Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61652

Allow configuration as to who can download SAR data

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.4, 3.4.1, 3.5
    • Fix Version/s: 3.5.2, 3.6
    • Component/s: Privacy
    • Labels:
    • Testing Instructions:
      Hide

      PART A - Basic setup

      1. Ensure that your admin account has a working email address.
      2. Create a new test account (or use existing). I'll refer to it as test1. This should also have a working email address which should not be the same as the admin one.
      3. As admin, go to site admin > Users > Privacy and policies > Privacy settings, and ensure 'Contact Data Protection Officer' is turned on.

      PART B - Request by user (no change)

      1. Log in as test1 and go to their profile.
      2. Click 'Data requests'.
      3. Click 'New request', and save changes.
      4. Log in as admin (or use a different browser) and run cron or wait for cron to run naturally.
        • EXPECTED (no change): Admin should get a 'You have received a data request' email.
      5. Go to site admin > Users > Privacy and policies > Data requests.
      6. The request should be in 'Awaiting approval' status. Click Actions > Approve request, and confirm the dialog.
      7. Run cron or wait for cron to run naturally.
        • EXPECTED (no change): The test1 user should receive an email to say their data is ready.
      8. Log in as test1 and follow the link in the email.
        • EXPECTED (no change): The test1 user should download the zip file.

      PART C - Request setup by admin, user cannot download

      1. Login as admin and go to site admin > Users > Permissions > Define roles.
      2. Edit the 'Authenticated user' role and remove (untick) the tool/dataprivacy:downloadownrequest capability, then save changes.
      3. Go to site admin > Users > Privacy and policies > Data requests.
      4. Click 'New request' and type in the test user's name into 'Requesting for'; save changes.
      5. Run cron or wait for it to run itself.
        • EXPECTED (no change): Admin should get a 'You have received a data request' email.
      6. Reload the data requests page, then approve the request as before.
      7. Run cron or wait for it to run itself.
        • EXPECTED: Admin user (not the test user like before) should receive an email saying the export is ready.
      8. Reload the data requests page
        • EXPECTED: Admin user should now have a Download option under Actions
      9. Click the download option.
        • EXPECTED: The zip file should download.
      Show
      PART A - Basic setup Ensure that your admin account has a working email address. Create a new test account (or use existing). I'll refer to it as test1. This should also have a working email address which should not be the same as the admin one. As admin, go to site admin > Users > Privacy and policies > Privacy settings, and ensure 'Contact Data Protection Officer' is turned on. PART B - Request by user (no change) Log in as test1 and go to their profile. Click 'Data requests'. Click 'New request', and save changes. Log in as admin (or use a different browser) and run cron or wait for cron to run naturally. EXPECTED (no change): Admin should get a 'You have received a data request' email. Go to site admin > Users > Privacy and policies > Data requests. The request should be in 'Awaiting approval' status. Click Actions > Approve request, and confirm the dialog. Run cron or wait for cron to run naturally. EXPECTED (no change): The test1 user should receive an email to say their data is ready. Log in as test1 and follow the link in the email. EXPECTED (no change): The test1 user should download the zip file. PART C - Request setup by admin, user cannot download Login as admin and go to site admin > Users > Permissions > Define roles. Edit the 'Authenticated user' role and remove (untick) the tool/dataprivacy:downloadownrequest capability, then save changes. Go to site admin > Users > Privacy and policies > Data requests. Click 'New request' and type in the test user's name into 'Requesting for'; save changes. Run cron or wait for it to run itself. EXPECTED (no change): Admin should get a 'You have received a data request' email. Reload the data requests page, then approve the request as before. Run cron or wait for it to run itself. EXPECTED: Admin user ( not the test user like before) should receive an email saying the export is ready. Reload the data requests page EXPECTED: Admin user should now have a Download option under Actions Click the download option. EXPECTED: The zip file should download.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE
    • Epic Link:
    • Pull 3.5 Branch:
    • Pull Master Branch:
      MDL-61652-master
    • Sprint:
      GDPR Followup Sprint 1

      Description

      "The admin needs to be able to enable the data extract for a user, however does not want to allow users to request from within Moodle - as the organisation has a centralised request process."

       

      As noted by Michael Hughes,

      This would suggest that there should be:

      1. a mechanism to prevent the automatic distribution of the exported data to the Data Subject.
      2. a "Download Option" on the DPO actions,
      3. a "refresh/re-export" mechanism.

      To that end, lets:

      • create a tool_dataprivacy/downloadownrequest capability applied to authenticated users;
      • create a tool_dataprivacy/downloadallrequests capability not given as standard;
      • check the caps as relevant

       

        Attachments

        1. 1.PNG
          1.PNG
          146 kB
        2. 2.PNG
          2.PNG
          153 kB

          Issue Links

            Activity

              People

              • Votes:
                12 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 10 minutes
                  1h 10m