MDL-62134 tool_dataprivacy: privacy manager wrapper

If exception occurs in one plugin implementation do not fail the whole job but instead send a message to DPOs with the exception details
moodle · May 16, 2018 · 3f18d2a · 3f18d2a
1 parent 65abf2a
commit 3f18d2a
Show file tree

Hide file tree

Showing 8 changed files with 116 additions and 6 deletions.
diff --git a/admin/tool/dataprivacy/classes/expired_contexts_manager.php b/admin/tool/dataprivacy/classes/expired_contexts_manager.php
@@ -90,7 +90,7 @@ public function delete() {
             return $numprocessed;
         }
 
-        $privacymanager = new \core_privacy\manager();
+        $privacymanager = new manager();
 
         foreach ($this->get_context_levels() as $level) {
 

diff --git a/admin/tool/dataprivacy/classes/manager.php b/admin/tool/dataprivacy/classes/manager.php
@@ -0,0 +1,97 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+/**
+ * Class \tool_dataprivacy\manager
+ *
+ * @package    tool_dataprivacy
+ * @copyright  2018 Marina Glancy
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace tool_dataprivacy;
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Wrapper for \core_privacy\manager that sends notifications about exceptions to DPO
+ *
+ * @package    tool_dataprivacy
+ * @copyright  2018 Marina Glancy
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class manager extends \core_privacy\manager {
+
+    /**
+     * Call the named method with the specified params on the supplied component if it implements the relevant interface on its provider.
+     *
+     * @param   string  $component The component to call
+     * @param   string  $interface The interface to implement
+     * @param   string  $methodname The method to call
+     * @param   array   $params The params to call
+     * @return  mixed
+     */
+    public static function component_class_callback(string $component, string $interface, string $methodname, array $params) {
+        try {
+            return parent::component_class_callback($component, $interface, $methodname, $params);
+        } catch (\Throwable $e) {
+            debugging($e->getMessage(), DEBUG_DEVELOPER, $e->getTrace());
+            self::notify_dpo($e, $component, $interface, $methodname, $params);
+        }
+        return null;
+    }
+
+    /**
+     * Notifies all DPOs about exception occurred
+     *
+     * @param \Throwable $e
+     * @param string $component
+     * @param string $interface
+     * @param string $methodname
+     * @param array $params
+     * @return mixed
+     */
+    protected static function notify_dpo(\Throwable $e, string $component, string $interface, string $methodname, array $params) {
+
+        // Get the list of the site Data Protection Officers.
+        $dpos = api::get_site_dpos();
+
+        $messagesubject = get_string('exceptionnotificationsubject', 'tool_dataprivacy');
+        $a = (object)[
+            'fullmethodname' => static::get_provider_classname_for_component($component) . '::' . $methodname,
+            'component' => $component,
+            'message' => $e->getMessage(),
+            'backtrace' => $e->getTraceAsString()
+        ];
+        $messagebody = get_string('exceptionnotificationbody', 'tool_dataprivacy', $a);
+
+        // Email the data request to the Data Protection Officer(s)/Admin(s).
+        foreach ($dpos as $dpo) {
+            $message = new \core\message\message();
+            $message->courseid          = SITEID;
+            $message->component         = 'tool_dataprivacy';
+            $message->name              = 'notifyexceptions';
+            $message->userfrom          = \core_user::get_noreply_user();
+            $message->subject           = $messagesubject;
+            $message->fullmessageformat = FORMAT_HTML;
+            $message->notification      = 1;
+            $message->userto            = $dpo;
+            $message->fullmessagehtml   = $messagebody;
+            $message->fullmessage       = html_to_text($messagebody);
+
+            // Send message.
+            return message_send($message);
+        }
+    }
+}
diff --git a/admin/tool/dataprivacy/classes/metadata_registry.php b/admin/tool/dataprivacy/classes/metadata_registry.php
@@ -39,7 +39,7 @@ class metadata_registry {
      * @return array An array with all of the plugin types / plugins and the user data they store.
      */
     public function get_registry_metadata() {
-        $manager = new \core_privacy\manager();
+        $manager = new manager();
         $pluginman = \core_plugin_manager::instance();
         $contributedplugins = $this->get_contrib_list();
         $metadata = $manager->get_metadata_for_components();

diff --git a/admin/tool/dataprivacy/classes/task/initiate_data_request_task.php b/admin/tool/dataprivacy/classes/task/initiate_data_request_task.php
@@ -30,6 +30,7 @@
 use tool_dataprivacy\api;
 use tool_dataprivacy\contextlist_context;
 use tool_dataprivacy\data_request;
+use tool_dataprivacy\manager;
 
 defined('MOODLE_INTERNAL') || die();
 
