Details
-
Task
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
3.6
-
MOODLE_36_STABLE
-
MOODLE_34_STABLE, MOODLE_35_STABLE
-
MDL-62560-master -
Setup
- Create a brand new Moodle site. Don't even login into it. Don't create any courses. Just a straight install.
- Run the attached test-63496.php script to create a set of courses, and users.
- Login as admin
- Navigate to Site administration -> Users -> Data registry
- From the Edit menu, choose Purposes
- Create the following purposes:
Name Lawful bases Retention period Protected Basic Consent 50 years Protected I1 Consent 10 years Protected I2 Consent 10 years Protected I3 Consent 10 years Unprotected I4 Consent 10 years Unprotected P1 Consent 1 days Protected P2 Consent 1 days Unprotected P3 Consent 1 days Unprotected P4 Consent 1 days Unprotected - Edit the newly created purposes and add some role overrides:
Name Student Teacher Manager I1 1 days, protected I2 1 days, unprotected I3 1 days, protected I4 1 days, unprotected P1 1 years, protected 5 years, protected P2 1 years, protected 5 years, protected P3 1 years, unprotected 5 years, protected P4 1 years, unprotected 5 years, unprotected - Assign each of the courses, and all of it's children a purpose:
- m63496-1-I1: I1
- m63496-1-I2: I2
- m63496-1-I3: I3
- m63496-1-I4: I4
- m63496-1-P1: P1
- m63496-1-P2: P2
- m63496-1-P3: P3
- m63496-1-P4: P4
- Assign the system the "Basic" purpose
- Create a new category and assign this to the system too.
Subject Deletion Request
- Create deletion requests for the first user of each type using the attached test-63496-requests.php script:
php test-63496-requests.php --usernamefilter='m63496-1-%1' - Run cron:
php admin/cli/cron.php - Navigate to Site administration > Users > Privacy and Policies > Data requests
Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user - Approve all of the requests
- Run cron:
php admin/cli/cron.php- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Note:
= no posts exist for this user
Note:
= some posts still exist for this user
Course s1 t1 m1 st1 sm1 tm1 o1 User I1 I2 I3 I4 P1 P2 P3 P4
- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Check Initial expiry info
- Run the expired retention period task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" - Navigate to the list of data deletions
- Confirm that all eight courses are listed
- Confirm that courses 1, 2, 3, and 4 state:
- Default retention period: 10 Years (Unexpired)
- Student retention period: 1 days (Expired)
- Only data for students will be deleted
- Confirm that courses 5, 6, 7, and 8 state:
- Default retention period: 1 days (Expired)
- Manager retention period: 5 years (Unexpired)
- Teacher retention period: 1 years (Unexpired)
- Data for all users except for Managers and Teachers will be removed
Run initial expiry
Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.
- Approve the deletions
- Run the expired context deletion task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts"- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Note: = no posts exist for this type of user
Note: = some posts exist for this type of user
Course s* t* m* st* sm* tm* o* User e I1 I2 I3 I4 P1 P2 P3 P4
- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Time has passed
- For each of the eight courses, change the year to 2017 (they will now be just over one year ago)
#Subject Deletion Request
- Create deletion requests for the second user of each type using the attached test-63496-requests.php script:
php test-63496-requests.php --usernamefilter='m63496-1-%2' - Run cron:
php admin/cli/cron.php - Navigate to Site administration > Users > Privacy and Policies > Data requests
Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user - Approve all of the requests
- Run cron:
php admin/cli/cron.php- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Note: = no posts exist for this user
Note: = some posts still exist for this user
Course t2 m2 st2 sm2 tm2 o2 User I1 I2 I3 I4 P1 P2 P3 P4
- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Check Expiry info
- Run the expired retention period task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" - Navigate to the list of data deletions
- Confirm that only the four 'P' courses are listed
- Confirm that they state:
- Default retention period: 1 days (Expired)
- Manager retention period: 5 years (Unexpired)
- Data for all users except for Managers will be removed
Run expiry task
Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.
- Approve the deletions
- Run the expired context deletion task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts"- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Note: = no posts exist for this type of user
Note: = some posts exist for this type of user
Course t* m* st* sm* tm* o* User P1 P2 P3 P4
- View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
Time has passed
- For each of the eight courses, change the year to 2008 (they will now be just over ten years ago)
Subject Deletion Request
- Create deletion requests for the third user of each type using the attached test-63496-requests.php script:
php test-63496-requests.php --usernamefilter='m63496-1-%3' - Run cron:
php admin/cli/cron.php - Navigate to Site administration > Users > Privacy and Policies > Data requests
Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user - Approve all of the requests
- Run cron:
php admin/cli/cron.php - View the forum in each course
- Confirm that none of the '3' users have any content left
Note: = no posts exist for this user
Note: = some posts still exist for this user
Course t3 m3 st3 sm3 tm3 o3 User I1 I2 I3 I4 P1 P2 P3 P4
- Confirm that none of the '3' users have any content left
Check Expiry info
- Run the expired retention period task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" - Navigate to the list of data deletions
- Confirm that all eight courses are listed
- Confirm that courses all of the I courses state:
- Default retention period: 10 Years (Expired)
- Delete data for all users
- Confirm that courses P courses state:
- Default retention period: 1 days (Expired)
- Delete data for all users
Run expiry task
Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.
