MDL-62564 privacy: Improve bulk deletion

Author: Mihail Geshoski

admin/tool/dataprivacy/classes/api.php

@@ -41,6 +41,7 @@
 use tool_dataprivacy\local\helper;
 use tool_dataprivacy\task\initiate_data_request_task;
 use tool_dataprivacy\task\process_data_request_task;
+use tool_dataprivacy\data_request;
 
 defined('MOODLE_INTERNAL') || die();
 
@@ -253,6 +254,8 @@ public static function create_data_request($foruser, $type, $comments = '',
         $datarequest->set('type', $type);
         // Set request comments.
         $datarequest->set('comments', $comments);
+        // Set the creation method.
+        $datarequest->set('creationmethod', $creationmethod);
 
         // Store subject access request.
         $datarequest->create();
@@ -275,14 +278,16 @@ public static function create_data_request($foruser, $type, $comments = '',
      * @param int $userid The User ID.
      * @param int[] $statuses The status filters.
      * @param int[] $types The request type filters.
+     * @param int[] $creationmethods The request creation method filters.
      * @param string $sort The order by clause.
      * @param int $offset Amount of records to skip.
      * @param int $limit Amount of records to fetch.
      * @return data_request[]
      * @throws coding_exception
      * @throws dml_exception
      */
-    public static function get_data_requests($userid = 0, $statuses = [], $types = [], $sort = '', $offset = 0, $limit = 0) {
+    public static function get_data_requests($userid = 0, $statuses = [], $types = [], $creationmethods = [],
+                                             $sort = '', $offset = 0, $limit = 0) {
         global $DB, $USER;
         $results = [];
         $sqlparams = [];
@@ -306,6 +311,13 @@ public static function get_data_requests($userid = 0, $statuses = [], $types = [
             $sqlparams = array_merge($sqlparams, $typeparams);
         }
 
+        // Set request creation method filter.
+        if (!empty($creationmethods)) {
+            list($typeinsql, $typeparams) = $DB->get_in_or_equal($creationmethods, SQL_PARAMS_NAMED);
+            $sqlconditions[] = "creationmethod $typeinsql";
+            $sqlparams = array_merge($sqlparams, $typeparams);
+        }
+
         if ($userid) {
             // Get the data requests for the user or data requests made by the user.
             $sqlconditions[] = "(userid = :userid OR requestedby = :requestedby)";
@@ -348,7 +360,7 @@ public static function get_data_requests($userid = 0, $statuses = [], $types = [
 
             if (!empty($expiredrequests)) {
                 data_request::expire($expiredrequests);
-                $results = self::get_data_requests($userid, $statuses, $types, $sort, $offset, $limit);
+                $results = self::get_data_requests($userid, $statuses, $types, $creationmethods, $sort, $offset, $limit);
             }
         }
 
@@ -361,11 +373,12 @@ public static function get_data_requests($userid = 0, $statuses = [], $types = [
      * @param int $userid The User ID.
      * @param int[] $statuses The status filters.
      * @param int[] $types The request type filters.
+     * @param int[] $creationmethods The request creation method filters.
      * @return int
      * @throws coding_exception
      * @throws dml_exception
      */
-    public static function get_data_requests_count($userid = 0, $statuses = [], $types = []) {
+    public static function get_data_requests_count($userid = 0, $statuses = [], $types = [], $creationmethods = []) {
         global $DB, $USER;
         $count = 0;
         $sqlparams = [];
@@ -379,6 +392,11 @@ public static function get_data_requests_count($userid = 0, $statuses = [], $typ
             $sqlconditions[] = "type $typeinsql";
             $sqlparams = array_merge($sqlparams, $typeparams);
         }
+        if (!empty($creationmethods)) {
+            list($typeinsql, $typeparams) = $DB->get_in_or_equal($creationmethods, SQL_PARAMS_NAMED);
+            $sqlconditions[] = "creationmethod $typeinsql";
+            $sqlparams = array_merge($sqlparams, $typeparams);
+        }
         if ($userid) {
             // Get the data requests for the user or data requests made by the user.
             $sqlconditions[] = "(userid = :userid OR requestedby = :requestedby)";
@@ -962,6 +980,34 @@ public static function get_effective_contextlevel_purpose($contextlevel, $forced
         return data_registry::get_effective_contextlevel_value($contextlevel, 'purpose', $forcedvalue);
     }
 
