Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62026

Data Protection Officer cannot change pending status on other enquiries

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      Prerequisites
      1. Make sure that the "Contact the privacy officer" setting is enabled in "Site administration / Users / Privacy and policies / Privacy settings"
      2. Outgoing email setup. For simplicity, use Mailcatcher and edit config.php and add "$CFG->smtphosts = 'localhost:1025';".
      Test
      1. Log in as a user s1.
      2. Go to your profile page.
      3. Click "Contact the privacy officer"
      4. Enter a message and click "Send"
      5. On another browser window/incognito session, log in as an admin/DPO.
      6. Go to "Site administration / Users / Privacy and policies / Data requests"
      7. Click on the actions menu of the s1's request.
      8. Confirm that you see a "Mark as complete" action menu item.
      9. View the general enquiry that s1 made.
      10. Confirm that you see a "Mark as complete" button at the modal's footer.
      11. Click on "Mark as complete"
      12. Confirm that:
        1. the modal closes,
        2. the page is refreshed,
        3. you see a notification that the request has been marked as complete
        4. you see that the status of the general enquiry made by s1 is now shown as "Complete"
      13. Back on s1's window, create another general enquiry.
      14. Back on the DPO's browser window, refresh the data requests page.
      15. Click on the actions menu of the s1's latest request.
      16. Confirm that you see a "Mark as complete" action menu item.
      17. Click on "Mark as complete"
      18. Confirm that a confirmation modal comes up.
      19. Mark the request as complete.
      20. Confirm that:
        1. the confirmation modal closes,
        2. the page is refreshed,
        3. you see a notification that the request has been marked as complete
        4. you see that the status of the latest general enquiry made by s1 is now also shown as "Complete"
      Regression tests
      1. As a user, confirm that you can still create export and deletion data requests.
      2. As a DPO, confirm that you can still successfully approve/deny export/deletion data requests.
      3. As a user, confirm that you receive a notification after your request has been completed.
      Show
      Prerequisites Make sure that the " Contact the privacy officer " setting is enabled in " Site administration / Users / Privacy and policies / Privacy settings " Outgoing email setup. For simplicity, use Mailcatcher and edit config.php and add " $CFG->smtphosts = 'localhost:1025'; ". Test Log in as a user s1. Go to your profile page. Click " Contact the privacy officer " Enter a message and click " Send " On another browser window/incognito session, log in as an admin/DPO. Go to " Site administration / Users / Privacy and policies / Data requests " Click on the actions menu of the s1's request. Confirm that you see a " Mark as complete " action menu item. View the general enquiry that s1 made. Confirm that you see a " Mark as complete " button at the modal's footer. Click on " Mark as complete " Confirm that: the modal closes, the page is refreshed, you see a notification that the request has been marked as complete you see that the status of the general enquiry made by s1 is now shown as " Complete " Back on s1's window, create another general enquiry. Back on the DPO's browser window, refresh the data requests page. Click on the actions menu of the s1's latest request. Confirm that you see a " Mark as complete " action menu item. Click on " Mark as complete " Confirm that a confirmation modal comes up. Mark the request as complete. Confirm that: the confirmation modal closes, the page is refreshed, you see a notification that the request has been marked as complete you see that the status of the latest general enquiry made by s1 is now also shown as " Complete " Regression tests As a user, confirm that you can still create export and deletion data requests. As a DPO, confirm that you can still successfully approve/deny export/deletion data requests. As a user, confirm that you receive a notification after your request has been completed.
    • Workaround:
      Hide

      Contact the user directly via Moodle's messaging feature or the user's email which is displayed in the modal.

      Show
      Contact the user directly via Moodle's messaging feature or the user's email which is displayed in the modal.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE
    • Epic Link:
    • Pull 3.5 Branch:
    • Pull Master Branch:
      MDL-62026-master
    • Sprint:
      GDPR Followup Sprint 1

      Description

      Hello,

      If a user uses the link "Contact Data Protection Officer" the said CDPO cannot answer to this message in data requests the only action available for this kind of data request is "view the request" so the request is will be indefinitely in "pending" status.

      Tested with Moodle 3.3.5 and Data privacy tool_dataprivacy 33.0.0 (2017051500)

       

       

        Attachments

        1. actionmenu_with_new_options.png
          actionmenu_with_new_options.png
          89 kB
        2. enquiry-action-menu.png
          enquiry-action-menu.png
          66 kB
        3. enquiry-details.png
          enquiry-details.png
          97 kB
        4. mark-as-complete-confirmation.png
          mark-as-complete-confirmation.png
          73 kB
        5. respond_modal.png
          respond_modal.png
          61 kB
        6. suer-view-request.png
          suer-view-request.png
          86 kB

          Activity

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Sep/18