Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68632

quizaccess_seb doesnt limit privacy api queries to the quiz course module

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.9
    • Fix Version/s: 3.9
    • Component/s: Quiz
    • Testing Instructions:
      Hide

      Test that SEB data still gets properly exported:

      • As an admin:
        Enable tool_dataprivacy | automaticdataexportapproval
        Enable tool_dataprivacy | contactdataprotectionofficer
      • Login as a teacher, add an activity of type quiz to a course.
      • In the quiz, edit the settings for 'Require the use of Safe Exam Browser' to be 'Yes – Configure manually'.
      • Save the activity.
      • Under profile > Data requests, request a data export
      • Run adhoc tasks (to process the export): `php admin/cli/adhoc_task.php --execute`
      • As the teacher, download the now available export
      • VERIFY the export contains Safe Exam Browser access rules data
      Show
      Test that SEB data still gets properly exported: As an admin: Enable tool_dataprivacy | automaticdataexportapproval Enable tool_dataprivacy | contactdataprotectionofficer Login as a teacher, add an activity of type quiz to a course. In the quiz, edit the settings for 'Require the use of Safe Exam Browser' to be 'Yes – Configure manually'. Save the activity. Under profile > Data requests, request a data export Run adhoc tasks (to process the export): `php admin/cli/adhoc_task.php --execute` As the teacher, download the now available export VERIFY the export contains Safe Exam Browser access rules data
    • Affected Branches:
      MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      The privacy provider for quizaccess_seb looks course modules with just the instance matching the quiz id - it doesnt make sure that the instance actually belongs to a quiz however - polluting the results with non-quizzes.

      Example quizaccess_seb privacy query:

       // SEB quiz settings.
       $sql = "SELECT qs.id as id,
       qs.quizid as quizid,
       qs.usermodified as usermodified,
       qs.timecreated as timecreated,
       qs.timemodified as timemodified
       FROM {quizaccess_seb_quizsettings} qs
       JOIN {course_modules} cm ON cm.instance = qs.quizid

      And a similar query used by quizreport_group privacy:

               $sql = "SELECT c.id
                        FROM {context} c
                        JOIN {course_modules} cm ON cm.id = c.instanceid AND c.contextlevel = :contextlevel
                        JOIN {modules} m ON m.id = cm.module AND m.name = :modname
                        JOIN {quiz_group_attempts} qga ON qga.quizid = cm.instance
                        JOIN {user} u ON u.id = qga.userid
                       WHERE u.id = :userid";
      

       

      Note that a JOIN is performed onto the modules table to ensure we limit course_modules to quizzes.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              aolley Adam Olley
              Reporter:
              aolley Adam Olley
              Peer reviewer:
              Tim Hunt
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Eloy Lafuente (stronk7)
              Participants:
              Component watchers:
              Tim Hunt, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jun/20

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 35 minutes
                  2h 35m