From ddf605c65563de7f6c15627dd72558b0388e4edc Mon Sep 17 00:00:00 2001 From: Michael Hawkins Date: Mon, 6 Aug 2018 13:18:18 +0800 Subject: [PATCH] MDL-62600 tool_dataprivacy: Corrected availability of PO pages to admins --- admin/tool/dataprivacy/classes/api.php | 19 ++++++ admin/tool/dataprivacy/datadeletion.php | 18 +++-- admin/tool/dataprivacy/dataregistry.php | 11 +++- admin/tool/dataprivacy/datarequests.php | 66 ++++++++++--------- .../dataprivacy/lang/en/tool_dataprivacy.php | 1 + admin/tool/dataprivacy/pluginregistry.php | 17 +++-- admin/tool/dataprivacy/settings.php | 35 +++++----- 7 files changed, 107 insertions(+), 60 deletions(-) diff --git a/admin/tool/dataprivacy/classes/api.php b/admin/tool/dataprivacy/classes/api.php index 8ec0bb53c48..bbf57daf39a 100644 --- a/admin/tool/dataprivacy/classes/api.php +++ b/admin/tool/dataprivacy/classes/api.php @@ -127,6 +127,25 @@ class api { require_capability('tool/dataprivacy:managedataregistry', $context); } + /** + * Fetches the role shortnames of Data Protection Officer roles. + * + * @return array An array of the DPO role shortnames + */ + public static function get_dpo_role_names() : array { + global $DB; + + $dporoleids = explode(',', str_replace(' ', '', get_config('tool_dataprivacy', 'dporoles'))); + $dponames = array(); + + if (!empty($dporoleids)) { + list($insql, $inparams) = $DB->get_in_or_equal($dporoleids); + $dponames = $DB->get_fieldset_select('role', 'shortname', "id {$insql}", $inparams); + } + + return $dponames; + } + /** * Fetches the list of users with the Data Protection Officer role. * diff --git a/admin/tool/dataprivacy/datadeletion.php b/admin/tool/dataprivacy/datadeletion.php index f622e5b4ebb..c92c6760591 100644 --- a/admin/tool/dataprivacy/datadeletion.php +++ b/admin/tool/dataprivacy/datadeletion.php @@ -37,13 +37,19 @@ $title = get_string('datadeletion', 'tool_dataprivacy'); echo $OUTPUT->header(); -$table = new \tool_dataprivacy\output\expired_contexts_table($filter); -$table->baseurl = $url; -$table->baseurl->param('filter', $filter); +if (\tool_dataprivacy\api::is_site_dpo($USER->id)) { + $table = new \tool_dataprivacy\output\expired_contexts_table($filter); + $table->baseurl = $url; + $table->baseurl->param('filter', $filter); -$datadeletionpage = new \tool_dataprivacy\output\data_deletion_page($filter, $table); + $datadeletionpage = new \tool_dataprivacy\output\data_deletion_page($filter, $table); -$output = $PAGE->get_renderer('tool_dataprivacy'); -echo $output->render($datadeletionpage); + $output = $PAGE->get_renderer('tool_dataprivacy'); + echo $output->render($datadeletionpage); +} else { + $dponamestring = implode (',', tool_dataprivacy\api::get_dpo_role_names()); + $message = get_string('privacyofficeronly', 'tool_dataprivacy', $dponamestring); + echo $OUTPUT->notification($message, 'error'); +} echo $OUTPUT->footer(); diff --git a/admin/tool/dataprivacy/dataregistry.php b/admin/tool/dataprivacy/dataregistry.php index 52eff0a4cc4..50c0ab90602 100644 --- a/admin/tool/dataprivacy/dataregistry.php +++ b/admin/tool/dataprivacy/dataregistry.php @@ -38,7 +38,12 @@ $title = get_string('dataregistry', 'tool_dataprivacy'); $output = $PAGE->get_renderer('tool_dataprivacy'); echo $output->header(); -$dataregistry = new tool_dataprivacy\output\data_registry_page($contextlevel, $contextid); - -echo $output->render($dataregistry); +if (\tool_dataprivacy\api::is_site_dpo($USER->id)) { + $dataregistry = new tool_dataprivacy\output\data_registry_page($contextlevel, $contextid); + echo $output->render($dataregistry); +} else { + $dponamestring = implode (', ', tool_dataprivacy\api::get_dpo_role_names()); + $message = get_string('privacyofficeronly', 'tool_dataprivacy', $dponamestring); + echo $OUTPUT->notification($message, 'error'); +} echo $OUTPUT->footer(); diff --git a/admin/tool/dataprivacy/datarequests.php b/admin/tool/dataprivacy/datarequests.php index 0887134ca65..6a8140d11e5 100644 --- a/admin/tool/dataprivacy/datarequests.php +++ b/admin/tool/dataprivacy/datarequests.php @@ -36,39 +36,45 @@ $title = get_string('datarequests', 'tool_dataprivacy'); echo $OUTPUT->header(); echo $OUTPUT->heading($title); -$filtersapplied = optional_param_array('request-filters', [-1], PARAM_NOTAGS); -$filterscleared = optional_param('filters-cleared', 0, PARAM_INT); -if ($filtersapplied === [-1]) { - // If there are no filters submitted, check if there is a saved filters from the user preferences. - $filterprefs = get_user_preferences(\tool_dataprivacy\local\helper::PREF_REQUEST_FILTERS, null); - if ($filterprefs && empty($filterscleared)) { - $filtersapplied = json_decode($filterprefs); - } else { - $filtersapplied = []; +if (\tool_dataprivacy\api::is_site_dpo($USER->id)) { + $filtersapplied = optional_param_array('request-filters', [-1], PARAM_NOTAGS); + $filterscleared = optional_param('filters-cleared', 0, PARAM_INT); + if ($filtersapplied === [-1]) { + // If there are no filters submitted, check if there is a saved filters from the user preferences. + $filterprefs = get_user_preferences(\tool_dataprivacy\local\helper::PREF_REQUEST_FILTERS, null); + if ($filterprefs && empty($filterscleared)) { + $filtersapplied = json_decode($filterprefs); + } else { + $filtersapplied = []; + } } -} -// Save the current applied filters to the user preferences. -set_user_preference(\tool_dataprivacy\local\helper::PREF_REQUEST_FILTERS, json_encode($filtersapplied)); + // Save the current applied filters to the user preferences. + set_user_preference(\tool_dataprivacy\local\helper::PREF_REQUEST_FILTERS, json_encode($filtersapplied)); -$types = []; -$statuses = []; -foreach ($filtersapplied as $filter) { - list($category, $value) = explode(':', $filter); - switch($category) { - case \tool_dataprivacy\local\helper::FILTER_TYPE: - $types[] = $value; - break; - case \tool_dataprivacy\local\helper::FILTER_STATUS: - $statuses[] = $value; - break; + $types = []; + $statuses = []; + foreach ($filtersapplied as $filter) { + list($category, $value) = explode(':', $filter); + switch($category) { + case \tool_dataprivacy\local\helper::FILTER_TYPE: + $types[] = $value; + break; + case \tool_dataprivacy\local\helper::FILTER_STATUS: + $statuses[] = $value; + break; + } } + + $table = new \tool_dataprivacy\output\data_requests_table(0, $statuses, $types, true); + $table->baseurl = $url; + + $requestlist = new tool_dataprivacy\output\data_requests_page($table, $filtersapplied); + $requestlistoutput = $PAGE->get_renderer('tool_dataprivacy'); + echo $requestlistoutput->render($requestlist); +} else { + $dponamestring = implode (', ', tool_dataprivacy\api::get_dpo_role_names()); + $message = get_string('privacyofficeronly', 'tool_dataprivacy', $dponamestring); + echo $OUTPUT->notification($message, 'error'); } -$table = new \tool_dataprivacy\output\data_requests_table(0, $statuses, $types, true); -$table->baseurl = $url; - -$requestlist = new tool_dataprivacy\output\data_requests_page($table, $filtersapplied); -$requestlistoutput = $PAGE->get_renderer('tool_dataprivacy'); -echo $requestlistoutput->render($requestlist); - echo $OUTPUT->footer(); diff --git a/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php b/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php index 4af32a8733f..3c1c31cfa83 100644 --- a/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php +++ b/admin/tool/dataprivacy/lang/en/tool_dataprivacy.php @@ -184,6 +184,7 @@ $string['notset'] = 'Not set (use the default value)'; $string['pluginregistry'] = 'Plugin privacy registry'; $string['pluginregistrytitle'] = 'Plugin privacy compliance registry'; $string['privacy'] = 'Privacy'; +$string['privacyofficeronly'] = 'Only users who are assigned a privacy officer role ({$a}) have access to this content'; $string['privacy:metadata:preference:tool_dataprivacy_request-filters'] = 'The filters currently applied to the data requests page.'; $string['privacy:metadata:request'] = 'Information from personal data requests (subject access and deletion requests) made for this site.'; $string['privacy:metadata:request:comments'] = 'Any user comments accompanying the request.'; diff --git a/admin/tool/dataprivacy/pluginregistry.php b/admin/tool/dataprivacy/pluginregistry.php index 3b3f1c47780..5ae8839e914 100644 --- a/admin/tool/dataprivacy/pluginregistry.php +++ b/admin/tool/dataprivacy/pluginregistry.php @@ -38,11 +38,18 @@ $title = get_string('pluginregistry', 'tool_dataprivacy'); $output = $PAGE->get_renderer('tool_dataprivacy'); echo $output->header(); -// Get data! -$metadatatool = new \tool_dataprivacy\metadata_registry(); -$metadata = $metadatatool->get_registry_metadata(); +if (\tool_dataprivacy\api::is_site_dpo($USER->id)) { + // Get data! + $metadatatool = new \tool_dataprivacy\metadata_registry(); + $metadata = $metadatatool->get_registry_metadata(); -$dataregistry = new tool_dataprivacy\output\data_registry_compliance_page($metadata); + $dataregistry = new tool_dataprivacy\output\data_registry_compliance_page($metadata); + + echo $output->render($dataregistry); +} else { + $dponamestring = implode (', ', tool_dataprivacy\api::get_dpo_role_names()); + $message = get_string('privacyofficeronly', 'tool_dataprivacy', $dponamestring); + echo $OUTPUT->notification($message, 'error'); +} -echo $output->render($dataregistry); echo $OUTPUT->footer(); diff --git a/admin/tool/dataprivacy/settings.php b/admin/tool/dataprivacy/settings.php index f04fc10b078..9210f75ed4b 100644 --- a/admin/tool/dataprivacy/settings.php +++ b/admin/tool/dataprivacy/settings.php @@ -57,22 +57,25 @@ if ($hassiteconfig) { } } -// Link that leads to the data requests management page. -$ADMIN->add('privacy', new admin_externalpage('datarequests', get_string('datarequests', 'tool_dataprivacy'), - new moodle_url('/admin/tool/dataprivacy/datarequests.php'), 'tool/dataprivacy:managedatarequests') -); +// Restrict config links to the DPO. +if (tool_dataprivacy\api::is_site_dpo($USER->id)) { + // Link that leads to the data requests management page. + $ADMIN->add('privacy', new admin_externalpage('datarequests', get_string('datarequests', 'tool_dataprivacy'), + new moodle_url('/admin/tool/dataprivacy/datarequests.php'), 'tool/dataprivacy:managedatarequests') + ); -// Link that leads to the data registry management page. -$ADMIN->add('privacy', new admin_externalpage('dataregistry', get_string('dataregistry', 'tool_dataprivacy'), - new moodle_url('/admin/tool/dataprivacy/dataregistry.php'), 'tool/dataprivacy:managedataregistry') -); + // Link that leads to the data registry management page. + $ADMIN->add('privacy', new admin_externalpage('dataregistry', get_string('dataregistry', 'tool_dataprivacy'), + new moodle_url('/admin/tool/dataprivacy/dataregistry.php'), 'tool/dataprivacy:managedataregistry') + ); -// Link that leads to the review page of expired contexts that are up for deletion. -$ADMIN->add('privacy', new admin_externalpage('datadeletion', get_string('datadeletion', 'tool_dataprivacy'), - new moodle_url('/admin/tool/dataprivacy/datadeletion.php'), 'tool/dataprivacy:managedataregistry') -); + // Link that leads to the review page of expired contexts that are up for deletion. + $ADMIN->add('privacy', new admin_externalpage('datadeletion', get_string('datadeletion', 'tool_dataprivacy'), + new moodle_url('/admin/tool/dataprivacy/datadeletion.php'), 'tool/dataprivacy:managedataregistry') + ); -// Link that leads to the other data registry management page. -$ADMIN->add('privacy', new admin_externalpage('pluginregistry', get_string('pluginregistry', 'tool_dataprivacy'), - new moodle_url('/admin/tool/dataprivacy/pluginregistry.php'), 'tool/dataprivacy:managedataregistry') -); + // Link that leads to the other data registry management page. + $ADMIN->add('privacy', new admin_externalpage('pluginregistry', get_string('pluginregistry', 'tool_dataprivacy'), + new moodle_url('/admin/tool/dataprivacy/pluginregistry.php'), 'tool/dataprivacy:managedataregistry') + ); +}