid', [$userid]);
 238             if ($contextlist === null) {
 239                 $contextlist = new local\request\contextlist();
 240             }
 241
 242             // Each contextlist is tied to its respective component.
 243             $contextlist->set_component($component);
 244
 245             // Add contexts that the component may not know about.
 246             // Example of these include activity completion which modules do not know about themselves.
 247             $contextlist = local\request\helper::add_shared_contexts_to_contextlist_for($userid, $contextlist);
 248
 249             if (count($contextlist)) {
 250                 $clcollection->add_contextlist($contextlist);
 251             }
 252         }
 253         $progress->output(get_string('trace:done', 'core_privacy'), 1);
 254
 255         return $clcollection;
 256     }
 257
 258     /**
 259      * Export all user data for the specified approved_contextlist items.
 260      *
 261      * Note: userid and component are stored in each respective approved_contextlist.
 262      *
 263      * @param contextlist_collection $contextlistcollection the collection of contextlists for all components.
 264      * @return string the location of the exported data.
 265      * @throws \moodle_exception if the contextlist_collection does not contain all approved_contextlist items or if one of the
 266      * approved_contextlists' components is not a core_data_provider.
 267      */
 268     public function export_user_data(contextlist_collection $contextlistcollection) {
 269         $progress = static::get_log_tracer();
 270
 271         $a = (object) [
 272             'total' => count($contextlistcollection),
 273             'progress' => 0,
 274             'component' => '',
 275             'datetime' => userdate(time()),
 276         ];
 277
 278         // Export for the various components/contexts.
 279         $progress->output(get_string('trace:exportingapproved', 'core_privacy', $a), 1);
 280         foreach ($contextlistcollection as $approvedcontextlist) {
 281
 282             if (!$approvedcontextlist instanceof \core_privacy\local\request\approved_contextlist) {
 283                 throw new \moodle_exception('Contextlist must be an approved_contextlist');
 284             }
 285
 286             $component = $approvedcontextlist->get_component();
 287             $a->component = $component;
 288             $a->progress++;
 289             $a->datetime = userdate(time());
 290             $progress->output(get_string('trace:processingcomponent', 'core_privacy', $a), 2);
 291
 292             // Core user data providers.
 293             if ($this->component_implements($component, core_user_data_provider::class)) {
 294                 if (count($approvedcontextlist)) {
 295                     // This plugin has data it knows about. It is responsible for storing basic data about anything it is
 296                     // told to export.
 297                     $this->handled_component_class_callback($component, core_user_data_provider::class,
 298                         'export_user_data', [$approvedcontextlist]);
 299                 }
 300             } else if (!$this->component_implements($component, context_aware_provider::class)) {
 301                 // This plugin does not know that it has data - export the shared data it doesn't know about.
 302                 local\request\helper::export_data_for_null_provider($approvedcontextlist);
 303             }
 304         }
 305         $progress->output(get_string('trace:done', 'core_privacy'), 1);
 306
 307         // Check each component for non contextlist items too.
 308         $components = $this->get_component_list();
 309         $a->total = count($components);
 310         $a->progress = 0;
 311         $a->datetime = userdate(time());
 312         $progress->output(get_string('trace:exportingrelated', 'core_privacy', $a), 1);
 313         foreach ($components as $component) {
 314             $a->component = $component;
 315             $a->progress++;
 316             $a->datetime = userdate(time());
 317             $progress->output(get_string('trace:processingcomponent', 'core_privacy', $a), 2);
 318             // Core user preference providers.
 319             $this->handled_component_class_callback($component, user_preference_provider::class,
 320                 'export_user_preferences', [$contextlistcollection->get_userid()]);
 321
 322             // Contextual information providers. Give each component a chance to include context information based on the
 323             // existence of a child context in the contextlist_collection.
 324             $this->handled_component_class_callback($component, context_aware_provider::class,
 325                 'export_context_data', [$contextlistcollection]);
 326         }
 327         $progress->output(get_string('trace:done', 'core_privacy'), 1);
 328
 329         $progress->output(get_string('trace:finalisingexport', 'core_privacy'), 1);
 330         $location = local\request\writer::with_context(\context_system::instance())->finalise_content();
 331
 332         $progress->output(get_string('trace:exportcomplete', 'core_privacy'), 1);
 333         return $location;
 334     }
 335
 336     /**
 337      * Delete all user data for approved contexts lists provided in the collection.
