diff --git a/lib/classes/check/access/defaultuserrole.php b/lib/classes/check/access/defaultuserrole.php index da15a5743f7..28ad93377dc 100644 --- a/lib/classes/check/access/defaultuserrole.php +++ b/lib/classes/check/access/defaultuserrole.php @@ -76,18 +76,28 @@ class defaultuserrole extends check { } // Risky caps - usually very dangerous. - $sql = "SELECT COUNT(DISTINCT rc.contextid) + $sql = "SELECT rc.contextid, rc.capability FROM {role_capabilities} rc JOIN {capabilities} cap ON cap.name = rc.capability WHERE " . $DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS)) . " <> 0 AND rc.permission = :capallow AND rc.roleid = :roleid"; - $riskycount = $DB->count_records_sql($sql, [ + $riskyresults = $DB->get_records_sql($sql, [ 'capallow' => CAP_ALLOW, 'roleid' => $defaultrole->id, ]); + // If automatic approval is disabled, then the requestdelete capability is not risky. + if (!get_config('tool_dataprivacy', 'automaticdatadeletionapproval')) { + $riskyresults = array_filter($riskyresults, function ($object) { + return $object->capability !== 'tool/dataprivacy:requestdelete'; + }); + } + + // Count the number of unique contexts that have risky caps. + $riskycount = count(array_unique(array_column($riskyresults, 'contextid'))); + // It may have either none or 'user' archetype - nothing else, or else it would break during upgrades badly. if ($defaultrole->archetype === '' or $defaultrole->archetype === 'user') { $legacyok = true; diff --git a/report/security/lang/en/report_security.php b/report/security/lang/en/report_security.php index 37e02e75324..43c92f87ef6 100644 --- a/report/security/lang/en/report_security.php +++ b/report/security/lang/en/report_security.php @@ -36,7 +36,8 @@ $string['check_cookiesecure_http'] = 'You must turn on https in order to use sec $string['check_cookiesecure_name'] = 'Secure cookies'; $string['check_cookiesecure_ok'] = 'Secure cookies enabled.'; $string['check_defaultuserrole_details'] = '

All logged in users are given capabilities of the default user role. Please make sure no risky capabilities are allowed in this role.

-

The only supported legacy type for the default user role is Authenticated user. The course view capability must not be enabled.

'; +

The only supported legacy type for the default user role is Authenticated user. The course view capability must not be enabled.

+

Please check if the automatic data deletion request approval(tool_dataprivacy | automaticdatadeletionapproval) option is enabled. Users can request deletions that could delete large amounts of data.

'; $string['check_defaultuserrole_error'] = 'The default user role "{$a}" is incorrectly defined!'; $string['check_defaultuserrole_name'] = 'Default role for all users'; $string['check_defaultuserrole_notset'] = 'Default role is not set.';