Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-63897

Remove preprocessing stage from GDPR operations

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 3.4.5, 3.5.2, 3.6
    • 3.6
    • Privacy
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • MOODLE_36_STABLE
    • MDL-63897-master
    • Hide
      1. Login as Admin
      2. Navigate to Site admin -> Users -> Privacy -> Privacy settings
      3. Enable the "Contact the privacy officer" setting
      4. Navigate to Site admin -> Users -> Privacy -> Data registry
      5. Configure a basic purpose and category against the system
      6. Navigate to Site admin -> Users -> Privacy -> Data requests
      7. Create new requests for:
        1. One user to have their data exported
        2. A different user to be deleted
      8. Confirm:
        1. That the status for both requests was set to "Awaiting approval"
      9. Log out
      10. Log in as a regular user
      11. From the User Menu, choose "Profile"
      12. Click on the "Contact the privacy officer" link and leave a brief message
        1. Confirm that your request was submitted
      13. Click on "Data requests"
        1. Confirm that you see your pending enquiry
      14. Create a new request for export of your data and add a note
        1. Confirm that you see your export is awaiting approval
      15. Logout
      16. Log in as a different user
      17. From the User Menu, choose "Profile"
      18. Click on "Data requests"
      19. Create a new request for your data to be deleted
        1. Confirm that you see your request is awaiting approval
      20. Log out
      21. Log in as admin/dpo again
      22. Navigate to Site admin -> Users -> Privacy -> Data requests
      23. Open the contact request and mark it as complete
        1. Confirm it is marked as complete
      24. Approve all of the other requests
      25. Run Cron 

        php admin/cli/cron.php

        1. Confirm that the cron finished without error
      26. Refresh the requests page
        1. Confirm that both download requests were marked as Download ready
        2. Confirm that both delete requests were marked as Deleted
      Show
      Login as Admin Navigate to Site admin -> Users -> Privacy -> Privacy settings Enable the " Contact the privacy officer " setting Navigate to Site admin -> Users -> Privacy -> Data registry Configure a basic purpose and category against the system Navigate to Site admin -> Users -> Privacy -> Data requests Create new requests for: One user to have their data exported A different user to be deleted Confirm: That the status for both requests was set to " Awaiting approval " Log out Log in as a regular user From the User Menu, choose " Profile " Click on the " Contact the privacy officer " link and leave a brief message Confirm that your request was submitted Click on " Data requests " Confirm that you see your pending enquiry Create a new request for export of your data and add a note Confirm that you see your export is awaiting approval Logout Log in as a different user From the User Menu, choose " Profile " Click on " Data requests " Create a new request for your data to be deleted Confirm that you see your request is awaiting approval Log out Log in as admin/dpo again Navigate to Site admin -> Users -> Privacy -> Data requests Open the contact request and mark it as complete Confirm it is marked as complete Approve all of the other requests Run Cron php admin/cli/cron.php Confirm that the cron finished without error Refresh the requests page Confirm that both download requests were marked as Download ready Confirm that both delete requests were marked as Deleted
    • GDPR Followup Sprint 1

    Description

      We originally planned to allow for an interface to approve and reject individual contexts. This necessitated splitting the request into a Pre-processing stage, and a processing stage, with the pre-processing stage locating everywhere that the user holds data.

      This interface never materialised, and now that we have a combination of per-purpose protection, and per-role deletion, this is arguably no longer required. Any rejection of a context for a specific user should be done via a per-role override to the context purpose instead.

      As such, we should remove the preprocessing stage. This becomes especially important given MDL-62563, and MDL-62564, where we will see the creation of automated requests.

      This pre-processing stage has a number of existing issues, namely it allows for data to become stale between addition and removal.

      Removing this stage and jumping straight to the awaiting approval state, and then fetching the list of contexts immediately before they are handled reduces complexity, and the possibility for this stale state. This also alleviates the need for most (but not all) of MDL-62589.

      Attachments

        Issue Links

          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-62589 Unable to reset submitted unapproved SARs after plugins are updated / installed

          • Blocker - Blocks development and/or testing, prevents Moodle from running (applicable to bugs only)
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-62589 Unable to reset submitted unapproved SARs after plugins are updated / installed

          • Blocker - Blocks development and/or testing, prevents Moodle from running (applicable to bugs only)
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-63902 Course context children not properly checked

          • Blocker - Blocks development and/or testing, prevents Moodle from running (applicable to bugs only)
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-63919 Disable notifications for automated SARs

          • Blocker - Blocks development and/or testing, prevents Moodle from running (applicable to bugs only)
          • Closed

          Activity

            People

              dobedobedoh Andrew Lyons
              dobedobedoh Andrew Lyons
              David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
              Jun Pataleta Jun Pataleta
              Janelle Barcega Janelle Barcega
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                3/Dec/18

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 20 minutes
                  20m