XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.5.2, 3.6
    • Fix Version/s: 3.4.6, 3.5.3
    • Component/s: Privacy
    • Labels:
    • Testing Instructions:
      Hide

      Setup

      1. Create a brand new Moodle site. Don't even login into it. Don't create any courses. Just a straight install.
      2. Run the attached test-63496.php script to create a set of courses, and users.
      3. Login as admin
      4. Navigate to Site administration -> Users -> Data registry
      5. From the Edit menu, choose Purposes
      6. Create the following purposes:
        Name Lawful bases Retention period Protected
        Basic Consent 50 years Protected
        I1 Consent 10 years Protected
        I2 Consent 10 years Protected
        I3 Consent 10 years Unprotected
        I4 Consent 10 years Unprotected
        P1 Consent 1 days Protected
        P2 Consent 1 days Unprotected
        P3 Consent 1 days Unprotected
        P4 Consent 1 days Unprotected
      7. Edit the newly created purposes and add some role overrides:
        Name Student Teacher Manager
        I1 1 days, protected
        I2 1 days, unprotected
        I3 1 days, protected
        I4 1 days, unprotected
        P1
        1 years, protected 5 years, protected
        P2
        1 years, protected 5 years, protected
        P3
        1 years, unprotected 5 years, protected
        P4
        1 years, unprotected 5 years, unprotected
      8. Assign each of the courses, and all of it's children a purpose:
        1. m63496-1-I1: I1
        2. m63496-1-I2: I2
        3. m63496-1-I3: I3
        4. m63496-1-I4: I4
        5. m63496-1-P1: P1
        6. m63496-1-P2: P2
        7. m63496-1-P3: P3
        8. m63496-1-P4: P4
      9. Assign the system the "Basic" purpose
      10. Create a new category and assign this to the system too.

      Subject Deletion Request

      1. Create deletion requests for the first user of each type using the attached test-63496-requests.php script:

        php test-63496-requests.php --usernamefilter='m63496-1-%1'
        

      2. Run cron:

        php admin/cli/cron.php
        

      3. Navigate to Site administration > Users > Privacy and Policies > Data requests
        Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user
      4. Approve all of the requests
      5. Run cron:

        php admin/cli/cron.php
        

        1. View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
          Note: = no posts exist for this user
          Note: = some posts still exist for this user
          Course s1 t1 m1 st1 sm1 tm1 o1
          User              
          I1
          I2
          I3
          I4
          P1
          P2
          P3
          P4

      Check Initial expiry info

      1. Run the expired retention period task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period"
        

      2. Navigate to the list of data deletions
        1. Confirm that all eight courses are listed
        2. Confirm that courses 1, 2, 3, and 4 state:
          1. Default retention period: 10 Years (Unexpired)
          2. Student retention period: 1 days (Expired)
          3. Only data for students will be deleted
        3. Confirm that courses 5, 6, 7, and 8 state:
          1. Default retention period: 1 days (Expired)
          2. Manager retention period: 5 years (Unexpired)
          3. Teacher retention period: 1 years (Unexpired)
          4. Data for all users except for Managers and Teachers will be removed

      Run initial expiry

      Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.

      1. Approve the deletions
      2. Run the expired context deletion task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts"
        

        1. View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
          Note: = no posts exist for this type of user
          Note: = some posts exist for this type of user
          Course s* t* m* st* sm* tm* o*
          User e              
          I1
          I2
          I3
          I4
          P1
          P2
          P3
          P4

      Time has passed

      1. For each of the eight courses, change the year to 2017 (they will now be just over one year ago)
        #

        Subject Deletion Request

      2. Create deletion requests for the second user of each type using the attached test-63496-requests.php script:

        php test-63496-requests.php --usernamefilter='m63496-1-%2'
        

