Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78088

New Web Services for the user data privacy section (Privacy and policies)

XMLWordPrintable

    • MOODLE_402_STABLE
    • MOODLE_404_STABLE
    • MDL-78088-master
    • Hide
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. Enable the options “Contact the privacy officer” and “Show data retention summary” on Site administration Users -> Privacy and policies > Privacy settings
      3. Create a Token in the mobile app service for any user on the site (not an admin account)
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      4. Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours.

        curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_mobile_get_config&wstoken=WS_TOKEN' | python -m "json.tool"

      5. Confirm that:
        • You see the following fields set to 1/true: tool_dataprivacy_contactdataprotectionofficer and tool_dataprivacy_showdataretentionsummary
      6. Now, execute the following course request

        curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_get_access_information&wstoken=WS_TOKEN' | python -m "json.tool"

      7. Confirm that:
        • You see the following field with the indicated values
          • "cancontactdpo": true,
          • "cancreatedatadeletionrequest": true,
          • "cancreatedatadownloadrequest": true,
          • "canmanagedatarequests": false,
          • "hasongoingdatadeletionrequest": false,
          • "hasongoingdatadownloadrequest": false,
      8. Now we are going to create a data request
      9. Execute the following curl request
        curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_create_data_request&type=1&comments=Hello&wstoken=WS_TOKEN' | python -m "json.tool"
      10. Open the Moodle site in the browser and login with the user account (not admin) you created
      11. Go to the user profile -> Data request section and confirm that
        • You will see a data request for Export all my personal data
      12. Execute the same request by replacing type with 2, confirm
        • You will see a new data request for delete all the personal data
      13. Repeat the previous curl request and confirm that
        • You see an exception indicating that “you already have an ongoing request” - errorrequestalreadyexists code
      14. Now execute the following curl request replacing USERID with the user (not admin) you created

        curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_get_data_requests&userid=USERID&wstoken=WS_TOKEN' | python -m "json.tool"

      15. Confirm that
        • The WebService returns a json structure with the two data requests
      16. Finally, execute the following curl request replacing REQUESTID with any of the requests ids returned by the previous Web Service request

        curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_cancel_data_request&requestid=REQUESTID&wstoken=WS_TOKEN' | python -m "json.tool"

      17. Confirm that
        • The result of the execution includes "result": true,
        • On the Moodle site, “Data requests” section that you previously visited, you see one of the data request with Status set to “Cancelled
      Show
      As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features Enable the options “Contact the privacy officer” and “Show data retention summary” on Site administration Users -> Privacy and policies > Privacy settings Create a Token in the mobile app service for any user on the site (not an admin account) Click on Site administration ► Plugins ► Web services ► Manage tokens Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours. curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_mobile_get_config&wstoken=WS_TOKEN' | python -m "json.tool" Confirm that: You see the following fields set to 1/true: tool_dataprivacy_contactdataprotectionofficer and tool_dataprivacy_showdataretentionsummary Now, execute the following course request curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_get_access_information&wstoken=WS_TOKEN' | python -m "json.tool" Confirm that: You see the following field with the indicated values "cancontactdpo": true, "cancreatedatadeletionrequest": true, "cancreatedatadownloadrequest": true, "canmanagedatarequests": false, "hasongoingdatadeletionrequest": false, "hasongoingdatadownloadrequest": false, Now we are going to create a data request Execute the following curl request curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_create_data_request&type=1&comments=Hello&wstoken=WS_TOKEN' | python -m "json.tool" Open the Moodle site in the browser and login with the user account (not admin) you created Go to the user profile -> Data request section and confirm that You will see a data request for Export all my personal data Execute the same request by replacing type with 2, confirm You will see a new data request for delete all the personal data Repeat the previous curl request and confirm that You see an exception indicating that “you already have an ongoing request” - errorrequestalreadyexists code Now execute the following curl request replacing USERID with the user (not admin) you created curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_get_data_requests&userid=USERID&wstoken=WS_TOKEN' | python -m "json.tool" Confirm that The WebService returns a json structure with the two data requests Finally, execute the following curl request replacing REQUESTID with any of the requests ids returned by the previous Web Service request curl 'SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=tool_dataprivacy_cancel_data_request&requestid=REQUESTID&wstoken=WS_TOKEN' | python -m "json.tool" Confirm that The result of the execution includes "result": true, On the Moodle site, “Data requests” section that you previously visited, you see one of the data request with Status set to “Cancelled

      This new WS will be used to comply with Google Play and Apple app store policies about user data privacy, specifically, to create a request for deleting the user account.

      The following functionality should be supported:

      • Retrieve access permissions: Create new WS tool_dataprivacy_get_access_information
      • Account Deletion: Create new WS tool_dataprivacy_create_data_request
      • Export all data: Create new WS tool_dataprivacy_create_data_request
      • View data requests: Create new WS tool_dataprivacy_get_data_requests
      • Contact the DPO: This WS already exists tool_dataprivacy_contact_dpo but is not available for the app
      • Cancel issued requests: This WS already exists tool_dataprivacy_cancel_data_request but is not available for the app
      • View data retention summary: This will be just a link to /admin/tool/dataprivacy/summary.php

            jleyva Juan Leyva
            jleyva Juan Leyva
            Rodrigo Mady Rodrigo Mady
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 days, 4 hours, 4 minutes
                4d 4h 4m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.