 338      *
 339      * This call relates to the forgetting of an entire user.
 340      *
 341      * Note: userid and component are stored in each respective approved_contextlist.
 342      *
 343      * @param contextlist_collection $contextlistcollection the collections of approved_contextlist items on which to call deletion.
 344      * @throws \moodle_exception if the contextlist_collection doesn't contain all approved_contextlist items, or if the component
 345      * for an approved_contextlist isn't a core provider.
 346      */
 347     public function delete_data_for_user(contextlist_collection $contextlistcollection) {
 348         $progress = static::get_log_tracer();
 349
 350         $a = (object) [
 351             'total' => count($contextlistcollection),
 352             'progress' => 0,
 353             'component' => '',
 354             'datetime' => userdate(time()),
 355         ];
 356
 357         // Delete the data.
 358         $progress->output(get_string('trace:deletingapproved', 'core_privacy', $a), 1);
 359         foreach ($contextlistcollection as $approvedcontextlist) {
 360             if (!$approvedcontextlist instanceof \core_privacy\local\request\approved_contextlist) {
 361                 throw new \moodle_exception('Contextlist must be an approved_contextlist');
 362             }
 363
 364             $component = $approvedcontextlist->get_component();
 365             $a->component = $component;
 366             $a->progress++;
 367             $a->datetime = userdate(time());
 368             $progress->output(get_string('trace:processingcomponent', 'core_privacy', $a), 2);
 369
 370             if (count($approvedcontextlist)) {
 371                 // The component knows about data that it has.
 372                 // Have it delete its own data.
 373                 $this->handled_component_class_callback($approvedcontextlist->get_component(), core_user_data_provider::class,
 374                     'delete_data_for_user', [$approvedcontextlist]);
 375             }
 376
 377             // Delete any shared user data it doesn't know about.
 378             local\request\helper::delete_data_for_user($approvedcontextlist);
 379         }
 380         $progress->output(get_string('trace:done', 'core_privacy'), 1);
 381     }
 382
 383     /**
 384      * Delete all use data which matches the specified deletion criteria.
 385      *
 386      * @param \context $context The specific context to delete data for.
 387      */
 388     public function delete_data_for_all_users_in_context(\context $context) {
 389         $progress = static::get_log_tracer();
 390
 391         $components = $this->get_component_list();
 392         $a = (object) [
 393             'total' => count($components),
 394             'progress' => 0,
 395             'component' => '',
 396             'datetime' => userdate(time()),
 397         ];
 398
 399         $progress->output(get_string('trace:deletingcontext', 'core_privacy', $a), 1);
 400         foreach ($this->get_component_list() as $component) {
 401             $a->component = $component;
 402             $a->progress++;
 403             $a->datetime = userdate(time());
 404             $progress->output(get_string('trace:processingcomponent', 'core_privacy', $a), 2);
 405
 406             // If this component knows about specific data that it owns,
 407             // have it delete all of that user data for the context.
 408             $this->handled_component_class_callback($component, core_user_data_provider::class,
 409                 'delete_data_for_all_users_in_context', [$context]);
 410
 411             // Delete any shared user data it doesn't know about.
 412             local\request\helper::delete_data_for_all_users_in_context($component, $context);
 413         }
 414         $progress->output(get_string('trace:done', 'core_privacy'), 1);
 415     }
 416
 417     /**
 418      * Returns a list of frankenstyle names of core components (plugins and subsystems).
 419      *
 420      * @return array the array of frankenstyle component names.
 421      */
 422     protected function get_component_list() {
 423         $components = array_keys(array_reduce(\core_component::get_component_list(), function($carry, $item) {
 424             return array_merge($carry, $item);
 425         }, []));
 426         $components[] = 'core';
 427
 428         return $components;
 429     }
 430
 431     /**
 432      * Return the fully qualified provider classname for the component.
 433      *
 434      * @param string $component the frankenstyle component name.
 435      * @return string the fully qualified provider classname.