      3. Run cron:

        php admin/cli/cron.php
        

      4. Navigate to Site administration > Users > Privacy and Policies > Data requests
        Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user
      5. Approve all of the requests
      6. Run cron:

        php admin/cli/cron.php
        

        1. View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
          Note: = no posts exist for this user
          Note: = some posts still exist for this user
          Course t2 m2 st2 sm2 tm2 o2
          User            
          I1
          I2
          I3
          I4
          P1
          P2
          P3
          P4

      Check Expiry info

      1. Run the expired retention period task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period"
        

      2. Navigate to the list of data deletions
        1. Confirm that only the four 'P' courses are listed
        2. Confirm that they state:
          1. Default retention period: 1 days (Expired)
          2. Manager retention period: 5 years (Unexpired)
          3. Data for all users except for Managers will be removed

      Run expiry task

      Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.

      1. Approve the deletions
      2. Run the expired context deletion task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts"
        

        1. View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per:
          Note: = no posts exist for this type of user
          Note: = some posts exist for this type of user
          Course t* m* st* sm* tm* o*
          User            
          P1
          P2
          P3
          P4

      Time has passed

      1. For each of the eight courses, change the year to 2008 (they will now be just over ten years ago)

      Subject Deletion Request

      1. Create deletion requests for the third user of each type using the attached test-63496-requests.php script:

        php test-63496-requests.php --usernamefilter='m63496-1-%3'
        

      2. Run cron:

        php admin/cli/cron.php
        

      3. Navigate to Site administration > Users > Privacy and Policies > Data requests
        Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user
      4. Approve all of the requests
      5. Run cron:

        php admin/cli/cron.php
        

      6. View the forum in each course
        1. Confirm that none of the '3' users have any content left
          Note: = no posts exist for this user
          Note: = some posts still exist for this user
          Course t3 m3 st3 sm3 tm3 o3
          User            
          I1
          I2
          I3
          I4
          P1
          P2
          P3
          P4

      Check Expiry info

      1. Run the expired retention period task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period"
        

      2. Navigate to the list of data deletions
        1. Confirm that all eight courses are listed
        2. Confirm that courses all of the I courses state:
          1. Default retention period: 10 Years (Expired)
          2. Delete data for all users
        3. Confirm that courses P courses state:
          1. Default retention period: 1 days (Expired)
          2. Delete data for all users

      Run expiry task

      Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course.

      1. Approve the deletions
      2. Run the expired context deletion task:

        php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts"
        

