Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62299

admin/tool/dataprivacy/mydatarequests.php for admin shows other user requests

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.3.5, 3.4, 3.5
    • 3.5
    • Privacy, User management
    • MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • MOODLE_35_STABLE
    • MDL-62299-master
    • Hide
      Setup
      1. Login as an admin.
      2. Create users s1, s2, s3, m1, and p1.
      3. Create a Parent role, and also give it the "tool/dataprivacy:makedatarequestsforchildren" capability.
      4. Go to s1's profile page and open s1's "Preferences" page in the "Administration" section.
      5. Click "Assign roles relative to this user"
      6. Assign p1 as the parent of s1
      7. Go to s2's profile page and open s2's "Preferences" page in the "Administration" section.
      8. Click "Assign roles relative to this user"
      9. Assign a user m1 as a parent of a student s2.
      10. Create a DPO role.
      11. Assign m1 to the DPO role.
      12. Go to "Site administration / Users / Privacy and policies / Privacy settings"
        1. Tick the DPO role for the "Data Protection Officer role mapping" field.
        2. Tick Contact Data Protection Officer
        3. Save changes
      Test - User who is a parent
      1. Login as p1.
      2. Go to your user profile
      3. Click Data requests
      4. Create a new data request
        • Confirm that you see a user picker where the only options are yourself and s1.
      5. Create a new data request for s1.
        • Confirm that you see the data request you created on the list.
      Test - User who is a DPO and a parent
      1. Login as m1
      2. Go to "Site administration / Users / Privacy and policies / Data requests"
      3. Click Data requests
      4. Create a new data request for s2
      5. Create a new data request for s3
      6. Go to your user profile
      7. Check the data requests page.
        • Confirm that you only see the request you made for s2.
      Show
      Setup Login as an admin. Create users s1, s2, s3, m1, and p1. Create a Parent role , and also give it the " tool/dataprivacy:makedatarequestsforchildren " capability. Go to s1 's profile page and open s1 's " Preferences " page in the "Administration" section. Click " Assign roles relative to this user " Assign p1 as the parent of s1 Go to s2 's profile page and open s2 's " Preferences " page in the "Administration" section. Click " Assign roles relative to this user " Assign a user m1 as a parent of a student s2 . Create a DPO role . Assign m1 to the DPO role. Go to " Site administration / Users / Privacy and policies / Privacy settings " Tick the DPO role for the " Data Protection Officer role mapping " field. Tick Contact Data Protection Officer Save changes Test - User who is a parent Login as p1. Go to your user profile Click Data requests Create a new data request Confirm that you see a user picker where the only options are yourself and s1. Create a new data request for s1. Confirm that you see the data request you created on the list. Test - User who is a DPO and a parent Login as m1 Go to " Site administration / Users / Privacy and policies / Data requests " Click Data requests Create a new data request for s2 Create a new data request for s3 Go to your user profile Check the data requests page. Confirm that you only see the request you made for s2.

    Description

      Was testing MDL-62167 when I saw that the admin/tool/dataprivacy/mydatarequests.php page (linked @ profile page) show too many requests for the admin user. Plus all them are downloadable.

      Not sure if that's the correct approach (I bet no, because that page is to show only OWN requests and doesn't show user names).

      So, reporting it. In that page, each user, their own. And nothing else. There is the other admin/tool/dataprivacy/datarequests.php page to manage everyone's requests.

      Or I'm missing something. Ciao

      Attachments

        Issue Links

          Discovered while testing

          New Feature - A new Moodle feature which has yet to be developed. MDL-62167 Implement core_privacy for core_badges

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              jpataleta Jun Pataleta
              stronk7 Eloy Lafuente (stronk7)
              Carlos Escobedo Carlos Escobedo
              David Monllaó David Monllaó
              Ryan Wyllie Ryan Wyllie
              Andrew Lyons, Adrian Greeve, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                17/May/18