- Approve the deletions
- Run the expired context deletion task:
php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" - View the forum in each course
- Confirm that there are no discussions
- View the Participants page in each course
- Confirm that there are no participants
Setup Create a brand new Moodle site. Don't even login into it. Don't create any courses. Just a straight install. Run the attached test-63496.php script to create a set of courses, and users. Login as admin Navigate to Site administration -> Users -> Data registry From the Edit menu, choose Purposes Create the following purposes: Name Lawful bases Retention period Protected Basic Consent 50 years Protected I1 Consent 10 years Protected I2 Consent 10 years Protected I3 Consent 10 years Unprotected I4 Consent 10 years Unprotected P1 Consent 1 days Protected P2 Consent 1 days Unprotected P3 Consent 1 days Unprotected P4 Consent 1 days Unprotected Edit the newly created purposes and add some role overrides: Name Student Teacher Manager I1 1 days, protected I2 1 days, unprotected I3 1 days, protected I4 1 days, unprotected P1 1 years, protected 5 years, protected P2 1 years, protected 5 years, protected P3 1 years, unprotected 5 years, protected P4 1 years, unprotected 5 years, unprotected Assign each of the courses, and all of it's children a purpose: m63496-1-I1: I1 m63496-1-I2: I2 m63496-1-I3: I3 m63496-1-I4: I4 m63496-1-P1: P1 m63496-1-P2: P2 m63496-1-P3: P3 m63496-1-P4: P4 Assign the system the "Basic" purpose Create a new category and assign this to the system too. Subject Deletion Request Create deletion requests for the first user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%1' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this user Note: = some posts still exist for this user Course s1 t1 m1 st1 sm1 tm1 o1 User I1 I2 I3 I4 P1 P2 P3 P4 Check Initial expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that all eight courses are listed Confirm that courses 1, 2, 3, and 4 state: Default retention period: 10 Years (Unexpired) Student retention period: 1 days (Expired) Only data for students will be deleted Confirm that courses 5, 6, 7, and 8 state: Default retention period: 1 days (Expired) Manager retention period: 5 years (Unexpired) Teacher retention period: 1 years (Unexpired) Data for all users except for Managers and Teachers will be removed Run initial expiry Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this type of user Note: = some posts exist for this type of user Course s* t* m* st* sm* tm* o* User e I1 I2 I3 I4 P1 P2 P3 P4 Time has passed For each of the eight courses, change the year to 2017 (they will now be just over one year ago) # Subject Deletion Request Create deletion requests for the second user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%2' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this user Note: = some posts still exist for this user Course t2 m2 st2 sm2 tm2 o2 User I1 I2 I3 I4 P1 P2 P3 P4 Check Expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that only the four 'P' courses are listed Confirm that they state: Default retention period: 1 days (Expired) Manager retention period: 5 years (Unexpired) Data for all users except for Managers will be removed Run expiry task Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this type of user Note: = some posts exist for this type of user Course t* m* st* sm* tm* o* User P1 P2 P3 P4 Time has passed For each of the eight courses, change the year to 2008 (they will now be just over ten years ago) Subject Deletion Request Create deletion requests for the third user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%3' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course Confirm that none of the '3' users have any content left Note: = no posts exist for this user Note: = some posts still exist for this user Course t3 m3 st3 sm3 tm3 o3 User I1 I2 I3 I4 P1 P2 P3 P4 Check Expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that all eight courses are listed Confirm that courses all of the I courses state: Default retention period: 10 Years (Expired) Delete data for all users Confirm that courses P courses state: Default retention period: 1 days (Expired) Delete data for all users Run expiry task Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course Confirm that there are no discussions View the Participants page in each course Confirm that there are no participants
-
GDPR Followup Sprint 1
Description
Add support for different retention strategies for different user roles.
In some institutions the content created by staff is considered to be 'owned' by the institution and not the individual.
In these cases, there may need to be a longer retention policy applied for staff than to students.
This issue seeks to extend the existing privacy API in order to add new data deletion strategies for rolling deletion.
This will be achieved by:
- adding a new 'purpose override' such that a role can be allocated a different retention policy for any data retention purpose;
- adding a new Provider interface to provide:
- a function to fetch the list of users in a location in order to filter the users by role
- a function to delete a set of users in a context
- updating the current rolling expiry system to support this new functionality.
Attachments
Issue Links
- blocks
-
MDL-63531 Add support for removal of context users - mod_assign
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
MDL-63619 Inheritance does not work as it should
-
- Closed
-
- caused a regression
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
-
-
- Closed
-
- Testing discovered
-
MDL-63686 Preload contexts in get_parent_contexts
-
- Closed
-
(9 blocks, 1 caused a regression, 2 is blocked by, 1 Testing discovered)