@@ -96,7 +97,7 @@ public function execute() {
         api::update_request_status($requestid, api::DATAREQUEST_STATUS_PREPROCESSING);
 
         // Add the list of relevant contexts to the request, and mark all as pending approval.
-        $privacymanager = new \core_privacy\manager();
+        $privacymanager = new manager();
         $contextlistcollection = $privacymanager->get_contexts_for_userid($datarequest->get('userid'));
         api::add_request_contexts_with_status($contextlistcollection, $requestid, contextlist_context::STATUS_PENDING);
 

diff --git a/admin/tool/dataprivacy/classes/task/process_data_request_task.php b/admin/tool/dataprivacy/classes/task/process_data_request_task.php
@@ -33,6 +33,7 @@
 use moodle_url;
 use tool_dataprivacy\api;
 use tool_dataprivacy\data_request;
+use tool_dataprivacy\manager;
 
 defined('MOODLE_INTERNAL') || die();
 
@@ -87,7 +88,7 @@ public function execute() {
             $approvedclcollection = api::get_approved_contextlist_collection_for_request($requestpersistent);
 
             // Export the data.
-            $manager = new \core_privacy\manager();
+            $manager = new manager();
             $exportedcontent = $manager->export_user_data($approvedclcollection);
 
             $fs = get_file_storage();
@@ -109,7 +110,7 @@ public function execute() {
             $approvedclcollection = api::get_approved_contextlist_collection_for_request($requestpersistent);
 
             // Delete the data.
-            $manager = new \core_privacy\manager();
+            $manager = new manager();
             $manager->delete_data_for_user($approvedclcollection);
         }
 

diff --git a/admin/tool/dataprivacy/db/messages.php b/admin/tool/dataprivacy/db/messages.php
@@ -41,4 +41,12 @@
             'email' => MESSAGE_PERMITTED + MESSAGE_DEFAULT_LOGGEDIN + MESSAGE_DEFAULT_LOGGEDOFF,
         ]
     ],
+
+    // Notify Data Protection Officer about exceptions.
+    'notifyexceptions' => [
+        'defaults' => [
+            'email' => MESSAGE_PERMITTED + MESSAGE_DEFAULT_LOGGEDIN + MESSAGE_DEFAULT_LOGGEDOFF,
+        ],
+        'capability'  => 'tool/dataprivacy:managedatarequests'
+    ],
 ];
diff --git a/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php b/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php
@@ -101,6 +101,8 @@
 $string['errorrequestnotfound'] = 'Request not found';
 $string['errorrequestnotwaitingforapproval'] = 'The request is not awaiting approval. Either it is not yet ready or it has already been processed.';
 $string['errorsendingmessagetodpo'] = 'An error was encountered while trying to send a message to {$a}.';
+$string['exceptionnotificationsubject'] = "Exception occured while processing privacy data";
+$string['exceptionnotificationbody'] = "<p>Exception occured while calling <b>{\$a->fullmethodname}</b>.<br>This means that plugin <b>{\$a->component}</b> did not complete processing data. Below you can find exception information that can be passed to the plugin developer.</p><pre>{\$a->message}<br>\n\n{\$a->backtrace}</pre>";
 $string['expiredretentionperiodtask'] = 'Expired retention period';
 $string['expiry'] = 'Expiry';
 $string['expandplugin'] = 'Expand and collapse plugin.';
@@ -148,6 +150,7 @@
 $string['lawfulbases_help'] = 'Select at least one option that will serve as the lawful basis for processing personal data. For details on these lawful bases, please see <a href="https://gdpr-info.eu/art-6-gdpr/" target="_blank">GDPR Art. 6.1</a>';
 $string['messageprovider:contactdataprotectionofficer'] = 'Data requests';
 $string['messageprovider:datarequestprocessingresults'] = 'Data request processing results';
+$string['messageprovider:notifyexceptions'] = 'Data requests exceptions notifications';
 $string['message'] = 'Message';
 $string['messagelabel'] = 'Message:';
 $string['moduleinstancename'] = '{$a->instancename} ({$a->modulename})';

diff --git a/admin/tool/dataprivacy/version.php b/admin/tool/dataprivacy/version.php
@@ -24,6 +24,6 @@
 
 defined('MOODLE_INTERNAL') || die;
 
-$plugin->version   = 2018051400;
+$plugin->version   = 2018051401;
 $plugin->requires  = 2018050800;        // Moodle 3.5dev (Build 2018031600) and upwards.
 $plugin->component = 'tool_dataprivacy';