 436      */
 437     protected function get_provider_classname($component) {
 438         return static::get_provider_classname_for_component($component);
 439     }
 440
 441     /**
 442      * Return the fully qualified provider classname for the component.
 443      *
 444      * @param string $component the frankenstyle component name.
 445      * @return string the fully qualified provider classname.
 446      */
 447     public static function get_provider_classname_for_component(string $component) {
 448         return "$component\\privacy\\provider";
 449     }
 450
 451     /**
 452      * Checks whether the component's provider class implements the specified interface.
 453      * This can either be implemented directly, or by implementing a descendant (extension) of the specified interface.
 454      *
 455      * @param string $component the frankenstyle component name.
 456      * @param string $interface the name of the interface we want to check.
 457      * @return bool True if an implementation was found, false otherwise.
 458      */
 459     protected function component_implements(string $component, string $interface) : bool {
 460         $providerclass = $this->get_provider_classname($component);
 461         if (class_exists($providerclass)) {
 462             $rc = new \ReflectionClass($providerclass);
 463             return $rc->implementsInterface($interface);
 464         }
 465         return false;
 466     }
 467
 468     /**
 469      * Call the named method with the specified params on any plugintype implementing the relevant interface.
 470      *
 471      * @param   string  $plugintype The plugingtype to check
 472      * @param   string  $interface The interface to implement
 473      * @param   string  $methodname The method to call
 474      * @param   array   $params The params to call
 475      */
 476     public static function plugintype_class_callback(string $plugintype, string $interface, string $methodname, array $params) {
 477         $components = \core_component::get_plugin_list($plugintype);
 478         foreach (array_keys($components) as $component) {
 479             static::component_class_callback("{$plugintype}_{$component}", $interface, $methodname, $params);
 480         }
 481     }
 482
 483     /**
 484      * Call the named method with the specified params on the supplied component if it implements the relevant interface on its provider.
 485      *
 486      * @param   string  $component The component to call
 487      * @param   string  $interface The interface to implement
 488      * @param   string  $methodname The method to call
 489      * @param   array   $params The params to call
 490      * @return  mixed
 491      */
 492     public static function component_class_callback(string $component, string $interface, string $methodname, array $params) {
 493         $classname = static::get_provider_classname_for_component($component);
 494         if (class_exists($classname) && is_subclass_of($classname, $interface)) {
 495             return component_class_callback($classname, $methodname, $params);
 496         }
 497
 498         return null;
 499     }
 500
 501     /**
 502      * Get the tracer used for logging.
 503      *
 504      * The text tracer is used except for unit tests.
 505      *
 506      * @return  \progress_trace
 507      */
 508     protected static function get_log_tracer() {
 509         if (PHPUNIT_TEST) {
 510             return new \null_progress_trace();
 511         }
 512
 513         return new \text_progress_trace();
 514     }
 515
 516     /**
 517      * Call the named method with the specified params on the supplied component if it implements the relevant interface
 518      * on its provider.
 519      *
 520      * @param   string  $component The component to call
 521      * @param   string  $interface The interface to implement
 522      * @param   string  $methodname The method to call
 523      * @param   array   $params The params to call
 524      * @return  mixed
 525      */
 526     protected function handled_component_class_callback(string $component, string $interface, string $methodname, array $params) {
 527         try {
 528             return static::component_class_callback($component, $interface, $methodname, $params);
 529         } catch (\Throwable $e) {
 530             debugging($e->getMessage(), DEBUG_DEVELOPER, $e->getTrace());
 531             $this->component_class_callback_failed($e, $component, $interface, $methodname, $params);
 532
 533             return null;
 534         }
 535     }
 536
 537     /**
 538      * Notifies the observer of any failure.
 539      *
 540      * @param \Throwable $e
 541      * @param string $component
 542      * @param string $interface
 543      * @param string $methodname
 544      * @param array $params
 545      */
 546     protected function component_class_callback_failed(\Throwable $e, string $component, string $interface,
 547             string $methodname, array $params) {
 548         if ($this->observer) {
 549             call_user_func_array([$this->observer, 'handle_component_failure'], func_get_args());
 550         }
 551     }
 552 }