Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62299

admin/tool/dataprivacy/mydatarequests.php for admin shows other user requests

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.5, 3.4, 3.5
    • Fix Version/s: 3.5
    • Component/s: Privacy, User management
    • Labels:
    • Testing Instructions:
      Hide
      Setup
      1. Login as an admin.
      2. Create users s1, s2, s3, m1, and p1.
      3. Create a Parent role, and also give it the "tool/dataprivacy:makedatarequestsforchildren" capability.
      4. Go to s1's profile page and open s1's "Preferences" page in the "Administration" section.
      5. Click "Assign roles relative to this user"
      6. Assign p1 as the parent of s1
      7. Go to s2's profile page and open s2's "Preferences" page in the "Administration" section.
      8. Click "Assign roles relative to this user"
      9. Assign a user m1 as a parent of a student s2.
      10. Create a DPO role.
      11. Assign m1 to the DPO role.
      12. Go to "Site administration / Users / Privacy and policies / Privacy settings"
        1. Tick the DPO role for the "Data Protection Officer role mapping" field.
        2. Tick Contact Data Protection Officer
        3. Save changes
      Test - User who is a parent
      1. Login as p1.
      2. Go to your user profile
      3. Click Data requests
      4. Create a new data request
        • Confirm that you see a user picker where the only options are yourself and s1.
      5. Create a new data request for s1.
        • Confirm that you see the data request you created on the list.
      Test - User who is a DPO and a parent
      1. Login as m1
      2. Go to "Site administration / Users / Privacy and policies / Data requests"
      3. Click Data requests
      4. Create a new data request for s2
      5. Create a new data request for s3
      6. Go to your user profile
      7. Check the data requests page.
        • Confirm that you only see the request you made for s2.
      Show
      Setup Login as an admin. Create users s1, s2, s3, m1, and p1. Create a Parent role , and also give it the " tool/dataprivacy:makedatarequestsforchildren " capability. Go to s1 's profile page and open s1 's " Preferences " page in the "Administration" section. Click " Assign roles relative to this user " Assign p1 as the parent of s1 Go to s2 's profile page and open s2 's " Preferences " page in the "Administration" section. Click " Assign roles relative to this user " Assign a user m1 as a parent of a student s2 . Create a DPO role . Assign m1 to the DPO role. Go to " Site administration / Users / Privacy and policies / Privacy settings " Tick the DPO role for the " Data Protection Officer role mapping " field. Tick Contact Data Protection Officer Save changes Test - User who is a parent Login as p1. Go to your user profile Click Data requests Create a new data request Confirm that you see a user picker where the only options are yourself and s1. Create a new data request for s1. Confirm that you see the data request you created on the list. Test - User who is a DPO and a parent Login as m1 Go to " Site administration / Users / Privacy and policies / Data requests " Click Data requests Create a new data request for s2 Create a new data request for s3 Go to your user profile Check the data requests page. Confirm that you only see the request you made for s2.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE
    • Pull Master Branch:
      MDL-62299-master

      Description

      Was testing MDL-62167 when I saw that the admin/tool/dataprivacy/mydatarequests.php page (linked @ profile page) show too many requests for the admin user. Plus all them are downloadable.

      Not sure if that's the correct approach (I bet no, because that page is to show only OWN requests and doesn't show user names).

      So, reporting it. In that page, each user, their own. And nothing else. There is the other admin/tool/dataprivacy/datarequests.php page to manage everyone's requests.

      Or I'm missing something. Ciao

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  17/May/18