+    /**
+     * Creates an expired context record for the provided context id.
+     *
+     * @param int $contextid
+     * @return \tool_dataprivacy\expired_context
+     */
+    public static function create_expired_context($contextid) {
+        $record = (object)[
+            'contextid' => $contextid,
+            'status' => expired_context::STATUS_EXPIRED,
+        ];
+        $expiredctx = new expired_context(0, $record);
+        $expiredctx->save();
+
+        return $expiredctx;
+    }
+
+    /**
+     * Deletes an expired context record.
+     *
+     * @param int $id The tool_dataprivacy_ctxexpire id.
+     * @return bool True on success.
+     */
+    public static function delete_expired_context($id) {
+        $expiredcontext = new expired_context($id);
+        return $expiredcontext->delete();
+    }
+
     /**
      * Updates the status of an expired context.
      *

admin/tool/dataprivacy/classes/data_request.php

@@ -21,7 +21,9 @@
  * @copyright  2018 Jun Pataleta
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
+
 namespace tool_dataprivacy;
+
 defined('MOODLE_INTERNAL') || die();
 
 use core\persistent;

admin/tool/dataprivacy/classes/event/user_deleted_observer.php

@@ -0,0 +1,63 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Event observers supported by this module.
+ *
+ * @package    tool_dataprivacy
+ * @copyright   2018 Mihail Geshoski <mihail@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace tool_dataprivacy\event;
+
+use \tool_dataprivacy\api;
+use \tool_dataprivacy\data_request;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Event observers supported by this module.
+ *
+ * @package    tool_dataprivacy
+ * @copyright   2018 Mihail Geshoski <mihail@moodle.com>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class user_deleted_observer {
+
+    /**
+     * Create user data deletion request when the user is deleted.
+     *
+     * @param \core\event\user_deleted $event
+     */
+    public static function create_delete_data_request(\core\event\user_deleted $event) {
+        // Automatic creation of deletion requests must be enabled.
+        if (get_config('tool_dataprivacy', 'automaticdeletionrequests')) {
+            $requesttypes = [api::DATAREQUEST_TYPE_DELETE];
+            $requeststatuses = [api::DATAREQUEST_STATUS_COMPLETE, api::DATAREQUEST_STATUS_DELETED];
+
+            $hasongoingdeleterequests = api::has_ongoing_request($event->objectid, $requesttypes[0]);
+            $hascompleteddeleterequest = (api::get_data_requests_count($event->objectid, $requeststatuses,
+                    $requesttypes) > 0) ? true : false;
+
+            if (!$hasongoingdeleterequests && !$hascompleteddeleterequest) {
+                api::create_data_request($event->objectid, $requesttypes[0],
+                        get_string('datarequestcreatedupondelete', 'tool_dataprivacy'),
+                        data_request::DATAREQUEST_CREATION_AUTO);
+            }
+        }
+    }
+}

admin/tool/dataprivacy/classes/expired_user_contexts.php

@@ -0,0 +1,149 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Expired contexts manager for CONTEXT_USER.
+ *
+ * @package    tool_dataprivacy
+ * @copyright  2018 David Monllao
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+namespace tool_dataprivacy;
+
+use core_privacy\manager;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Expired contexts manager for CONTEXT_USER.
+ *
+ * @copyright  2018 David Monllao
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class expired_user_contexts extends \tool_dataprivacy\expired_contexts_manager {
+
+    /**
+     * Only user level.
+     *
+     * @return int[]
+     */
+    protected function get_context_levels() {
+        return [CONTEXT_USER];
+    }
+
+    /**
+     * Returns the user context instances that are expired.
+     *
+     * @return \stdClass[]
+     */
+    protected function get_expired_contexts() {
+        global $DB;
+
+        // Including context info + last login timestamp.
+        $fields = 'ctx.id AS id, ' . \context_helper::get_preload_record_columns_sql('ctx');
+
+        $purpose = api::get_effective_contextlevel_purpose(CONTEXT_USER);
+
+        // Calculate what is considered expired according to the context level effective purpose (= now + retention period).
+        $expiredtime = new \DateTime();
+        $retention = new \DateInterval($purpose->get('retentionperiod'));
+        $expiredtime->sub($retention);
+
+        $sql = "SELECT $fields FROM {context} ctx
+                  JOIN {user} u ON ctx.contextlevel = ? AND ctx.instanceid = u.id
+                  LEFT JOIN {tool_dataprivacy_ctxexpired} expiredctx ON ctx.id = expiredctx.contextid
+                 WHERE u.lastaccess <= ? AND u.lastaccess > 0 AND expiredctx.id IS NULL
+                ORDER BY ctx.path, ctx.contextlevel ASC";
+        $possiblyexpired = $DB->get_recordset_sql($sql, [CONTEXT_USER, $expiredtime->getTimestamp()]);
+
+        $expiredcontexts = [];
+        foreach ($possiblyexpired as $record) {
+
+            \context_helper::preload_from_record($record);
+
+            // No strict checking as the context may already be deleted (e.g. we just deleted a course,
+            // module contexts below it will not exist).
+            $context = \context::instance_by_id($record->id, false);
+            if (!$context) {
+                continue;
+            }
+
+            if (is_siteadmin($context->instanceid)) {
+                continue;
+            }
+
+            $courses = enrol_get_users_courses($context->instanceid, false, ['enddate']);
+            foreach ($courses as $course) {
+                if (!$course->enddate) {
+                    // We can not know it what is going on here, so we prefer to be conservative.
+                    continue 2;
+                }
+
+                if ($course->enddate >= time()) {
+                    // Future or ongoing course.
+                    continue 2;
+                }
+            }
+
+            $expiredcontexts[$context->id] = $context;
+        }
+
+        return $expiredcontexts;
+    }
+
+    /**
+     * Deletes user data from the provided context.
+     *
+     * Overwritten to delete the user.
+     *
+     * @param manager $privacymanager
+     * @param expired_context $expiredctx
+     * @return \context|false
+     */
+    protected function delete_expired_context(manager $privacymanager, expired_context $expiredctx) {
+        $context = \context::instance_by_id($expiredctx->get('contextid'), IGNORE_MISSING);
+        if (!$context) {
+            return false;
+        }
+
+        if (!PHPUNIT_TEST) {
+            mtrace('Deleting context ' . $context->id . ' - ' .
+                shorten_text($context->get_context_name(true, true)));
+        }
+
+        // To ensure that all user data is deleted, instead of deleting by context, we run through and collect any stray
+        // contexts for the user that may still exist and call delete_data_for_user().
+        $user = \core_user::get_user($context->instanceid, '*', MUST_EXIST);
+        $approvedlistcollection = new \core_privacy\local\request\contextlist_collection($user->id);
+        $contextlistcollection = $privacymanager->get_contexts_for_userid($user->id);
+
+        foreach ($contextlistcollection as $contextlist) {
+            $approvedlistcollection->add_contextlist(new \core_privacy\local\request\approved_contextlist(
+                $user,
+                $contextlist->get_component(),
+                $contextlist->get_contextids()
+            ));
+        }
+
+        $privacymanager->delete_data_for_user($approvedlistcollection);
+        api::set_expired_context_status($expiredctx, expired_context::STATUS_CLEANED);
+
+        // Delete the user.
+        delete_user($user);
+
+        return $context;
+    }
+}