Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61486

Create the registry for adding the purpose and retention periods.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.5
    • Fix Version/s: None
    • Component/s: Libraries
    • Testing Instructions:
      Hide

      Info

      • This is an exploratory testing keep your JS console open while running this test.
      • You should test this using both boost and clean themes
      • You will need some users, course categories and courses with activities and blocks

      Test

      1. Create a new PO (privacy officer) role with "Guest" archetype, "Context types where this role may be assigned" to "System" and moodle/site:configview + tool/dataprivacy:managedataregistry + moodle/category:viewhiddencategories + moodle/course:viewhiddencourses + moodle/course:view + moodle/course:viewhiddenactivities capabilities
      2. Assign that role to a user at system context and log in as that user
      3. Go to "Site admin > Data privacy > Data registry"
      4. You should see a nice tree with, with "Site" as the active node and, on right hand, a form (with "Site" heading)
      5. This tree represents a hierarchy of your site elements
      6. Feel free to
        1. navigate through it
        2. to create purposes and categories (try to save without filling the required fields, to cancel the form...)
        3. to save context instances purposes and categories, to edit them... checking that the values are properly saved
      7. Go to "Set defaults" and set some defaults (you will need to keep the page open)
      8. Go to "Site admin > Courses > Manage courses and categories"
      9. Create a new course within a new category and add a couple of activities and blocks to the course
      10. Return to the context tree
      11. Go to the new category node and check that the purpose and category are the ones you set in the defaults page. Do the same using your new course and the new course activities and blocks
      12. Now go to "Edit > Categories"
      13. Check that you don't have the "Delete" option for categories that are assigned to contexts or to defaults
      14. Create a new category and delete it afterwards
      15. Press "Back" button and now go to "Edit > Purposes"
      16. Check that you don't have the "Delete" option for purposes that are assigned to contexts or to defaults
      17. Create a new purpose and delete it afterwards
      Show
      Info This is an exploratory testing keep your JS console open while running this test. You should test this using both boost and clean themes You will need some users, course categories and courses with activities and blocks Test Create a new PO (privacy officer) role with "Guest" archetype, "Context types where this role may be assigned" to "System" and moodle/site:configview + tool/dataprivacy:managedataregistry + moodle/category:viewhiddencategories + moodle/course:viewhiddencourses + moodle/course:view + moodle/course:viewhiddenactivities capabilities Assign that role to a user at system context and log in as that user Go to "Site admin > Data privacy > Data registry" You should see a nice tree with, with "Site" as the active node and, on right hand, a form (with "Site" heading) This tree represents a hierarchy of your site elements Feel free to navigate through it to create purposes and categories (try to save without filling the required fields, to cancel the form...) to save context instances purposes and categories, to edit them... checking that the values are properly saved Go to "Set defaults" and set some defaults (you will need to keep the page open) Go to "Site admin > Courses > Manage courses and categories" Create a new course within a new category and add a couple of activities and blocks to the course Return to the context tree Go to the new category node and check that the purpose and category are the ones you set in the defaults page. Do the same using your new course and the new course activities and blocks Now go to "Edit > Categories" Check that you don't have the "Delete" option for categories that are assigned to contexts or to defaults Create a new category and delete it afterwards Press "Back" button and now go to "Edit > Purposes" Check that you don't have the "Delete" option for purposes that are assigned to contexts or to defaults Create a new purpose and delete it afterwards
    • Affected Branches:
      MOODLE_35_STABLE
    • Pull Master Branch:
      MDL-61486_master

      Description

      We require a registry to list the context / component tree and allow a purpose and retention period (among other settings) to be applied to each level of the tree.
      The most granular item would be an instance of an activity (module). Need to confirm that this doesn't go down to sub-plugin.

      It should be possible to set the purpose and retention period for a context and and have it be applied to all of its children down the tree. The form should have a checkbox for applying the setting to the child elements that by default is unchecked. Checking this box will apply the setting to the child elements but will put up a warning saying that the Privacy Officer (PO) needs to review every section to demonstrate compliance.
      The purpose select element should start with two options
      Options.

      • Inherit from parent (unset)
      • Inherit from parent

      By default "Inherit from parent (unset)" allows for each element in the tree to be flagged, requiring attention from the PO.
      If "Inherit from parent" is set then the attention flag is removed.

      The tree on the left should show all context / component items, but have a toggle to only show areas that need attention.

      When setting the purpose / retention period settings, the purpose should be selectable and the retention period should only be shown (not selectable). To set a different retention period a new purpose will have to be created.

      Related user stories

      User Stories Acceptance Criteria
      As a Privacy officer, I want to be able to quickly see which areas of Moodle I have not set the purpose and retention periods for user data.
      • Moodle should provide a report that shows the current system and which areas have not had the purpose and retention periods specified in relation to user data.
      • Updating the purpose and retention period will mean that this area will no longer show as requiring attention.
      As a privacy officer, I want to be able to efficiently set purposes and retention periods for existing content in my Moodle system.
      • At each level of the context tree (System, Course category, course, activity, etc.) it should be possible to set the purpose and retention period for user data and have this setting be applied to all child areas. (e.g. I go to a course and set the purpose and retention period and then have it apply it to all activities in that course).
      • The default purpose for all existing items in a site should be set to ‘Not set (currently inheriting)’ meaning fewer changes will be needed for compliance.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dmonllao David Monllaó
              Reporter:
              abgreeve Adrian Greeve
              Peer reviewer:
              Zig Tan (Inactive)
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: