Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64714

Privacy API delete_data_for user function in oauth2 and mnet exit early

    XMLWordPrintable

    Details

      Description

      In the core auth plugins, "oauth2" and "mnet", the privacy provider function "delete_data_for_user" may exit the function without actually doing what they need to do.

      The code loops through the provided contextlist and exits the function if it encounters a context that is not CONTEXT_USER:

      foreach ($contextlist->get_contexts() as $context) {
       if ($context->contextlevel != CONTEXT_USER) {
       return;
       }
       
       // Because we only use user contexts the instance ID is the user ID.
       $DB->delete_records('mnet_log', ['userid' => $context->instanceid]);
      }

      If the contextlist has multiple contexts that include a CONTEXT_USER, but encounters a non CONTEXT_USER before them, it will exit without processing the CONTEXT_USER. Shouldn't it be written as:

      foreach ($contextlist->get_contexts() as $context) {
       if ($context->contextlevel != CONTEXT_USER) {
       continue;
       }
       
       // Because we only use user contexts the instance ID is the user ID.
       $DB->delete_records('mnet_log', ['userid' => $context->instanceid]);
      }

      I have replaced "return" with "continue".

        Attachments

          Activity

            People

            Assignee:
            cescobedo Carlos Escobedo
            Reporter:
            mchurch Mike Churchward
            Peer reviewer:
            Mark Nelson
            Integrator:
            Andrew Nicols
            Tester:
            CiBoT
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              11/Mar/19

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h