-
Bug
-
Resolution: Fixed
-
Blocker
-
3.3.8, 3.4.5, 3.5.2, 3.6
-
MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
-
MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
-
MDL-63401-master -
-
GDPR Followup Sprint 1
This issue covers three main issues:
- users are currently expired when they finish a course, not when the courses that they are in expire. This currently means that some data is removed before it should be
- it is not possible to expire a user if they are enrolled in any open-ended courses
- any user with a user block is not deletable due to a mis-understanding in the API as to how to handle blocks – it treats them all as belonging to a course
This issue solves these by:
- switch to respecting the course expiry as a dependency of user expiry.
- provide a system setting to ignore open-ended courses when calculating the user expiry (rely purely on last login time)
- rewrite the dataprivacy expiry manager to not separate out course contexts from user contexts using context level, but instead do so by actual context.
The biggest change in this patchset is for the third item.
The original code assumed that any block was always a course block, and ignored the potential for user blocks. Because of this user expiry was essentially not possible if the user had any blocks on their Dashboard.
I felt that the best way to handle this was:
- to merge the user and course context expiry managers. The existing code separated them out based purely on their context level, which is not an accurate gauge of their type
- to change the behaviour such that any child context of a user is bundled in with the user context. It does not make sense not to do so as we do not allow any data registry configuration (purpose/category) for a specific user or for children of these anyway.
In order to complete this work I also moved the location of capability checks from the API class to the endpoints which call them. These tests do not belong in the API, and we have found this in other related issues (user bulk deletion, is_site_dpo changes, etc).
This work also necessitated that we finally stop deleting the user context, and instead just delete the related content.
As far as I'm aware, the only time we delete other contexts is when the record itself is removed. We do not remove the user record at any time, therefore we should not remove the context. The context has many things stored against it and, although some items are removed during the context deletion, this only applies to removal of core items (and not even all of them). It does not support deletion of user context data in plugins at all. Again, this same change has been identified as a necessity in other related issues.
- blocks
-
MDL-63496 Support for per-role deletion in the dataprivacy tool
- Closed
-
MDL-63495 Extend privacy API to support multi-user operations
- Closed
-
MDL-62560 Support different retention for different roles in a purpose
- Closed
- caused a regression
-
MDL-67469 Missing test code in \tool_dataprivacy_api_testcase::test_approve_data_request_non_dpo_user()
- Closed