      3. View the forum in each course
        1. Confirm that there are no discussions
      4. View the Participants page in each course
        1. Confirm that there are no participants
      Show
      Setup Create a brand new Moodle site. Don't even login into it. Don't create any courses. Just a straight install. Run the attached test-63496.php script to create a set of courses, and users. Login as admin Navigate to Site administration -> Users -> Data registry From the Edit menu, choose Purposes Create the following purposes: Name Lawful bases Retention period Protected Basic Consent 50 years Protected I1 Consent 10 years Protected I2 Consent 10 years Protected I3 Consent 10 years Unprotected I4 Consent 10 years Unprotected P1 Consent 1 days Protected P2 Consent 1 days Unprotected P3 Consent 1 days Unprotected P4 Consent 1 days Unprotected Edit the newly created purposes and add some role overrides: Name Student Teacher Manager I1 1 days, protected I2 1 days, unprotected I3 1 days, protected I4 1 days, unprotected P1 1 years, protected 5 years, protected P2 1 years, protected 5 years, protected P3 1 years, unprotected 5 years, protected P4 1 years, unprotected 5 years, unprotected Assign each of the courses, and all of it's children a purpose: m63496-1-I1: I1 m63496-1-I2: I2 m63496-1-I3: I3 m63496-1-I4: I4 m63496-1-P1: P1 m63496-1-P2: P2 m63496-1-P3: P3 m63496-1-P4: P4 Assign the system the "Basic" purpose Create a new category and assign this to the system too. Subject Deletion Request Create deletion requests for the first user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%1' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this user Note: = some posts still exist for this user Course s1 t1 m1 st1 sm1 tm1 o1 User               I1 I2 I3 I4 P1 P2 P3 P4 Check Initial expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that all eight courses are listed Confirm that courses 1, 2, 3, and 4 state: Default retention period: 10 Years (Unexpired) Student retention period: 1 days (Expired) Only data for students will be deleted Confirm that courses 5, 6, 7, and 8 state: Default retention period: 1 days (Expired) Manager retention period: 5 years (Unexpired) Teacher retention period: 1 years (Unexpired) Data for all users except for Managers and Teachers will be removed Run initial expiry Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this type of user Note: = some posts exist for this type of user Course s* t* m* st* sm* tm* o* User e               I1 I2 I3 I4 P1 P2 P3 P4 Time has passed For each of the eight courses, change the year to 2017 (they will now be just over one year ago) # Subject Deletion Request Create deletion requests for the second user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%2' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this user Note: = some posts still exist for this user Course t2 m2 st2 sm2 tm2 o2 User             I1 I2 I3 I4 P1 P2 P3 P4 Check Expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that only the four 'P' courses are listed Confirm that they state: Default retention period: 1 days (Expired) Manager retention period: 5 years (Unexpired) Data for all users except for Managers will be removed Run expiry task Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course (Not the announcement forum) and confirm that the post from those users are deleted or not deleted as per : Note: = no posts exist for this type of user Note: = some posts exist for this type of user Course t* m* st* sm* tm* o* User             P1 P2 P3 P4 Time has passed For each of the eight courses, change the year to 2008 (they will now be just over ten years ago) Subject Deletion Request Create deletion requests for the third user of each type using the attached test-63496-requests.php script: php test-63496-requests.php --usernamefilter='m63496-1-%3' Run cron: php admin/cli/cron.php Navigate to Site administration > Users > Privacy and Policies > Data requests Note: You may find it easier to test this one user at a time by only approving one deletion, then run the task, and confirm the behaviour for that user Approve all of the requests Run cron: php admin/cli/cron.php View the forum in each course Confirm that none of the '3' users have any content left Note: = no posts exist for this user Note: = some posts still exist for this user Course t3 m3 st3 sm3 tm3 o3 User             I1 I2 I3 I4 P1 P2 P3 P4 Check Expiry info Run the expired retention period task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\expired_retention_period" Navigate to the list of data deletions Confirm that all eight courses are listed Confirm that courses all of the I courses state: Default retention period: 10 Years (Expired) Delete data for all users Confirm that courses P courses state: Default retention period: 1 days (Expired) Delete data for all users Run expiry task Note: You may find it easier to test this one course at a time by only approving one deletion, then run the taks, and confirm the behaviour for that course. Approve the deletions Run the expired context deletion task: php admin/tool/task/cli/schedule_task.php --execute="\tool_dataprivacy\task\delete_expired_contexts" View the forum in each course Confirm that there are no discussions View the Participants page in each course Confirm that there are no participants
    • Affected Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE
    • Fixed Branches:
      MOODLE_34_STABLE, MOODLE_35_STABLE
    • Pull Master Branch:
      MDL-63496-master
    • Sprint:
      GDPR Followup Sprint 1

      Description

      Add support for graduated deletion of user data depending upon user role.

        Attachments

        1. list-of-expired-contexts.png
          list-of-expired-contexts.png
          692 kB
        2. list-of-purposes.png
          list-of-purposes.png
          614 kB
        3. purpoe-with-override.png
          purpoe-with-override.png
          1.03 MB
        4. test-63496.php
          9 kB
        5. test-63496-purposes.php
          7 kB
        6. test-63496-requests.php
          0.8 kB

          Issue Links

            Activity

              People

              • Assignee:
                dobedobedoh Andrew Nicols
                Reporter:
                dobedobedoh Andrew Nicols
                Peer reviewer:
                Adrian Greeve
                Participants:
                Component watchers:
                Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  12/Nov/18